Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fortinet Releases Advisor, Its GenAI Assistant Focused on Threat Investigation and Remediation

GenAI
(Credit: Dariusz Banaszuk / Alamy Stock Photo)

Tis the season to deck the halls and to be jolly. In tech, it’s generative AI (GenAI) time. Over the past several months, we have seen a flurry of GenAI announcements across various vendors. Recently, Fortinet announced its strategy and related product called Fortinet Advisor.

Fortinet has taken an interesting strategy around Fortinet Advisor. Initially, it will be available for FortiSIEM, the company’s SIEM solution, and FortiSOAR, its security orchestration, automation, and response solution, with a goal of rolling it out across all its products.

In an exclusive briefing, Fortinet’s CMO and EVP of product strategy, John Maddison, shared the rationale behind the company’s approach. “Rather than the usual strategy of everyone doing their own thing and making up their own name, icon, and brand, maybe we can get ahead of it and come up with our own broad terminology, which we’ve used and put in as Advisor,” he told me. “And then we can apply that to all the products, so we’re creating this brand across all the products.”

Fortinet has employed AI in its Fortinet Security Fabric and FortiGuard Labs threat intelligence and security services for some time. In addition, the company has several other AI-powered offerings, such as FortiGuard AI-Powered Security Services, FortiAIOps, FortiEDR, and FortiAnalyzer. Fortinet says using AI across its Security Fabric can remediate attacks and help IT teams fix networking and security.

Fortinet Advisor (Maddison told me that it’s not “FortiAdvisor” because it’s not a product) is the company’s latest creation aimed at helping SecOps teams investigate and remediate threats. The company sees Advisor acting as a kind of J.A.R.V.I.S. assistant (if you’re not an Iron Man fan, you can educate yourself here) that can ease the burden of real-life analysts.

Complementing existing solutions with Fortinet Advisor

Fortinet has a broad portfolio that spans network, cloud, endpoint security, SOC operations, SD-WAN, Wi-Fi, and more. I asked Maddison why the company chose to roll out Fortinet Advisor with its SOAR and SIEM products first, and he told me SOC operations are where the most help is needed. Maddison explained, “We thought about where our customers had the biggest skills gap and where they lacked people, and the SOC seemed obvious.” I concur with that, as SOC engineers are inundated with massive amounts of data, so much so that the most seasoned pro can’t keep up. A GenAI assistant can be of great help in that area.

The solution aims to be an extra set of eyes for SecOps teams. The company says that its SecOps solutions have already helped shorten—from 20 days to less than an hour—the time it takes to identify and contain threats. Fortinet also says it has condensed investigation and remediation to 15 minutes from 18 hours.

The company feels that Fortinet Advisor, with a view across all of its products, will provide incident analysis, remediation guidance, and playbook templates—all with an understanding of the context. The advice delivered by this solution will come in natural language to SecOps teams in seconds.

In addition, the company heralded a few more benefits it hopes that SecOps teams will get from Fortinet Advisor, including:

  • Helping security analysts generate the correct queries to help SecOps investigations. With Advisor, analysts can use natural language to enter their insights, and then Advisor will create the correct syntax to make the results worthwhile.
  • Assisting in rapid threat responses with suggested threat remediation plans that can be refined based on real-time analyst feedback.
  • The ability to generate playbook templates that security architects can operationalize quickly.

The company says Fortinet Advisor will be updated constantly, with ongoing refinements to the knowledge base from Fortinet AI and product specialists.

A final word on Fortinet Advisor

Fortinet Advisor may seem like another vendor jumping on the GenAI bandwagon. But, as we noted, Fortinet has been working in AI for a while, and this is a culmination of years of work. The real difference maker here could be the data that Fortinet has gathered over the past 23-plus years. Even the most sophisticated AI is only as good as its training data—and Fortinet has a massive supply.

In our discussion, Maddison said the company will have considerable customer feedback within six months and may have rolled out other modules. He invited me to have a follow-up conversation then. I’ll take him up on that.

In a world where we get vapor-filled announcements that are essentially about nothing, it was refreshing to hear that kind of forward-looking frankness from Maddison. I’m optimistic that Fortinet Advisor can help organizations close the growing security skills gap.

Zeus Kerravala is the founder and principal analyst with ZK Research.

Read his other Network Computing articles here.

Related articles: