Fortinet launches FortiSOC cloud security platform

Fortinet has launched FortiSOC, a cloud-delivered security operations platform that combines six security operations functions in a single software service.

FortiSOC brings together security information and event management, security orchestration, automation and response, threat intelligence, user and entity behaviour analytics, identity threat detection and response, and case management. It also includes agentic artificial intelligence designed to investigate alerts, correlate activity across assets and identities, and recommend or carry out response actions with analyst oversight.

Fortinet is positioning the product as a single operating environment for security teams looking to reduce the number of separate tools used in a security operations centre. Delivered as software as a service, the platform is intended to provide one console and one subscription model.

Unified approach

Security operations teams are under increasing pressure from higher alert volumes, fragmented monitoring systems, and the need to respond across cloud, network, identity, and endpoint environments. Vendors have responded by combining more functions into broader platforms, particularly as customers look to reduce the operational burden of running separate detection, investigation, and response products.

Fortinet said FortiSOC builds on its existing security operations portfolio. Its established products in this area include FortiAnalyser, FortiSIEM, and FortiSOAR, which will continue to be available and developed alongside the new offering.

Rather than replacing those products outright, FortiSOC appears aimed at customers that prefer a single cloud-based model. Fortinet said the broader portfolio would continue to offer different options depending on customer requirements and existing deployments.

AI layer

A central feature of the new platform is FortiAI-Assist, which applies automated investigation, AI-generated playbooks, and Model Context Protocol-based agent coordination across alerts, investigations, threat hunting, cases, and response actions. The system uses telemetry and threat intelligence from across the customer environment to coordinate activity between tools, workflows, and teams, Fortinet said.

That reflects a broader shift in the cybersecurity market, where suppliers are embedding AI into analyst workflows rather than limiting it to isolated detection tasks. In practice, AI is increasingly being used to triage alerts, suggest next steps, assemble case information, and trigger pre-approved actions.

FortiSOC also draws on threat intelligence from FortiGuard Labs and includes detection methods, playbooks, and other operational content based on Fortinet's own global security operations centre. Those elements are available out of the box, alongside regular intelligence and content updates, according to the company.

Customer focus

The platform is designed for organisations at different stages of security operations maturity, from smaller teams establishing baseline monitoring to larger, more advanced operations centres seeking broader automation and deeper correlation across environments. Fortinet said customers can also extend workflows over time and connect the platform with both Fortinet products and third-party systems.

Native integrations across Fortinet's own portfolio are part of that approach, while third-party connectors are intended to support use across security, IT, and business systems. Fortinet said this should help reduce manual handoffs during incident response and close visibility gaps between tools.

Michael Xie, Founder, President, and Chief Technology Officer at Fortinet, said the product is intended to address the scale and complexity facing many security teams.

"Security teams today are being challenged by faster attacks, growing investigation volume, and fragmented operations that simply don't scale," said Xie.

"FortiSOC gives organizations a simpler way to operationalize the SOC capabilities they need through a unified, cloud-delivered platform designed to support security teams of all sizes, from teams building foundational capabilities to enterprises scaling advanced SOC environments. With embedded AI, integrated workflows, and built-in best practices informed by Fortinet's own global security operations center, FortiSOC delivers the power of an AI SOC to help customers eliminate complexity, automate threat detection and response, and stay a step ahead of attackers," he said.

Market demand

Industry analysts have noted stronger demand for cloud-delivered security operations tools as companies try to improve visibility while containing costs and staffing pressures. Buyers are also looking more closely at how easily analysts can move from alert review to investigation and response without switching between multiple systems.

Michelle Abraham, Senior Research Director, Security and Trust, IDC, said that trend is shaping product design in the sector.

"IDC research shows that organizations are increasingly prioritizing analyst workflow and investigation experience as well as cloud-delivered security operations as they work to improve visibility, streamline processes, and accelerate response," said Abraham.

"FortiSOC builds on Fortinet's established security operations portfolio by combining proven technologies into a unified SaaS platform that can support both foundational and advanced SOC use cases," she said.