Fortinet recently announced FortiNDR, a new network detection and response offering that leverages powerful artificial intelligence and pragmatic analytics to enable faster incident detection and an accelerated threat response.
Vishak Raman, Vice President of Sales, India, SAARC & Southeast Asia at Fortinet, said, “With the introduction of FortiNDR, we’re adding robust network detection and response to the Fortinet Security Fabric. Powered by purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to thwart security incidents. Fortinet’s full suite of detection and response offerings feature native integration for a coordinated response to empower security teams to move from a reactive to a proactive security posture.”
SecOps Teams Must Leverage AI to Stay Ahead of Threats
Security operations teams are faced with advanced, persistent cybercrime that is more destructive and less predictable than ever before, an attack surface that continues to expand with hybrid IT architectures, and ongoing staff shortages due to the cybersecurity skills gap. Those using legacy security solutions are also challenged with overwhelming and tedious manual alert triage that pulls important resources away from high-priority tasks such as mitigating threats. As cybercriminals become more sophisticated, so too must an organization’s security tools.
FortiNDR Accelerates Threat Detection with Artificial Intelligence
With the introduction of FortiNDR, Fortinet is delivering full-lifecycle network protection, detection, and response powered by AI to:
- Detect signs of sophisticated cyberattacks: With self-learning AI capabilities, machine learning, and advanced analytics, FortiNDR establishes sophisticated baselines of normal network activity for an organization and identifies deviations that may indicate cyber campaigns in progress. Profiling can be based on IP/Port, Protocol/Behavior, Destination, Packet Size, Geography, Device Type and more. Taken together, this means earlier detection as organizations no longer need to rely on generic threat feeds, which depend on threats or components to become globally known in order to identify indications of compromise.
- Offload intensive human analyst functions with a Virtual Security Analyst: FortiNDR includes a Virtual Security Analyst (VSATM), which employs Deep Neural Networks – the next-generation of AI, and is designed to offload human security analysts by analyzing code generated by malicious traffic and determine its spread. VSATM comes pre-trained with more than 6 million malicious and safe features that can identify IT- and OT-based malware and classify it into threat categories. These features can accurately pinpoint patient zero and the lateral spread of multi-variant malware by analyzing the entire malware movement. VSATM is also capable of identifying encrypted attacks, malicious web campaigns, weak cipher/protocols and classifying malware.
- Identify compromised users and agentless devices: Not all devices in an organization (for example, personal, third party, IoT, or OT devices) can have an endpoint detection and response agent installed to detect a compromise. FortiNDR addresses this by deploying a dedicated network sensor to analyze traffic originating from all devices.
Coordinated Response with Security Fabric Integration
FortiNDR also features native integrations with the Fortinet Security Fabric as well as API integrations with third-party solutions for a coordinated response to discovered threats to minimize their impact. Common automations to speed response include quarantining devices generating anomalous traffic, enforcement with third party devices via an API framework, triggering an orchestrated process guided by SOAR, and more.
As the industry’s highest performing cybersecurity mesh platform powered by FortiOS everywhere and a common management framework, the Fortinet Security Fabric enables broad visibility, seamless integration and interoperability between critical security elements, and granular control and automation.