Fortinet, a global leader in extensive, integrated, and automated cybersecurity solutions, announced June 7, 2022 FortiNDR, a new network detection and response offering that leverages powerful artificial intelligence (AI) and action-oriented analytics to enable faster incident detection and accelerated threat response.
SecOps teams must leverage AI to stay ahead of threats
Security operations teams face advanced and persistent cybercrime that is more destructive and less predictable than ever, an attack surface that continues to expand with hybrid IT architectures, and staffing shortages due to lack of cybersecurity skills. Those using legacy security solutions also face overwhelming and time-consuming manual alert triage that diverts significant resources from high-priority tasks such as threat mitigation. As cybercriminals become more sophisticated, so too must an organization’s security tools.
FortiNDR Accelerates Threat Detection with AI
With the introduction of FortiNDR, Fortinet provides AI-powered network lifecycle protection, detection, and response for:
Detect the signs of sophisticated cyberattacks: With self-learning AI, machine learning (ML) and advanced analytics capabilities, FortiNDR establishes sophisticated baselines of normal network activity for an organization and identifies deviations that may indicate ongoing online campaigns. Profiling can be based on IP/port, protocol/behaviour, destination, packet size, geography, device type, etc. Taken together, this means earlier detection, as organizations no longer need to rely on generic threat feeds, which rely on threats or components to become globally known to identify clues of compromise.
Read also | Fortinet fabric-ready technology alliance partner program surpasses 500 integrations
Offload intensive human analyst duties with a virtual security analyst: FortiNDR includes a Virtual Security Analyst (VSATM), which uses Deep Neural Networks – the next generation of AI, and is designed to offload human security analysts by analyzing the code generated by malicious traffic and determining its propagation. VSATM comes pre-trained with over six million malicious and safe features that can identify IT and OT based malware and categorize them into threat categories. These features can accurately identify patient zero and lateral spread of multi-variant malware by analyzing the entire malware movement. VSATM is also able to identify encrypted attacks, malicious web campaigns, weak ciphers/protocols and classify malware.
Identify compromised users and agentless devices: Not all devices in an organization (for example, personal, third-party, IoT, or OT devices) can have an Endpoint Detection and Response agent installed to detect a compromise. FortiNDR solves this problem by deploying a dedicated network sensor to analyze traffic from all devices.
Coordinated response with integration of the security structure
FortiNDR also offers native integrations with Fortinet Security Fabric as well as API integrations with third-party solutions for coordinated response to discovered threats to minimize their impact. Common automation to speed up response includes quarantining devices generating anomalous traffic, enforcing with third-party devices through an API framework, triggering an orchestrated process guided by SOAR, and more. As the industry’s most capable cybersecurity mesh platform, powered by FortiOS everywhere and a common management framework, Fortinet Security Fabric enables broad visibility, seamless integration and interoperability between critical security elements, as well as granular control and automation.
Fortinet’s Strong Portfolio of Detection and Response Solutions
Complete FortiNDR Fortinetexisting portfolio of detection and response solutions, including managed detection and response (MDR), endpoint detection and response (EDR) and extended detection and response (XDR).
Organizations looking to add detection and response capabilities to their traditional prevention-focused security controls can choose from:
FortiGuard MDR service: For small organizations with a single IT/security team (or large organizations looking to offload monitoring and alert triage from the frontline), managed detection and response (MDR) is a good option for adding security capabilities. security monitoring without needing the specialist expertise to perform it effectively. .
FortiEDR: For medium to large-scale organizations with dedicated (but small) security teams, endpoint detection and response (EDR) is a good option to add in-depth host-level scanning that is needed to identify signs of ransomware activity on the endpoint.
FortiNDR: For large organizations or robust security teams that have already implemented EDR, Network Detection and Response adds broader scans and anomaly detection across network segments or even the entire network. organization, insight into agentless device activity (whether IoT or unmanaged devices), and faster deployment. without impact on production systems.
FortiXDR: For organizations with multiple Fortinet security controls, Expanded Detection and Response adds curated detection scans, AI-powered alert investigation, and automatable incident response.
Read also | Fortinet Training Institute Accelerates Its Mission to Close the Cybersecurity Skills Gap
Vishak Raman, Vice President, Sales – India, SAARC and Southeast Asia, Fortinet, said, “With the introduction of FortiNDR, we are adding robust network detection and response to Fortinet Security Fabric. Powered by machine learning, deep learning, pragmatic analysis, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to thwart security incidents. Fortinet’s comprehensive suite of detection and response offerings includes native integration for coordinated response to enable security teams to move from a reactive to a proactive security posture.
“As a trusted security vendor, we’re excited to see Fortinet continue to deliver industry-leading technology as an integrated extension of what we’ve already deployed in our network. Adding AI for malware analysis in FortiNDR will give us a huge advantage in defending against cybercrime, and we are excited to extend this capability to our network business. This is the latest example of our ability to extract even more value from our initial investment in the Fortinet safety fabric,” said Carolina Masso S., CEO, Gamma Ingenieros, SAS.
John Grady, Principal Analyst, Cybersecurity at ESG, pointed out, “As enterprises struggle to coordinate threat detection and response across individual point products, the ability for them to leverage a full set of integrated SOC capabilities under one platform cybersecurity promises significant improvement in the effectiveness and efficiency of threat discovery and mitigation. Fortinet’s portfolio of detection and response products such as FortiNDR, FortiEDR, FortiXDR, and many more, all of which are integrated into one platform, should be considered for any organization looking to improve its detection and response function. security operations.