What is AI-Powered Cybersecurity?
Among its many benefits to cybersecurity, Artificial Intelligence (AI) can identify patterns in massive amounts of data, enabling it to detect trends in malware features and make threat classifications much more rapidly than humans can. An AI-based virtual security operations (SecOps) analyst can rapidly detect and respond to security incidents, assisting human analysts and enabling them to operate at a higher level. AI-powered cybersecurity technologies such as this can be a boon to short-staffed security teams affected by the global cybersecurity skills gap.
While Machine Learning (ML) is the most common type of AI used in cybersecurity designed to solve linear problems e.g. perform a task more efficiently and effectively for a specific situation, Deep Learning (DL) is designed to solve larger complex, non-linear problems by modelling the operation of neurons in the human brain.
AI-based learning algorithms fall into three categories: supervised, reinforced and unsupervised. A supervised ML algorithm must be trained on a large dataset of samples labeled as either benign or malicious. In contrast, Deep Neural Networks (DNN), a Deep Learning model uses reinforced learning i.e. an award-based system of learning, during its pre-training and later transitions to unsupervised learning i.e. self-learning, that does not require a labeled dataset for training and maturity. More importantly, lies in its ability to correlate various category of datasets to make decisions.
A Virtual Security Analyst that can operate in unsupervised mode is a boon to lean SecOps teams that lack the experienced resources to analyze and investigate new threats fully within the shortest period of time. Because of DNN’s innate ability to self-learn, it continuously adapts to the evolving cyber threat landscape including AI-powered cyber attacks (see diagram below).
A virtual security analyst must have certain characteristics:
- Ability to self-learn i.e. does not rely solely on cloud-based updates for AI maturity
- Extremely high detection rate of 99% and above
- Performs at scale with machine speeds
- Automates detection-investigation-response threat lifecycle
- Pre-trained AI ready for deployment on day-1
Features and Benefits
Do More with Less
Offloads a security analyst’s threat investigation and response duties
Accelerate Threat Response
Accurate threat detection and MITRE ATT&CK investigation results delivered in a second
Improved Security Posture
Adapt to new attacks and disrupts malware outbreaks
Mature deep learning model leveraged since 2012 comes pre-trained with 6+ million malware features
Open Platform Approach
Security Fabric integration with FortiGate, FortiWeb, FortiSOAR to block threats and is API-ready
Unified IT-OT Zero-day Threat Protection
Protects both IT and OT environments from threats
FortiAI Models and Specifications
FortiAI is offered as an on-premises hardware appliance designed for deployment at data centers and campuses.
As overburdened security operations teams struggle with increasingly volume and sophistication of threats, AI is key to reducing the workload of threat investigation and ultimately accelerating threat mitigation. This fully functional FortiAI: Virtual Security AnalystTM demo provides users the opportunity to experience the power of DNN, a sophisticated AI. The demo will explore how FortiAI self-learns and applies its intelligence to identify and classify threats in attack scenarios, as well as investigate threat campaigns and their lateral spread in a timeline with built-in context that is all delivered instantaneously.
Below are answers to common questions regarding FortiAI:
What does FortiAI intend to solve?
FortiAI address two key functions. First, is to mimic human intensive performed by a Security Analyst such as malware research and breach investigation since FortiAI is packed with years of FortiGuard Labs experience in a box. Second, is to cut down the detection and subsequent investigation time from hours or minutes to sub-second, which is crucial for real-time protection against breaches. This is accomplished by the embedded sophisticated patent-pending Deep Neural Networks with enhanced logic.
How does FortiAI work?
FortiAI is deployed on-premises and can either sniff network traffic via switched port analyzer (SPAN) or test access points (TAP) on the wire, or accept files from a FortiGate(s) via 10G interface. Then, FortiAI processes the traffic with Deep Neural Networks (DNN), providing verdict with accelerated GPUs (available on FAI-3500F) to identify, classify, and investigate threats without requiring signatures or human intervention. This built-in AI is based on a self-learning model and will continue to evolve to protect against existing and new forms of threats, both known and unknown.
What is Virtual Security AnalystTM?
Virtual Security AnalystTM is designed to augment a lean Security Operations with additional 'experienced Security Analyst' that comes with years of malware research experience and is capable of tracing the source of infection and malware spread that is extremely useful in outbreak and breach investigation.
How fast can FortiAI be up and running?
FortiAI works out of-the-box on day one, arriving pre-trained with millions of malware features based on the training of 20+ million clean and malicious files and samples in FortiGuard Labs. It will continually learn on its own and adapt to new attacks, creating tailored threat intelligence relevant to a customer’s specific organization.