Fortinet has introduced an extended detection and response (XDR) solution that uses artificial intelligence to accelerate threat investigation, remediate issues automatically, and ease burdens on human security analysts.
Built atop the vendor’s FortiEDR endpoint detection and response offering, the new FortiXDR draws on input from FortiGate firewalls, FortiMail secure email gateways, and other elements of the Fortinet Security Fabric platform to look more broadly across a customer’s infrastructure for brute force logins, spearphishing attacks, lateral movement, and other dangers.
“Rather than just being triggered by endpoint events, we’re getting a lot of network events that are triggering investigation,” notes David Finger, Fortinet’s senior director of products.
Though other XDR products draw on telemetry from multiple sources, he continues, FortiXDR then acts on that data autonomously. “The unique value we’re bringing is leveraging artificial intelligence to replicate the investigation steps that an experienced security pro would go through.”
On average, according to Fortinet, FortiXDR reduces the volume of alerts that security professionals must follow up on by 77%. The company expects the system’s AI engine to grow even better at identifying and resolving issues without manual assistance as the training provided to it by the FortiGuard Labs threat intelligence and research unit expands.
“The range of incidents is going to only increase over time,” Finger says. “We’re just starting, frankly, to scratch the surface of what’s possible.”
FortiXDR’s built-in automation also resolves legitimate threats without human intervention, freeing up security specialists from the “day-to-day drudgery of alert triage or the emergency fire drills of severe incidents,” Finger says. “You really want the AI and the machines to take that heavy lift, and free [people] up for the more strategic contributions.”
According to Fortinet, FortiXDR can complete complex detection, investigation, and response processes that would take experts with specialized tools 30 minutes to complete in seconds.
“Bringing all that telemetry in and making sense of it in a coordinated fashion is going to certainly give you faster, more effective security,” Finger says.
Target markets for the new system, which includes a multitenant interface, include managed security service providers in addition to midsize and larger organizations with limited IT resources.
“[It’s] a tool that they can use to deliver service to smaller customers that really wouldn’t have the staff and skills to do things like detection and response,” Finger says, adding that the solution’s automation functionality enables MSSPs to deliver outsourced security help cost-effectively as well. “This is a great boon for the partner who’s looking to deliver an effective but also a profitable service.”
Bundled subscriptions offering both FortiEDR and FortiXDR at per device per year rates will become available next Monday.
As Finger stated in a blog post today, XDR solutions can employ either a single vendor approach, in which all of the data collected and actions performed involve one company’s products, or an open approach in which the system interacts with products from third parties as well. FortiXDR employs a version of the single vendor strategy, in that its detection capabilities rely entirely on other Fortinet offerings, but its response features can interact with solutions from other makers.