Fortinet Unveils AI-Powered Security Operations Platform, FortiSOC

Fortinet Launches FortiSOC, an AI-Powered Unified Security Operations Platform

INFORMATIONAL
June 28, 2026
3m read
Security OperationsCloud SecurityThreat Intelligence

Related Entities

Organizations

Fortinet

Products & Tech

FortiSOCFortiAI-Assist

Full Report

Executive Summary

Fortinet has announced the launch of FortiSOC, a new cloud-delivered, Software-as-a-Service (SaaS) platform aimed at unifying and simplifying security operations. The platform integrates six critical SOC capabilities into a single console, addressing the common challenges of tool sprawl and alert fatigue. By combining Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Threat Intelligence, Identity Threat Detection and Response (ITDR), User and Entity Behavior Analytics (UEBA), and Case Management, FortiSOC provides a holistic view of an organization's security posture. A key innovation is the use of embedded "agentic AI," which autonomously manages investigations and workflows to accelerate threat detection and response.

Platform Overview

FortiSOC is designed to serve as a centralized hub for security operations, regardless of team size or maturity. Its core value proposition is the tight integration of traditionally separate security functions:

  • SIEM: Ingests and analyzes log data from across the IT environment.
  • SOAR: Automates response actions and workflows based on predefined playbooks.
  • Threat Intelligence: Integrates threat feeds to enrich alerts and provide context.
  • ITDR: Focuses on detecting threats related to compromised identities and credentials.
  • UEBA: Baselines normal user and device behavior to detect anomalous activity.
  • Case Management: Provides a centralized system for managing and tracking security incidents.

By delivering these capabilities as a unified SaaS platform, Fortinet aims to lower the barrier to entry for advanced security operations and reduce the operational complexity of managing multiple disparate tools.

AI Integration

The centerpiece of the FortiSOC platform is its use of agentic AI, which Fortinet calls FortiAI-Assist. Unlike traditional AI in cybersecurity that might simply flag anomalies, agentic AI is designed to take a more active role:

  • Autonomous Investigation: The AI can take an initial alert and independently query other data sources (e.g., threat intelligence, asset databases) to gather context.
  • Alert Correlation: It can correlate alerts across different assets, identities, and timeframes to identify a broader attack campaign that might otherwise appear as a series of unrelated, low-priority events.
  • Workflow Automation: The AI can initiate SOAR playbooks, create tickets in the case management system, and present a summarized investigation with recommended actions to a human analyst.

This approach is intended to offload much of the manual, repetitive work from SOC analysts, allowing them to focus on higher-value tasks like threat hunting and strategic defense planning.

Market Context and Impact

The launch of FortiSOC reflects a significant industry trend towards Security Operations Platforms and the consolidation of security tools. It places Fortinet in direct competition with other major platform players in the XDR (Extended Detection and Response) and SIEM markets, such as Palo Alto Networks, CrowdStrike, and Microsoft Sentinel. The emphasis on agentic AI is a key differentiator, promising a higher degree of automation than many existing solutions. For customers, especially those already invested in the Fortinet Security Fabric, FortiSOC offers a compelling path to modernizing their SOC without the integration headaches of a multi-vendor approach.

Timeline of Events

1
June 28, 2026
This article was published

MITRE ATT&CK Mitigations

Audit

M1047enterprise

The FortiSOC platform is a comprehensive tool for implementing this mitigation, providing centralized logging, analysis, and auditing capabilities.

Behavior Prevention on Endpoint

M1040enterprise

The UEBA and ITDR components of FortiSOC are designed to detect and enable prevention of malicious behavior by analyzing user and entity activity against established baselines.

D3FEND Defensive Countermeasures

User Behavior Analysis

D3-UBAMaps to MITREM1040
D3FEND

Organizations deploying FortiSOC should leverage its integrated User and Entity Behavior Analytics (UEBA) capabilities to their fullest extent. The platform's agentic AI can automatically establish a baseline of normal activity for every user and device by analyzing weeks of log data. Security teams should then work to fine-tune the detection models, focusing on high-risk activities such as privileged account usage, access to sensitive data repositories, and remote access patterns. By allowing the AI to handle the initial triage of behavioral anomalies, SOC analysts can focus on investigating the high-fidelity alerts that represent genuine threats, such as an insider threat or a compromised account being used for lateral movement.

Identity Threat Detection and Response

D3-ITDRMaps to MITREM1040
D3FEND

A key feature of FortiSOC is its native Identity Threat Detection and Response (ITDR) module. Security teams should prioritize integrating this with their primary identity provider (e.g., Azure AD, Okta). The AI-driven platform can then correlate login events with endpoint activity and network traffic to detect sophisticated identity-based attacks. For example, it can flag an impossible travel scenario, identify credential stuffing attacks against multiple accounts, or detect the use of a compromised credential on a new device. The SOAR component can then be configured to automatically respond by forcing a password reset, requiring MFA re-authentication, or isolating the affected user account, thus containing the threat in near real-time.

Sources & References

Accenture, OpenAI: This Week's Top Five Stories in Cyber
Cyber MagazineJune 27, 2026
Fortinet Launches FortiSOC to Unify AI-Driven SOC Operations
Mexico Business NewsJune 25, 2026

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)
LinkedIn

Tags

FortinetFortiSOCSOCSIEMSOARAISecurity OperationsSaaS

📢 Share This Article

Help others stay informed about cybersecurity threats

🎯 MITRE ATT&CK Mapped

Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.

🧠 Enriched & Analyzed

Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.

🛡️ Actionable Guidance

Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.

🔗 STIX Visualizer

Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.

Sigma Generator

Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.