Fortinet: Artificial intelligence essential to combat fast-moving threats
Cornelius Mare, Fortinet Australia CISO, explains how AI helps manage risk, reduce costs and improve operational efficiency. AI is most effective when deployed across the entire attack surface – core, edges and cloud – and leverages a comprehensive security fabric.
Artificial intelligence (AI) synthesises the collective knowledge of your IT team and the very latest threat intelligence from global cyber security analysts into a set of automated procedures that help reduce the risk of cyber attacks.
Further, AI streamlines network management by assuming responsibility for many routine operations. And in the case of fast-moving threats such as zero-day exploits and ransomware, AI can detect any anomalous activity, isolate the affected network assets and halt the spread of malware before it can do any major damage, all in near-real-time and without manual intervention.
In short, AI provides the tools and processes you need to keep your network safe from today's sophisticated adversaries, be they state-sponsored, opportunists or simply well-funded criminals after a quick buck.
Visibility, interoperability and universal coverage essential
AI is most effective when deployed in conjunction with a comprehensive security fabric that provides granular-level visibility into all network traffic. Any gaps or blind spots in your network protection can allow malware to execute before detection and interrupt service delivery.
Adversaries are increasingly probing enterprise networks using advanced techniques to ferret out any unprotected components and then attack. If you don't leave any openings, they can't get in. And if they do manage to circumvent the gateway, AI-enhanced security services can contain them before they do any major damage.
AI powers advanced protection
AI provides the foundation of many of the advanced cyber-security tools that protect against today's sophisticated threats. SIEM (security information and event management) consolidates visibility, correlation, automated response and remediation into a single operation using AI to automate many routine tasks. SOAR (security orchestration, automation and response) centralises AI-based security processes to mitigate threats using existing tools for real-time responses at machine speed.
XDR (extended detection and response) correlates and analyses security event information – in near real time using AI techniques – to reduce false positives whilst acting on existential threats. And ZTNA (zero trust network access) incorporates AI processes to identify and classify all users and devices seeking network access, assess their state of compliance with internal security policies, automatically assign them to zones of control and continuously monitor them, both on and off the network.
Fast tracking AI deployment
Building your own AI-based cyber security detection and response is, by definition, a labour- and knowledge-intensive process. You'll need to be able to distil the experiences of your IT team into actionable procedures based on the characteristics of the threat. You'll need to call upon the latest global threat intelligence to detect and prevent previously unknown malware. And you'll need to ensure that your AI-based operations monitor your entire network including cloud-based datasets.
To do this you'll need the right mix of people, resources and technology. But you don't have to start from scratch. Once you have deployed a network-wide security fabric you can 'seed' your AI development with a set of pre-trained procedures that can identify millions of clean or infected files, classify attack scenarios and set out a series of procedures – based on deep neural networks - to emulate the responses of a trained and experienced security analyst.
These capabilities, which can be applied to the core, edges and into the cloud, are available as a managed service, as an appliance or as a virtual machine. Known collectively as FortiAI, these tools give you a head-start to enhance your security fabric, take advantage of the global constellation of FortiGuard Labs and stay one step ahead of even the most sophisticated adversaries.
About the author
Cornelius Mare is CISO at Fortinet Australia. As such, it is his business to know what's happening in the cybersecurity world and how to help enterprises secure their transitional networks without sacrificing speed, functionality or control. In particular, Corne is an expert with hybrid cloud environments and artificial intelligence. These tools, along with other Fortinet security services, help organisations manage their digital transformations with confidence.
About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprises, service providers and government organisations around the world. Fortinet empowers customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud or edge environments.
Fortinet ranks #1 in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning organisation, the Fortinet Network Security Expert (NSE) Training Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.