Business & Technology

FortiNDR: Adding AI-Powered Network Detection and Response to Your Security Fabric

By David Finger | May 24, 2022

Today we are pleased to announce the availability of FortiNDR which, as the name reflects, adds robust network detection and response (NDR) to the Fortinet Security Fabric. Specifically, it provides purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities to detect anomalous network activity that may indicate a security incident in progress.

Like everything else in our digital world, advanced persistent cybercrime continues to evolve. Today, it is faster, more destructive, and able to exploit vulnerabilities anywhere across the expanding attack surface. Many SecOps teams are trying to fight back using legacy point security solutions with separate management consoles and reporting systems to manually identify and respond to threats. And they are trying to do this as their organization doubles down on digital acceleration efforts that expand the scale and complexity of their hybrid IT architecture, all during a global cybersecurity skills shortage.

These cybersecurity professionals are experiencing a challenge being felt in organizations worldwide. Technological advances are transforming networks, enabling employees and customers to access any data or application using any device from any location. These advances have transformed today’s global marketplace and fueled a transition to a digital economy. However, that evolution has not been met with the same level of innovation by today’s security vendors, leading the World Economic Forum to declare that cybersecurity failure is among the greatest threats facing humanity within the next 10 years.

The simple fact is, as networks continue to evolve and cybercriminals become more sophisticated, so too must an organization’s security tools.

Using Self-learning AI Capabilities to Accelerate Threat Detection With New FortiNDR

With three times more security and networking patents than any other cybersecurity vendor, Fortinet is committed to delivering solutions that leverage the latest technological advances, including AI and ML, to keep organizations ahead of the evolving threat landscape. FortiNDR is the latest outcome of this commitment, helping SecOps teams shift from being reactive to being proactive by delivering the following features:

  • Detects signs of sophisticated cyberattacks utilizing advanced analytics and ML: With its self-learning AI capabilities, FortiNDR establishes sophisticated baselines of normal network activity for an organization and then identifies deviations that may indicate that a cyber campaign is in progress. This means earlier detection as organizations no longer need to rely on generic threat feeds that depend on threats or components becoming globally known before identifying indications of compromise.  
  • Utilizes both artificial intelligence and pragmatic analytics to identify threats: FortiNDR delivers pre-trained neural networks and ML-based on-premises traffic profiling to identify threats. Its advanced detection system provides sub-second malware classification and advanced analytics to identify high-risk network activity, such as the use of weak ciphers or communications with compromised IPs that may indicate an active intrusion. Its unique cloud-plus-on-premises AI approach combines the power of cloud computing with customization for each specific organization.
  • Offload intensive human analyst functions with a Virtual Security Analyst: FortiNDR includes a Virtual Security Analyst (VSATM) designed to offload human security analysts. It employs a deep neural network (the next generation of AI) to analyze code generated by malicious traffic and determine its spread. VSA can also identify encrypted attacks, malicious web campaigns, weak ciphers and protocols, and classify malware. From outbreak search to tracing the source of infections, FortiNDR frees up expert cybersecurity professionals to focus on higher-order tasks, providing much needed relief given today’s cybersecurity skills shortage.
  • Identify compromised users and agentless devices: One of the most challenging tasks is detecting a compromise in the numerous devices on the network that cannot support an endpoint detection and response agent. FortiNDR addresses this challenge by deploying a dedicated network sensor to analyze traffic originating from all devices, including personal, third-party, Internet-of-Things (IoT), and operational technology (OT) devices.
  • Strong integration with the Security Fabric and Fabric Partners: FortiNDR is built to natively leverage Fortinet Security Fabric solutions. For example, it can work with FortiOS for inline blocking of previously unknown cyberattacks and use FortiNAC and FortiSwitch to quarantine at layer2 to contain threats in the event of a network breach. SecOps teams can also leverage FortiNDR APIs to integrate seamlessly with the hundreds of certified Fortinet Fabric Partners.

Implementing Fortinet’s Advanced Detection and Response Across Your Organization

As ransomware and other cyber risks continue to grow, most organizations are looking to add dynamic detection and response capabilities to their traditional prevention-oriented security controls. There are numerous solutions within this category.

  • FortiEDR for Endpoint Detection and Response: Many organizations are replacing their traditional endpoint security with advanced EDR technology that provides deep, host-level analysis to identify the signs of infection, including the presence of ransomware, on the endpoint.
  • FortiResponder MDR for Managed Detection and Response: Smaller organizations, or teams looking to offload the heavy lift of first-line alert monitoring and triage, are adding MDR to add detection capabilities without needing a specialized SecOps team to run it effectively. 
  • FortiNDR for Network Detection and Response: Organizations with a seasoned cybersecurity staff are adding NDR to enable broader analytics and anomaly detection across segments of the network or the entire organization and provide a macro-level view of activity. It also provides insight into activity from devices without agents, such as IoT or unmanaged devices. And it supports faster deployment with zero impact to production systems
  • FortiXDR for eXtended Detection and Response: Organizations with multiple Fortinet security controls can implement FortiXDR to add curated detection analytics, AI-powered alert investigation, and automatable incident response.

Fortinet Enhances Your Detection and Response Strategy

Because Fortinet’s detection and response solutions suite is part of the Security Fabric, they fully interoperate with Fortinet’s networking, security, and third-party partner products. That means advanced threat correlation, centralized management and orchestration, and coordinated response to any threat anywhere across your distributed network, from the campus and data center to the cloud, branch and home offices, and mobile users and devices. 

As the world’s number one network security vendor based on devices shipped, our insight into cybercriminal activity on the network is unmatched and we encourage you to learn more or to test FortiNDR out for yourself. 

Visit the FortiNDR page for everything you need to know about network detection and response from Fortinet.