Fortinet is expanding its data loss prevention (DLP) capabilities with the launch of its new AI-powered FortiDLP products.
Underpinning FortiDLP is technology that Fortinet gained back in August, via the acquisition of Next DLP. The FortiDLP platform provides automated data movement tracking, cloud application monitoring and endpoint protection mechanisms that work both online and offline. Fortinet has had network DLP capabilities in its portfolio before, including Network DLP capabilities integrated into its FortiGate NGFW. The company has also had DLP capabilities associated with its FortiSASE, FortiProxy and FortiMail solutions.
“What’s new with the launch of FortiDLP is that this is our first, standalone endpoint DLP solution, and is part of a broader strategy to expand and enhance our overall data protection portfolio,” Nirav Shah, vice president of product and solutions at Fortinet, told Network World.
FortiDLP expands Fortinet’s data protection efforts
FortiDLP’s architecture includes several key technical components. The system deploys machine learning at the endpoint level, enabling continuous data monitoring without constant network connectivity. The platform implements origin-based data protection, tracking data movement from endpoints and unmanaged mobile devices to external destinations including USB drives, printers, and cloud applications.
Automated classification systems for data identification and real-time policy enforcement mechanisms are also part of the platform. These features operate across multiple channels, including cloud deployments, local applications, and both managed and unmanaged devices.
A customizable database of more than 500 predefined data patterns and policies simplifies and expedites DLP deployment and integration into existing environments.
“FortiDLP integrates with the Fortinet Security Fabric and complements the existing FortiGuard Data Loss Prevention (DLP) Service,” Shah said. “Fortinet customers can implement consistent data identification policies across endpoint, network and cloud.”
How FortiDLP identifies sensitive data
A common challenge with DLP technologies is the process of first identifying and determining what data needs to be protected.
FortiDLP automatically classifies IP and sensitive data at the point of access, and it tracks and controls the egress of that data. FortiDLP integrates a number of approaches to speed up onboarding, including Secure Data Flow that identifies sensitive data at the point of origin and is able to log all data manipulations from that point.
Shah explained that FortiDLP does not require pre-work such as the discovery, classification and labeling of data, or the creation of policies, prior to turn-up of data protection.
“These activities are inherent in legacy DLP solutions and result in considerably long time-to-protection periods of months to even years before effective data protection can be realized, and considerable ongoing support costs,” he said. “Because FortiDLP is cloud-native/SaaS and agent-based, the solution can be turned up in minutes to provide immediate visibility into business data flows, and initiate the baselining of user data.”
How AI fits into FortiDLP
Artificial Intelligence (AI) fits into FortiDLP in a number of ways.
Fortinet is providing capabilities to protect against shadow AI. The system monitors and controls data flows to public AI platforms like ChatGPT and Google Gemini, implementing policy-based restrictions while maintaining operational flexibility. The basic idea is to not let proprietary data be leaked to gen AI platforms.
AI is also used to increase detection efficacy of potential data risks.
Shah explained that machine learning is integrated into the FortiDLP agent on Windows, MacOS and Linux. It builds a baseline of normal activity and detects novel and anomalous interactions with data by an employee.
Additionally FortiDLP’s incident and case management modules use FortiAI to automate the creation of incident reports based on observed high risk activity.
“The FortiAI system also automatically contextualizes employee activity to enable an analyst to quickly infer whether activity is malicious or not based on organizational and peer group norms,” Shah said.
Source:: Network World