Skip to content Skip to navigation Skip to footer

Press Release

Fortinet Introduces Self-Learning AI Capabilities in New Network Detection and Response Offering

FortiNDR leverages machine learning and deep neural networks – the next-generation of AI – to identify cyberattacks based on anomalous network activity and limit threat exposure

SUNNYVALE, Calif. - 24/05/2022


John Maddison, EVP of Products and CMO at Fortinet

“With the introduction of FortiNDR, we’re adding robust network detection and response to the Fortinet Security Fabric. Powered by purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to thwart security incidents. Fortinet’s full suite of detection and response offerings feature native integration for a coordinated response to empower security teams to move from a reactive to a proactive security posture.”

News Summary

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced FortiNDR, a new network detection and response offering that leverages powerful artificial intelligence and pragmatic analytics to enable faster incident detection and an accelerated threat response.

SecOps Teams Must Leverage AI to Stay Ahead of Threats

Security operations teams are faced with advanced, persistent cybercrime that is more destructive and less predictable than ever before, an attack surface that continues to expand with hybrid IT architectures, and ongoing staff shortages due to the cybersecurity skills gap. Those using legacy security solutions are also challenged with overwhelming and tedious manual alert triage that pulls important resources away from high-priority tasks such as mitigating threats. As cybercriminals become more sophisticated, so too must an organization’s security tools.

FortiNDR Accelerates Threat Detection with Artificial Intelligence

With the introduction of FortiNDR, Fortinet is delivering full-lifecycle network protection, detection, and response powered by AI to:  

  • Detect signs of sophisticated cyberattacks: With self-learning AI capabilities, machine learning, and advanced analytics, FortiNDR establishes sophisticated baselines of normal network activity for an organization and identifies deviations that may indicate cyber campaigns in progress. Profiling can be based on IP/Port, Protocol/Behavior, Destination, Packet Size, Geography, Device Type and more. Taken together, this means earlier detection as organizations no longer need to rely on generic threat feeds, which depend on threats or components to become globally known in order to identify indications of compromise.  
  • Offload intensive human analyst functions with a Virtual Security Analyst: FortiNDR includes a Virtual Security Analyst (VSATM), which employs Deep Neural Networks – the next-generation of AI, and is designed to offload human security analysts by analyzing code generated by malicious traffic and determine its spread. VSATM comes pre-trained with more than 6 million malicious and safe features that can identify IT- and OT-based malware and classify it into threat categories. These features can accurately pinpoint patient zero and the lateral spread of multi-variant malware by analyzing the entire malware movement. VSATM is also capable of identifying encrypted attacks, malicious web campaigns, weak cipher/protocols and classifying malware.
  • Identify compromised users and agentless devices: Not all devices in an organization (for example, personal, third party, IoT, or OT devices) can have an endpoint detection and response agent installed to detect a compromise. FortiNDR addresses this by deploying a dedicated network sensor to analyze traffic originating from all devices.

Coordinated Response with Security Fabric Integration

FortiNDR also features native integrations with the Fortinet Security Fabric as well as API integrations with third-party solutions for a coordinated response to discovered threats to minimize their impact. Common automations to speed response include quarantining devices generating anomalous traffic, enforcement with third party devices via an API framework, triggering an orchestrated process guided by SOAR, and more.

As the industry’s highest performing cybersecurity mesh platform powered by FortiOS everywhere and a common management framework, the Fortinet Security Fabric enables broad visibility, seamless integration and interoperability between critical security elements, and granular control and automation.

Fortinet’s Robust Portfolio of Detection and Response Solutions

FortiNDR rounds out Fortinet’s existing portfolio of detection and response solutions, including managed detection and response (MDR), endpoint detection and response (EDR), and extended detection and response (XDR) solutions.

Organizations looking to add detection and response capabilities to their traditional prevention-oriented security controls can choose from:

  • FortiGuard MDR Service: For smaller organizations with a single IT/Security team (or larger organizations looking to offload first line alert monitoring and triage), managed detection and response (MDR) is a good option to add security monitoring capabilities without needing the specialized expertise to run it effectively. 
  • FortiEDR: For mid-size to mainstream organizations with dedicated (but small) security teams, endpoint detection and response (EDR) is a good option to add deep, host-level analysis that is necessary to identify the signs of ransomware activity on the endpoint. 
  • FortiNDR: For larger organizations or robust security teams who have already implemented EDR, network detection and response adds broader analytics and anomaly detection across network segments or even the entire organization, insight into activity from devices without agents (whether IoT or unmanaged devices), and faster deployment with zero impact to production systems.
  • FortiXDR: For organizations with multiple Fortinet security controls, extended detection and response adds curated detection analytics, AI-powered alert investigation and automatable incident response.

Supporting Quotes

As our trusted security vendor, we’re pleased to see Fortinet continue to deliver cutting-edge technology as an integrated extension of what we have already deployed in our network. The addition of artificial intelligence for malware analysis in FortiNDR will give us a huge advantage in defending against cybercrime, and we are excited to expand this capability to our network activity. This is the latest example of our ability to gain even more value out of our initial investment in the Fortinet Security Fabric.”
- Carolina Masso S., CEO, Gamma Ingenieros SAS

“As enterprises struggle to coordinate threat detection and response across individual point products, the ability for them to leverage a complete set of integrated SOC capabilities as part of a cybersecurity platform promises significant improvement in the effectiveness and efficiency of discovering and mitigating threats. Fortinet’s portfolio of detection and response products such as FortiNDR, FortiEDR, FortiXDR, and more, which are all integrated as part of a platform, should be considered for any organization looking to improve their security operations function.”
- John Grady, Senior Analyst, Cybersecurity at ESG

Additional Resources

About Fortinet

Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 580,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.