Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/28/2021
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Fortinet Announces AI-powered XDR for Fully Automated Threat Detection, Investigation, and Response

SUNNYVALE, Calif., Jan. 26, 2021 (GLOBE NEWSWIRE) --

John Maddison, EVP of Products and CMO at Fortinet
“Cybercriminals are using sophisticated—and increasingly intelligent—tools to target vulnerable network edges resulting from digital innovation. As a result, organizations need smarter, faster security operations to combat sophisticated, organized cybercrime. FortiXDR is the only XDR solution that leverages artificial intelligence to replicate the hands-on investigation that otherwise leaves organizations playing catch up. Applied across the Security Fabric platform, it helps enterprises keep pace with today’s accelerating threat landscape, even for organizations limited by small teams and few tools.”

News Summary
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced a new Extended Detection and Response (XDR) solution, FortiXDR, designed to reduce complexity, speed detection, and coordinate response to cyberattacks across the organization. FortiXDR is the only solution of its kind to leverage artificial intelligence (AI) for the investigation effort critical to incident response. Expanding on the cloud-native endpoint platform of FortiEDR, it enhances an organization’s Security Fabric and the threat protection powered by FortiGuard Labs security services. Specifically, FortiXDR can fully automate security operations processes typically handled by experienced security analysts to mitigate threats faster across the broad attack surface.

XDR Solutions Solve Critical Security Challenges
The large number of security products typically deployed by enterprises has resulted in an unmanageable volume of security information that can actually mask threats, leaving security teams struggling to detect and respond to cyberattacks. As a result, a majority of organizations are either currently or planning in the next two to three years to consolidate security vendors.

Many organizations are gravitating toward consolidation based on an XDR solution. Gartner defines XDR as “a security incident detection and response platform that automatically collects and correlates data from multiple security products.”1 XDR provides an intelligent and automated way to tie traditionally isolated solutions into a single system.

However, while XDR solutions can ease some of the challenges related to vendor complexity, most focus on cross-product alert correlation and still require significant manual intervention of teams already stretched thin due to the cyber skills gap. Security teams require an XDR solution that can automate the entire process, from detection to event investigation to remediating security incidents.

Fortinet Brings Artificial Intelligence to XDR
Unlike other solutions, FortiXDR is AI-powered by a patent-pending Dynamic Control Flow Engine and continually trained by the threat data and research of FortiGuard Labs as well as the frontline expertise of its incident responders. The solution starts by leveraging the diverse security information shared across the Fortinet Security Fabric for correlation and analysis, converting them into high fidelity security incidents. These are then investigated by the AI engine, just as a seasoned security analyst would, to come to a final threat classification and scope. Finally, the best possible contextual responses are defined and can be automatically implemented to quickly remediate confirmed incidents.

Key benefits of FortiXDR include:

  • Dramatically reduces the number of alerts across products—by 77% or more on average.
  • Handles complex tasks in seconds that would take experts with specialized tools 30 minutes or more to accomplish. And without human error.
  • Enables the consolidation of independent security products and an automatic, coordinated response.
  • Fully automates intelligent incident investigation rather than relying on scarce human resources.

Reduce Time to Detection and Response
Additionally, FortiXDR can ingest telemetry from more aspects of an organization than any other solution, increasing the chance of detecting and properly classifying attacks. It also covers more of the cyberkill chain stages and supports more points of response to mitigate the impact of an attack more effectively than competitive solutions. All of this enables organizations to reduce mean time to detection (MTTD) and mean time to response (MTTR), while improving security operations efficiency and security posture. As a result, FortiXDR enables organizations to reduce the risk of missing potentially crippling cyber attacks like ransomware, phishing, and more, all while easing the burden on small security teams.

FortiXDR and the Fortinet Security Fabric
Fortinet’s platform approach, the Fortinet Security Fabric, leverages the top-rated, global security services of FortiGuard Labs to stop as many attacks as possible across the digital attack surface. It also provides the perfect foundation for XDR - with a common data structure, correlated telemetry, unified visibility, native integration and seamless interoperation. Now, FortiXDR layers on automated analytics, incident investigation and pre-defined responses out of the box.

The right-fit solution for any size organization
FortiXDR joins Fortinet’s industry-leading portfolio of AI-driven Security Operations offerings, including incident response components suitable for organization of any size or sophistication. FortiXDR’s “out of the box” operation makes it perfect for most midmarket and average enterprise organizations with limited teams, tools and processes. For organizations with more staff, solutions and systemic process, FortiSIEM adds multi-vendor visibility while FortiSOAR orchestrates response. This family of products deliver the right-fit solution to organizations of any size to help teams reduce the risk potential of security incidents by blocking more, detecting sooner, and responding faster.

Supporting Quotes
“We know that even experienced security professionals struggle with a range of threat detection and response challenges. Our recent research found that two thirds (67%) of organizations manage threat detection and response using an assortment of point tools. Further, nearly half report they rely on manual processes for threat detection and response and struggle with the daily volume of security alerts, so it’s not surprising that 23% are already working on an XDR project and a further 70% expect to have budget to invest in XDR over the next 12 months. With the introduction of FortiXDR, Fortinet is well positioned to emerge as a major player in the XDR market.”
- Jon Oltsik, senior principal analyst, ESG

“Many customers, especially those with smaller teams, are looking to consolidate individual point products deployed over time with an integrated solution set that is much more manageable and effective. FortiXDR will allow us to offer customers a differentiated approach to consolidation and extended detection and response, powered by the industry’s most sophisticated artificial intelligence technology. In a field where seconds matter, this helps reduce the risk of missing potentially crippling cyber attacks. FortiXDR is another example of the innovation Fortinet is delivering with its Security Fabric.”
- Andrew Hammond, Director of Strategic Services, Liquid Networx

“Before FortiXDR our team would have to make a decision between investigating numerous alerts across our many platforms and performing other more visible business objectives. The FortiXDR platform is able to automatically digest and investigate, alleviating us from this balancing act. Given that each incident may take up to 45 minutes to investigate, we have not only gained the ability to have a more competent security review but also allowed staff to focus on what they do best. Further, the FortiGuard Managed Detection Response Service team works in concert with our business direction to ensure that FortiXDR automates a standard playbook for responding to threats and unwanted programs. They are available for escalations during an immediate incident and provide a wonderful augment to my high-level system and security administrators. This augmentation has allowed us to lower our callback expenses for after hour incidents and allows me to empower my Helpdesk staff to achieve rapid resolution without needing to escalate through our internal support tiers.”
- Jay Larson, IT Director, Summit Healthcare

Additional Resources

1 Firstbrook and Lawson, “Innovation Insight for Extended Detection and Response” Gartner, March 19, 2020.

About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers our customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud or edge environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 480,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning organization, the Fortinet Network Security Expert (NSE) Training Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.    

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8032
PUBLISHED: 2021-02-25
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
CVE-2020-36254
PUBLISHED: 2021-02-25
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
CVE-2021-27670
PUBLISHED: 2021-02-25
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
CVE-2021-27671
PUBLISHED: 2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
CVE-2020-9051
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.