SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Fortinet introduces self-learning AI in latest offering
Fri, 27th May 2022
FYI, this story is more than a year old

Fortinet is introducing self-learning AI capabilities in its new network detection and response offering, FortiNDR.

The new offering uses machine learning and deep neural networks to more quickly recognise cyber attacks based on anomalies in network activity and limit exposure to threats.

"With the introduction of FortiNDR, we're adding robust network detection and response to the Fortinet Security Fabric," Fortinet products executive vice president and chief marketing officer John Maddison says.

"Powered by purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to thwart security incidents.

"Fortinet's full suite of detection and response offerings feature native integration for a coordinated response to empower security teams to move from a reactive to a proactive security posture."

Fortinet notes the advanced, persistent, more destructive and less predictable threat landscape security operations teams are confronted with, as well as an attack surface that continues to grow with hybrid IT frameworks and ongoing staff shortages because of the cybersecurity skills gap.

It adds that those using legacy security systems are faced with the additional difficulty of overwhelming and tedious manual alert triage that drags crucial resources away from high-priority tasks such as mitigating threats.

Fortinet says that the ever-changing nature of cybercrime means organisations must have robust security tools at their disposal.

By introducing FortiNDR, the company is offering full-lifecycle network protection, detecting, and response powered by AI to detect signs of sophisticated cyber attacks and offload intensive human analyst functions with a Virtual Security Analyst (VSA) and identify compromised users and agentless devices.

The platform's self-learning AI capabilities, machine learning and advanced analytics mean it can establish sophisticated baselines of a company's normal network activity to identify deviations that may indicate cyber attacks being carried out.

Further, profiling can be based on IP/Port, Protocol/Behaviour, Destination, Packet Size, Geography, or Device Type, meaning threats can be detected earlier, and organisations don't need to rely on generic threat feeds, which depend on the global awareness of threats or components to identify indications of compromise.

FortiNDR's VSA feature uses Deep Neural Networks and is designed to offload human security analysts by analysing code generated by malicious traffic and determining its spread.

The feature comes pre-trained with over 6 million malicious and safe features that can recognise IT and OT-based malware and classify it into threat categories.

These features are also able to accurately pinpoint the starting point of multi-variant malware and its lateral spread by analysing the complete malware movement.

VSA is also capable of recognising encrypted attacks, malicious web campaigns, weak cipher/protocols and classifying malware.

Fortinet acknowledges that personal, third party, IoT or OT devices are not able to have an endpoint detection and response agent installed to identify a breach and says its FortiNDR offering addresses this issue by providing a dedicated network sensor to analyse traffic originating from all devices.

FortiNDR also contains native integrations such as the Fortinet Security Fabric and API integrations with third-party offerings to minimise the impact of discovered threats with a coordinated response.

It also comes with common automations to make responses faster such as quarantining devices generating anomalous traffic, enforcing third party devices through an API framework and triggering an orchestrated process guided by SOAR.