Fortinet Unifies Six SOC Functions in Cloud Platform with AI

Fortinet has released FortiSOC, a cloud-delivered security operations center platform that consolidates six core security functions into a single Software-as-a-Service offering. The platform integrates security information and event management (SIEM), security orchestration automation and response (SOAR), threat intelligence, user and entity behavior analytics (UEBA), case management, and identity threat detection and response (ITDR) under one console and subscription model.

The platform embeds what Fortinet calls agentic AI to autonomously investigate alerts, correlate threats across assets and identities, and recommend or execute response actions with analyst oversight. According to Fortinet founder and CTO Michael Xie, the unified approach addresses challenges security teams face from faster attacks, growing investigation volumes, and fragmented toolsets that don't scale effectively.

Why it matters

Security operations teams increasingly struggle with tool sprawl and alert fatigue. A unified platform that automates correlation and investigation workflows can reduce the time from detection to response while lowering operational overhead. For organizations without mature SOC capabilities, FortiSOC offers an entry point with built-in best practices. For advanced teams, it provides AI-assisted automation at scale without requiring infrastructure overhaul.

AI-driven investigation and coordination

FortiSOC's FortiAI-Assist applies autonomous investigation capabilities and generates playbooks using what Fortinet describes as Model Context Protocol-powered agent coordination. The AI component works across alerts, investigations, threat hunting, cases, and response actions, leveraging enterprise telemetry and threat intelligence from FortiGuard Labs.

The platform includes out-of-the-box detection methods, playbooks, and content derived from Fortinet's global SOC operations. Real-time threat intelligence, outbreak alerts, and monthly content updates are built into the service to help organizations keep pace with evolving threats.

Designed for varied maturity levels

Fortinet positions FortiSOC to support organizations at different stages of security operations maturity. Resource-constrained teams can use it to establish foundational monitoring, while sophisticated SOC teams can leverage deeper automation and broader correlation capabilities. The cloud-delivered model aims to eliminate the need for direction changes as requirements evolve.

Michelle Abraham, senior research director for security and trust at IDC, noted that organizations are prioritizing analyst workflow improvements and cloud-delivered security operations to enhance visibility and accelerate response. FortiSOC builds on Fortinet's existing security operations portfolio by combining proven technologies into a unified SaaS platform.

Integration and deployment

The platform offers native integrations across Fortinet's Security Fabric and supports thousands of third-party connectors to reduce visibility gaps. The Model Context Protocol support enables FortiAI-Assist to orchestrate AI-driven tasks across FortiSOC, reducing manual handoffs between tools and teams.

FortiSOC complements Fortinet's existing SOC Platform portfolio, which includes FortiAnalyzer, FortiSIEM, and FortiSOAR. These standalone solutions will continue to receive enhancements and remain available for customers who prefer discrete tools over a unified platform approach.

Details of the FortiSOC launch were first reported by Industrial Cyber.