Fortinet black logo

FortiNDR VM on VMware ESXi

Home FortiNDR (on-premise) Private Cloud 7.0.0 FortiNDR VM on VMware ESXi

About FortiNDR VM on VMware ESXi

7.0.0
7.4.0
7.2.0
7.0.0
Copy Link
Copy Doc ID 070d4a50-d534-11ec-bb32-fa163e15d75b:330130
Download PDF

About FortiNDR VM on VMware ESXi

FortiNDR VM (formerly FortiAI) is the first Fortinet Network Detection and Response product from Fortinet. Apart from the Virtual Security AnalystTM with sub-second malware detection technology based on neural networks, FortiNDR is built on FortiAI’s technology with extended and added features to detect Network Anomalies with auto and manual mitigation techniques. FortiNDR VM is renamed from FortiAI with additional Network Detection and Response functionality, with the original FortiAI malware analysis features.

FortiNDR VM is the next generation of Fortinet's malware detection technology, using Artificial Neural Networks (ANN) which can deliver sub-second malware detection and verdict.

ANN is able to mimic human behavior using the Virtual Security Analyst (VSA)TM, which is capable of the following:

  • Detect encrypted attack (via JA3 hashs), look for presence of malicious web campaigns visited , weaker ciphers, vulnerable protocols, network- and botnet-based attacks.

  • Profile ML traffic and identify anomalies with user feedback mechanism.

  • Detect malicious files in sub-seconds through neural network analysis including NFS file scan shares.

  • Analyze malware scientifically by classifying malware based on its detected features, for example, ransomware, downloader, coinminer, and so on.
  • Trace the origins of the attack, for example, worm infection.
  • OutBreak search can use the similarity engine to search for malware outbreaks with hashes and similar variants in the network.
  • Take advantage of Fortinet's Security Fabric with FortiGate(s) and other Fortinet Security Fabric solutions, along with 3rd party API calls, to quarantine infected hosts.

The neural network model is capable of running on both a 2U FortiNDR-3500F model with GPUs and a FortiNDR VM that supports 16 or 32 vCPUs.

FortiNDR VM can operate in different modes: sniffer mode where it captures traffic on network from SPAN port (or mirrored if deployed as VM), integrated mode with FortiGate devices and input from other Fortinet devices (See release notes for supported devices), with inline blocking with FortiOS (7.0.1 and higher) AV profiles. You can also configure FortiNDR VM as an ICAP server to serve ICAP clients such as FortiProxy and Squid. All modes can operate simultaneously.

Key advantages of FortiNDR VM include the following:

Detect network anomalies with different techniques where traditional security solutions might fail

  • Provide more context to attacks such as malware campaign name, web campaign devices and users participate in, intrusions and botnet attacks
  • Tracing and correlate source of malware events such as worm based detection
  • Manual and automatic mitigation (AKA Response) with Fortinet Security Fabric devices (such as FortiGate, FortiSwitch, FortiNAC), as well as 3rd Party solutions (via API calls).
Previous
Next

About FortiNDR VM on VMware ESXi

FortiNDR VM (formerly FortiAI) is the first Fortinet Network Detection and Response product from Fortinet. Apart from the Virtual Security AnalystTM with sub-second malware detection technology based on neural networks, FortiNDR is built on FortiAI’s technology with extended and added features to detect Network Anomalies with auto and manual mitigation techniques. FortiNDR VM is renamed from FortiAI with additional Network Detection and Response functionality, with the original FortiAI malware analysis features.

FortiNDR VM is the next generation of Fortinet's malware detection technology, using Artificial Neural Networks (ANN) which can deliver sub-second malware detection and verdict.

ANN is able to mimic human behavior using the Virtual Security Analyst (VSA)TM, which is capable of the following:

  • Detect encrypted attack (via JA3 hashs), look for presence of malicious web campaigns visited , weaker ciphers, vulnerable protocols, network- and botnet-based attacks.

  • Profile ML traffic and identify anomalies with user feedback mechanism.

  • Detect malicious files in sub-seconds through neural network analysis including NFS file scan shares.

  • Analyze malware scientifically by classifying malware based on its detected features, for example, ransomware, downloader, coinminer, and so on.
  • Trace the origins of the attack, for example, worm infection.
  • OutBreak search can use the similarity engine to search for malware outbreaks with hashes and similar variants in the network.
  • Take advantage of Fortinet's Security Fabric with FortiGate(s) and other Fortinet Security Fabric solutions, along with 3rd party API calls, to quarantine infected hosts.

The neural network model is capable of running on both a 2U FortiNDR-3500F model with GPUs and a FortiNDR VM that supports 16 or 32 vCPUs.

FortiNDR VM can operate in different modes: sniffer mode where it captures traffic on network from SPAN port (or mirrored if deployed as VM), integrated mode with FortiGate devices and input from other Fortinet devices (See release notes for supported devices), with inline blocking with FortiOS (7.0.1 and higher) AV profiles. You can also configure FortiNDR VM as an ICAP server to serve ICAP clients such as FortiProxy and Squid. All modes can operate simultaneously.

Key advantages of FortiNDR VM include the following:

Detect network anomalies with different techniques where traditional security solutions might fail

  • Provide more context to attacks such as malware campaign name, web campaign devices and users participate in, intrusions and botnet attacks
  • Tracing and correlate source of malware events such as worm based detection
  • Manual and automatic mitigation (AKA Response) with Fortinet Security Fabric devices (such as FortiGate, FortiSwitch, FortiNAC), as well as 3rd Party solutions (via API calls).
Previous
Next