Written and provided by Fortinet
Fortinet has just unveiled new and expanded generative AI (GenAI) assistant capabilities for FortiAI (formerly Fortinet Advisor) across our FortiAnalyzer, FortiSIEM and FortiSOAR solutions. These enhancements will help security operations teams of any size make better-informed decisions and respond to threats faster by simplifying even the most complex tasks.
FortiAnalyzer being powered by GenAI
FortiAnalyzer delivers unparalleled visibility across IT and OT infrastructures. Seamlessly integrating with devices and applications across the Fortinet Security Fabric, FortiAnalyzer turns raw data into actionable intelligence, providing a consolidated view that helps eliminate operational bottlenecks, bolsters defenses with historical and real-time insights, and empowers security teams to be consistently proactive.
The upcoming release of FortiAI for FortiAnalyzer, previewed at Accelerate 2024, will help security and IT personnel simplify and streamline network and security operations, threat analysis, response actions, and more. Key functions FortiAI will include:
- Detection: Automatically creates detection rules and event handlers for newly discovered threats
- Investigation: Interprets events and their potential impact, informing analysts of crucial aspects such as malware characteristics, attacker profiles, and tactics used
- Response: Suggests targeted remediation actions and playbooks as well as immediately blocks IOCs on FortiGate Next-Generation Firewalls (NGFWs) and other Fortinet Security Fabric products
- Commands: Uses natural language to simplify and execute complex investigation queries, build visualizations and reports, and perform other functions
FortiAI for FortiSOAR
FortiSOAR centralizes, standardizes, and automates IT/OT security and network operations. With broad integrations across Fortinet and multivendor environments, rich use-case solutions, hundreds of prebuilt playbooks, and full SecOps management features, FortiSOAR is the security operations center (SOC) automation foundation for leading enterprise and MSSP organizations around the world.
The investigation, response, and playbook creation functions of FortiAI for FortiSOAR have been enhanced with new functions, including:
- Alert insights: Automatically provides a detailed analysis of any alert under investigation.
- GenAI prompts: Displays a selection of common questions/prompts tailored to the current analyst activity.
- Privacy enhancements: Auto-masks sensitive data and lets analysts preview and edit the prompt text before submission.
- Forensic logging: Saves responses as part of the investigation record.
FortiAI for FortiSIEM
FortiSIEM provides the centralized IT/OT event collection, advanced detection analytics, incident management, and other SOC functions that today's security teams need. Built on user and entity behavior analytics (UEBA), a unique configuration management database (CMDB), and GenAI assistance, the intuitive analyst experience supports all aspects of threat monitoring, incident response, and compliance validation across the Fortinet Security Fabric and multivendor infrastructures.
The investigation, response, and product command features of FortiAI for FortiSIEM have also been enhanced. New functions include:
- Threat hunting: Performs log and incident searches based on particular CVEs
- Asset/user profiles: Queries FortiAI by host, IP address, or user ID to see asset information, health status, and known incidents
- Case summaries: Provides case summaries, including an analysis of all related incidents
FortiAI Future Directions
We are committed to the continuous development and expansion of FortiAI and our other AI-enhanced solutions across our product portfolio. This includes providing similar GenAI capabilities for WAN and LAN infrastructures to assist network operations teams, allowing even novice users to leverage GenAI assistance to achieve desired outcomes.
By integrating FortiAI for FortiManager into critical operational workflows, operations teams will be empowered to address the entire network operations life cycle—from Day 0 through Day 1 to Day 2. These capabilities enable conversational access to documentation to ease onboarding, accelerate provisioning and network design, streamline troubleshooting processes, improve monitoring and network insights, data-driven baseline and alerting thresholds, and scale personnel augmentation for network management.
About FortiAI
FortiAI's generative AI functions support OpenAI and Google Bard (FortiSOAR only) cloud engines and can be connected to other large language models. FortiAI augments public AI-engine intelligence with Fortinet intelligence, product, and use-case knowledge, transforming GenAI prompts and responses to provide users with a simple but context-aware, in-product experience that delivers immediately actionable results. Fortinet AI and product specialists continually update the FortiAI intelligence database and the mechanisms used to optimize user AI interactions and results.
Cloud data sharing is limited to explicit customer interactions, and sensitive information can be masked before sharing. FortiAI does not share or provide access to customer data, nor does it permit the GenAI engine to use customer data for training. User access to FortiAI is under standard product controls.