Cisco Security and Fortinet

How Fortinet and Cisco Security work together

FortiManager provides automation-driven centralized management of Fortinet devices from a single console, enabling full administration and visibility of your network devices through streamlined provisioning and innovative automation tools. FortiManager dynamically collects updates from Cisco ISE with pxGrid and forwards them to FortiGate using the Fortinet Single Sign On (FSSO) protocol. This enables the use of session information collected by Cisco ISE to be leveraged in FortiOS security policies.

FortiSIEM is an advanced Security Information and Event Management (SIEM) solution that combines advanced log and traffic analysis with performance and availability monitoring, change analysis and accurate knowledge of the infrastructure to provide accurate threat detection, remediation, incident response and compliance reporting. FortiSIEM supports the Firepower Management Center's eStreamer API and collects security event data for analysis.

FortiSOAR helps CSIRTs to respond to cybersecurity incidents with its Incident Response, Vulnerability Threat Management, and Threat Intelligence platforms. FortiSOAR integration with Cisco Firepower facilitates automated interactions with Cisco Firepower using FortiSOARâ„¢ playbooks, to perform automated operations, such as retrieving a list currently blocked networks on a Firepower Network Group Object and blocking or unblocking an IP address on a Firepower Network Group Object.

In addition to offering integrations with the products linked to below, Fortinet also integrates with Meraki MX L7 Firewall, Meraki MX VPN Firewall and Cisco Spark.

Product Integrations

  • Cisco XDR: Cisco is building an integration with Fortinet FortiGate and Cisco XDR.
  • SecureX orchestration: Fortinet FortiGate workflows:
    • - Block URL, IP, or Domain
    • - Threat Containment
    • - Workflows
  • Secure Firewall:
    • - Fortinet's FortiSIEM is able to collect Firepower logs from the Firepower Management Center's (FMC) eStreamer API.
    • - FortiSOAR (formerly Cybersponse) collects event data from Firepower including Intrusion Events. FortiSOAR uses the data help in threat hunting and powering automated responses.
  • Umbrella: FortiSOAR (formerly Cybersponse) integrates with Cisco Umbrella and provides analysts with actions like Blocking/unblocking given URL, IP and domain on the Umbrella Enforcement platform.
  • Secure Malware Analytics: FortiSOAR (formerly Cybersponse) integration available with Secure Malware Analytics enables analysts to leverage actions like:
    • 1) Submitting a sample for detonation
    • 2) Fetching its status and report in detailed or summary formats
    • 3) Search reports for a given indicator or against a feed
    • 4) Get related IOC's associated with the sample
    • 5) Other actions that help in automating malware investigation and threat intelligence scenarios using CyOPs Playbooks.

Documentation: https://docs.fortinet.com/document/fortisoar/1.1.0/cisco-threat-grid/1/cisco-threat-grid-v1-1-0

  • Secure Endpoint: FortiSOAR (formerly Cybersponse) integrates with Cisco Security Endpoint and provides analysts with actions like:
    • 1) Retrieving endpoint information
    • 2) Hunting Indicators on Endpoints, searching events
    • 3) Managing file lists / managing groups / fetching policy details.
    • 4) Over 20 such dedicated actions for automating investigation and remediation scenarios through CyOPs Playbooks.

Other available Cisco Security Integrations

  • FortiSOARâ„¢ optimizes SOC team productivity by seamlessly integrating with over 300+ security platforms and 3000+ actions
  • Cisco Catalyst
  • Cisco Secure Email
  • Cisco Meraki Dashboard
  • Cisco Meraki MX L7 Firewall
  • Cisco Meraki MX VPN Firewall
  • Cisco Umbrella Investigate
  • Cisco Umbrella Enforcement
  • Cisco ISE
  • Cisco SMA
  • Cisco Spark
  • Cisco Secure Network Analytics (formerly Cisco Stealthwatch)

Useful links

Security Suites