Fortinet has announced major innovations across the Fortinet Security Operations (SecOps) Platform. The updates feature next-generation SecOps advancements, including expanded agentic AI capabilities, a preview of FortiSOC, managed services, and endpoint security enhancements delivered through FortiEndpoint.
“As attackers weaponize AI to accelerate reconnaissance, exploit development, and social engineering, security operations must function with the same speed and coordination. Fortinet is advancing a unified, AI-powered security operations platform that provides a scalable operating architecture across our defense framework, enabling organizations to build, extend, or optimize their SOC through a single architecture spanning self-managed, cloud, and managed deployments,” said Ken Xie, Chairman of the Board, and CEO at Fortinet.
Advancing security operations
Security teams must defend an expanding attack surface across endpoints, identity, cloud, email, and networks while facing skills shortages, alert overload, and fragmented tooling. The Fortinet Security Operations Platform unifies telemetry, analytics, threat intelligence, and response across the kill chain, reducing complexity and accelerating investigations without forcing operational rebuilds.
This release strengthens four core areas for organizations: SOC modernization, agentic AI execution, FortiGuard managed services, and simplified endpoint security.
FortiSOC and FortiAI: Unifying cloud SOC and advancing agentic operations
As security operations mature, tool sprawl and workflow fragmentation slow teams down.
Fortinet is previewing FortiSOC, a cloud-delivered offering that brings together the core capabilities of FortiAnalyzer, FortiSIEM, FortiSOAR, and FortiTIP into a single integrated service, while expanding FortiAI to introduce new agentic workflows across security operations.
FortiSOC supports log ingestion, normalization, correlation, automation, case management, behavioral analytics, and identity-focused investigations through a single console and a unified data model, integrating telemetry from Fortinet and third-party environments. Built-in SOC best practices, shaped by Fortinet’s own global SOC operations, are embedded alongside AI/ML and FortiAI capabilities to accelerate analysis and response. Simplified subscription licensing and elastic cloud scale helps streamline deployment, while future endpoint and continuous threat exposure management (CTEM) architectural expansions will be incorporated into the FortiSOC experience.
Fortinet is also expanding FortiAI across FortiAnalyzer, FortiSIEM, FortiSOAR, and FortiSOC to move beyond interactive copilots toward agentic execution that connects telemetry, tools, and response actions across the SOC. Enhancements include a dedicated agent that automates alert triage, investigation, threat hunting, and Model Context Protocol (MCP) support to maintain shared context and execution continuity across detection, investigation, and response workflows.
FortiGuard SOC-as-a-Service: Strengthening managed coverage
For organizations requiring continuous monitoring and escalation, Fortinet enhanced FortiGuard SOC-as-a-Service, extending the unified SOC architecture with Fortinet expertise and curated intelligence.
Enhancements include third-party log sources for multivendor monitoring, expanded Security Fabric integrations, FortiNDR telemetry to improve detection fidelity, and FortiCNAPP telemetry to extend cloud visibility, strengthening investigation confidence across hybrid environments.
FortiEndpoint: Simplifying endpoint security
Endpoints remain a primary attack vector and a source of operational complexity. Fortinet announced unified endpoint security enhancements though FortiEndpoint to consolidate multiple endpoint products, reduce agent sprawl, simplify licensing and management, and strengthen protection against emerging threats, including AI application misuse.
Enhancements include single-agent unification across ZTNA, SASE, EPP, EDR, and DLP, extending data protection without additional agents. Fortinet also introduced FortiAI-powered application visibility and control to detect and govern AI applications and their communications, reducing unsanctioned usage and data exposure risk. Enhanced EDR integration further streamlines management through a unified console and simplified licensing.
These innovations advance Fortinet’s SecOps platform by strengthening unified SOC modernization, previewing a transformative cloud SOC experience, expanding agentic AI, enhancing managed coverage, and simplifying endpoint security. The result is a single architecture that reduces operational complexity, accelerates investigations, and enables organizations to defend against AI-driven threats at scale.
