Fortinet announced FortiNDR, a new network detection and response offering that leverages powerful artificial intelligence and pragmatic analytics to enable faster incident detection and response to threats.
“With the introduction of FortiNDR, we are adding robust network discovery and response to the Fortinet Security Fabric,” said John Maddison, EVP of products and CMO at Fortinet.
“Powered by purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to prevent security incidents. Fortinet’s full detection and response offering includes native integration for a coordinated response to empower security teams to move from a reactive to a proactive security stance,” he says.
SecOps teams must use AI to stay ahead of threats.
According to Fortinet, security operations teams face sophisticated, ongoing cybercrime that is more destructive and less predictable than ever, an attack surface that continues to expand with hybrid IT architectures, and persistent staff shortages due to the cybersecurity skills gap.
Those who use legacy security solutions are also challenged with overwhelming and tedious manual alert triage that takes important resources away from high-priority tasks like mitigating threats. As cybercriminals become more sophisticated, so must an organization’s security tools.
FortiNDR accelerates threat detection with artificial intelligence
With the introduction of FortiNDR, Fortinet delivers complete network protection, discovery, and response powered by AI to:
Detecting Signs of Advanced Cyberattacks With AI machine learning capabilities, machine learning, and advanced analytics, FortiNDR establishes state-of-the-art baselines of normal network activity for an organization and identifies anomalies that could indicate ongoing cyber campaigns. Profiling can be based on IP/Port, Protocol/Behaviour, Destination, Packet Size, Geography, Device Type, and more. This means earlier detection, as organizations no longer have to rely on generic threat feeds, which rely on threats or components to become known worldwide to identify indications of compromise.
Offload intensive human analyst functions with a Virtual Security Analyst FortiNDR includes a Virtual Security Analyst (VSATM), which leverages Deep Neural Networks, the next generation of AI, and is designed to offload human security analysts by analyzing code generated by malicious traffic and the spread. VSATM is pre-trained with over 6 million negative and secure features to identify and classify IT and OT-based malware into threat categories. These features can pinpoint patient nil and the lateral spread of multivariant malware by analyzing the entire malware movement. VSATM can also classify encrypted attacks, malicious web campaigns, weak encryption/protocols, and malware.
Identify compromised users and agentless devices. Not all an organization’s devices (personal devices, third-party devices, IoT, or OT) can have an endpoint detection and response agent installed to detect a compromise. FortiNDR solves this by deploying a special network sensor to analyze traffic from all devices.
Coordinated Response with Security Fabric Integration
FortiNDR also offers native integrations with the Fortinet Security Fabric and API integrations with third-party solutions for a coordinated response to discovered threats to minimize their impact. Common automations to accelerate response include quarantining devices that generate anomalous traffic, enforcement with third-party devices through an API framework, triggering an orchestrated process led by SOAR, and more.
As the highest-performing cybersecurity mesh platform anywhere powered by FortiOS and a common management framework, the Fortinet Security Fabric enables broad visibility, seamless integration, and interoperability between critical security elements and granular control and automation.
Fortinet’s robust portfolio of detection and response solutions
FortiNDR rounds out Fortinet’s existing portfolio of detection and response solutions, including managed detection and response (MDR), endpoint detection and response (EDR), and comprehensive detection and response (XDR) solutions.
Organizations looking to add detection and response capabilities to their traditional prevention-focused security measures can choose from the:
FortiGuard MDR Service For smaller organizations with a single IT/security team (or larger organizations looking to offload frontline alert monitoring and triage), Managed Discovery and Response (MDR) is a great option to add security monitoring capabilities without needing the specialized expertise. have to perform it effectively.
FortiEDR For medium to mainstream organizations with dedicated (but small) security teams, Endpoint Detection and Response (EDR) is a great option to add in-depth host-level analytics needed to identify the signs of ransomware activity on the endpoint.
FortiNDR For larger organizations or strong security teams that have already implemented EDR, network discovery and response adds broader analytics and anomaly detection across network segments or even the entire organization, visibility into agentless device activity (be it IoT or unmanaged devices), and faster implementation without impact on production systems.
FortiXDR For organizations with multiple Fortinet security controls, comprehensive detection and response adds curated detection analytics, AI-powered alert investigation, and automated incident response.