Fortinet has introduced an extended detection and response (XDR) solution that uses artificial intelligence to accelerate threat investigation, remediate issues automatically, and ease burdens on human security analysts.
Built atop the vendor’s FortiEDR endpoint detection and response offering, the new FortiXDR draws on input from FortiGate firewalls, FortiMail secure email gateways, and other elements of the Fortinet Security Fabric platform to look more broadly across a customer’s infrastructure for brute force logins, spearphishing attacks, lateral movement, and other dangers.
“Rather than just being triggered by endpoint events, we’re getting a lot of network events that are triggering investigation,” notes David Finger, Fortinet’s senior director of products.
Though other XDR products draw on telemetry from multiple sources, he continues, FortiXDR then acts on that data autonomously. “The unique value we’re bringing is leveraging artificial intelligence to replicate the investigation steps that an experienced security pro would go through.”
On average, according to Fortinet, FortiXDR reduces the volume of alerts that security professionals must follow up on by 77%. The company expects the system’s AI engine to grow even better at identifying and resolving issues without manual assistance as the training provided to it by the FortiGuard Labs threat intelligence and research unit expands.
“The range of incidents is going to only increase over time,” Finger says. “We’re just starting, frankly, to scratch the surface of what’s possible.”
FortiXDR’s built-in automation also resolves legitimate threats without human intervention, freeing up security specialists from the “day-to-day drudgery of alert triage or the emergency fire drills of severe incidents,” Finger says. “You really want the AI and the machines to take that heavy lift, and free [people] up for the more strategic contributions.”
According to Fortinet, FortiXDR can complete complex detection, investigation, and response processes that would take experts with specialized tools 30 minutes to complete in seconds.
“Bringing all that telemetry in and making sense of it in a coordinated fashion is going to certainly give you faster, more effective security,” Finger says.
Target markets for the new system, which includes a multitenant interface, include managed security service providers in addition to midsize and larger organizations with limited IT resources.
“[It’s] a tool that they can use to deliver service to smaller customers that really wouldn’t have the staff and skills to do things like detection and response,” Finger says, adding that the solution’s automation functionality enables MSSPs to deliver outsourced security help cost-effectively as well. “This is a great boon for the partner who’s looking to deliver an effective but also a profitable service.”
Bundled subscriptions offering both FortiEDR and FortiXDR at per device per year rates will become available next Monday.
As Finger stated in a blog post today, XDR solutions can employ either a single vendor approach, in which all of the data collected and actions performed involve one company’s products, or an open approach in which the system interacts with products from third parties as well. FortiXDR employs a version of the single vendor strategy, in that its detection capabilities rely entirely on other Fortinet offerings, but its response features can interact with solutions from other makers.
The product arrives at a time when businesses are deploying more and more security solutions in response to an ever-expanding array of threats. “It’s almost becoming a big data problem to just make your way through all that information,” Finger observes.
XDR solutions, according to Gartner, take aim at that challenge by collecting and correlating data from multiple products to improve threat detection and streamline incident response. “For example, an attack that caused alerts on email, endpoint and network can be combined into a single incident,” the analyst writes.
“The value in XDR is getting from that big pool of information that’s being generated pretty quickly to a manageable set of higher fidelity detections, and then ultimately all the way through to the steps needed to have an effective response,” Finger says.
SIEM solutions perform a similar function in a more sophisticated way but are beyond the financial reach of most midsize companies and many channel pros. Products like FortiXDR offer such organizations an affordable alternative.
“The only question is going to be whether or not one grows out of XDR or one just grows into SIEM on top of XDR,” Finger says. “I think time will certainly tell.”
