Fortinet Enhances Network Security OS, Adds AI-based Threat Detection
Two major new product announcements were made at Fortinet's Accelerate 18 conference this week, including a new machine learning (ML) threat intelligence and detection offering, along with a major upgrade to the Fortinet Security Fabric (FortiOS). Accelerate 18, held in Las Vegas, Nevada, is Fortinet's annual global partner and user conference, attended by around 2,000 Fortinet partners, customers, and industry and technical experts. The new ML product is called FortiGuard AI.
It emerges from five years of analyses by FortiGuard Labs' 215 researchers in 31 countries analyzing the threat data from a global network of more than 3 million security sensors. The analyses have been used, employing supervised learning techniques, to train the FortiGuard AI automatic detection engine. Machine learning threat detection is currently the best option for detecting new and unknown malware.
But the accuracy of machine learning detection systems depends on the volume and accuracy of the data from which it learns. By spending five years in the process, and using supervised learning (that is, under the control of human analysts), rather than unsupervised learning, the quality and accuracy of Fortinet's ML system should be high. The system now analyzes millions of threat samples every week.
More than 5 billion processing nodes identify both the clean and malicious features of the threat samples to generate threat intelligence. That intelligence then automatically updates defensive signatures across the entire Fortinet Security Fabric. "Fortinet Labs' five-year investment in automated analysis and detection of polymorphic threats," comments CISO Phil Quade, "has resulted in FortiGuard AI, a giant leap towards [automatically detecting polymorphic and zero-day threats].
FortiGuard AI analyzes and identifies threats with speed, agility, and accuracy to provide proactive threat detection at machine speed and scale. This frees threat analysts and network operators to focus on critical threat research and higher-order problems, reduces exposure to zero-day attacks, and minimizes the risk to Fortinet customers while increasing the attacker's costs." The firm also announced the inclusion ML-based User and Entity Behavior Analysis (UEBA) capabilities into its SIEM product (FortiSIEM).
The solution 'learns' patterns of normal user or entity behavior, and will then automatically detect anomalies. Concurrent logins from separate locations, users accessing corporate data in the middle of the night, and excessive logins to rarely used servers will all send alerts to the security team for relevant action. Fortinet has also announced version 6 of its Security Fabric. "FortiOS 6.0," says founder, president and CTO Michael Xie, "delivers hundreds of new features and capabilities that were designed to provide the broad visibility, integrated threat intelligence and automated response required for digital business."
The Security Fabric is based on the world's most deployed network security operating system. It was launched in 2016 to allow different segments of network security to integrate seamlessly and to cooperate actively under the management of a central control. FortiOS 6.0 is expected to be available before the end of March 2018.
Example enhancements include multi-cloud visibility, where cloud connectors provide visibility spanning private clouds (with support for VMware NSX, Cisco ACI and Nokia Nuage); public clouds (supporting AWS, Azure, Google Cloud and Oracle Cloud); and SaaS clouds with CASB connectors (supporting Salesforce.com, Office 365, Dropbox, Box, AWS and more). FortiClient 6.0 includes expanded OS support for Linux, providing IoT endpoint security. Actionable insights from the IoT devices can be shared with the Security Fabric, while telemetry can provide a deeper insight on what is running on a network's endpoint devices to quickly identify vulnerabilities.
Other enhancements involve network security, advanced threat protection, email and web applications, security management and analytics, and unified access.
"Using a single partner for integrated protection across multiple threat vectors, from public cloud workloads to email SaaS applications, is a key priority for ShipServ," says Dominic Aslan, VP of IT operations at the online marketplace for the marine industry. "Fortinet is an all-in-one cyber security company with a common, intuitive security management interface across all the Fortinet Security Fabric solutions, making it much easier to support."