Fortinet Named a Strong Performer in the Forrester Wave™: Network Analysis and Visibility, Q2 2023

The recent Forrester Network Analysis and Visibility (NAV) Wave Report discussed how improved network visibility and network detection and response (NDR) tools, "complement and integrate with security analytics platforms; security orchestration, automation, and response (SOAR) solutions; and extended detection and response (XDR) tools to provide complete visibility and analytics to enable Zero Trust and facilitate response." NDR tools are an integral piece of a complete security operations program and critical to a proactive security posture.

What is NDR?

Security teams turn to NDR tools to spot and identify attacker behavior across the MITRE ATT&CK lifecycle. By leveraging the power of artificial intelligence (AI) and machine learning (ML) to analyze network metadata, NDR solutions excel in detecting command and control, lateral movement and data exfiltration techniques and sub-techniques.

In the report, Forrester states that network analysis and visibility (NAV) and subsequently NDR tools are critical to establishing an effective zero-trust framework. NDR tools provide "visibility into all network traffic - north, south, east, and west…" that Forrester notes is another "key Zero Trust tenet." This visibility extends to inspecting payloads beyond contextual information contained in packet headers and providing deep packet inspection (DPI) to detect potential malicious payloads in a DNS request, for example.

Forrester notes several features that potential NDR customers should look for when evaluating NDR vendors:

1. On board or tightly integrated decryption capabilities. Decryption capabilities remove the ability for attackers to hide their activities in encrypted traffic and further extend visibility.
2. An emphasis on the analyst experience (AX). Forrester notes the security talent shortage, which means NDR vendors should address this situation by improving user interfaces to ensure analysts at any skill level can create effective investigations.
3. Zero trust network access (ZTNA) integrations. As the attack surface expands with an ever-increasing distributed workforce, it creates an additional visibility gap for tools focused on on-premises networks. NDR vendors must account for this issue by providing integrations with ZTNA vendors to ensure suspicious or malicious behavior can be detected regardless of location.

Fortinet NDR Solutions

With two flexible deployment options, FortiNDR for air-gapped environments and FortiNDR Cloud, Fortinet gives security teams the ability to detect, prioritize, investigate, hunt, and respond to attacks across the network.

FortiNDR Cloud is Fortinet's SaaS-based NDR offering. It leverages artificial intelligence (AI), machine learning (ML), behavioral, and human analysis to inspect network traffic. FortiNDR Cloud sensors are deployed throughout the customer's network for metadata collection and sent to the cloud for analysis. The service also provides each customer with dedicated technical success managers (TSMs) that act as trusted advisors who share findings, tune configurations, and help organizations optimize NDR deployments. With FortiNDR Cloud, metadata is retained for 365 days to enable retroactive hunting and analysis.