Fortinet is introducing machine learning AI capabilities in its new network discovery and response offering, FortiNDR.
The new offering uses machine learning and deep neural networks to recognize cyberattacks based on anomalies in network activity and limit exposure to threats.
“With the introduction of FortiNDR, we are adding robust network discovery and response to the Fortinet Security Fabric,” said John Maddison, executive vice president and chief marketing officer of Fortinet products.
“Powered by purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to prevent security incidents.
“Fortinet’s full suite of detection and response offerings include native integration for a coordinated response to enable security teams to move from a reactive to a proactive security posture.”
Fortinet notes the sophisticated, persistent, destructive, and less predictable threat landscape facing security operations teams and an attack surface that continues to grow with hybrid IT frameworks and ongoing staff shortages due to the lack of cybersecurity skills.
It adds that those using legacy security systems face the added difficulty of overwhelming and tedious manual triage of alerts, dragging critical resources away from high-priority tasks like mitigating threats.
Fortinet says the ever-changing nature of cybercrime means organizations must have robust security tools.
By introducing FortiNDR, the company provides full network protection, detection, and response powered by AI to detect signs of advanced cyberattacks, offload intensive human analyst functions with a Virtual Security Analyst (VSA), and identify compromised users and agentless devices.
The platform’s machine learning capabilities, machine learning, and advanced analytics mean it can establish state-of-the-art baselines of a company’s normal network activity to identify anomalies that could indicate cyber-attacks are underway.
Furthermore, profiling can be based on IP/Port, Protocol/Behaviour, Destination, Packet Size, Geography, or Device Type, meaning that threats can be detected earlier, and organizations do not rely on generic threat feeds, which depend on global awareness of dangers or components to identify indications of compromise.
FortiNDR’s VSA feature leverages Deep Neural Networks and is designed to offload human security analysts by analyzing code generated by malicious traffic and determining its distribution.
The feature is pre-trained with over 6 million malicious and secure features that can identify and classify IT and OT-based malware into threat categories.
These functions can also accurately determine the entry point of multi-variant malware and its lateral spread by analyzing the entire malware movement.
VSA can also classify encrypted attacks, malicious web campaigns, weak encryption/protocols, and malware.
Fortinet recognizes that personal, third-party, IoT, or OT devices cannot have an endpoint detection and response agent to identify a breach. The FortiNDR offering addresses this issue by providing a dedicated network sensor to detect traffic from analyzing all devices.
FortiNDR also includes native integrations such as the Fortinet Security Fabric and API integrations with third-party offerings to minimize the impact of discovered threats with a coordinated response.
It also comes with common automations to respond more quickly, such as quarantining devices that generate anomalous traffic, enforcing third-party devices through an API framework, and triggering an orchestrated process led by SOAR.
