Fortinet introduces self-learning AI appliance for sub-second threat detection

Fortinet, the provider of broad, integrated and automated cybersecurity solutions, has introduced FortiAI, what the company describes as a first-of-its-kind on-premises appliance that leverages self-learning Deep Neural Networks (DNN) to speed threat remediation and handle time consuming, manual security analyst tasks.

FortiAI’s Virtual Security AnalystÔ  embeds one of the industry’s most mature cybersecurity artificial intelligence – developed by Fortinet’s FortiGuard Labs – directly into an organisation’s network to deliver sub-second detection of advanced threats.

Security architects confront many challenges when it comes to discovering and remediating threats, including:

• Cybercriminals are becoming more sophisticated. While traditional cyber threats continue, sophistication of advanced attacks – often enabled by artificial intelligence, machine learning and open source communities – are increasing. As a result, organisations and their defenses are challenged to keep pace with threat evolution.
  
  
• The attack surface is expanding. Millions of new applications, growing cloud adoption and the increase in connected devices are creating billions of edges that security teams need to properly protect and manage. Organisations are challenged to keep pace with the threat volume resulting from many potential entry points.
  
  
• Security teams are constrained due to the cyber skills shortage. The cybersecurity industry faces a skills gap that has become a top emerging risk for organisations. There are not enough skilled professionals available to properly triage, investigate and respond to the growing number of threats – potential and actual – making it easier for cybercriminals to outpace legacy security processes and tools.

To address these challenges faced by security professionals today, Fortinet is unveiling FortiAI Virtual Security AnalystÔ to accelerate threat remediation. FortiAI handles many of the time consuming, manual tasks currently expected of security professionals, preserving their time for higher value security functions. FortiAI’s self-learning capabilities continue to get smarter once deployed in an organisation’s network.

FortiAI leverages Deep Learning known as Deep Neural Networks, which mimic neurons in the human brain, to make complex decisions based on its scientific analysis of threats specific to the organisation where it is deployed. As FortiAI’s artificial intelligence continues to mature, organisations benefit from having FortiAI’s Virtual Security AnalystÔ effectively transform and adapt threat protection.

Fortinet’s Deep Neural Networks (DNN) approach enables FortiAI to improve threat protection by:

• Automating time-consuming manual investigations to identify and classify threats in real time: Organisations using legacy security processes combined with limited security staff find it difficult to perform manual investigations for each threat alert. This creates additional risks including a data breach or security incident due to slow response time. To solve this, FortiAI automates investigations using DNN to identify the entire threat movement and uncover patient zero and all subsequent infections in a sub-second.
  
  
• Transforming security processes for instant detection and remediation of attacks: FortiAI’s Virtual Security AnalystÔ significantly reduces the time organisations are exposed to threats by scientifically analysing characteristics of threats and generating an accurate verdict to accelerate threat response.
  
  
• Delivering tailored threat intelligence to significantly reduce false positives: False positives are a burden for security analysts to investigate and it is time consuming to determine threats versus non-threats. Through tailored threat intelligence, FortiAI learns new malware features as it adapts to new attacks instantaneously and reduces false positives.

Another key distinction of FortiAI is that it offers on-premises AI suitable for organisations that have air gapped networks. Operational technology environments, government agencies and some large enterprises must adhere to strict compliance regulations and/or security policies that limit their network’s connection to the internet. FortiAI with its self-learning AI model does not require internet connectivity to learn and mature, enabling organisations with closed environments or stringent security policies to stay ahead of threats.

Some of the existing Fortinet offerings and services, complemented by the new FortiAI, that leverage various forms of AI, such as least squares optimisation and Bayesian probability metrics, include:

• FortiGuard Labs Threat Intelligence: FortiGuard Labs uses proven advanced AI and machine learning to gather and analyse over 100 billion security events every day. This threat intelligence produced by FortiGuard Labs is delivered to customers through its subscription services available for a range of Fortinet’s products, including the flagship FortiGate NGFWs. As a result, customers benefit from artificial intelligence deployed in global labs for faster threat prevention.
  
  
• FortiSandbox: Fortinet is the first security vendor to introduce AI to sandboxing to automate breach protection. FortiSandbox includes two machine learning models to its static and dynamic analysis of zero-day threats, improving the detection of constantly evolving malware, such as ransomware and cryptojacking. Through the use of a universal security language to categorise malware, FortiSandbox also connects discussions between network and security teams, leading to more integrated and improved security operations.
  
  
• FortiEDR: Fortinet’s FortiEDR uses machine learning to automate the endpoint protection against advanced threats with real time orchestrated incident response functionalities. Customers also benefit from more control of network, user and host activity within their environments.
  
  
• FortiInsight: FortiInsight uses machine learning analytics to effectively monitor endpoints, data movements and user activities to detect unusual, malicious behavior and policy violations attributed to insider risk.
  
  
• FortiWeb: To better protect web applications and APIs, FortiWeb applies machine learning to tailor a unique defense for each application. As a result, FortiWeb can quickly block threats while minimising the false positives that may interfere with end user experience.
  
  
• FortiSIEM: FortiSIEM leverages machine learning to recognise patterns in typical user behavior like location, time of day, devices used and specific servers accessed. FortiSIEM can then automatically notify security operations teams when anomalous activities occur, like concurrent logins from separate locations.

 As cyber criminals look to exploit the expanding digital attack surface with sophisticated attacks, the breadth and depth of the Fortinet Security Fabric’s AI-driven technology provides customers with unparalleled threat prevention, detection and response that can be instant and automated.

Dario Palermo, System and Network Administrator at Ente Autonomo Volturno, said: “Deploying FortiSandbox to protect our organisation against zero-day threats was seamless through Fortinet’s Security Fabric platform. FortiSandbox secures our perimeter, client and mail servers, and ultimately is protecting our assets from advanced unknown threats. Leveraging FortiSandbox’s AI-driven capabilities has helped us keep pace with AI-driven threats, all while providing an easy and simplified way to configure and manage our security.” 

John Maddison, EVP of products and CMO at Fortinet, said: “Fortinet has invested heavily in FortiGuard Labs cloud-based AI-driven threat intelligence, allowing us to detect more threats, more quickly and more accurately. FortiAI takes the artificial intelligence knowledge from FortiGuard Labs and packages it specifically for on-premises deployments. This gives customers the power of FortiGuard Labs directly in their environment, with self-learning AI to identify, classify and investigate sophisticated threats in sub-seconds.”