Fortinet’s Longstanding History of AI-driven Security

Almost two years ago, we unveiled one of our most mature AI-based backend systems – the Self-Evolving Defense System (SEDS) leveraging artificial intelligence from FortiGuard Labs. Developed as an Artificial Neural Network (ANN) and implemented in our FortiGuard Labs, it replicated the work of our antimalware researchers, but at machine scale. SEDS automatically examines billions of code “features” in order to make a sub-second determination of whether an unknown file is legitimate or malicious.  That determination speeds the delivery of updated threat intelligence from our global research labs to our deployed products in order to protect customers against new malware. At the same time, we also introduced the machine learning of FortiInsight for User and Entity Behavior Analytics that could be deployed by customers within their own networks.

Since then, FortiGuard Labs has built out multiple AI-based systems to ensure our global threat intelligence keeps pace with the accelerating threat landscape. Fortinet also continues to expand such advanced systems for customer deployment against threats not yet seen on in our labs. 

Expanding Fortinet’s AI-driven Security Offerings

These customer-deployed AI systems now include the newly released FortiEDR, which utilizes machine learning models to provide next generation AV and also monitors host system behavior in order to detect and defuse the most sophisticated attacks in real-time.  

In doing so, Fortinet is moving advanced threat detection earlier in the cyber kill chain, something leading analysts note is usually still heavily weighted toward the end of the cyber kill chain, with most MDR providers starting at the installation or command and control stages. This strategy offers organizations sophisticated detection technologies that can be applied from early stages of cybercriminal activity (reconnaissance) through the latest (act on objectives) and in between (delivery, exploitation and installation.  

However, detection alone is not enough, which is part of Fortinet’s approach to enable organizations of all maturity levels to speed response through automation.  As part of this strategy, we announced the availability of FortiSOAR, complementing FortiAnalyzer and FortiSIEM to help organizations with well-defined response processes to orchestrate and/or automate them to speed response and ease the burden on security teams.  We’ve also introduced FortiAI to speed important, but repetitive and time-consuming tasks to sub-seconds as part of the security response process.

Fortinet remains committed to utilizing the power of Artificial Intelligence – both in FortiGuard Labs and available for your organizations – to prevent, detect and respond to cyber threats (across the entire cyber kill chain) at machine speed. 

Sourced from Fortinet

FortiAI: Virtual Security Analyst Revolutionizes Threat Protection for SecOps

Today’s businesses are fully aware of the consequences of a successful cyber attack, and yet they continue to struggle to put together a cyber security strategy that can deal with them effectively. And when you ask these organizations what their biggest challenge is to respond to threats in a timely manner, the most common response is likely tied to an overburdened SecOps team that cannot fully investigate every threat alert or encounter. 

The Promise of Artificial Intelligence 

While there have been inroads to automating threat protection, the expanding attack surface and sophistication of cybercriminal attack methods still outpace constrained security teams and legacy security processes. This challenge is compounded by the volume of false positives, and/or the various trial and errors, that SecOps team may have to deal with.

To tackle these issues, Fortinet has taken mature artificial intelligence that has been developed and trained by FortiGuard Labs and packaged it into the FortiAI appliance. 

Fortinet’s Mature Artificial Intelligence 

To further combat threats, Fortinet started developing various Machine Learning (ML) models in the early 2010’s to study the millions of samples they collected every day, long before putting the first ML solution into production. This solution applied ML-assisted intelligence towards detecting and blocking malware families as part of the antimalware engine found in several Fortinet products, including our flagship FortiGate firewall. Several critical milestones after this initial offering include applying in-line ML to various Fortinet technology and products, including Web Application Firewall (FortiWeb), Sandbox (FortiSandbox), UEBA (FortiInsight) and EDR (FortiEDR).  

With continued investment into AI, Fortinet expanded to Deep Learning models, developing a sophisticated AI that emulates the neurons found in a human brain, known as an Artificial Neural Network. After many years of training and refining, Fortinet has now developed a self-learning Deep Neural Networks (DNN) based solution named FortiAI: Virtual Security AnalystTM. FortiAI is aimed at alleviating the tedious work of studying malware characteristics to identify and classify them into threat categories, and furthermore, pin-point patient zero and other subsequent infected systems in sub-seconds. It functions just like a cyber Security Analyst, but multiplied by 10.

FortiAI Fundamentally Changes the Role AI Plays in SecOps

FortiAI: Virtual Security AnalystTM embeds DNN that is pre-trained with 6+ million malware features. It is an on-premises appliance providing accurate verdicts for incoming threats in real time, while studying and learning new threats so it can evolve and adapt to new attacks instantaneously. The result is a tailored threat intelligence that is specific to your organization that doesn’t rely on daily AI updates from the cloud.

The wait for a truly proactive and self-learning AI security solution is over. AI can now be applied directly to any organization’s environment to scale their cyber security operations and level the playing field with cybercriminals attempting to use AI in their attack methods. 

Explore how FortiAI is revolutionizing security operations with self-learning AI.

Sourced from Fortinet

Fortinet’s NP7 is Key to Secure the Hyperscalability Mandatory in 5G

As the availability of 5G begins what is likely to be known as the 5G era, a few daunting questions need to be addressed to ensure its ability to meet the very high expectations that businesses, industries, consumers, and operators have set for it. Its ability to enable change and foster innovation relies heavily on a number of factors, and two of these, often overlooked, are central to it achieving its full potential for transformation:

1. Hyperscalability

With 5G, we’re talking about unheard volumes of everything: A 10-fold increase in mobile broadband (eMBB), the support for a super high density of connected devices – up to 1 million devices per square kilometer (mMTC), and the ability to deliver ultra-reliability with ultra-low latency (URLLC). These new benchmarks, and more just like them, are redefining the term “scalability” in mobile networks. 

In these 5G mobile networks, simple scalability isn’t enough. 5G provides and requires hyperscalablilty. This goes far beyond simply providing faster 4G services. 5G has the potential to provide the foundation for global innovation across a wide variety of sectors in our society. But achieving that depends on Mobile Network Operators (MNOs) and technology vendors being able to intertwine highly complex technologies and architectures. 

If done right, the end result will be a set of scalable and consumable services and use cases that not only meet, but exceed their customers’ needs for digital evolution. Of course, this will not be easy to achieve given factors that are both qualitative (the introduction of technologies that were not present in previous generations of mobile solutions) and quantitative (the number of new technologies, architectures, and third-parties that may be required to deliver a service and/or use case).

Given that enhanced Mobile Broadband (eMBB), massive Machine Type Communications (mMTC), and Ultra Reliable Low Latency Communications (URLLC) serve as the building blocks of 5G use cases, the need for a mix of intertwined technologies and architectures to provide hyperscalability is imperative. From the staggering numbers of connected devices (machines, cars, humans, infrastructures, etc.), to the massive amounts of data being produced, communicated, stored, and analyzed, to the diversity and quantity of the distributed compute, storage, and network resources required to support all of this – the ability to provide and support hyperscalability is key for the success of 5G.

2. Security

Although 5G is, by default, more secure than any past mobile generation, security still has a much larger role to play in 5G environments than it ever did in anything that came before it. A critical aspect of this security is the safeguarding of the mobile infrastructure itself from cyberattacks, misuse, and related consequences. Although the securing of a mobile infrastructure’s signaling and user plane carries over from 4G implementations, the criticality of 5G-based services to enterprises, industries, and infrastructures now makes it an especially attractive target for threat actors. 

A second aspect, this one specific to 5G, is the safeguarding of the services and use cases powered by the technology. Their continued adoption, broad availability, and overall success will depend heavily on the end-to-end security of each use case’s complex ecosystem of technologies and partners. 

For both of these security scenarios, what is clear is that security solutions will need to be able to provide inspection, prevention, and detection at speeds that no security solution has ever been able to deliver before. But without the ability to protect hyperscale environments at the speeds required, security will become a bottleneck that will either gate the revolution that 5G is poised to provide, or organizations will have to forego critical security in order to meet business objectives. Neither of these is an acceptable option.

5G Requires the New NP7 Hyperscale-Capable Security Hardware 

Considering these two 5G requirements – hyperscalability and security – it quickly becomes apparent that a hyperscale-capable security infrastructure is an absolute requirement: one that not only spans the entire 5G infrastructure, but that can also be intertwined throughout the entire mix of technologies, ecosystems, and use cases. 

Which is why the recent announcement of Fortinet’s new Network Processor, the NP7, is so relevant and important for 5G security. 

Before explaining why, I can imagine some readers raising their fists to the sky and crying out, “An ASIC in 5G? A piece of hardware in what is supposed to be a virtualized/containerized environment? Blasphemy! Security should be a Virtual Network Function (VNF)!”

And yes, the cloud technologies used throughout the 5G infrastructure (New RAN [NR], 5G Core [5GC], Telco cloud, and Multi-Tenant Edge Computing [MEC]) serve as the fundamental building blocks that enable some of the unique capabilities 5G brings to bear. And to address this challenge, Fortinet has developed security VNFs that integrate into each of these environments to provide agile and scalable security that protects the different infrastructure components in the control and user planes, as well as secure various use cases and their ecosystems as may be required.

However, there are well-known areas where the constant availability of hyperscale security services are required throughout the 5G infrastructure. In these cases, VNFs might not be efficient – and therefore inadequate. Physical Network Function (PNF) security is required, at least for the short- to mid-term, due to considerations such as cost/performance, energy efficiency, physical footprint, and ease of implementation. These may include, but are not limited to, Security Gateways (SecGW) for backhaul connectivity (N3), massive Carrier Grade NAT (CGNAT), 5G Core to PDN security, and Roaming security.

So for the foreseeable future, especially as 5G scales and develops, hybrid security will need to be implemented with a mix of security VNFs (VMs and containers) and PNFs. And the NP7-powered, carrier-grade FortiGate PNFs from Fortinet will play a critical role in providing the hyperscale security performance, ultra-low latency, and efficiency that 5G demands, including:

  • 5G Radio Access Network (RAN) to the 4G/5G core backhaul is growing exponentially, and the enhanced broadband that comes with 5G will make a major contribution to this growth. Multi-operator RAN (RAN-sharing) and mission-critical traffic makes it mandatory to use encryption and authentication at the point of access. This means that massive, single-stream IPSec VPN will also become mandatory. The 65Gbps of IPSec throughput and the massive number of VPNs provided today by the NP7 processor is the first solution to efficiently meet that requirement. 
  • Massive CGNAT performance is also enabled with the over 100 GBs of throughput and 2 Million new sessions/second setup rate (with logging) provided by the NP7. And a FortiGate device armed with a multi-NP7 configuration can scale beyond 1TB of CGNAT to support the massive number of sessions required by external Packet Data Networks (PDNs). 
  • The NP7 is also user plane aware with GTP support (used both in 4G and 5G), providing hyperscale security for 5G user plane traffic – with multi-100Gbps of throughput in a single FortiGate PNF. 
  • The NP7 provides silicon-based QoS to maintain per-session and application traffic quality of service. This ensures that mission-critical and latency-sensitive data flows are not affected by lower priority/QoS sessions in case of congested interfaces.
  • The latency of each NP7 is also measured in single-digit microseconds, barely even a bump in the road, to ensure ultra-low latency and seamless availability.
  • DDoS mitigation is also embedded in the NP7’s HW, ensuring business continuity and service availability in case of a DDoS attack.
  • Energy efficient operations are also supported with an estimated 20W of power budget per NP7. 

Empowering 5G Starts with the Fortinet NP7 Network Processor

All of this goes to show both the power and benefits of the Fortinet NP7-powered FortiGate PNF for 5G. Imagine providing the same levels of performance with VNFs (where agility and frequent auto-scaling is not required) and you will understand why the new NP7 from Fortinet is key to providing the hyperscale security infrastructure needed for 5G.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Click here for more information about the new FortiGate 1800F and here for more information about the next-generation Fortinet NP7 processor. The combination offers unprecedented performance and FortiGate’s wide range of market-leading security solutions and service.

Sourced from Fortinet