Fortinet Inc., known for its advanced cybersecurity solutions, has launched two new integrations within its FortiAI security assistant, enhancing threat detection and response management. The update comes as cyberattacks driven by artificial intelligence escalate, underscoring the urgent need for more sophisticated security measures.
Enhanced AI Support for Threat Detection and Alert Management
The latest additions to FortiAI include integrations with FortiNDR Cloud and Lacework FortiCNAPP, aimed at refining threat analysis and response procedures. FortiNDR Cloud now assists security teams by enabling more precise analysis through specific query responses, while Lacework FortiCNAPP helps SOC teams interpret alerts, assess risks, and receive detailed, step-by-step guidance for incident investigations. This combination offers streamlined responses to evolving cyber threats, providing both clarity and speed in managing incidents.
Rising Threats of AI-Powered Attacks
These integrations come at a time when AI-driven cyberattacks have become more frequent and sophisticated. According to Microsoft’s October 2024 report, over 600 million cyber incidents are recorded daily, marking a sharp rise in automated threats that challenge existing defense systems. This report points to advanced tactics used by state-sponsored actors from Russia, North Korea, and Iran, who leverage AI to develop powerful cyber tools for espionage, ransomware, and targeted influence operations.
The report notes that Russian groups have used AI-driven malware for campaigns in Ukraine, blurring the line between ransomware and espionage. North Korea’s new malware, called FakePenny, targets aerospace organizations to steal information and demand ransom, showcasing the increasing use of AI for dual purposes. Iran has similarly expanded its cyber strategies, employing AI-enhanced tactics for both data theft and influence operations against regional adversaries.
Fortinet’s Broader AI Strategy
Fortinet’s AI-focused initiatives extend beyond these new integrations. Earlier in 2024, the company upgraded its FortiGate NGFW (Next-Generation Firewall) with capabilities for real-time malware detection and prevention, aimed at stopping AI-powered threats at the perimeter. FortiAnalyzer also saw improvements, incorporating AI for deeper analysis and better threat visualization. Fortinet’s use of AI within FortiManager has provided automated solutions for network configuration and troubleshooting, making network security management more efficient.
FortiManager Vulnerability Incident
In October 2024, Fortinet faced scrutiny over a zero-day vulnerability in its FortiManager platform, identified as CVE-2024-47575. This flaw allowed attackers to bypass authentication and execute arbitrary code, affecting network management tools globally. Reports from security expert Kevin Beaumont, who named the exploit “FortiJump,” indicated that the vulnerability had been exploited as early as June 2024. Follow-up findings pointed to further incidents in September, revealing the extent of ongoing risks.
Attackers exploited the FGFM protocol to link compromised FortiGate devices with FortiManager, creating secure SSL tunnels that allowed unauthorized access to network settings. While no malware installations were observed, attackers could access and control network configurations, posing severe risks for enterprises using Fortinet products.
Fortinet released patches for FortiManager versions 7.2.8 and 7.4.5, urging customers to update their systems promptly. For those unable to update immediately, the company recommended limiting access to known IPs and implementing custom SSL certificates to secure the FGFM protocol. Despite these measures, some users expressed concerns over communication delays and learning about the exploit through external sources rather than direct advisories ([Fortinet]).
Vulnerabilities Faced by Managed Service Providers
Managed Service Providers (MSPs) were particularly exposed due to their reliance on FortiManager to oversee client networks. The exploit allowed attackers to register rogue devices, potentially compromising both MSPs and their clients. This vulnerability raised questions about the FGFM protocol’s security, which, by default, accepted connections from devices with valid certificates. The ease of obtaining such certificates made this flaw especially concerning.
Broader Industry Efforts to Counter Cyber Threats
Fortinet’s actions align with the cybersecurity industry’s emphasis on collaboration to tackle complex threats. Microsoft’s October report highlighted the necessity of partnerships between tech companies and public entities, citing the difficulty of countering large-scale attacks alone. One such partnership is NTT DATA’s work with Palo Alto Networks to launch an AI-driven Managed Extended Detection and Response (MXDR) service, focused on protecting high-risk sectors like manufacturing and healthcare.