FortiGuard Artificial Intelligence
Cybercriminals are adopting automated and scripted techniques that increase the speed and scale of attacks, while at the same time lowering their costs. To counter this, enterprises need to increase the costs for attackers trying to compromise their data. FortiGuard's AI (artificial intelligence) program is a giant leap in achieving that goal. In development and machine training for over half a decade, FortiGuard AI has continuously evolved to analyze and identify threats with increased speed, volume, and accuracy. Today, FortiGuard AI provides proactive threat detection at machine speed and scale which frees our threat analysts to focus on critical threat research, while at the same time helping Fortinet customers flip the economies of a cyberattack in their favor.
- FortiGuard AI is a self-evolving threat detection system in development for over five years that leverages machine learning and continuous training to autonomously collect, analyze, and classify threats, then automatically develop new defensive signatures with a high degree of accuracy and at machine speed.
- FortiGuard AI is integrated into Fortinet’s threat intelligence backend to power all of the advanced threat detection capabilities that FortiGuard services share across the Security Fabric.
- Fortinet’s FortiGuard Labs is the largest and most mature threat intelligence group in the world, with over 215 expert researchers, analysts, and engineers in 31 countries leveraging cutting-edge technology to analyze threat data from a global network of more than three million security sensors.
FortiGuard Labs Artificial Intelligence (AI) Program FAQs
How is Artificial Intelligence (AI) applied to Fortinet technology?
Artificial Intelligence is applied to our threat intelligence gathering and processing. All the outcomes from our AI malware analysis feeds into our signatures that we deploy within our product portfolio.
There is a lot of talk around using machine learning to combat cybercrime, how is it actually done?
Often there is specific information that can link one cyberattack with another. Cyberattacks leak elements that can help us link one attack with another. Sometimes it is similar code, or other footprints that we can use to tie one event to another. This helps cluster attacks according to similarities that can be attributed to a threat actor. Artificial Intelligence can help do the analysis to find these links.
Are hackers using Artificial Intelligence?
We cannot say definitively if they are or are not. We would be naïve to think that they aren’t. Hackers are often on the forefront of technology.
Is Artificial Intelligence going or is already replacing human analysts?
Not at all. Artificial Intelligence is helping us keep pace with the ongoing increase of malware volume and complexity.
How is the work that is being done by the analysts being leveraged into the machine learning models?
Analysts research, review and refine signatures. This research and outcome of this is used to improve our machine learning capabilities and performance, and lessens the false positive rate and drives better detection ratios.
How is machine learning applied to threat intelligence collection and processing?
Machine learning is critical to our threat intelligence gathering and processing. We utilize various techniques, including big data mining to collect threat intelligence. For processing, we utilize supervised learning to detect malware, unsupervised learning to cluster the malware into families, and reinforcement learning in order to utilize information gathered from both supervised and unsupervised models in order to create virus signatures that perform well. This allows us to have low false positive and high detection rate.
How is machine learning being leveraged to do attribution to threat actors?
Patterns of similar programming and constructed malware can be found at more efficient rate which could potentially lead multiple attack campaigns to the same threat actor. Threat actors can be traced by linking information they leave behind after each attack. Machine learning can help us better and faster correlate and search for similarities in code, tactics and techniques.