Digital Usage: Can you briefly introduce what Fortinet offers its customers in terms of network security?
Alan Sanchez: At the heart of the vision FortniteThere is an idea that network Security must be viewed as a single system. This is what led to the founding of Fortinet, where Ken Xie (one of the co-founders, editor’s note) had the vision that a security stack should be all pure security functions like authentication, Antivirus Or protection mode, the processor should not slow down. Just like the other stack, which is the network stack, in which we find the main network functions, such as SD-WAN or segmentation. Fortinet believes in this holistic vision, where network and security should be designed, deployed and operated as a single entity.
We then designed a processor that offloads all functions from those that are purely security. We made these functions converge at the lowest point Operating system. In the operating system of Fortinet chips and their non-physical version, on the cloud or in physical devices, we find this fusion.
What exactly are these jobs?
For pure network functions, this could be SD-WAN, QoS and priorities in applications. For security functions, we find CASBs (tools that allow companies to control access to data stored in… clouds), authentication functions, ZTNa (secure access to internal information systems), VPNs or firewalls. It started with firewalls, but now we have more than 50 products that integrate and complement firewalls based on ever-increasing requirements around security requirements.
Do you specifically target certain types of customers? How much do you have?
This mainly relates to the professional world, in which we find companies of all sizes Small and medium enterprises and e-commerce enterprises Even large multinational companies. This concerns large banks, large oil and gas companies and operators Communicationsas well as cloud service providers. We have 755,000 customers worldwide in all sectors. We have 13,500 employees, and generated sales of $6.4 billion (€5.8 billion) in 2023. We achieved significant profitability and invested $2.5 billion (€2.28 billion) in R&D.
You’ve recently added new AI features to your existing products. From a cyber perspective, what is your view on the rise of generative AI?
We did not wait for the fashion to invest in artificial intelligence. We have three times as many patentsartificial intelligence From all our competitors. AI, whether productive or not, is a double-edged sword Cyber security. It is used by attackers. For example, it was not difficult at all to create malicious code from generative AI. Its first application today is code generation, thus lowering the technological difficulty barrier of cybercrime. This also makes it possible to escape in a more efficient way, because toolsGenerative artificial intelligence We will go and check the places where there are weak points, so that we can escape from the effects or influences that we may have, such as the attack scenario unit.
Generative AI also allows for systematic scanning for vulnerabilities. If you deploy a fiber box from any carrier and have an external IP address, you can be attacked, even if the address is allocated for a few seconds.
In response, how can you leverage these tools?
We can be one step ahead, automating the discovery of vulnerabilities in a probabilistic manner and providing visibility into the risks before an attack. In a systematic and comprehensive way and across the entire network, this also allows us to have much more precise and accurate attack detection, analysis and response, the famous “R” in EDR/XDR. You must send letter ‘R’ with correct details. This precision of response is enabled by generative AI, which will correlate disparate data very quickly and at scale.
If we move away from this Manichaean vision of bad guys versus good guys, every time there’s an attack or misconfiguration, it’s a great service for all users. We will learn from this attack. We will learn about the attack sequence, where it comes from and the protocol used. We will find the units we know inside the attack, and we will learn them immediately. We also deliver this knowledge to all of the firewalls our customers have installed. So generative AI as we use it, is a virtuous circle of infiltrating places that haven’t been attacked yet, based on knowledge gained in places that have been attacked.
The final advantage of artificial intelligence is speed of response. Implementing a patch, and securing other equipment that could potentially be attacked in an attack similar to the one we just saw, happens very quickly.
You were talking about SMEs… There is a big challenge for them, with the upcoming transfer of the European NIS2 directive into French law. Do you support your clients with this organizational development? If yes, how?
In two ways. The first way is that we provide it to a CISO or equivalent or subcontracting company that monitors its flows on the platform Fortnitesee the parameters that come into effect in NIS1 and shekel 2. It’s a hell of a help.
The second is to automate the extraction of these parameters. For example, if we want to know the number of offline and offline users, and the number of transactions taking place on a database, including infrastructures that the country classifies as critical. The idea is to understand where they are, what they do, who they contact and keep a record. We will reduce all manual data extraction and automate export into templates and report templates that will allow the CISO or business manager to save time.
Are these tools adapted to certain sectors of activity but not others?
This can be used in particular in large industrial facilities, where sensors ensure product quality, accuracy, energy consumption, fine-tuning of the production unit and quality control. In the pharmaceutical sector, there are sensors everywhere, just as in the distillation of hydrocarbons, there are a lot of them. We understand this data flow, We analyze itsort them and play them automatically.
Finally, we at Fortinet have developed an understanding of these requirements, this legal framework, and we also allow these companies to prioritize, because NIS is a big package. We know what is vital and completely legal for a merger. And then also, which is not fundamental, with a certain risk curve.