FortiAI is the next generation of Fortinet's malware detection technology, using Artificial Neural Networks (ANN) which can deliver sub-second malware detection and verdict.
ANN is able to mimic human behavior using the Virtual Security Analyst (VSA)TM, which is capable of the following:
- Analyze malware scientifically by classifying malware based on its detected features, for example, ransomware, downloader, coinminer, and so on.
- Trace the origins of the attack, for example, worm infection.
- OutBreak search can use the similarity engine to search for malware outbreaks with hashes and similar variants in the network.
- Take advantage of Fortinet's Security Fabric with FortiGate(s) to quarantine infected hosts.
Unlike traditional defenses where malware detection relies on antivirus engines and signatures updates, FortiAI is pretrained with over 20 million clean and malicious files, so that FortiAI can extract millions of features that are available in the box. FortiAI's neural networks run in a 2U form factor using accelerated hardware with a custom GPU such as FortiAI-3500F, as well as using VMs with 16 or 32 vCPU support.
FortiAI can operate in different modes: sniffer mode, integrated mode with FortiGate devices, inline blocking with FortiOS (7.0.1 and higher) AV profiles. You can also configure FortiAI as an ICAP server to serve ICAP clients such as FortiWeb and Squid. All modes can operate simultaneously.
Key advantages of FortiAI include the following:
- Reduce malware identification time from minutes to seconds, unlike traditional technology like sandboxing where behaviors are extracted from file execution when the file is run in a VM within the sandbox. FortiAI does not need to run or execute a file to get a verdict.
- Provide extensive information about the malware attack by identifying the features used in the malware. This helps SOC analysts to determine the intention of the malware or attack.
- Correlate and link the source of attack, for example, finding the source of the worm infection over SMB, so that SOC analysts can act and fix the original problem—the patient-zero on the network.
- Show the big picture to assist in the threat investigation of malware attack forensic data for incident analysis.
- Participate in Fortinet Security Fabric with FortiGate NGFW for quarantine.