Diving Into Fortinet's Unified Agentic AI Platform FortiSOC

Calling on the power of agentic AI, Fortinet has unveiled FortiSOC – a new cloud-delivered security operations centre (SOC) platform designed to help organisations simplify cyber defence while improving threat detection and response. 

This novel software-as-a-service (SaaS) platform binds together six key security operations capabilities into a single console, embedding agentic AI to manage investigations, automate workflows and respond to threats more efficiently.

It is no secret that cyber attacks are becoming more sophisticated, thereby creating an explosion of investigation volume, while many organisations struggle with fragmented security tools that add to operational complexity. 

FortiSOC addresses this challenge by combining security information and event management (SIEM), security orchestration, automation and response (SOAR), threat intelligence and identity threat detection into one unified platform.

“Security teams today are being challenged by faster attacks, growing investigation volume and fragmented operations that simply don’t scale,” says Michael Xie, Founder, President and CTO at Fortinet.

“FortiSOC gives organisations a simpler way to operationalise the SOC capabilities they need through a unified, cloud-delivered platform designed to support security teams of all sizes, from teams building foundational capabilities to enterprises scaling advanced SOC environments. 

“With embedded AI, integrated workflows and built-in best practices informed by Fortinet’s own global security operations center, FortiSOC delivers the power of an AI SOC to help customers eliminate complexity, automate threat detection and response and stay a step ahead of attackers.”

Supporting all stages of the SOC 

Designed in a one tool fits all model, FortiSOC has been crafted to meet the needs of organisations regardless of their security maturity. 

Smaller teams can establish foundational monitoring capabilities while larger enterprises can scale advanced security operations with deeper automation and AI-assisted investigations.

A notable addition is the FortiAI-Assist, which is capable of delivering autonomous investigations, AI-generated playbooks and coordinated agentic workflows using Model Context Protocol (MCP). 

With enterprise-wide telemetry and FortiGuard Labs threat intelligence, the platform helps security teams automate repetitive tasks while maintaining visibility and control across security and IT environments.

The platform also includes out-of-the-box detection methods, response playbooks and regular threat intelligence updates based on Fortinet's own global SOC operations. 

Native integrations across the Fortinet Security Fabric, alongside thousands of third-party connectors, further enable organisations to automate detection and response across diverse technology environments.

Expanding security operations portfolio

FortiSOC complements Fortinet's existing security operations portfolio, including FortiAnalyzer, FortiSIEM and FortiSOAR. 

While these "existing best-of-breed solutions" will continue to be available and enhanced, the new platform provides customers with an integrated cloud-first option that combines their capabilities into a single operating model.

The launch comes at a time when organisations increasingly seek cloud-delivered SOC platforms that reduce tool sprawl, improve analyst productivity and accelerate incident response.

“IDC research shows that organizations are increasingly prioritising analyst workflow and investigation experience as well as cloud-delivered security operations as they work to improve visibility, streamline processes and accelerate response,” says Michelle Abraham, Senior Research Director, Security and Trust at IDC.

“FortiSOC builds on Fortinet’s established security operations portfolio by combining proven technologies into a unified SaaS platform that can support both foundational and advanced SOC use cases.”

By combining AI-driven automation, unified workflows and cloud-native delivery, Fortinet aims to help organisations modernise security operations while reducing complexity and improving resilience against today's rapidly evolving cyber threats.