Integrating Artificial Intelligence into Cybersecurity: Collaboration is the Key….!
Credit to Author: Jack Chan| Date: Mon, 18 Sep 2017 03:00:00 +0000
We have seen from the previous two posts on cybersecurity and AI the importance of using advanced technology to stay ahead of cybercriminals.
But often times a threat transcends one particular box. This is where Fortinet’s collaboration is paramount. Regardless of the physical location of the individual involved, specialist FortiGuard Labs teams work together to develop mitigation strategies and disseminate the information back to the various FortiGate firewalls and security solutions. No other vendor has this type of advanced threat reaction process in place, Fortinet is unique where hardware research (FortiASIC), software (FortiOS) and security research (FortiGuard) all under one roof. And, to take it one step further, Fortinet is moving to take that global threat intelligence and display the resultant intelligence in customised enterprise-specific portal. These new services, in the beta stage, is called Threat Intelligence Service (TIS).
Along side release of TIS, the latest Fortinet Developer Network combines Threat Intel Feed (in STIX, Structured Threat Information eXpression format), along side with latest toolset such as Premium Signature lookup, access to FortiGuard Encyclopaedia via REST API, allowing enterprises and MSP to consume Threat Intelligence from FortiGuard.
Fortinet is unique in that deployed FortiGate Firewalls and associated appliances, such as FortiSandbox, act as sensors that capture and feed suspect files or suspicious behaviour directly back to FortiGuard Labs. Once intercepted, specialist teams and patented technologies analyse the suspect code. It is here that the real Fortinet advantage kicks in. FortiGuard Labs is organised around expert teams that focus on a particular threat or vector, for instance Web Filtering or Botnets. Once the initial suspect code has been classified, it is handed over to the most appropriate team for further action. This tight integration result in accurate and speedy updates, which is critical for battling threats day to day, versus other vendors which might OEM other vendors updates/technology.
The key to cyber security is transparency. If you know what is happening in your network, at the granular level, you can quickly identify any anomalous behaviour and act to isolate it from spreading throughout your network. Fortinet already has solutions that do this. The FortiGate firewalls provide a single pane of glass management console alerts you to unusual activity and internal segmentation isolates the outbreak. FortiSIEM receives malware hashes from FortiSandox ATP integration, which enables threat hunting across networks, it can also consume FortiGuard Indicator of Compromise (IOC) services. All malicious vectors are recorded, tracked and updates via signature sets to customers in real-time, to combine with the visibility and control framework behind the operating systems (FortiOS).
That’s the Fortinet Security Fabric.