|
|
 Gabriel O’Brien, Derrick Gooch, and Julian Petersohn presented for Fortinet at Cloud Field Day 22 |
This Presentation date is February 20, 2025 at 08:00-09:30.
Presenters: Aidan Walden, Derrick Gooch, Gabriel O’Brien, Julian Petersohn
Stopping the Unseen – High-confidence insights drive low-risk response
The goal is to show Fortinet’s fabric platform value in combined network and platform signals intelligence that speeds time to detect, decreases SOC effort, and enables rapid and low-risk response.
The storyboard will include offensive and defensive personas with novel attack patterns that would bypass pattern matching typically employed by competitive CNAPP and standard firewall solutions. We will further show that combining network visibility to malicious traffic using FortiNDR along with anomalous behavior identification through FortiCNAPP’s composite alerts combine to increase signal fidelity which is more actionable. Through ML, FortiNDR and FortiCNAPP provide signal correlation, pre-investigation allowing the SOC operator to respond quickly.
The solution demonstration will include FOS, FortiNDR, FortiCNAPP, and FortiSOAR.
Follow on Twitter using the following hashtags or usernames: #CFD22
Stopping the Unseen, AI for High Confidence Low-risk Threat Response with Fortinet
Watch on YouTube
Watch on Vimeo
Cyber threats are increasingly sophisticated, often evading traditional detection methods and remaining undetected until significant damage occurs. Fortinet’s presentation at Cloud Field Day highlighted how AI-driven insights from network and cloud intelligence significantly improve threat detection, enhance overall visibility, and enable faster, lower-risk responses for security teams. The core message emphasizes empowering security operators by providing high-fidelity insights that allow for efficient and safe remediation, ultimately minimizing attack surface and reducing organizational risk.
The presentation detailed how Fortinet’s solutions address the challenges of increasingly complex cloud environments with numerous ingress/egress points and ephemeral networks. They ingest a vast amount of signals from various sources, both Fortinet and third-party, then utilize advanced machine learning to correlate this data into high-confidence threat assessments. This composite risk view prioritizes threats and presents actionable information to security operators, even providing AI-powered assistance for investigation and remediation steps, thus reducing the burden of low-value tasks.
A live demonstration showcased how Fortinet’s AI-powered security solutions could uncover and prevent an attack. The scenario, presented by a Fortinet threat analyst, simulated a real-world attack leveraging a known vulnerability, demonstrating the system’s ability to detect the initial compromise, trace the attack’s escalation across cloud infrastructure, and pinpoint critical misconfigurations. The presentation concluded by emphasizing Fortinet’s commitment to innovation and leadership in threat intelligence, backed by a significant patent portfolio and a broad range of security solutions designed to assist organizations in maintaining security posture in dynamic cloud environments.
Personnel: Aidan Walden, Julian Petersohn
Visibility into the Cloud – Identify Risks and Threats in Your Cloud Environment with Fortinet
Watch on YouTube
Watch on Vimeo
As cloud adoption accelerates, security teams struggle to keep pace with emerging risks and active threats. Fortinet’s FortiCNAP (Cloud Native Application Protection Platform) provides deep visibility into cloud environments, proactively identifying vulnerabilities and detecting real-time threats to enhance cloud security and compliance. The platform addresses cloud security as a big data problem, ingesting data from various cloud sources and performing hourly analysis to establish a baseline of normal activity. FortiCNAP then focuses on highlighting only anomalous activities, such as unusual geolocation logins or unexpected outbound network connections, reducing alert fatigue and prioritizing critical security events.
FortiCNAP achieves this visibility through a combination of agentless and agent-based approaches. Agentless capabilities integrate directly with cloud providers using infrastructure-as-code, pulling in activity logs, configurations, and permissions data for analysis. Agent-based capabilities, requiring some developer involvement for deployment, offer real-time telemetry, including network monitoring, file change detection, and limited vulnerability scanning. Crucially, the agent’s functionality is designed to be performant and avoid impacting the underlying system resources. Furthermore, FortiCNAP integrates with code repositories like GitHub, Bitbucket, and GitLab to enable code security scanning and identify vulnerabilities before they reach production.
All these features are unified under a single platform, although different pricing tiers might be available depending on the included features. Customers can choose to leverage only the components relevant to their needs, such as opting out of the code scanning functionality if they already have a suitable solution in place. The presentation demonstrated FortiCNAP’s capabilities through a live scenario, showcasing its ability to detect and analyze various attack vectors, including cryptojacking, compromised Kubernetes clusters, and reverse shells. The platform’s ability to correlate multiple events into composite alerts and provide detailed root cause analysis, coupled with its integration with existing developer workflows via Terraform modules, GitHub integration, and VS Code plugins, positions FortiCNAP as a comprehensive solution for improving cloud security posture and reducing the burden on both security and development teams.
Personnel: Derrick Gooch, Gabriel O’Brien
Network Intelligence Unleashed Turn Traffic into Actionable Threat Insights with Fortinet
Watch on YouTube
Watch on Vimeo
Fortinet’s Cloud Field Day presentation highlighted the untapped potential of network traffic for security insights. Derrick Gooch demonstrated how Fortinet’s AI-powered threat detection analyzes virtual machine traffic in real-time, minimizing performance impact and transforming raw network data into actionable intelligence for swift threat detection and mitigation within cloud environments. This is crucial because attackers frequently bypass perimeter defenses, making internal network monitoring essential.
The core of Fortinet’s solution, FortiNDR, leverages AI and machine learning to identify anomalies and malware. It ingests data from various sources, including hardware and virtual appliances, spanning on-premises and cloud environments (supporting AWS, Azure, and Google, as well as popular hypervisors). FortiNDR analyzes this data, classifying traffic as benign, non-malicious, or suspicious, using advanced techniques like gradient-boosted decision trees for web shell detection and deep neural networks for domain generation algorithm identification. The system also incorporates malware analysis through unpacking and deep code analysis using artificial neural networks.
Beyond detection, FortiNDR facilitates remediation and escalation through integration with Fortinet’s security fabric (FortiGate, FortiNAC, FortiSwitch, FortiSOAR) and third-party tools (CrowdStrike, Active Directory, VirusTotal, Cyber Threat Alliance). This allows for automated responses like blocking malicious IP addresses or integrating with existing SIEM systems (FortiAnalyzer, Cortex, Splunk). The presentation concluded with a technical overview of how FortiNDR is deployed in an AWS environment, emphasizing the use of traffic mirroring for efficient data collection.
Personnel: Derrick Gooch, Gabriel O’Brien
Breaking Down Silos – Unified Security for Faster Automated Threat Resolution with Fortinet
Watch on YouTube
Watch on Vimeo
Security teams often struggle with disparate security tools and disjointed workflows, leading to delayed threat responses. Fortinet’s presentation at Cloud Field Day showcased how its FortiSOAR platform addresses this challenge by orchestrating threat intelligence from FortiNDR (Network Detection and Response) and FortiCNAPP (Cloud Native Application Protection Platform). This integration seamlessly connects network and cloud threat data, enabling automated responses to reduce SOC workload and accelerate threat mitigation.
The demonstration highlighted how FortiSOAR ingests alerts from various sources, including FortiNDR and FortiCNAPP, correlating them to build a comprehensive picture of an attack. For example, FortiNDR provides network-level details like malicious IP addresses and file downloads, while FortiCNAPP offers insights into cloud-based activity, such as suspicious container behavior. FortiSOAR then uses these combined insights to trigger automated remediation playbooks, such as blocking malicious IP addresses, deleting compromised deployments, and redeploying clean instances.
Furthermore, FortiSOAR leverages AI capabilities, currently utilizing OpenAI’s GPT technology but with the potential for other integrations, to enhance threat analysis and incident response. This AI assistance allows SOC analysts to gain better context from alerts, receive severity assessments, discover similar incidents, and even automate some of the investigative and response processes. This ultimately improves the efficiency and effectiveness of security operations, enabling faster and more accurate threat resolution.
Personnel: Julian Petersohn