Fortinet has just announced FortiAIOps, an Artificial Intelligence with Machine Learning (AI/ML) tool for network operations. “Wait,” some people may ask, “isn’t Fortinet, a security company? Yes, it is, but it is also a networking company, as in “Security-Driven Networking.”
The objective of network operations, in general, is evolving to focus on the quality of the end-user experience. It is not just a matter of, “Is everything up” but “is everything working well?” A holistic view of the network is needed, starting at the LAN Edge – where the users are – and Fortinet has been a leader in unified networking.
Among Fortinet customers, 40% of network operations trouble tickets are connectivity issues. “The Wi-Fi is down.” I’m a Wi-Fi guy. Properly designed Wi-Fi is rarely the problem. That said, there can be DHCP issues, DNS issues, VLAN configurations, fat-fingered passwords, and, occasionally, radio frequency (RF) problems. It is bad enough when things are not working, but what about when they are working, but poorly? Where do you begin?
Fortinet has critical strengths in the evolving AI/ML for NetOPs space.
The Security Fabric - Fortinet networks are already designed, deployed, constructed as a unified whole. A FortiGate is not only the top Next-Generation Firewall (NGFW), but it is the heart of a WAN Edge system. FortiGates are also Wi-Fi & Switch Controllers with integrated NAC. Fortinet will already treat the network as a unified whole.
AI/ML pedigree – Fortinet has already built AI-based SecOps systems. FortiGuard Labs runs on AI, not to mention FortiSOAR, FortiAnalyzer, FortiMonitor. FortiAIOps is built to use data we already gather. AI/ML thrives on big data, and we can already collect 23,000 log types. This is just the first iteration of an engine with access to an enormous store of data.
Rapid Time to Value – FortiAIOps comes out the door not only identifying problems on day one but suggesting solutions. Every alert in FortiAIOps includes a recommended resolution. When an end-user cannot connect, IT staff can see they “fat-fingered” their password and recognize that the problem is unique. On the other extreme, identifying Wi-Fi ‘sticky-clients’ can be very hard to chase down normally, but FortiAIOps can bring attention to it, and the solution of tuning the Wi-Fi system remotely, likely before end users have even called in.
FortiAIOps’ purpose is to improve network operations, drive down total trouble tickets, drive down resolution times, and improve the productivity and satisfaction of everyone who uses the network. FortiAIOps does four things to support this goal:
Process wireless events collected from FortiGates (as well as FortiAP and FortiSwtich health)
Predict failures based on trained Machine Learning models
Periodically review FortiGate configurations to detect root probably root causes
Provide Client level remediation to correct connectivity and other problems
So, how do you measure something as vague as “the network is working well?” The answer is “SLAs,” both as goals but also as a matter of deviation from the mean; that is where the “AI/ML” piece comes into the picture. FortiAIOps learns over time what is normal at a site, and then can identify deviations from “normal”, and normal may be completely different from one site to another.
Putting this all together, FortiAIOps is a management extension application that can be installed on FortiManager. It utilizes data we already gather from FortiGates. It is a natural extension of our LAN Edge architecture, today with SLAs for wireless connectivity and device health checks for FortiAPs and FortiSwitches (SD-WAN coming soon). The scalability is enormous, appropriate for anything from 10s to 1000s of FortiGates. The bigger the operation, the greater the need for FortiAIOps.
The basic structure of a Fortinet LAN Edge access network:
It is integrated via FortiLink into a Security Fabric, which also happens to be a network fabric. FortiManager is deployed in a data center, or a virtual system in the cloud. FortiAIOps installs as a docker on FortiManager. Install is remarkably simple. Click on Management Extensions, click on FortiAIOps, hit OK – it will download and install.
To reiterate what we briefly pointed out above, one advantage of our architecture is that there is no additional logging. All the necessary telemetry is already going to FortiManager. At Fortinet, we have a solid pedigree in SecOps, and this is not our first rodeo when it comes to AI. Gathering the events in Syslog format is already part of the Fortinet Security Fabric. FortiAIOps adds no additional overhead to your WAN links. Not a single bit.
What is cool from an AI/ML perspective, FortiManager in fact, can already digest 23,000 types of logs. We will not look at futures here, but AI/ML is all about big data, and now that the analysis engine is there…. Well, stay tuned.
It is not necessary, but it is a good idea to add a FortiAnalyzer to the mix. FortiAnalyzer can increase log storage and offload log processing from FortiManager. FortiAnalyzer enables scalability for thousands of FortiGates.
Troubleshooting is simple, starting on day one. We have built-in, which is adjustable for SLAs in wireless connections – each of which has multiple underlying AI/ML primitives. There are 4 stages, and therefore 4 failure stages, for a wireless connection:
These are called out right on the dashboard:
On drill down to the individual events, each one states what went wrong, where it went wrong (by listing the FortiGate, and therefore the location), when it went wrong, and points at the most likely remedy.
Naturally, it is possible to scroll through locations, compare SSIDs and apply appropriate filters to get context on the issue quickly. With historical data, Ops has the potential to address tickets along the lines of “I had trouble connecting Tuesday morning, but had to run to a meeting.”
That is your introduction to FortiAIOps, and it is only the beginning!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.