 Routing

Welcome to the FortiAI product training, sales enablement portion.

  Routing

Now that you have completed the FortiAI product overview, let’s examine specific sales strategies and
other FortiAI-related sales enablement topics.
3

It is interesting to state FortiAI does not have a market yet based on Gartner definitions.
However, Fortinet feels strongly it will impact the overall Threat Detection and Response market of $8.7 billion per IDC estimates
for 2020.
4

FortiAI distinctive ability is to use the sophisticated Deep Neural Networks (DNN) AI model to mimic a Security Analyst ability to
perform threat investigation. That process entails the ability to identify the threat first, secondly classify the type of threat then
lastly investigate for lateral movement to drive a comprehensive mitigation approach.

FortiAI split-second layered decision inherent in the DNN model easily disrupts threats with sub-second detection and self-learning
helps adapts to new threats instantaneously. This helps solve the SecOps challenge of facing increased volume, velocity and
sophistication of threats.
5

FortiAI uses Deep Neural Networks to scientifically analyze millions of malware characteristics to accurately determine the type of
threat be it a ransomware, trojan, backdoor, etc. and this in turn reduces false positives. This helps uncover masquerading
malware i.e. malware masked as legitimate objects or a different malware type, that not only serves to evade security controls but
prolong mitigation efforts.
6

FortiAI speeds investigation by analyzing the threat in a kill chain format, highlighting tactics for the attack. It also analyzes threat
movement and accurately identifies patient zero and subsequent victims in real-time. This helps eliminate manual investigation of
a malware outbreak that overburdened Security Analysts are stuck with today.
7

We recommend targeting both CISO and Security Architect persona in financial services, healthcare and
Fed/State entities as they typically employ a lean forward approach to security. However, it is well-known
the entire industry are facing InfoSec skills shortage so organizations who indicate they are overwhelmed
with threats or integrating AI as part of their security strategy make good candidates. In the next slide, we
will discuss in more detail on helping you qualify opportunities.

--

The top 3 verticals that have embraced deception technology are organizations within the financial
services, healthcare, and government. However, any enterprise Security Architect who struggles with
external Advanced Persistent Threats or threats originating from within the organization, will find
deception a worthwhile addition to their arsenal.

FortiDeceptor is based on deception technology that allows the security team to create decoys to lure
attackers and capture their Tactics, Techniques, and Procedures (TTPs). This valuable intelligence is
then shared across inline security controls to block newly discovered attacks before irreparable damage
is done.

What sets FortiDeceptor apart from start-ups such as Attivo, Trapx, and Illusive is that they will likely be
acquired in the near future and that naturally leads to customer uncertainty and a lengthy lead time for
integration. Fortinet’s organically grown and Fabric-integrated deception technology automates
protection, but more importantly includes follow-the-sun global support, assured product longevity, and
roadmap commitments. In the near future, FortiDeceptor will integrate with non-Fortinet solutions as well.
 Routing

With the increasing volume, velocity and sophistication of today’s threat landscape, how concerned are
you or your team on a data breach/security incident caused by a missed security alert or event?
Organizations in general have a overburdened Security Operations due to their limited staff overwhelmed
with thousands of alerts to manage/respond to.

How long does it take your Security Operations team to fully investigate a threat?
Based on Verizon BDIR 2019, 56% organizations take months to discover a threat. This is prompting
organizations to either shore up security resources or look at AI-based solutions to offload SecOps
duties.
 Routing

To keep pace with the evolving threat landscape, what are your hiring plans to bolster Security
Operations in the next 6 months?
There is an on-going cybersecurity workforce gap thus it may take quite a bit longer.

How many SecOps analyst are you planning to hire?

An experienced SecOps analyst annual salary is anywhere between 92K to 124K per annum if you
manage to find one. In all likelihood, junior hires are more feasible but they need additional training and
experience.
To solve this, consider FortiAI that captures 20+ years of FortiGuard Labs in a box designed to mimic
SecOps Analyst duties in detecting, classifying, investigating sophisticated threats and at scale!
 Routing

Some common objections include the following –

Almost every security vendor incorporates AI into their solutions, so how is yours different?

Fortinet:
AI has many learning model and the application of AI is fairly specific. A majority of the learning models
can be categorized into two – machine learning (ML) and deep learning (DL aka Neural Networks).
Application of ML is typically used to improve security efficacy of a product e.g. product evolution of
sandboxing. Whilst application of Neural Networks is used to solve more complex problems that not only
improves the technology domain but impacts other domains as well. In the case of FortiAI, it mimics a
Security Analyst by identifying and classifying threat and through self-learning, evolve itself. Most
importantly it can investigate threats on it’s own pointing out patient zero and compromised systems in
sub-second. Combined together it impacts all three domains – technology, process and people.
 Routing

Another common objection,

Does FortiAI replace my current sandbox/FortiSandbox solution? Or is the AI found in FortiSandbox the
same as FortiAI?

Fortinet:
They are built to solve different sets of use-case. Sandbox/FortiSandbox provides integrated 0-day with
your inline security controls and forensics. However, it does not classify types of threats or investigates
them. FortiAI is designed to detect, classify and investigates threats.
The ML found in FortiSandbox improves the efficacy of detection, while Neural Networks found in FortiAI
mimics human Security Analyst in completing investigation tasks thus allows SecOps to scale.
The FortiSandbox ML model is hosted in FortiGuard Labs and requires updates to FortiSandbox
deployment on a regular cadence. FortiAI can benefit from FortiGuard Labs AI updates but it is not
necessary since the Neural Network model is the “brains” embedded into FortiAI.
 Routing

The last common objection you might come across -

FortiAI is much more expensive than FortiSandbox. Why is that?

Fortinet:
FortiAI houses the most advanced AI – Deep Neural Networks learning model and thus it has embedded
Graphical Processer Units (GPUs) to accelerate intensive algorithmic calculations and correlation of
various sets of data for the investigation of threats. It’s akin to an organization owning the AI Fortinet
developed deployed within their premise thus increases accuracy and reduces FPs of cyber attacks. This
is due to its tailored intelligence similar to hiring an experienced Security Analyst to investigate local
threats specific to that organization. From that respect, an experienced Security Analyst with 5 years of
experience is usually paid between 92K to 124K per annum. FortiAI value lies in its ability to emulate
several experienced Security Analysts.
13

In terms of AI security solutions in the industry, it is common to find most are based on
Machine Learning (ML) and not sophisticated AI such as Deep Learning found in FortiAI. It is
good to dig into marketing claims of AI by other solutions and understand it’s true purpose.

In general, many vendors recognize the need for huge compute needs for AI, thus they can
choose to host their AI platform either in the cloud or on-prem with dedicated hardware. Many
have chosen the former due to their existing AI development stage or ease of AI application.
FortiAI is revolutionary as it is the first of its kind – a customer premise Deep Learning solution
that adapts to their environment without the reliance of cloud updates/assistance.

A common AI deployment is the learning or training stage once AI is deployed in the customer
environment where it can take up to 2 weeks or longer to become familiar with its
environment before AI can be productive. FortiAI is ready to go on day-1 because it comes pre-
trained with 6+ million malware features thus no training is needed.
14

FortiAI is available for sale as of Q1’2020 pricelist

15

To recap,
• There is a huge pressure to an already overburdened SOC to investigate every threat and thus organizations are turning to AI-
based solutions
• However, AI has different classes of learning models where sophisticated model such as Deep Learning are designed to
solve more complex problems than Machine Learning
• FortiAI falls under the class of Deep Learning model that can perform many duties a SecOps Analyst such as identifying,
classifying and investigating threats with a higher degree of performance and at a larger scale
  Routing

You should now be able to:

• Identify the business drivers and security challenges that customers currently face.
• Describe the FortiAI key features.
• Identify the sales strategies for, and competitive advantages of FortiAI.
  Routing

Congratulations!

You’ve completed both lessons of the NSE 3 FortiAI course.

  Routing

After you’ve studied this course, don’t forget to take its quiz. To earn your NSE certification, you must
pass the quiz for each course.

Thank you for your time.

 Routing
20
 Routing