Tech Field Day

The Independent IT Influencer Event

  • Home
    • The Futurum Group
    • FAQ
    • Staff
  • Sponsors
    • Sponsor List
      • 2025 Sponsors
      • 2024 Sponsors
      • 2023 Sponsors
      • 2022 Sponsors
    • Sponsor Tech Field Day
    • Best of Tech Field Day
    • Results and Metrics
    • Preparing Your Presentation
      • Complete Presentation Guide
      • A Classic Tech Field Day Agenda
      • Field Day Room Setup
      • Presenting to Engineers
  • Delegates
    • Delegate List
      • 2025 Delegates
      • 2024 Delegates
      • 2023 Delegates
      • 2022 Delegates
      • 2021 Delegates
      • 2020 Delegates
      • 2019 Delegates
      • 2018 Delegates
    • Become a Field Day Delegate
    • What Delegates Should Know
  • Events
    • All Events
      • Upcoming
      • Past
    • Field Day
    • Field Day Extra
    • Field Day Exclusive
    • Field Day Experience
    • Field Day Live
    • Field Day Showcase
  • Topics
    • Tech Field Day
    • Cloud Field Day
    • Mobility Field Day
    • Networking Field Day
    • Security Field Day
    • Storage Field Day
  • News
    • Coverage
    • Event News
    • Podcast
  • When autocomplete results are available use up and down arrows to review and enter to go to the desired page. Touch device users, explore by touch or with swipe gestures.
You are here: Home / Appearances / Fortinet Presents at Cloud Field Day 22

Fortinet Presents at Cloud Field Day 22



Cloud Field Day 22

Gabriel O’Brien, Derrick Gooch, and Julian Petersohn presented for Fortinet at Cloud Field Day 22

This Presentation date is February 20, 2025 at 08:00-09:30.

Presenters: Aidan Walden, Derrick Gooch, Gabriel O’Brien, Julian Petersohn

Stopping the Unseen – High-confidence insights drive low-risk response

The goal is to show Fortinet’s fabric platform value in combined network and platform signals intelligence that speeds time to detect, decreases SOC effort, and enables rapid and low-risk response.

The storyboard will include offensive and defensive personas with novel attack patterns that would bypass pattern matching typically employed by competitive CNAPP and standard firewall solutions. We will further show that combining network visibility to malicious traffic using FortiNDR along with anomalous behavior identification through FortiCNAPP’s composite alerts combine to increase signal fidelity which is more actionable. Through ML, FortiNDR and FortiCNAPP provide signal correlation, pre-investigation allowing the SOC operator to respond quickly.

The solution demonstration will include FOS, FortiNDR, FortiCNAPP, and FortiSOAR.


Follow on Twitter using the following hashtags or usernames: #CFD22

Stopping the Unseen, AI for High Confidence Low-risk Threat Response with Fortinet


Watch on YouTube
Watch on Vimeo

Cyber threats are increasingly sophisticated, often evading traditional detection methods and remaining undetected until significant damage occurs. Fortinet’s presentation at Cloud Field Day highlighted how AI-driven insights from network and cloud intelligence significantly improve threat detection, enhance overall visibility, and enable faster, lower-risk responses for security teams. The core message emphasizes empowering security operators by providing high-fidelity insights that allow for efficient and safe remediation, ultimately minimizing attack surface and reducing organizational risk.

The presentation detailed how Fortinet’s solutions address the challenges of increasingly complex cloud environments with numerous ingress/egress points and ephemeral networks. They ingest a vast amount of signals from various sources, both Fortinet and third-party, then utilize advanced machine learning to correlate this data into high-confidence threat assessments. This composite risk view prioritizes threats and presents actionable information to security operators, even providing AI-powered assistance for investigation and remediation steps, thus reducing the burden of low-value tasks.

A live demonstration showcased how Fortinet’s AI-powered security solutions could uncover and prevent an attack. The scenario, presented by a Fortinet threat analyst, simulated a real-world attack leveraging a known vulnerability, demonstrating the system’s ability to detect the initial compromise, trace the attack’s escalation across cloud infrastructure, and pinpoint critical misconfigurations. The presentation concluded by emphasizing Fortinet’s commitment to innovation and leadership in threat intelligence, backed by a significant patent portfolio and a broad range of security solutions designed to assist organizations in maintaining security posture in dynamic cloud environments.

Personnel: Aidan Walden, Julian Petersohn

Visibility into the Cloud – Identify Risks and Threats in Your Cloud Environment with Fortinet


Watch on YouTube
Watch on Vimeo

As cloud adoption accelerates, security teams struggle to keep pace with emerging risks and active threats. Fortinet’s FortiCNAP (Cloud Native Application Protection Platform) provides deep visibility into cloud environments, proactively identifying vulnerabilities and detecting real-time threats to enhance cloud security and compliance. The platform addresses cloud security as a big data problem, ingesting data from various cloud sources and performing hourly analysis to establish a baseline of normal activity. FortiCNAP then focuses on highlighting only anomalous activities, such as unusual geolocation logins or unexpected outbound network connections, reducing alert fatigue and prioritizing critical security events.

FortiCNAP achieves this visibility through a combination of agentless and agent-based approaches. Agentless capabilities integrate directly with cloud providers using infrastructure-as-code, pulling in activity logs, configurations, and permissions data for analysis. Agent-based capabilities, requiring some developer involvement for deployment, offer real-time telemetry, including network monitoring, file change detection, and limited vulnerability scanning. Crucially, the agent’s functionality is designed to be performant and avoid impacting the underlying system resources. Furthermore, FortiCNAP integrates with code repositories like GitHub, Bitbucket, and GitLab to enable code security scanning and identify vulnerabilities before they reach production.

All these features are unified under a single platform, although different pricing tiers might be available depending on the included features. Customers can choose to leverage only the components relevant to their needs, such as opting out of the code scanning functionality if they already have a suitable solution in place. The presentation demonstrated FortiCNAP’s capabilities through a live scenario, showcasing its ability to detect and analyze various attack vectors, including cryptojacking, compromised Kubernetes clusters, and reverse shells. The platform’s ability to correlate multiple events into composite alerts and provide detailed root cause analysis, coupled with its integration with existing developer workflows via Terraform modules, GitHub integration, and VS Code plugins, positions FortiCNAP as a comprehensive solution for improving cloud security posture and reducing the burden on both security and development teams.

Personnel: Derrick Gooch, Gabriel O’Brien

Network Intelligence Unleashed Turn Traffic into Actionable Threat Insights with Fortinet


Watch on YouTube
Watch on Vimeo

Fortinet’s Cloud Field Day presentation highlighted the untapped potential of network traffic for security insights. Derrick Gooch demonstrated how Fortinet’s AI-powered threat detection analyzes virtual machine traffic in real-time, minimizing performance impact and transforming raw network data into actionable intelligence for swift threat detection and mitigation within cloud environments. This is crucial because attackers frequently bypass perimeter defenses, making internal network monitoring essential.

The core of Fortinet’s solution, FortiNDR, leverages AI and machine learning to identify anomalies and malware. It ingests data from various sources, including hardware and virtual appliances, spanning on-premises and cloud environments (supporting AWS, Azure, and Google, as well as popular hypervisors). FortiNDR analyzes this data, classifying traffic as benign, non-malicious, or suspicious, using advanced techniques like gradient-boosted decision trees for web shell detection and deep neural networks for domain generation algorithm identification. The system also incorporates malware analysis through unpacking and deep code analysis using artificial neural networks.

Beyond detection, FortiNDR facilitates remediation and escalation through integration with Fortinet’s security fabric (FortiGate, FortiNAC, FortiSwitch, FortiSOAR) and third-party tools (CrowdStrike, Active Directory, VirusTotal, Cyber Threat Alliance). This allows for automated responses like blocking malicious IP addresses or integrating with existing SIEM systems (FortiAnalyzer, Cortex, Splunk). The presentation concluded with a technical overview of how FortiNDR is deployed in an AWS environment, emphasizing the use of traffic mirroring for efficient data collection.

Personnel: Derrick Gooch, Gabriel O’Brien

Breaking Down Silos – Unified Security for Faster Automated Threat Resolution with Fortinet


Watch on YouTube
Watch on Vimeo

Security teams often struggle with disparate security tools and disjointed workflows, leading to delayed threat responses. Fortinet’s presentation at Cloud Field Day showcased how its FortiSOAR platform addresses this challenge by orchestrating threat intelligence from FortiNDR (Network Detection and Response) and FortiCNAPP (Cloud Native Application Protection Platform). This integration seamlessly connects network and cloud threat data, enabling automated responses to reduce SOC workload and accelerate threat mitigation.

The demonstration highlighted how FortiSOAR ingests alerts from various sources, including FortiNDR and FortiCNAPP, correlating them to build a comprehensive picture of an attack. For example, FortiNDR provides network-level details like malicious IP addresses and file downloads, while FortiCNAPP offers insights into cloud-based activity, such as suspicious container behavior. FortiSOAR then uses these combined insights to trigger automated remediation playbooks, such as blocking malicious IP addresses, deleting compromised deployments, and redeploying clean instances.

Furthermore, FortiSOAR leverages AI capabilities, currently utilizing OpenAI’s GPT technology but with the potential for other integrations, to enhance threat analysis and incident response. This AI assistance allows SOC analysts to gain better context from alerts, receive severity assessments, discover similar incidents, and even automate some of the investigative and response processes. This ultimately improves the efficiency and effectiveness of security operations, enabling faster and more accurate threat resolution.

Personnel: Julian Petersohn


  • Bluesky
  • LinkedIn
  • Mastodon
  • RSS
  • Twitter
  • YouTube

Event Calendar

  • May 28-May 29 — Security Field Day 13
  • Jun 4-Jun 5 — Cloud Field Day 23
  • Jun 10-Jun 11 — Tech Field Day Extra at Cisco Live US 2025
  • Jul 9-Jul 10 — Networking Field Day 38
  • Jul 16-Jul 17 — Edge Field Day 4
  • Sep 10-Sep 11 — AI Infrastructure Field Day 3
  • Oct 29-Oct 30 — AI Field Day 7

Latest Links

  • Exploring Cloud Resilience, AI, and Data at Cloud Field Day 23
  • Compliance Does Not Equal Security
  • Meraki Campus Gateway: Cloud-Managed Overlay for Complex Networks
  • Exploring the Future of Cybersecurity at Security Field Day 13
  • 5G Neutral Host: Solving Enterprise Cellular Coverage Gaps

Return to top of page

Copyright © 2025 · Genesis Framework · WordPress · Log in