Fortinet introduces self-learning AI capabilities

FortiNDR leverages machine learning and deep neural networks – the next-generation of AI – to identify cyberattacks based on anomalous network activity and limit threat exposure.

Fortinet has introduced FortiNDR, a new network detection and response offering that leverages powerful artificial intelligence and pragmatic analytics to enable faster incident detection and an accelerated threat response.

SecOps Teams Must Leverage AI to Stay Ahead of Threats

Security operations teams are faced with advanced, persistent cybercrime that is more destructive and less predictable than ever before, an attack surface that continues to expand with hybrid IT architectures, and ongoing staff shortages due to the cybersecurity skills gap. Those using legacy security solutions are also challenged with overwhelming and tedious manual alert triage that pulls important resources away from high-priority tasks such as mitigating threats. As cybercriminals become more sophisticated, so too must an organisation’s security tools.

FortiNDR Accelerates Threat Detection with Artificial Intelligence

With the introduction of FortiNDR, Fortinet is delivering full-lifecycle network protection, detection, and response powered by AI to:

•Detect signs of sophisticated cyberattacks: With self-learning AI capabilities, machine learning, and advanced analytics, FortiNDR establishes sophisticated baselines of normal network activity for an organisation and identifies deviations that may indicate cyber campaigns in progress. Profiling can be based on IP/Port, Protocol/Behaviour, Destination, Packet Size, Geography, Device Type and more. Taken together, this means earlier detection as organisations no longer need to rely on generic threat feeds, which depend on threats or components to become globally known in order to identify indications of compromise.

•Offload intensive human analyst functions with a Virtual Security Analyst: FortiNDR includes a Virtual Security Analyst (VSATM), which employs Deep Neural Networks – the next-generation of AI, and is designed to offload human security analysts by analysing code generated by malicious traffic and determine its spread. VSATM comes pre-trained with more than 6 million malicious and safe features that can identify IT- and OT-based malware and classify it into threat categories. These features can accurately pinpoint patient zero and the lateral spread of multi-variant malware by analysing the entire malware movement. VSATM is also capable of identifying encrypted attacks, malicious web campaigns, weak cipher/protocols and classifying malware.

•Identify compromised users and agentless devices: Not all devices in an organisation (for example, personal, third party, IoT, or OT devices) can have an endpoint detection and response agent installed to detect a compromise. FortiNDR addresses this by deploying a dedicated network sensor to analyse traffic originating from all devices.

Coordinated Response with Security Fabric Integration

FortiNDR also features native integrations with the Fortinet Security Fabric as well as API integrations with third-party solutions for a coordinated response to discovered threats to minimise their impact. Common automations to speed response include quarantining devices generating anomalous traffic, enforcement with third party devices via an API framework, triggering an orchestrated process guided by SOAR, and more.

As the industry’s highest performing cybersecurity mesh platform powered by FortiOS everywhere and a common management framework, the Fortinet Security Fabric enables broad visibility, seamless integration and interoperability between critical security elements, and granular control and automation.

Fortinet’s Robust Portfolio of Detection and Response Solutions

FortiNDR rounds out Fortinet’s existing portfolio of detection and response solutions, including managed detection and response (MDR), endpoint detection and response (EDR), and extended detection and response (XDR) solutions.

Organisations looking to add detection and response capabilities to their traditional prevention-oriented security controls can choose from:

•FortiGuard MDR Service: For smaller organisations with a single IT/Security team (or larger organisations looking to offload first line alert monitoring and triage), managed detection and response (MDR) is a good option to add security monitoring capabilities without needing the specialised expertise to run it effectively.

•FortiEDR: For mid-size to mainstream organisations with dedicated (but small) security teams, endpoint detection and response (EDR) is a good option to add deep, host-level analysis that is necessary to identify the signs of ransomware activity on the endpoint.

•FortiNDR: For larger organisations or robust security teams who have already implemented EDR, network detection and response adds broader analytics and anomaly detection across network segments or even the entire organisation, insight into activity from devices without agents (whether IoT or unmanaged devices), and faster deployment with zero impact to production systems.

•FortiXDR: For organisations with multiple Fortinet security controls, extended detection and response adds curated detection analytics, AI-powered alert investigation and automatable incident response.


Healthcare professionals at Portsmouth Hospitals University NHS Trust are trialling an AI application designed to help detect lung cancers on chest x-rays sooner, in the first UK project set up using the Sectra Amplifier Service.
More than eight out of ten respondents (84%) in Kaleido Intelligence IoT survey, sponsored by Eseye, cited hardware design as the top challenge for initial IoT deployments.
VMware is empowering Centrica in its mission to help customers live sustainably, simply, and affordably by providing better visibility into the company’s cloud-native applications running on Amazon Web Services (AWS).
Red Box, the leading platform for voice capture, and EvaluAgent, the all-in-one quality and performance management platform, have joined forces to enable call centre managers to access high quality voice conversations and transform quality assurance (QA) processes through automation.
BT’s Digital unit is partnering with Dynatrace, making it a core component of a new service management stack for BT Group.
This year's VMware State of Observability report notes an increase in organizations recognizing the business benefits modern observability can bring. Learn about that and other key findings.
New AI-ready infrastructure-as-a-service solution enables customers to deploy AI models and applications near critical data sets, addressing data localization and compliance challenges.
Juniper Networks has published the findings of a global research project that shows a big increase in enterprise artificial intelligence (AI) adoption over the last 12 months, which is yielding tangible benefits to organisations. However, a shortage of human talent still exists, and governance policies continue to lack in maturity – both of which are needed to responsibly manage AI’s growth when considering privacy issues, regulation compliance, hacking and AI terrorism.