Fortinet brings self-learning AI in new network detection & response offering

News Desk -

Share

Fortinet announced FortiNDR, a new network detection and response offering. This self-learning powerful artificial intelligence leverages pragmatic analytics, enabling faster incident detection and accelerated threat response.

John Maddison, EVP of Products and CMO at Fortinet said, “With the introduction of FortiNDR, we’re adding robust network detection and response to the Fortinet Security Fabric. Powered by purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to thwart security incidents. Fortinet’s full suite of detection and response offerings feature native integration for a coordinated response to empower security teams to move from a reactive to a proactive security posture.”

SecOps Teams Must Leverage AI to Stay Ahead of Threats

Advanced, persistent cybercrime that is more destructive and unpredictable than ever before, an attack surface that continues to expand with hybrid IT infrastructures, and chronic employee shortages owing to the cybersecurity skills gap confront security operations teams. Legacy security systems also face an onerous and time-consuming manual alert triage process that diverts resources away from higher-priority duties like threat mitigation. As cybercriminals get more clever, so must the security tools used by an enterprise.

FortiNDR Accelerates Threat Detection with Artificial Intelligence 

With the launch of FortiNDR, Fortinet now offers AI-powered full-lifecycle network security, detection, and response to:

  • Detect signs of sophisticated cyberattacks: FortiNDR builds sophisticated baselines of regular network activity for a company and finds abnormalities that may signal cyber campaigns in progress using self-learning AI capabilities, machine learning, and advanced analytics. IP/Port, Protocol/Behavior, Destination, Packet Size, Geography, Device Type, and other factors can all be used to profile a user. As a result, enterprises will be able to detect risks sooner, as they will no longer be reliant on generic threat feeds, which rely on threats or components becoming widely known in order to detect signs of compromise.
  • Offload intensive human analyst functions with a Virtual Security Analyst: FortiNDR contains a Virtual Security Analyst (VSATM) that uses Deep Neural Networks (the next generation of AI) to offload human security analysts by evaluating malicious traffic coding and determining its propagation. VSATM is pre-trained with over 6 million harmful and safe features that can detect and categorize IT and OT-based malware into threat categories. By assessing the complete virus movement, these features can precisely detect patient zero and the lateral spread of multi-variant infection. VSATM can also detect encrypted attacks, malicious online campaigns, weak cipher/protocols, and malware classification.
  • Identify compromised users and agentless devices: An endpoint detection and response agent cannot be deployed on all endpoints in an organization (for example, personal, third-party, IoT, or OT devices) to identify a compromise. FortiNDR solves this problem by deploying a dedicated network sensor that analyzes traffic from all devices.

Coordinated Response with Security Fabric Integration

FortiNDR also has native connections with the Fortinet Security Fabric, as well as API integrations with third-party solutions, allowing for a coordinated response to threats uncovered and a reduction in their impact. Quarantining devices that generate abnormal traffic, enforcing policies with third-party devices via an API framework, triggering an orchestrated process driven by SOAR, and other automation are common.

The Fortinet Security Fabric provides comprehensive visibility, seamless integration and interoperability between important security pieces, and granular control and automation as the industry’s finest performing cybersecurity mesh platform powered by FortiOS everywhere and common management architecture.

Fortinet’s Robust Portfolio of Detection and Response Solutions

Fortinet’s existing detection and response portfolio, which includes managed detection and response (MDR), endpoint detection and response (EDR), and extended detection and response (XDR) solutions, is rounded out with FortiNDR.

The following options are available to organizations wishing to add detection and response capabilities to their typical prevention-oriented security controls:

  • FortiGuard MDR Service: Managed detection and response (MDR) is a viable choice for smaller firms with a single IT/security team (or bigger organizations wishing to offload first line alert monitoring and triage), as it adds security monitoring capabilities without requiring specialist skills.
  • FortiEDR: Endpoint detection and response (EDR) is a suitable solution for mid-size to mainstream enterprises with dedicated (but small) security teams to add comprehensive, host-level analysis that is required to identify the symptoms of ransomware activity on the endpoint.
  • FortiNDR: For larger organizations or security teams that have already implemented EDR, network detection and response adds broader analytics and anomaly detection across network segments or even the entire organization, visibility into activity from devices without agents (whether IoT or unmanaged devices), and faster deployment with no impact on production systems.
  • FortiXDR: Extended detection and response provides curated detection analytics, AI-powered alert investigation, and automatable incident response for companies with numerous Fortinet security controls.