Fortinet FortiNDR VM
Network Detection and Response with
Virtual Security Analyst
Click here to jump to more pricing!
Overview:
FortiNDR represents the future of AI-driven breach protection technology, designed for short-staffed Security Operation Center (SOC) teams to defend against various threats including advanced persistent threats through a trained Virtual Security AnalystTM that helps you identify, classify, and respond to threats including those well camouflaged. FortiNDR employs patent-pending* Deep Neural Networks based on Advanced AI and Artificial Neural Network to provide sub-second investigation by harnessing deep learning technologies that assist you in an automated response to remediate different breeds of attacks. FortiNDR significantly reduces the time to identify network anomalies and malicous content on your network and mitigate with Fortinet Security Fabric and third Party integration.
Shortage of Experienced SOC Analysts
Experience is the hardest thing to acquire in cyber security, especially in threat analysis, outbreak investigation, and malware research experience
Breach Prevention
High volume of north-south and east-west traffic is processed in data centre using ML and advance analytics to identify and respond to breaches
AI-Powered Detection and Response for Cyber Attacks
Innovative threat actors disrupt cyber security through automated attacks designed to overwhelm or sneak past your SOC defenses
ML-based Malware
Carefully crafted cyber threats designed to bypass your existing security controls through the camouflage of malware behaviors
Key Features
- Detect network anomalies where traditional security solutions fail
- Automate and manually respond for quarantine and control
- Mimic experienced security analyst for outbreak, anomalies, and malware detection, processing large volume of network data
- Reduces malware detection time from minutes to subsecond verdict
- Provide on-premises learning to reduce false positives by analyzing organizational-specific traffic and adapting to newly disguised threats
- Integrate into Fortinet’s Security Fabric by uniting with FortiGates and others to automatically quarantine attacks
- Analyze zero days scientifically including fileless threats and classify them into 20+ malware attack scenarios
Deployment:
Highlights:
Network Detection Response
Responsibilities
DETECT
- Detect encrypted attack, malicious web campaigns, weaker ciphers, vulnerable protocols, IP and DNS-based botnet attacks with advanced analytics
- Profile network traffic with ML models to identify anomalies with user feedback mechanism
- Detect malicious files in sub-seconds through neural network analysis including NFS file shares
RESPOND
- Integrate Fortinet Security Fabric and third party (via API) with FortiGate inline blocking, FortiSwitch/FortiNAC quarantine, FortiAnalyzer, and FortiSOAR
Virtual Security Analyst™
Responsibilities
ANALYZE
- Identify and classify attack scenarios that determines malware attacks with chain-on-infection and big picture analyses
- Investigate the attack source by tracking the original source of infection with time stamps
- Emulate a FortiGuard malware analyst and scientifically determine the type of malware based on an evolving neural networks that constantly learns and matures over time and experience
SECURE
- Search for outbreaks on networks and look for traces of malware based on hashes and similar variants
FortiNDR can be placed in network to detect threats among high volume of network and file transfers, to strengthen threat detection, and tosecure network segments. Assisting security operations by mimicking human analysis experience as well as tracing outbreaks. Coupled with mitigation via Fortinet Security Fabric as well as third party solution based on APIs.
State-of-the-Art Artificial Neural Network (ANN) for Malware Detection
- The state-of-the-art ANN is pre-trained in FortiGuard labs with 20M+ clean and malicious files and further learning is done on premises; updates of the ANN model are available from FortiGuard network to ensure customers areprotected against the latest threats
- Responsible for classifying malware types into 20+ attack scenarios and AI-based engine for tracing source of attacks, emulating how a human brain operates
- Pre-trained in FortiGuard labs with millions of known clean and malicious samples forming billions of clean and malicious features, which is used to scientifically decide malware and attack type specific to your organizations’ security environment
Features:
Deployment Modes
- Sniffer, integrated and inline blocking (with FortiGates), and manual upload/REST API
- ICAP Server: FortiNDR
ICAP clients: FortiGate v6.4.0+, FortiProxy v7.0, FortiWeb v6.3.11+, and third party such as Squid
Malware Classification
- AI-driven Security Attack Scenarios: Industroyer, Wiper, Downloader, Redirector, Dropper, Ransomware, Worm, Password Stealer, Rootkit, Banking Trojan, InfoStealer, Exploit, Clicker, Virus, Application, CoinMiner, DoS, BackDoor, WebShell, Search Engine Poisoning, Proxy, Trojan, Phishing, Fileless, and more
File Types and Protocols
NDR engine: common protocols such as TCP, UDP, ICMP, ICMP6, TLS, HTTP, SMB, SMTP, SSH, FTP, POP3, DNS, IRC, IMAP, RTSP, RPC, SIP, RDP, SNMP, MYSQL, MSSQL, PGSQL, and their behaviors
File-based analyses: 32 bit and 64 bit PE - Web based, text, and PE files such as EXE, PDF, MSOFFICE, DEX, HTML, ELF, ZIP, VBS, VBA, JS, Hangul_Office, TAR, XZ, GZIP, BZIP, BZIP2, RAR, LZH, LZW,ARJ, CAB, _7Z, PHP, XML, POWERSHELL, BAT, HTA, UPX, ACTIVEMIME, MIME, HLP, BASE64, BINHEX, UUE, FSG, ASPACK, GENSCRIPT, SHELLSCRIPT, PERLSCRIPT, MSC, PETITE, ACCESS, SIS, HOSTS, NSIS, SISX, INF, E32IMAGE, FATMACH, CPIO, AUTOIT, MSOFFICEX, OPENOFFICE, TNEF, SWF, UNICODE, PYARCH, EGG, RTF, DLL, DOC, XLS, PPT, DOCX, XLSX, PPTX, LNK, KGB, Z, ACE, JAR, APK, MSI, MACH_O, DMG, DOTNET, XAR, CHM, ISO, CRX, INNO, THMX, FLAC, XXE, WORDML, WORDBASIC, OTF, WOFF, VSDX, EMF, DAA, GPG, PYTHON, CSS, AUTOITSCRIPT, RPM, EML, REGISTRY, PFILE, CEF, PRC, CLASS, JAD, COD, JPEG, GIF, TIFF, PNG, BMP, MPEG, MOV, MP3, WMA, WAV, AVI, RM, TOR, HIBUN
Malware Core Engine
- Patent-pending malware analysis with multiple artificial neural networks
- Pre-trained with millions of malware features
- Scenario-based engine to locate patient zero
- Outbreak search engine (hash, virus family)
- Similarity engine to look for malware and its variants on the network
- File IOC (Indicator of Compromise) analysis
- MITRE ATTACK Malware mapping
- Allow/Deny List
Systems and Integration
Systems
- LDAP / RADIUS RBAC admin profiles, SYSLOG, STIX/JSON for malware, and IPv4 static route support
Devices Input
- FortiGate (5.6+), FortiMail (v7.2+), FortiSandbox (v4.0.1+), FortiSOAR (connector), FortiProxy (v7.0+) and FortiWeb (via ICAP), and third party ICAP clients
Response
- FortiGate (v7), FortiNAC and FortiSwitch quarantine (via FortiLink), FortiSOAR (via syslog), and third Party API call
Log and Report
- Local logs with STIX/JSON output (malware), FortiAnalyzer, and FortiSIEM support
Specifications:
FortiNDR VM 16 | FortiNDR VM 32 | |
---|---|---|
Technical Specifications | ||
vCPU Support (Recommended) | 16 | 32 |
Memory Support (Minimum / Recommended) | 128 GB / 256 GB | |
Recommended Storage | 1 TB to 8 TB | |
Default RAID level (software RAID) | Hypervisor Hardware Dependent | |
System Performance | ||
Malware Analysis Throughput (files per hour)2 | 14,000 | 22,000 |
Sub-second verdict | ✔ | |
NDR Sniffer Throughput | Hypervisor Hardware Dependent | |
Hypervisor Support | ESXi 6.7 U2+ and KVM |
Documentation:
Download the FortiNDR Data Sheet (PDF).
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- 24x7 FortiCare Contract
24x7 Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades - 24x7 FortiCare plus FortiGuard Bundle Contract
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, 24X7 Support, FortiDB Security Service (DBS) - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.