SOCFortress Integrations — FortiMail
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Contact Us: https://www.socfortress.co/contact_form.html
Intro
SOCFortress integration and visualization tools allow security analysts the visualization and triage of FortiMail events and alerts using a single pane of glass.
About FortiMail
FortiMail is a secure email gateway solution developed by Fortinet, designed to provide comprehensive email security for organisations of all sizes.
It helps protect against various email-borne threats such as spam, phishing, malware, and advanced persistent threats (APTs).
FortiMail is particularly popular in environments that require high levels of security and compliance, such as financial institutions, healthcare, and government sectors.
It provides a multi-layered approach to email security, covering everything from spam filtering to advanced threat detection. Compared to other enterprise-level email security solutions, FortiMail is often seen as a cost-effective option, particularly for organisations already using Fortinet products.
Key Features of FortiMail:
- Anti-Spam & Anti-Malware: FortiMail offers advanced filtering to block unwanted email (spam) and detect malware before it reaches users’ inboxes. It uses multiple engines, including Fortinet’s own FortiGuard Labs for threat intelligence.
- Advanced Threat Protection (ATP): FortiMail integrates with FortiSandbox, providing real-time, behavioral-based threat detection. This allows for the detection of zero-day threats and more sophisticated attacks that traditional security measures might miss.
- Data Loss Prevention (DLP): FortiMail includes robust DLP features, allowing administrators to prevent sensitive information from being sent out unintentionally or maliciously. This is critical for maintaining regulatory compliance.
- Email Encryption: It offers email encryption capabilities, ensuring that sensitive information is secure during transmission. FortiMail can automatically encrypt emails based on predefined policies.
- Integration with Fortinet Security Fabric: FortiMail is part of the larger Fortinet Security Fabric, which allows for seamless integration with other Fortinet security products like FortiGate firewalls, FortiSandbox, and FortiAuthenticator.
- High Availability & Scalability: FortiMail can be deployed in a range of environments, from small businesses to large enterprises, and can scale accordingly. It supports high availability configurations to ensure continuous uptime.
- Deployment Modes: FortiMail can be deployed in multiple modes depending on the organisation’s needs:
— Gateway Mode: Sits in front of an existing mail server, filtering email traffic.
— Server Mode: Acts as a standalone mail server.
— Transparent Mode: Works in a stealth mode without requiring changes to the network configuration.
Deployment Options:
- Hardware Appliance: Available as a physical hardware appliance, suitable for on-premise deployment.
- Virtual Appliance: It can also be deployed as a virtual machine in on-premise data centers or on public/private clouds.
- Cloud-Based (SaaS): Fortinet offers FortiMail as a cloud-based service, providing email security without the need to manage hardware or virtual appliances.
Ingesting FortiMail Security Logs and Events
References:
- https://docs.trendmicro.com/en-us/documentation/article/trend-micro-web-security-online-help-cloud-syslog-forward
- https://docs.fortinet.com/document/fortimail/7.6.1/administration-guide/435158/about-fortimail-logging
FortiMail log types and subtypes:
FortiMail logs are grouped by type/category:
- History (statistics)
- System Event (kevent)
- Mail Event (event)
- Antispam (spam)
- Antivirus (virus)
- Encryption (encrypt)
Each type will also include a sub-category:
Visualizations
FortiMail in Landing Page:
Events by type, subtype and severity:
Spam Category — Events by FortiMail Log ID, spam classification and severity:
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Contact Us: https://www.socfortress.co/contact_form.html