Fortinet has just announced FortiAIOps, an Artificial Intelligence with Machine Learning (AI/ML) tool for network operations. “Wait,” some people may ask, “isn’t Fortinet, a security company? Yes, it is, but it is also a networking company, as in “Security-Driven Networking.”
The objective of network operations, in general, is evolving to focus on the quality of the end-user experience. It is not just a matter of, “Is everything up” but “is everything working well?” A holistic view of the network is needed, starting at the LAN Edge – where the users are – and Fortinet has been a leader in unified networking.
Among Fortinet customers, 40% of network operations trouble tickets are connectivity issues. “The Wi-Fi is down.” I’m a Wi-Fi guy. Properly designed Wi-Fi is rarely the problem. That said, there can be DHCP issues, DNS issues, VLAN configurations, fat-fingered passwords, and, occasionally, radio frequency (RF) problems. It is bad enough when things are not working, but what about when they are working, but poorly? Where do you begin?
Fortinet has critical strengths in the evolving AI/ML for NetOPs space.
FortiAIOps’ purpose is to improve network operations, drive down total trouble tickets, drive down resolution times, and improve the productivity and satisfaction of everyone who uses the network. FortiAIOps does four things to support this goal:
So, how do you measure something as vague as “the network is working well?” The answer is “SLAs,” both as goals but also as a matter of deviation from the mean; that is where the “AI/ML” piece comes into the picture. FortiAIOps learns over time what is normal at a site, and then can identify deviations from “normal”, and normal may be completely different from one site to another.
Putting this all together, FortiAIOps is a management extension application that can be installed on FortiManager. It utilizes data we already gather from FortiGates. It is a natural extension of our LAN Edge architecture, today with SLAs for wireless connectivity and device health checks for FortiAPs and FortiSwitches (SD-WAN coming soon). The scalability is enormous, appropriate for anything from 10s to 1000s of FortiGates. The bigger the operation, the greater the need for FortiAIOps.
The basic structure of a Fortinet LAN Edge access network:
It is integrated via FortiLink into a Security Fabric, which also happens to be a network fabric. FortiManager is deployed in a data center, or a virtual system in the cloud. FortiAIOps installs as a docker on FortiManager. Install is remarkably simple. Click on Management Extensions, click on FortiAIOps, hit OK – it will download and install.
To reiterate what we briefly pointed out above, one advantage of our architecture is that there is no additional logging. All the necessary telemetry is already going to FortiManager. At Fortinet, we have a solid pedigree in SecOps, and this is not our first rodeo when it comes to AI. Gathering the events in Syslog format is already part of the Fortinet Security Fabric. FortiAIOps adds no additional overhead to your WAN links. Not a single bit.
What is cool from an AI/ML perspective, FortiManager in fact, can already digest 23,000 types of logs. We will not look at futures here, but AI/ML is all about big data, and now that the analysis engine is there…. Well, stay tuned.
It is not necessary, but it is a good idea to add a FortiAnalyzer to the mix. FortiAnalyzer can increase log storage and offload log processing from FortiManager. FortiAnalyzer enables scalability for thousands of FortiGates.
Troubleshooting is simple, starting on day one. We have built-in, which is adjustable for SLAs in wireless connections – each of which has multiple underlying AI/ML primitives. There are 4 stages, and therefore 4 failure stages, for a wireless connection:
These are called out right on the dashboard:
On drill down to the individual events, each one states what went wrong, where it went wrong (by listing the FortiGate, and therefore the location), when it went wrong, and points at the most likely remedy.
Naturally, it is possible to scroll through locations, compare SSIDs and apply appropriate filters to get context on the issue quickly. With historical data, Ops has the potential to address tickets along the lines of “I had trouble connecting Tuesday morning, but had to run to a meeting.”
That is your introduction to FortiAIOps, and it is only the beginning!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.