Fortinet FortiAnalyzer 3510G Appliance
Security Fabric Network Analytics
Overview:
Analytics, Reports, and Compliance Across the Security Fabric
FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.
Integrated with the Fortinet Security Fabric, FortiAnalyzer enables Network and Security Operations Teams with real-time detection capabilities, centralized security analytics and end-to-end security posture awareness to help analysts identify advanced persistent threats (APTs) and mitigate risks before a breach can occur.
Highlights:
- Centralized network monitoring and visibility
- Advanced threat and vulnerability detection with event and log data correlation
- Augmented NOC/SOC operations for real-time response, analytics, and reporting
- Automation to save time, reduce errors, and improve efficiency
- Multi-tenancy solution with quota management
- Administrative domains for operational effectiveness and compliance
- 70+ reports and 2000+ ready-to-use datasets, charts, and macros
Capabilities:
Incident Detection and Response
Centralized NOC/SOC Visibility for the Attack Surface
FortiAnalyzer provides Security Fabric Analytics across all device logs with event correlation and real-time detection of Advanced Persistent Threats (APTs), vulnerabilities and Indicators of Compromise (IOC) for FortiGate NGFWs, FortiClient, FortiSandbox, FortiWeb, FortiMail and other Fortinet products, for deep visibility and critical network insights. Simplified orchestration and automated workflows provide Network Security Operations teams with real-time notifications, reports, and dashboards for single-pane visibility and actionable results.
Incidents and Event Management
Security teams can monitor and manage alerts and event logs from Fortinet devices, with events processed and correlated in a format that analysts can easily understand. Investigate suspicious traffic patterns and search using filters in predefined or custom event handlers to generate real-time notifications and monitoring for NOC and SOC operations, SD-WAN, SSL VPN, wireless, Shadow IT, IPS, network recon, FortiClient, and more.
The Incidents component enables analysts to manage incident handling and life cycle, with incidents generated by events that show affected assets, endpoints, users and timelines.
Fabric Automation
FortiAnalyzer Playbooks boost an organization’s security team abilities to simplify investigation efforts through automated incident response, freeing up resources and allowing analysts to focus on critical tasks. Out-of-the-box playbook templates enable SOC analysts to quickly customize their use cases, define custom processes, interact with other Security Fabric devices like FortiOS and EMS, edit playbooks and tasks in the visual playbook editor and use the Playbook Monitor for investigation of compromised hosts, infections and critical incidents, data enrichment for Assets and Identity views, blocking malware, C&C IPs, and more.
Security Fabric Analytics
Analytics and Reporting
FortiAnalyzer automation driven analytics empowers network security operations teams to complete a fast assessment of network devices, systems, and users, with correlated log data and FortiGuard threat intelligence for analysis of real-time and historical events.
- FortiView Monitors and Views provide deep insights with context and meaning of network activity, risks, vulnerabilities, attack attempts, indicators of compromise and anomalies, sanctioned and unsanctioned user activity
- Log View enables analysts to expand their investigation and utilize search filters on managed device logs, drill down on logs, with custom views and log groups, including a SIEM database with normalized logs for Fortinet devices in Fabric ADOMs.
- Reports provide comprehensive analysis of your Security Posture, including reports for Operational Technology (OT), security rating, security rating for PCI, Secure SD-WAN, VPN, FortiNDR network anomaly detection, cyber threat assessments, 360 Security Reviews, situational awareness, compliance, auditing, and more.
Assets and Identity
FortiAnalyzer Fabric View with Assets and Identity monitoring provides SOC teams with elevated awareness and visibility into an organization’s endpoints and users with dashboards and correlated device and UEBA information, vulnerability detections, EMS tagging, and asset classifications through telemetry with EMS, NAC, Fortinet Fabric Agent, and an OT Dashboard View.
Subscriptions and Extensions:
Subscription Licenses and FortiGuard Security Services
- FortiGuard Outbreak Detection Service delivers automated content package download for detecting the latest malware, including a summary of outbreaks and kill chain mapping for how the malware works. The package includes a FortiGuard Report for the outbreak, Event Handler, and a Report Template to detect outbreaks.
- FortiGuard Indicators of Compromise Service empowers security teams with forensic data from 500 000 IOCs daily, used in combination with FortiAnalyzer analytics to identify suspicious usage and artifacts observed on the network or in an operations system, that have been determined with high confidence to be malicious infections or intrusions, and historical rescan of logs for threat hunting.
- Shadow IT Monitoring Service provides continuous monitoring of unapproved devices, resources, unsanctioned accounts and unauthorized use of SaaS and IaaS, API integration, and third party apps. The service identifies rogue users using personal accounts for managing company assets, using correlated FortiOS and FortiCASB data with a FortiCASB account subscribed for SaaS features.
- OT Security Service provides security teams with advanced OT analytics, risk and compliance reports, OT event handlers, and use-case correlation rules.
- Security Rating and Compliance Service helps security teams design, implement, and maintain their security posture, and provides actionable configuration recommendations as well as key performance and risk indicators.
- Security Automation Service subscription enables further automation for incident response with enhanced monitoring and escalation, built-in incident management workflows, connectors, playbooks and more.
Management Extension Applications (MEAs)
The Management Extensions pane allows you to enable licensed applications that are released and signed by Fortinet, which can be installed and run on FortiAnalyzer, including the FortiSIEM and FortiSOAR.
Deployments
- Deploying FortiAnalyzer - FortiAnalyzer can be deployed as a physical hardware appliance, virtual machine (VM) and virtual machine subscription (VM-S), as well as private or public cloud instance, with scalability, redundancy and backup, and high availability capabilities.
- FortiAnalyzer High Availability (HA) - FortiAnalyzer HA provides real-time redundancy to protect organizations by ensuring continuous operational availability. In the event that the primary (active) FortiAnalyzer fails, a secondary (passive) FortiAnalyzer (up to four-node cluster) will immediately take over, providing log and data reliability and eliminating the risk of having a single point of failure.
- Multi-Tenancy with Flexible Quota Management - FortiAnalyzer provides the ability to manage multiple sub-accounts with each account having its own administrators and users. The time-based archive/analytic log data policy, per Administrative Domain (ADOM), allows automated quota management based on the defined policy, with trending graphs to guide policy configuration and usage monitoring.
- Analyzer-Collector Mode - FortiAnalyzer provides two operation modes: Analyzer and Collector. In Collector mode, the
primary task is forwarding logs of the connected devices to an Analyzer and archiving the logs.
This configuration greatly benefits organizations with increasing log rates, as the resource
intensive log-receiving task is off-loaded to the Collector so that the Analyzer can focus on
generating analytics and reports.
Network operations teams can deploy multiple FortiAnalyzers in Collector and Analyzer modes to work together to improve the overall performance of log receiving and processing increased log volumes, providing log storage and redundancy, and rapid delivery of critical network and threat information. - FortiAnalyzer Fabric - FortiAnalyzer Fabric allows SOC Administrators to configure two operation modes - Supervisor and Member. This allows viewing of member devices, ADOMs and authorized logging devices, as well as incidents and events created on members. Admins get access to Reports and FortiView across all member FortiAnalyzers, and can perform global search in Log View of logs collected across FortiAnalyzer Fabric members with pre-defined device filters and log drill down for each Member and Member ADOMs.
- Log Forwarding for Third-Party Integration - Forward logs from one FortiAnalyzer to another FortiAnalyzer unit, a syslog server, or (CEF) server. In addition to forwarding logs to another unit or server, the client FortiAnalyzer retains a local copy of the logs, which are subject to the data policy settings for archived logs. Logs are forwarded in real-time or near real-time as they are received from network devices.
Cloud Services
FortiAnalyzer Cloud FortiAnalyzer Cloud offers customers a PaaS-based delivery option for automation-driven, single pane analytics, providing log management, analytics, and reporting for Fortinet NGFW and SD-WAN with an easily accessible cloud-based solution. FortiAnalyzer Cloud delivers reliable real-time insights into network activity with extensive reporting and monitoring for clear, consistent visibility of an organization’s security posture. Customers can easily access their FortiAnalyzer Cloud from their FortiCloud single sign-on portal.
Virtual Offereings
FortiAnalyzer VM-Subscription
The FortiAnalyzer VM Subscription license model consolidates into one single SKU: VM product SKU, FortiCare Support SKU, FortiGuard IOC and Outbreak Detection Service, Security Automation services, to simplify the product purchase, upgrade, and renewal. FortiAnalyzer-VM S provides organizations with centralized security event analysis, forensic research, reporting, content archiving, data mining, malicious file quarantining, and vulnerability assessment. Centralized collection, correlation, and analysis of geographically and chronologically diverse security data from Fortinet and third party devices deliver a simplified, consolidated view of your security posture.
The FortiAnalyzer-VM S series SKUs come in stackable 5, 50, and 500 GB/ day logs licenses, so that multiple units of this SKU can be purchased together providing organizations with the ability and cost-efficiencies to scale and meet their logging needs.
FortiAnalyzer VM
Fortinet offers the FortiAnalyzer-VM licensing in a stackable perpetual license model with a-la-carte technical support and subscription services.
This software-based version of the FortiAnalyzer hardware appliance is designed to run on many virtualization platforms, which allows you to expand your virtual solution as your environment expands.
Specifications:
| Particulars | Fortianalyzer 3000G | Fortianalyzer 3510G | Fortianalyzer 3700G | |||
|---|---|---|---|---|---|---|
| Capacity and Performance | ||||||
| GB/Day of Logs | 3000 | 5000 | 8300 | |||
| Analytic Sustained Rate (logs/sec) | 42,000 | 60,000 | 100,000 | |||
| Collector Sustained Rate (logs/sec) | 60,000 | 90,000 | 150,000 | |||
| Devices/VDOMs (Maximum) | 4000 | 10,000 | 10,000 | |||
| Max Number of Days Analytics | 30 | 35 | 60 | |||
| Options Supports | ||||||
| FortiGuard IOC and Outbreak Detection Service | ||||||
| Security Automation Service | ||||||
| OT Security Service | ||||||
| Enterprise Bundle | ||||||
| Hardware Bundle | ||||||
| Security Rating and Compliance Service | ||||||
| Hardware Specifications | ||||||
| Form Factor | 3 RU Rackmount | 4 RU Rackmount | 4 RU Rackmount | |||
| Total Interfaces | 2x GE RJ45, 2x 25GE SFP28 | 2x 10GbE RJ45, 2x 25GbE SFP28 | 2x 10GE RJ-45 + 2x 25GE SFP28 | |||
| Storage Capacity | 64 TB (16x 4TB) | 24x 4TB (96TB) + 2x 3.84TB (7.68TB) | 240TB (60x 4TB) 3.5 in HDD + 19.2TB (6x 3.2TB) NVMe SSD |
|||
| Usable Storage (After RAID) | 56 TB | 84 TB | 224 TB | |||
| Removable Hard Drives | ||||||
| RAID Levels Supported | RAID 0/1,1s/5,5s/6,6s/10/50/60 | RAID 0/1,1s/5,5s/6,6s/10/50/60 | RAID 0/1,1s/5,5s/6,6s/10/50/60 | |||
| RAID Type | Hardware / Hot Swappable | Hardware / Hot Swappable | Hardware / Hot Swappable | |||
| Default RAID Level | 50 | 50 | 50 | |||
| Redundant Hot Swap Power Supplies | ||||||
| Trusted Platform Module (TPM) | No | |||||
| Dimensions | ||||||
| Height x Width x Length (inches) | 5.2 x 17.2 x 25.5 | 7 x 17.2 x 27.5 | 7 x 17.2 x 30.2 | |||
| Height x Width x Length (cm) | 13.0 x 44.0 x 65.0 | 17.8 x 43.7 x 69.9 | 17.8 x 43.7 x 76.7 | |||
| Weight | 66.5 lbs (30.15 kg) | 65 lbs (29.5 kg) | 118 lbs (53.5 kg) | |||
| Environment | ||||||
| AC Power Supply | 100-127V~/10A, 200-240V~/5A | 100-127V~/10A, 200-240V~/5A | 2000W AC | |||
| Power Consumption (Average) | 385 W / 500 W | 983 W / 1278 W | 850 W / 1423.4 W | |||
| Heat Dissipation | 1350 BTU/h | 3424 BTU/h | 4858 BTU/h | |||
| Operating Temperature | 32 - 104° F (0 - 40° C) |
32 - 104° F (0 - 40° C) |
50°F to 95°F (10°C to 35°C) |
|||
| Storage Temperature | -4–167° F (-20–75° C) |
-4–167° F (-20–75° C) |
-40°F to 158°F (-40°C to 70°C) |
|||
| Humidity | 5 to 95% non-condensing | 5 to 95% non-condensing | 8% to 90% (non-condensing) | |||
| Forced Airflow | Front to Back | Front to Back | Front to Back | |||
| Operating Altitude | Up to 7,400 ft (2,250 m) | Up to 10 000 ft (3048 m) | Up to 7,400 ft (2,250 m) | |||
| Compliance | ||||||
| Safety Certifications | FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB | FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB | FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB | |||
Documentation:
Download the FortiAnalyzer Data Sheet (PDF).
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- Hardware plus 24x7 FortiCare and FortiAnalyzer Enterprise Protection
Hardware Unit, 24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Enterprise Services Bundle (Indicators of Compromise Service and SOC Subscription license) plus term of contract - Enterprise Protection (24x7 FortiCare plus Indicators of Compromise Service and SOC Subscription license)
24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Enterprise Services Bundle (Indicators of Compromise Service and SOC Subscription license) - 24x7 FortiCare Contract
24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades/li> - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.