The integration of Arcanna.ai’s AI-driven decision-making platform with Fortinet FortiSOAR and FortiSIEM enhances cybersecurity teams' efficiency, accuracy and consistency by automating incident management and streamlining threat response processes. Arcanna.ai’s machine learning models augment FortiSOAR’s robust security orchestration and automation capabilities, allowing security teams to:

• Reduce alert fatigue by automatically filtering and prioritizing security alerts.
• Automate complex decision-making, enabling faster and more accurate incident responses.
• Scale cybersecurity operations effectively by emulating the decisions of your best analysts, improving response times, and simplifying complex threat management processes.

Together, this integration empowers organizations with a comprehensive, automated approach to managing evolving cyber threats, enhancing both security posture and operational efficiency.

‍

 Solution Components

Arcanna.ai offers AI-driven solutions for cybersecurity incident management, integrating advanced machine learning and automation to enhance threat detection and response. Key components include real-time threat analysis, incident prioritization, and decision support systems that reduce alert fatigue and streamline operations. By augmenting human expertise, Arcanna.ai enables organizations to effectively manage complex cyber threats, improve operational efficiency, and ensure faster, more informed decision-making in the cybersecurity landscape

‍

FortiSIEM Architecture and Data Flow:

Arcanna.ai integrates directly with FortiSIEM by ingesting incident data generated by the SIEM's monitoring of diverse security events and data sources across the environment. The architecture is designed to leverage FortiSIEM’s robust data collection and correlation capabilities, feeding this enriched data into Arcanna.ai’s decision intelligence platform.

1. Data Ingestion: FortiSIEM gathers and correlates security events from multiple sources, creating incidents and alerts based on predefined rules.
2. Decision Intelligence Integration: Arcanna.ai ingests these incidents via a direct API connection, applying AI models to provide a decision by analyzing the context, relevance, and priority of each alert.
3. Feedback Loop: Once incidents are resolved, feedback can be collected and provided to Arcanna.ai by security analysts. This feedback is then used to retrain and refine the AI models, improving decision-making accuracy over time. This process helps reduce false positives and enhances the system's ability to handle future incidents more effectively.

Output: Arcanna.ai will deliver decisions on all alerts, similar to an L1-L2 security analyst (whether an alert requires further action or can be safely ignored), updating FortiSIEM with these conclusions in real-time. This integration reduces manual intervention and accelerates response times.

‍

FortiSOAR Architecture and Data Flow:

The integration between Arcanna.ai and FortiSOAR enhances automation and decision-making capabilities in orchestrated security operations.

1. Incident Enrichment: FortiSOAR creates and enriches security incidents through automated playbooks, adding valuable context and data before sending it to Arcanna.ai.
2. AI Decision Integration: At any point within the SOAR playbook, Arcanna.ai’s AI models can be called upon to augment decision-making by providing recommendations on incidents, such as classifying severity, suggesting remediation actions, or advising on escalation.
3. Feedback Mechanism: When the incident is closed, FortiSOAR automatically sends the outcome back to Arcanna.ai, reinforcing the decision models with new data. This ensures that Arcanna.ai continually improves its accuracy and relevance for future incidents.

Playbook Optimization: With Arcanna.ai embedded in FortiSOAR’s automation workflows, its recommendations can trigger actions such as containment, remediation, or escalation, helping to resolve incidents swiftly. These AI-augmented decisions support analysts in responding more efficiently and accurately within the existing playbooks, streamlining workflows while maintaining human oversight.

‍