Following the acquisition of ZoneFox Limited at the end of last year, Fortinet is today introducing FortiInsight to help organizations mitigate insider threats. FortiInsight uses machine learning analytics to effectively monitor endpoints, data movements and user activities to detect unusal, malicious behavior and policy violations. When integrated with FortiSIEM—as part of the Fortinet Security Fabric—FortiInsight provides organizations with complete visibility into their data activity, enabling them to reduce the risks of insider threats that can lead to a breach or to compliance issues with the likes of GDPR and HIPAA.
The attack surface is continuing to expand, and while many security teams are focused primarily on preventing malicious outsiders from exploiting new attack venues, the Verizon 2018 Data Breach Report found that close to 30 percent of confirmed breaches today involve insiders. However, today’s increasingly complex networks, compounded by the proliferation of data, devices, applications, and users accessing networked resources, make it difficult for security teams to detect and prevent insider threats, regardless of whether those breaches are malicious or the result of negligence.
To address this challenge, CISOs not only need to ask themselves, “how well are my current security policy and controls working?”, but also, “are employees and contractors violating policy and misusing their privileges?” As advanced threats rapidly evolve, CISOs need to implement security controls that protect their company’s data, intellectual property, and reputation both inside and out. And they need to do this while simultaneously satisfying industry compliance requirements.
With the inclusion of FortiInsight into the Fortinet Security Fabric, these concerns can now be addressesd head on. FortiInsight’s robust solution delivers endpoint behavioral monitoring everywhere—securing endpoint devices even when they are off the corporate network—to provide visibility into user behavior, data movement, and accessed resources. With its ability to monitor, detect, and alert on potential insider threats, including such things as policy violations, privilege misuse or abuse, data exfiltration, account takeover, or even compromised accounts, security teams have more granular visibility and control over insider threats than ever before.
FortiInsight’s powerful rule-based engine can identify policy violations, unauthorized data access, data exfiltration—whether data is being moved to the cloud or onto a local USB device, and compromised accounts. And FortiInsight’s machine learning capabilities automatically baseline user behavior across peer groups, allowing it to quickly detect unusual behavior or changes in behavior. This heightened visibility, enabled by its advanced machine learning analytics and rule-based engine, gives security teams the insight they need to be able to respond efficiently before risk escalates to incident, thereby preventing breaches.