Network Intelligence Unleashed Turn Traffic into Actionable Threat Insights with Fortinet

Fortinet’s Cloud Field Day presentation highlighted the untapped potential of network traffic for security insights. Derrick Gooch demonstrated how Fortinet’s AI-powered threat detection analyzes virtual machine traffic in real-time, minimizing performance impact and transforming raw network data into actionable intelligence for swift threat detection and mitigation within cloud environments. This is crucial because attackers frequently bypass perimeter defenses, making internal network monitoring essential.

The core of Fortinet’s solution, FortiNDR, leverages AI and machine learning to identify anomalies and malware. It ingests data from various sources, including hardware and virtual appliances, spanning on-premises and cloud environments (supporting AWS, Azure, and Google, as well as popular hypervisors). FortiNDR analyzes this data, classifying traffic as benign, non-malicious, or suspicious, using advanced techniques like gradient-boosted decision trees for web shell detection and deep neural networks for domain generation algorithm identification. The system also incorporates malware analysis through unpacking and deep code analysis using artificial neural networks.

Beyond detection, FortiNDR facilitates remediation and escalation through integration with Fortinet’s security fabric (FortiGate, FortiNAC, FortiSwitch, FortiSOAR) and third-party tools (CrowdStrike, Active Directory, VirusTotal, Cyber Threat Alliance). This allows for automated responses like blocking malicious IP addresses or integrating with existing SIEM systems (FortiAnalyzer, Cortex, Splunk). The presentation concluded with a technical overview of how FortiNDR is deployed in an AWS environment, emphasizing the use of traffic mirroring for efficient data collection.