Fortinet launches FortiSOC cloud security platform

Fortinet has launched FortiSOC, a cloud-delivered security operations centre platform that combines six security operations functions in a single software service.

FortiSOC brings together security information and event management, security orchestration, automation and response, threat intelligence, behavioural analysis, identity threat detection and case management in one console. It also includes agentic artificial intelligence designed to investigate alerts, correlate activity across assets and identities, and suggest or carry out response actions with analyst oversight.

The launch adds a new layer to Fortinet's existing security operations portfolio, which already includes FortiAnalyser, FortiSIEM and FortiSOAR. Rather than replacing those products, FortiSOC is positioned as a single cloud-based option for customers that want a unified software service model. The existing tools will remain available.

Security operations teams have faced increasing pressure from rising alert volumes, fragmented toolsets and a shortage of specialist staff. Across the sector, vendors have responded by combining monitoring, investigation and response functions into broader platforms that reduce the need to move between separate products.

FortiSOC is aimed at organisations at different stages of security operations adoption, from smaller teams that need basic monitoring to larger operations seeking deeper automation and broader correlation across environments. The platform uses workflows and operating models based on Fortinet's own global security operations centre.

Artificial intelligence is central to the new service. Fortinet said its FortiAI-Assist feature applies autonomous investigation, AI-generated playbooks and model context protocol-based coordination across alerts, investigations, threat hunting, cases and response actions. The goal is to coordinate work across security and IT tools within the same platform and reduce manual hand-offs.

That reflects a wider shift in the cybersecurity market towards AI-assisted operations, with vendors using machine learning and newer generative AI systems to help analysts manage growing volumes of data. The challenge for suppliers has been to show that automation can improve speed without removing the human checks many organisations still require for sensitive response decisions.

Michael Xie outlined Fortinet's view of that challenge in comments accompanying the launch.

"Security teams today are being challenged by faster attacks, growing investigation volume, and fragmented operations that simply don't scale.

FortiSOC gives organisations a simpler way to operationalise the SOC capabilities they need through a unified, cloud-delivered platform designed to support security teams of all sizes, from teams building foundational capabilities to enterprises scaling advanced SOC environments. With embedded AI, integrated workflows, and built-in best practices informed by Fortinet's own global security operations centre, FortiSOC delivers the power of an AI SOC to help customers eliminate complexity, automate threat detection and response, and stay a step ahead of attackers," said Michael Xie, Founder, President and Chief Technology Officer at Fortinet.

Market demand

Fortinet is entering a part of the market where buyers are looking for fewer standalone tools and more integrated systems. Cloud-delivered security operations platforms have gained attention as companies try to simplify procurement, deployment and day-to-day management while maintaining visibility across networks, users and applications.

FortiSOC includes native integration across Fortinet's Security Fabric as well as third-party connectors. That approach is intended to close coverage gaps and allow detection and response processes to span security, IT and business systems.

Industry analysts have also highlighted demand for platforms that improve analyst workflow rather than simply adding more data sources. Michelle Abraham of IDC linked the launch to that trend.

"IDC research shows that organisations are increasingly prioritising analyst workflow and investigation experience as well as cloud-delivered security operations as they work to improve visibility, streamline processes, and accelerate response.

FortiSOC builds on Fortinet's established security operations portfolio by combining proven technologies into a unified SaaS platform that can support both foundational and advanced SOC use cases," said Abraham.

Portfolio shift

The product also signals how Fortinet is framing its broader security operations strategy. By packaging multiple functions into one subscription and interface, the company is moving further towards a platform model that could appeal to customers seeking a simpler buying and operating structure.

The service includes built-in detection methods, playbooks and threat intelligence updates through FortiGuard Labs. Those elements are intended to give customers a starting point from deployment while allowing workflows and use cases to expand over time.

For buyers, the key question will be whether a unified platform can match the depth of specialist tools while reducing operational overhead. For vendors such as Fortinet, the commercial opportunity lies in persuading security teams that consolidation can improve investigations and response without forcing them to abandon existing processes or visibility across mixed environments.

Fortinet said its existing security operations products will continue to be enhanced and sold alongside FortiSOC.