IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Modern soc with analysts monitors network graphs threat alerts
#
Firewalls
#
Endpoint Protection
#
Hybrid Cloud

Fortinet unveils AI-driven FortiSOC for unified SOC ops

Wed, 11th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Fortinet has announced updates to its Security Operations platform, including a preview of FortiSOC, a cloud-delivered SOC service; broader use of agentic AI workflows across its tools; changes to its managed detection and response offering; and a consolidation of endpoint security under FortiEndpoint.

Fortinet tied the release to a rise in AI-driven threats and growing operational pressure on security teams. It also positioned the updates within its Security Fabric architecture, which connects products across networking and security.

Ken Xie, Fortinet's founder, chairman, and CEO, said attackers are using AI to speed up the pace of attacks.

"As attackers weaponize AI to accelerate reconnaissance, exploit development, and social engineering, security operations must function with the same speed and coordination," said Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet.

Unified SOC

FortiSOC is a cloud-delivered service Fortinet described as an integrated SOC offering. It combines capabilities associated with FortiAnalyser, FortiSIEM, FortiSOAR, and FortiTIP, aiming to deliver a single service instead of separate products deployed and managed individually.

FortiSOC includes log ingestion, normalisation, and correlation, as well as automation, case management, behavioural analytics, and identity-focused investigations. It uses a single console and unified data model, and is designed to ingest telemetry from Fortinet products and third-party environments.

Fortinet said the service incorporates SOC best practices from its internal operations, along with AI and machine learning features and links to FortiAI for analysis and response workflows.

Subscription licensing and elastic cloud scaling are also part of the offering. Fortinet said FortiSOC will later expand to cover endpoints and add continuous threat exposure management.

Agentic workflows

Fortinet is extending FortiAI across FortiAnalyser, FortiSIEM, FortiSOAR, and FortiSOC. It described the move as a shift from interactive copilots to agentic execution across detection and response workflows.

The update includes a dedicated agent for alert triage, investigation, and threat hunting. Fortinet also referenced support for the Model Context Protocol, which it said maintains shared context and execution continuity across SOC workflows.

Xie said the company is working toward a unified operating model across different SOC deployment approaches.

"Fortinet is advancing a unified, AI-powered security operations platform that provides a scalable operating architecture across our defense framework, enabling organizations to build, extend, or optimize their SOC through a single architecture spanning self-managed, cloud, and managed deployments," said Xie.

Managed coverage

Alongside the FortiSOC preview, Fortinet said it has enhanced FortiGuard SOC-as-a-Service for organisations that want continuous monitoring and escalation through a managed service model.

Updates include support for third-party log sources, adding multivendor monitoring, and expanded Security Fabric integrations.

Fortinet said the managed service now includes FortiNDR telemetry to improve detection fidelity and FortiCNAPP telemetry to extend cloud visibility. It positioned the changes for hybrid environments that mix on-premises and cloud infrastructure.

Endpoint consolidation

Fortinet also announced endpoint security changes under the FortiEndpoint name, describing the effort as a unification of multiple endpoint products with fewer agents, simpler licensing, and centralised management.

Fortinet said the approach centres on a single agent covering ZTNA, SASE, endpoint protection, endpoint detection and response, and data loss prevention, extending data protection without additional agents.

It also introduced FortiAI-powered application visibility and control for AI applications and their communications. Fortinet positioned this around detecting and governing AI application use, with an emphasis on limiting unsanctioned usage and reducing data exposure risk.

Fortinet said it has improved EDR integration and aims to streamline management through a unified console with simplified licensing.

The updates come amid a broader industry push to consolidate security operations as organisations look to reduce the number of consoles and duplicated telemetry. Fortinet's announcement reflects an effort to align SOC tooling, managed services, and endpoint controls under a common architecture and data model.

Fortinet also said its roadmap includes further expansion of FortiSOC, including future endpoint and continuous threat exposure management capabilities within the same cloud-delivered service.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment