Skip to content Skip to navigation Skip to footer

AI Powered Cybersecurity FortiAI: Virtual Security AnalystTM

Sub-second Threat Investigation and Response

Discover FortiAI, a self-learning AI for SecOps
web product icon fortiai

What is AI-Powered Cybersecurity?

Among its many benefits to cybersecurity, Artificial Intelligence (AI) can identify patterns in massive amounts of data, enabling it to detect trends in malware features and make threat classifications much more rapidly than humans can. An AI-based virtual security operations (SecOps) analyst can rapidly detect and respond to security incidents, assisting human analysts and enabling them to operate at a higher level. AI-powered cybersecurity technologies such as this can be a boon to short-staffed security teams affected by the global cybersecurity skills gap.

While Machine Learning (ML) is the most common type of AI used in cybersecurity designed to solve linear problems e.g. perform a task more efficiently and effectively for a specific situation, Deep Learning (DL) is designed to solve larger complex, non-linear problems by modelling the operation of neurons in the human brain.

AI-based learning algorithms fall into three categories: supervised, reinforced and unsupervised. A supervised ML algorithm must be trained on a large dataset of samples labeled as either benign or malicious. In contrast, Deep Neural Networks (DNN), a Deep Learning model uses reinforced learning i.e. an award-based system of learning, during its pre-training and later transitions to unsupervised learning i.e. self-learning, that does not require a labeled dataset for training and maturity. More importantly, lies in its ability to correlate various category of datasets to make decisions.

A Virtual Security Analyst that can operate in unsupervised mode is a boon to lean SecOps teams that lack the experienced resources to analyze and investigate new threats fully within the shortest period of time. Because of DNN’s innate ability to self-learn, it continuously adapts to the evolving cyber threat landscape including AI-powered cyber attacks (see diagram below).



A virtual security analyst must have certain characteristics:

  1. Ability to self-learn i.e. does not rely solely on cloud-based updates for AI maturity
  2. Extremely high detection rate of 99% and above
  3. Performs at scale with machine speeds
  4. Automates detection-investigation-response threat lifecycle
  5. Pre-trained AI ready for deployment on day-1

FortiAI: Virtual Security AnalystTM Overview

There is no question that cyberattacks and threats—ransomware, trojans, cryptomining, worms, etc.—are here to stay, but they are also becoming increasingly sophisticated and dangerous. Cybercriminals are eagerly adopting new innovations such as artificial intelligence (AI) and automation via AI fuzzing, self-learning swarm-based attacks, and expanded Malware-as-a-Service capabilities. Meanwhile, overburdened security operations teams are stuck with traditional security resources and investigation procedures to combat the increasing volume of advanced polymorphic, known, and unknown threats.

AI is paving the way for cybersecurity solutions to stay ahead of evolving threats. Fortinet FortiAI, powered by Deep Neural Networks (DNN), is the industry’s most sophisticated AI security solution. FortiAI is specifically designed to alleviate the tedious manual threat investigation of security alerts and threat response by identifying and classifying threats and malware outbreaks in sub-seconds and blocking them in the network.


FortiAI: Virtual Security AnalystTM News


FortiAI: Virtual Security AnalystTM Product Details

FortiGuard Labs, Fortinet’s leading threat intelligence and research team, consists of threat researchers, analysts, and engineers are in the forefront of exposing new threats. This team shares their latest threat intelligence via community blogs, threat playbooks for organizations, as threat protection via intelligence services, and by developing new threat-based technologies. One of the most significant technologies built by FortiGuard Labs in 2012—an AI system to detect and update protection against millions of malware samples seen each day.

FortiAI is the cumulative effort of the AI developed by FortiGuard Labs, and the first solution of its kind that embeds a sophisticated and mature deep learning model via DNN. FortiAI's patent-pending DNN approach learns about new threats on its own and helps organizations to adapt threat protection to new attacks instantaneously. In addition, FortiAI comes pre-trained with more than 6+ million malware features that can identify IT- and OT-based threats and classify them into malware categories. These features can also accurately pinpoint patient zero and lateral spread of a malware and its variants by analyzing the entire threat movement. FortiAI integrates with FortiGate, FortiWeb, FortiSOAR and 3rd party security solutions to automatically block these threats. Deploying FortiAI on-premises can help security operations teams solve the security resource crisis and rapidly accelerate the response to evolving threats.

Features and Benefits


checkmark icon

Do More with Less

Offloads a security analyst’s threat investigation and response duties
high performance icon

Accelerate Threat Response

Accurate threat detection and MITRE ATT&CK investigation results delivered in a second
analytics icon

Improved Security Posture

Adapt to new attacks and disrupts malware outbreaks
top rate icon

Proven AI

Mature deep learning model leveraged since 2012 comes pre-trained with 6+ million malware features
Icon security fabric

Open Platform Approach

Security Fabric integration with FortiGate, FortiWeb, FortiSOAR to block threats and is API-ready
Malware Protection

Unified IT-OT Zero-day Threat Protection

Protects both IT and OT environments from threats

FortiAI Models and Specifications

FortiAI is offered as an on-premises hardware appliance designed for deployment at data centers and campuses.

Form Factor
2 RU
100,000 files/hour with sub-second verdict
2 x 10GE (RJ45), 1 xGE (RJ45)

The virtual appliance of FortiAI can be deployed on VMware and KVM platforms.

16 cores
14,000 files/hr
Memory (Minimum/Recommended)
32 cores
22,000 files/hr
Memory (Minimum/Recommended)

Product Demo

As overburdened security operations teams struggle with increasingly volume and sophistication of threats, AI is key to reducing the workload of threat investigation and ultimately accelerating threat mitigation. This fully functional FortiAI: Virtual Security AnalystTM demo provides users the opportunity to experience the power of DNN, a sophisticated AI. The demo will explore how FortiAI self-learns and applies its intelligence to identify and classify threats in attack scenarios, as well as investigate threat campaigns and their lateral spread in a timeline with built-in context that is all delivered instantaneously. 

FortiAI Demo

Below are answers to common questions regarding FortiAI:

What does FortiAI intend to solve?
FortiAI address two key functions. First, is to mimic human intensive performed by a Security Analyst such as malware research and breach investigation since FortiAI is packed with years of FortiGuard Labs experience in a box. Second, is to cut down the detection and subsequent investigation time from hours or minutes to sub-second, which is crucial for real-time protection against breaches. This is accomplished by the embedded sophisticated patent-pending Deep Neural Networks with enhanced logic.

How does FortiAI work?
FortiAI is deployed on-premises and can either sniff network traffic via switched port analyzer (SPAN) or test access points (TAP) on the wire, or accept files from a FortiGate(s) via 10G interface. Then, FortiAI processes the traffic with Deep Neural Networks (DNN), providing verdict with accelerated GPUs (available on FAI-3500F) to identify, classify, and investigate threats without requiring signatures or human intervention. This built-in AI is based on a self-learning model and will continue to evolve to protect against existing and new forms of threats, both known and unknown.

What is Virtual Security AnalystTM?
Virtual Security AnalystTM is designed to augment a lean Security Operations with additional 'experienced Security Analyst' that comes with years of malware research experience and is capable of tracing the source of infection and malware spread that is extremely useful in outbreak and breach investigation.

How fast can FortiAI be up and running?
FortiAI works out of-the-box on day one, arriving pre-trained with millions of malware features based on the training of 20+ million clean and malicious files and samples in FortiGuard Labs. It will continually learn on its own and adapt to new attacks, creating tailored threat intelligence relevant to a customer’s specific organization.

How do I test drive FortiAI?
Explore the self-driven FortiAI demo. Customers can also request a live FortiAI demo.