Fortinet has purchased Security Orchestration, Automation and Response (SOAR) provider CyberSponse to make security operations teams more efficient and bolster incident response.
The Sunnyvale, Calif.-based platform security vendor said enterprises want to consolidate and triage alerts from a variety of security products, automate analysis and repetitive tasks to conserve resources, and leverage playbooks to enable real-time incident response. CyberSponse is expected to aid this effort by extending the automation and incident response prowess of Fortinet’s FortiAnalyzer, FortiSIEM and FortiGate systems.
“With the integration of CyberSponse’s powerful SOAR platform into the Fortinet Security Fabric, we will offer customers accelerated incident response and the ability to standardize and scale processes that will enhance security posture and reduce business risk and associated costs,” Fortinet Founder and CEO Ken Xie said in a statement.
Fortinet’s stock was down US$0.28 (0.27 percent) to $103.86 in trading Thursday morning. Terms of the deal, which was announced Thursday, weren’t disclosed, and Fortinet declined to make executives available for additional comment.
CyberSponse was founded in 2011, employs 74 people, and has raised $7.6 million in five rounds of outside funding. CyberSponse was already a Fortinet Security Fabric partner prior to the acquisition.
“The combined powerhouse of Fortinet’s Security Fabric and CyberSponse’s SOAR technology will ensure customers are protected by the most sophisticated global security operations platform that includes hundreds of integrations enabling streamlined out-of-the-box playbook execution,” CyberSponse founder and Chief Strategy Officer Joseph Loomis said in a statement.
The combined Fortinet-CyberSponse offering will augment streamlined SOC (Security Operations Center) operations and enable MSSPs to deliver managed detection and response (MDR) services, thanks to an enterprise-grade scalable architecture with distributed multi-tenancy, the company said. Security teams are struggling today with staff shortages, alert fatigue and a fast-growing threat landscape.
The acquisition will make it possible for MSSPs to go beyond traditional security device management and instead deliver fully-managed detection, prevention and response using FortiAnalyzer, FortiSIEM, FortiInsight and the recently-acquired FortiEDR offering, Xie said in a letter to customers and partners. Deeper integrations will allow customers to further optimize their SOC processes, according to Xie.
“Even large security teams are struggling to find the cybersecurity staff and skills needed to run a well-designed SOC and effortlessly respond to so many potential security incidents identified by a diverse set of security tools,” Fortinet said in a FAQ on its website.
The joint offering will provide enterprises with a single, centralized point of visibility and control, leveraging more than 325 connectors to easily integrate with all the major security vendors, Fortinet said. Plus, routine tasks and incident response action sequences can be automated through the use of more than 200 out-of-the-box, easy-to-configure playbooks, according to the company.
The case management modules in the combined offering will provide incident timeline and asset correlation views, Fortinet said, along with an automated ROI [return on investment] or savings measurement tool. And granular role-based access control will be used to secure user-related data, according to the company.
CyberSponse consolidates and triages alerts and threat intelligence from diverse sources like SIEM [security information and event management], email, system logs and ticketing systems into a single interface. From there the technology automates the analysis and incident response by capturing both machine-machine and human-machine interactions, and visualizes and reports on metrics.
The company also provides mature case management in areas like ticketing workflows, distributed multi-tenancy to enable MSSPs and MDR providers, and a streamlined user experience with drag and drop actions, according to the Fortinet FAQ. The company has a large number of customers in the large enterprise, MSSP, government and service provider spaces since SOC teams are typically large there.
The CyberSponse deal comes less than two months after Fortinet bought endpoint security startup enSilo for an initial cash consideration of $20 million to strengthen its real-time automated detection and response capabilities around endpoint and edge data. In 2018, Fortinet purchased threat analytics company ZoneFox for $18 million and IoT-focused security firm Bradford Networks for $17 million.
All told, Fortinet has acquired 13 companies since its founding in 2000, according to Crunchbase.