Alert/Alarm - Investigation/Intelligence

Proactively watching over your environment, always searching for threats

Your organization might not know it’s under attack until it’s too late. The faster you can identify a bad actor inside your environment, the faster you can mount a defense and ensure your critical assets remain secure and intact. Failure to detect a breach quickly enough could otherwise result in any number of nightmare scenarios, including ransomware, the publication of your sensitive data, the deletion of your backups, and/or the shutdown of critical services. Sentinel’s managed security brand Fortis offers a number of innovative solutions designed to advance your protection by monitoring your environment, sounding the alarm at the first sign of trouble, and investigating threats so you know where they came from and how they got in.

Security Operations Center (SOC)

Many IT providers claim their SOC solutions are comprehensive, but ultimately fall short in several critical areas. Fortis by Sentinel’s 24x7x365 ActiveDefenseTM SOC monitoring stands apart as a superior choice, creating a genuine security partnership with your organization supported by our dedicated team that prioritizes transparency, customization, and customer satisfaction.

SOC as a Partnership

Fortis by Sentinel goes beyond the traditional SOC as a Service offering; we function as a dedicated security partner committed to providing customized solutions for each customer. This means we work closely with your organization to identify security gaps and craft tailored recommendations and strategies to address them.


Unlike some of our competitors' closed systems, Fortis ActiveDefense™ gives you complete visibility into our backend. As a dedicated tenant, you see what our analysts see, including all tickets. This gives you a holistic view of everything our SOC team is working on.


Fortis by Sentinel ActiveDefense™ takes an agnostic approach to log sources, allowing for choice in what tools and technologies are used. We consider the industry, size, and security posture of your organization when developing a custom solution that delivers the necessary level of protection while also being cost-effective and efficient.


Fortis ActiveDefense™ develops items like dashboards, filters, and workflows to align with your organization’s specific, evolving security architecture. This ensures you get a solution fully customized and optimized to your business needs and goals.


Fortis by Sentinel operates as your partner, not simply a SOC service provider. Our team explains every recommendation we make, so you understand the details and reasoning. If you have questions or need further clarification, we'll walk you through each piece. 

SOC & NOC: Better Together

When combined with Fortis ActiveDefense™, Sentinel's NOC services deliver the enhanced experience of a complete detection-to-response lifecycle. For example, if an investigation recommends adding or changing a firewall rule and that firewall is managed by the Sentinel NOC, our SOC analyst would use the established playbook to open a ticket directly to the 24x7x365 NOC to make the change.
When it comes to SOC services, Fortis by Sentinel’s ActiveDefense™ SOC monitoring gives your organization the opportunity to advance its protection with a commitment to transparency, customization, and customer satisfaction other SOC providers are unable or unwilling to offer.

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) provides advanced threat detection, analysis, monitoring, incident management, and visibility into your systems, network, and applications. SIEM is delivered through the cloud and adheres to strict multi-tenancy best security practices as well as regular third-party audits to ensure optimal performance.

Using our SIEM in conjunction with Fortis Threat Exchange (FTE), Fortis by Sentinel analysts are able to hunt, alert, notify, investigate, and remediate security threats very rapidly, ensuring your organization can respond as quickly as possible to protect their most critical digital assets.

SIEM data is dynamically updated to include up-to-the-minute threats along with custom correlation algorithms that capture and interpret security data across the environment.

Fortis Threat Exchange (FTE)

Fortis Threat Exchange (FTE) is included with our Security as a Service (SECaaS) offering, and functions as an additional layer of security integration and automation based around intelligence trends gathered from our security customers. FTE is always learning. The more customers we have using our SECaaS, the more visibility and insight we are able to incorporate into FTE. When combined with the Fortis intrusion detection sensor (IDS), it delivers heightened visibility, multiple points of detection, and additional capabilities beyond what most security offerings can provide. Additional IT infrastructure, cloud, and data sources are regularly added to the extensive list of supported plug-ins.


Investigation and analysis play essential roles in cybersecurity. They provide context, visibility, and evidence related to an attack against your organization, so you can understand how an intruder gained access to your environment, their actions once inside, and steps that can be taken to prevent such incidents from happening again.

Fortis by Sentinel’s highly certified forensics experts closely follow best practices to conduct a thorough investigation aimed at preserving evidence and providing your organization with all the ammunition required to neutralize threats.

  • We identify any indicators of compromise, along with the location of systems, applications, devices, and data that may have been affected.
  • We collect all information and evidence relevant to the investigation or incident (forensic imaging, event logs, network traffic, system information) and ensure it is securely stored for future use as needed by incident responders, IT/security departments, human resources, and legal teams.
  • We analyze the evidence collected to help determine the likely cause and source of an attack, as well as assemble a timeline to show the progression of events.
  • We provide a report to your organization detailing our findings, including recommendations on ways to optimize your security operations and lower risk for the future.