Network Detection and Response

Fortinet NDR identifies cybersecurity incidents in progress based on anomalous network activity to reduce the risk and impact of cyber threats

Watch the Overview Video

Overview

Network Detection and Response (NDR) uses artificial intelligence and other analytics to identify suspicious network activity outside of the norm, which may be an indicator of a cyber attack in progress. FortiNDR enables full-lifecycle network protection, detection, and response. It covers both network traffic and file-based analysis, along with root-cause identification. New threats can be identified by FortiNDR so you can instantly adapt threat containment and protection to new attacks.

Artificial intelligence in action
In addition to dynamically profiling an organization’s network activity, FortiNDR also conducts file-based analysis. It comes pre-trained with more than 6+ million malicious and safe features that can identify IT- and OT-based malware and classify it into threat categories. These features can also accurately pinpoint patient zero and lateral spread of multi-variant malware by analyzing the entire malware movement.

Virtual security analyst
FortiNDR includes a virtual security analyst capability (formerly known as FortiAI) that can operate in unsupervised mode, helping lean SecOps teams fully analyze and investigate new threats within the shortest period of time. Because of our deep neural network’s innate ability to self-learn, it continuously adapts to the evolving cyber-threat landscape including AI-powered cyberattacks.

Machine Learning Across the Digital Attack Surface

A visual exploration of the digital attack surface, and how AI-SecOps within the Fortinet Security Fabric protects the entire network through an integrated set of security products, many of which include machine learning inspection points

Veja Agora

FortiNDR is offered as an on-premises hardware appliance designed for deployment at data centers and campuses.

Saiba mais:

FortiNDR 3500F

Form Factor	2 RU
Portas	2 x 10GE (RJ45), 1 xGE (RJ45)
NDR Throughput	5Gbps
Malware Analysis Throughput	100,000 files/hour with sub-second verdict

The virtual appliance of FortiNDR can be deployed on VMware and KVM platforms.

FortiNDR-VM16

vCPU	16 cores
NDR Throughput	Hypervisor hardware dependent
Malware Analysis Throughput	14,000 files/hr
Memory (Minimum/Recommended)	128GB/256GB

FortiNDR-VM32

vCPU	32 cores
NDR Throughput	Hypervisor hardware dependent
Malware Analysis Throughput	22,000 files/hr
Memory (Minimum/Recommended)	128GB/256GB

Saiba mais:

Estudos de caso

Gamma Ingenieros

Empresa de serviços de tecnologia consolida seu negócio com SOC da Fortinet

FortiNDR utilizes both local and cloud network intelligence for updates to threat detection. NDR updates such as encrypted hashes, outbreak intelligence, IP reputations, are coupled with local and cloud ML to assist with detection.

FortiGuard Security Services

FortiGuard Labs delivers timely, global intelligence combined with fast decision-making and response across all critical vectors. This enables near-real time, AI-driven protection across the Fortinet Security Fabric.

FortiNDR Service

FortiCare Technical Support and Services

FortiCare provides 24x7 support options to help keep your Fortinet deployment up and running smoothly. We also have services such as our Premium RMA options with 4-hour replacements, to make sure you’re covered in case of an extreme event.

24x7 Support

FortiNDR Use Cases

FortiNDR detects threats where traditional security solutions fail, by using ML and AI, combined with FortiGuard updates.

NETWORK ANOMALY DETECTION

Lets users input any false positive to make an accurate model over time using machine learning to traffic profile and features.

WEAK CIPHER AND VULNERABLE PROTOCOL DETECTION

Identifies the weak links in the network where communications between devices are using weaker ciphers or even vulnerable protocols prone to network attacks. This includes both north-south and east-west traffic.

ML TRAFFIC PROFILING

Uses state-of-the-art ML algorithm for profiling network traffic, baselining, and detecting anomalies.

ENCRYPTED ATTACK DETECTION

Detects encrypted attacks with JA3 detection.

MALICIOUS WEB CAMPAIGNS

Detects phishing and malicious URLs visited from users and identifies campaign name, such as ransomware, Solarwind and Log4j.

NETWORK ATTACK AND BOTNET DETECTION

Detects intrusions between north-south and east-west traffic, including IP and DNS-based botnet attacks across the network.

Features and Benefits

FASTER INCIDENT DETECTION

Baselines network behavior, detects anomalous activity, validates incidents, and contains cyber actors

ACCELERATED THREAT RESPONSE

Sub-second malware classification and inline blocking of zero-day malware with MITRE ATT&CK investigation results

PROVEN AI

ML-based traffic profiling with mature deep learning model leveraged since 2012 comes pre-trained with 6+ million malware detection features for file based analysis

THREAT MITIGATION

Integrates with third party via API or Fortinet security products upon detection to contain threats

OPEN PLATFORM APPROACH

Security Fabric integration across the Fortinet portfolio, and third-party solutions via robust API

UNIFIED IT/OT ZERO-DAY THREAT PROTECTION

Protects both IT and OT environments from threats

Security Operations

To keep up with the volume, sophistication, and speed of today’s cyber threats, you need AI-driven security operations that can function at machine speed. Fortinet Security Operations provides advanced threat detection, response capabilities, centralized security monitoring, and optimization across the entire Fortinet Security Fabric.