Fortinet Advisor (now FortiAI) Applies the Power of GenAI to SecOps

Fortinet has been at the forefront of AI development for over a decade, designing, training, and implementing advanced AI systems using a full range of machine learning and deep learning technologies to meet the challenges of a constantly evolving threat landscape. Today, we have integrated AI-from the billion-plus node Artificial Neural Network we use for malware detection to the Tensor Flow engine we use for alert validation and much more-to power over 40 of our solutions across our extensive security and networking portfolio.

And we're building on this long legacy with Fortinet Advisor, a new GenAI assistant. In its first implementation in FortiSIEM and FortiSOAR, Fortinet Advisor brings Generative AI to bear in helping SecOps teams make better-informed decisions, respond to threats faster and more comprehensively, and simplify even the most complex tasks.

The Critical Need for AI

Most security teams face two serious challenges. First is the volume of alerts that demand time to identify, prioritize, investigate, and remediate. This volume can overwhelm staff already strained by the industry-wide cyber skill shortage. The second is the growing number of sophisticated attacks that evade detection by utilizing legitimate credentials, devices, or services coopted for malicious purposes. New attacks also utilize multi-stage processes that are difficult to see using security tools that don't work together as an integrated system or provide a consolidated view.

Other challenges include a lack of experienced Level 2 analysts who understand critical threat characteristics, attacker profiles, or methods, the growing complexity of investigations, including data gathering and analysis, and the inability to formulate and execute a complete threat response and remediation plan before a critical payload is delivered and damage is done.

While detection-oriented AI significantly enhances the ability of deployed systems to identify threats, it primarily operates behind the scenes as a sort of "black box." But security teams, especially in a SecOps environment, must also interact with events and data to better understand the threat landscape and apply higher-order analysis and response.

This is where Generative AI's interactive, natural language interaction can significantly improve security operations effectiveness-and why we're excited for customers to use Fortinet Advisor to upskill their SecOps teams and drive efficiencies across their organization.

Fortinet Advisor Use Cases

Fortinet Advisor today can be pivotal in accelerating many of the time-consuming tasks SecOps teams work through day after day or are too busy to address. Here are a few examples of the assistance that Fortinet Advisor can provide:

1.     Make events, alerts, and incidents easier to understand:

• Analyze this incident and tell me what action to take.
• Tell me about this malware and the attackers who use it.
• What IOCs are associated with this attack campaign??

2.     Speed response activity and effectiveness:

• What blocking actions will help contain this incident? 
• Recommend response playbooks for this alert.
• What MITRE techniques does this threat actor employ?

3.     Translate natural language requests into the technical queries required to execute complex database queries and automatically build rich reports.

• Show me the latest known vulnerabilities-This query retrieves the list of all vulnerabilities in your environment known to FortiSIEM.
• Create a report that shows the source IP, destination IP, and total number of events where the reporting device IP belongs to the Firewall device group and the event type belongs to the Permitted network connections group. Group them by source IP and destination IP, only show results when the total number of events is greater than 100, and order the results by the number of events in descending order.
• Create a report of events per critical incident for the last 30 days.

4.     Provide guidance on playbook templates, recommend playbook components, and even build entire playbooks. 

• Create a playbook to block an IOC list on the corporate firewalls.
• Build a playbook to hunt for IOCs from this attack campaign.
• What is this playbook doing at each step?

Fortinet Advisor Extends Our Broad AI Portfolio

Fortinet has been on the bleeding edge of AI innovation for more than a decade, with more than 700,000 customers now benefiting from our portfolio of AI-powered offerings-including FortiGuard AI-Powered Security Services, FortiAIOps, FortiEDR, FortiNDR, and FortiAnalyzer. Our implementation of AI across the Fortinet Security Fabric aids in zero-day threat detection, helps remediate sophisticated attacks, and enables IT teams to refine and resolve networking and security issues before they can impact the organization.

GenAI provided through Fortinet Advisor adds a new dimension to Fortinet AI, allowing SecOps teams to directly interact with AI systems to enhance threat detection, analysis, and response, generate reports, build playbooks, and remediate vulnerable and compromised systems. It is a critical addition to the arsenal of SecOps teams, enabling them to stay ahead of today's increasingly sophisticated cyber adversaries.

To see Fortinet Advisor firsthand, check out how it has been seamlessly integrated into our FortiSIEM and FortiSOAR solutions, with more integrations planned to bring the transformative power of GenAI across Fortinet's Security Fabric.

You can also view a demo of Fortinet Advisor within FortiSIEM here and a demo of the GenAI assistant in FortiSOAR here.