FortiXDR—Fully Automated Threat Detection, Investigation, and Response

Digital innovation has transformed businesses and the networks they use to run critical applications, perform online transactions, connect remote workers, and collect and process critical data. And as in the past, these advances raised new security challenges, giving rise to new security solutions designed to address those challenges. However, the speed of transformation left organizations with little time to consider the broader security infrastructure when implementing those solutions. And as a result, now more than ever, today’s security teams are left trying to manage a vast collection of security tools from a variety of vendors and establish some sort of visibility and consistent policy orchestration and enforcement across their organization. Among other challenges, security teams struggle to detect and respond to more—and more damaging—cyberattacks across a complex and largely isolated security toolset. 

Most customers understand the logistical and technological challenges of this complexity and are interested in moving from dozens of different security vendors and products to a handful or less of security platforms, complemented by point products where necessary. 

While there are pragmatic considerations like satisfaction with the vendor, breadth of controls available in their platform, effectiveness and features of each control, and more, an organizing principle has emerged to simplify and integrate that process—XDR, or eXtended Detection and Response. Defined by Gartner as “a security incident detection and response platform that automatically collects and correlates data from multiple security products,” XDR enables an essential integration principle that leverages existing technologies to create unified vision and control over complex, distributed environments. XDR enables different security solutions to see, share, and analyze data so they can more effectively detect threats and deliver a coordinated response that covers the entire attack surface. 

FortiXDR - The Only XDR Solution to Autonomously Manage Cyber Incidents From Start to Finish

At Fortinet, we have been building integrated, multiple product solutions designed to operate as a single cohesive system; first with our Advanced Threat Protection and more recently the Fortinet Security Fabric. The Security Fabric is a broad, integrated and automated cybersecurity platform powered by FortiGuard Labs security services that protects the digital enterprise from endpoint and IoT through network and cloud. FortiXDR is designed to extend the Fortinet Security Fabric, reducing complexity, accelerating detection, automating alert investigations, and coordinating responses to cyberattacks. As part of the Fortinet Security Fabric, FortiXDR is able to leverage the common data structure, correlated telemetry, unified visibility, native integration, and seamless interoperation of Fortinet’s portfolio of Fabric-enabled solutions. It then layers on automated analytics, incident investigation, and pre-defined responses out of the box. FortiXDR brings these advanced capabilities to all three steps of finding and mitigating a security incident:

1. Extended Detection: FortiXDR begins by leveraging the diverse security information shared across the Fortinet Security Fabric for correlation and analysis. And because it can collect information across the industry’s broadest portfolio, the more threat telemetry that can be used to find an active threat—especially those designed to avoid detection. 

2. Extended Investigation: FortiXDR is the first XDR solution to apply artificial intelligence (AI) to the investigation of detected threats—a process every other XDR solution hands off to an overburdened human security analyst, slowing down the process and leaving systems vulnerable to human error. And given the volume of alerts most networks generate, many security teams are simply not resourced to chase down every potential threat.

FortiXDR’s first-of-its-kind, AI-based XDR solution fully automates incident investigation rather than relying on scarce human resources. It is powered by a patent-pending Dynamic Control Flow Engine and is continually trained using the threat data and research feeds provided by FortiGuard Labs as well as the frontline expertise of its incident responders. It establishes the context of an alert, performs a thorough investigation to determine if the threat is real, and then identifies the nature and scope of the attack so the response system knows how to proceed. And unlike a security analyst, FortiXDR performs this function in a matter of seconds, effectively closing the exposure gap created by other XDR solutions. 

3. Extended Response: Because FortiXDR is fully integrated into the Security Fabric, it is natively able to marshal every available resource needed to mount an effective,  automated, and coordinated response. And because its response functions are more uniform than most security information formats, customers are also able to leverage connectors to even tie in many third party solutions in their response.