Cybersecurity firm Fortinet launched its first standalone data loss prevention (DLP) offering, using AI tools and underpinned by technology inherited via the acquisition of startup Next DLP earlier this year.
For years, Fortinet has offered network DLP capabilities integrated into other solutions, but having a standalone DLP product that the company and partners can deliver to organizations is a key part of the Silicon Valley company’s plans for enhancing its data protection portfolio, according to Michael O’Brien, regional vice president of strategic routes to market for Fortinet.
It also will be a boon to the MSSPs that work with Fortinet, who now will have a standalone product they can sell to customers that struggle to not only protect their data in an increasingly decentralized IT world of clouds and the edge but also are facing more data protection regulations around the world. Fortinet has about 900 channel partners.
FortiDLP “immediately enables MSSPs to offer value to their customers with new managed services from Fortinet,” O’Brien told MSSP Alert. “We’re hearing from customers that have faced challenges with legacy DLP solutions, as they manage data silos and dispersed data as their hybrid workforce continues to grow.”
Security teams also need help as they “continue to struggle with cumbersome and rigid policies to classify data, slow performance of legacy tools, and the increasing risk posed by malicious insiders having access to sensitive data,” he said, adding that the new offering “empowers MSSPs of all sizes to serve as trusted advisors and help their customers anticipate and prevent accidental and malicious data loss across cloud deployments, applications, and managed and unmanaged devices.”
DLP a Booming Business
As with other cybersecurity sectors, the DLP space is expected to grow rapidly. Analysts with Fortune Business Insights predict that the global DLP market will expand from $2.21 billion last year to more than $10 billion by 2030 as organizations work to keep tight controls on their data and keep in line with regulations like the European Union’s General Data Protection Regulation (GDPR) and the U.S. Health Insurance Portability and Accountability Act (HIPAA).
“A common complaint we hear from CISOs about legacy DLP is that it takes too long to deploy and gain complete visibility of the data in their environment,” O’Brien said. “What’s worse is once it’s in production, the controls are either so draconian that no data can leave the company and the project gets abandoned or controls are so loose that the solution offers no protection at all.”
Fortinet offers FortiDLP both as an AI-enabled and cloud-native solution and integrated into its Fortinet Security Fabric platform. FortiDLP, along with data protection, offers organizations tools for detecting shadow AI, data visibility, insider risk and software-as-a-service (SaaS) data protection.
Data Control and Compliance
Companies can also use the Secure Data Flow feature to identify the source of data, detect manipulation of data, and offer data egress controls to prevent data from moving from endpoints and unmanaged mobile devices to USB drives, printers, and SaaS apps, including Slack, Microsoft’s Office 365, and Google Workspace.
There also are user education capabilities and an AI assistant based on the vendor’s FortiAI technology to help with incident analysis through summaries and contextualizing data that comes with high-risk activities and tracks to a MITRE collection of known tactics used by threat groups.
AI Central to FortiDLP
The use of AI is central to FortiDLP. Fortinet launched its FortiAI assistant tool last year, and its AI capabilities expanded in August with the acquisition of Next DLP, which a year ago expanded its Reveal Platform to address such AI tools as OpenAI’s ChatGPT, Google’s Bard – now called Gemini – Anthropic’s Claude, and Hugging Face, the AI repository.
O’Brien said FortiDLP uses both machine learning and generative AI. Machine learning capabilities are integrated into the tool’s agent on Windows, macOS, and Linux operating systems. Those ML capabilities create a baseline of normal activity and detect anomalous behavior when employees interact with data.
“Because the machine learning is local to where the user interacts with data, it provides a massively efficient and more accurate approach to detecting risky and malicious insider behavior,” he said.
For example, it can detect if an employee who occasionally has copied files into a removable storage device suddenly tries to transfer a much larger volume of data and will score the activity as high risk.
FortiDLP’s incident and case management modules use FortiAI to automatically create incident reports about detected high-risk activity and will contextualize employee activity, allowing analysts to quickly determine whether the activity is malicious or not based on organizational norms, according to O’Brien.
