I have been using a FortiWeb for years but have never implemented Machine Learning. Using signature-based detection we have users blocked from time to time because of false positives detected in their text input in various parameter fields. I then go in and configure exceptions for the signature and parameter. That, and throughput are our only pain points with the system.
I do not understand the Machine Learning functionality. Does it supplement or replace the traditonal protection mechanisms (e.g. signature based detection)? Is it likely to provide a better experience for our site visitors? I do understand it provides advantages against zero day attacks. I have read descriptions of this feature, but still don't understand the pros, cons, risks, and rewards of implementing.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Frank,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello Frank,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hi Fakaul,
Well this Machine learning is basically to create a Threat Model and is used for Bot detection or Anomaly detection kind of Threats.
It actually supplements the traditional protection mechanism.
Bot Detection is definitely on of rewards of implementing. It do take some time to build based on the input of your traffic.
FortiWeb employs two layers of machine learning to detect malicious attacks.
The first layer uses the Hidden Markov Model (HMM) and monitors access to the application and collects data to build a mathematical model behind every parameter and HTTP method. Once completed, it will verify every request against the model to determine whether it's an anomaly or not.
Once the first layer of machine learning triggers a request as an anomaly, FortiWeb will use the second layer of machine learning to verify whether it's a real attack or just a benign anomaly that should be ignored. To do so, FortiWeb includes pre-built trained threat models. Each represents a certain attack category, such as SQL Injection, Cross-site Scripting, and so on. Each threat model is already trained based on analysis of thousands of attack samples. Threat models are continuously updated using the FortiWeb Security Service.
Maybe you can get some more info from here: https://docs.fortinet.com/document/fortiweb/6.3.7/administration-guide/193258/machine-learning
So if you have any specific issue concerning implementation/configs/troubleshooting then maybe you can open one ticket using your FortiADC serial number and TAC can help you further in this.
I hope this Answers your query. If you have further question on this, do reply back, I will try to answer best to my knowledge
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.