IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
Modern soc with ai cloud shield and hybrid endpoint protection
#
Firewalls
#
Endpoint Protection
#
Hybrid Cloud

Fortinet unveils AI-driven cloud SOC & endpoint revamp

Wed, 11th Mar 2026
Author image
By Sean Mitchell, Publisher

Fortinet has announced updates to its Security Operations platform, including a preview of a cloud-delivered security operations centre (SOC) service, additional agentic AI features, expanded managed detection and response coverage, and consolidated endpoint security under a unified FortiEndpoint offering.

Fortinet framed the releases as a response to growing operational pressure on security teams. Many organisations must manage a wider range of signals across endpoints, identity systems, cloud workloads, email, and networks, while also dealing with skills shortages and high alert volumes. Fragmented tools can slow investigations and response.

Fortinet's Security Operations platform aims to unify telemetry, analytics, threat intelligence, and response activities across multiple stages of an attack. It is built on the Fortinet Security Fabric architecture, which connects Fortinet products and third-party data sources through a shared framework.

The updates focus on four areas: SOC modernisation, agentic AI execution, FortiGuard managed services, and endpoint security simplification.

Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet, linked the company's product direction to the way attackers are using AI.

"As attackers weaponise AI to accelerate reconnaissance, exploit development, and social engineering, security operations must function with the same speed and coordination. Fortinet is advancing a unified, AI-powered security operations platform that provides a scalable operating architecture across our defence framework, enabling organisations to build, extend, or optimise their SOC through a single architecture spanning self-managed, cloud, and managed deployments."

Cloud SOC

The centrepiece is a preview of FortiSOC, a cloud-delivered offering designed to consolidate elements of Fortinet's SOC stack into a single service. Fortinet said FortiSOC brings together functions associated with FortiAnalyser, FortiSIEM, FortiSOAR, and FortiTIP.

FortiSOC includes log ingestion and normalisation, correlation, automation, case management, behavioural analytics, and identity-focused investigations. Fortinet said these functions run through a single console and a unified data model.

The service is designed to ingest telemetry from Fortinet products and third-party environments. Fortinet also said FortiSOC includes built-in SOC practices based on its internal operations, and incorporates AI and machine learning, alongside FortiAI functions, within analysis and response workflows.

Fortinet highlighted subscription licensing and elastic cloud scaling as part of the FortiSOC model, and pointed to planned expansions. These include endpoint-related additions and a continuous threat exposure management architecture, which it said will be integrated into the FortiSOC experience.

Agentic workflows

Alongside FortiSOC, Fortinet is expanding FortiAI across FortiAnalyser, FortiSIEM, FortiSOAR, and FortiSOC. The company described this as a move beyond interactive copilots towards agentic execution across SOC workflows.

Enhancements include a dedicated agent to automate alert triage, investigation, and threat hunting. Fortinet also highlighted support for Model Context Protocol, which it said maintains shared context and continuity across detection, investigation, and response tasks.

Managed services

Fortinet also outlined updates to FortiGuard SOC-as-a-Service, its managed service for organisations that want continuous monitoring and escalation. Fortinet said the service extends the same unified SOC architecture with Fortinet expertise and intelligence.

New elements include support for third-party log sources for multivendor monitoring and expanded Security Fabric integrations. Fortinet cited FortiNDR telemetry for improved detection and FortiCNAPP telemetry for cloud visibility across hybrid environments.

Endpoint consolidation

On the endpoint side, Fortinet announced changes under FortiEndpoint, consolidating multiple endpoint products into a unified approach. The aim is to reduce the number of agents deployed on devices and simplify licensing and management.

Fortinet said FortiEndpoint provides a single agent across ZTNA, SASE, endpoint protection, endpoint detection and response, and data loss prevention. It also introduced application visibility and control features using FortiAI. Fortinet said these controls can detect and govern AI applications and their communications, addressing risks tied to unsanctioned usage and data exposure.

Fortinet also described tighter integration with its EDR functions, intended to streamline management through a unified console and simplify licensing.

Fortinet said the combined changes strengthen its unified SOC approach, broaden AI-driven automation, extend managed monitoring coverage, and reduce endpoint tool sprawl. The company added that it will continue to develop FortiSOC and expand its architecture to include additional exposure management and endpoint-related elements.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment