How AI is Transforming Cybersecurity: Threats, Defenses, and the Future of Security Operations

Name: Using AI for Cyber Security Attacks & Solutions (30 Min.) - eSecurity Solutions & Fortinet
Uploaded: 2026-01-26T00:57:53.141624+00:00
Channel: eSecurity Solutions Cybersecurity
Description: Summary and key takeaways on How AI is Transforming Cybersecurity: Threats, Defenses, and the Future of Security Operations, covering Introduction Tom Rufalo

eSecurity Solutions Cybersecurity

Jan 26, 2026

•

4 min read

YouTube video ID: 8Vt2QJsz1X4

Source: YouTube video by eSecurity Solutions Cybersecurity — Watch original video

PDF

Introduction

Tom Rufalo, CISA, and Ed Holt, Director of Fortinet, opened the webinar by outlining the agenda: how attackers are using AI, how AI‑powered solutions defend networks, which products already embed AI, and the risks of staying with non‑AI tools.

AI‑Enabled Attack Techniques

Automation & Scale – AI bots can scan for vulnerabilities, launch attacks, and exploit them with minimal human effort, making attacks cheaper and faster.
Personalized Social Engineering – Generative AI creates convincing phishing emails, deep‑fake audio/video, and realistic fake websites, boosting the success of CEO‑fraud and credential‑theft campaigns.
Zero‑Day & Malware Creation – AI assists in crafting zero‑day exploits and dynamically mutating malware, increasing the difficulty of detection.
Brute‑Force & Password Cracking – Machine‑learning models improve password‑guessing efficiency by learning patterns from leaked data.
IoT Exploits – AI‑driven input attacks target vulnerable IoT devices, expanding the attack surface.

AI‑Powered Defensive Capabilities

Baseline & Anomaly Detection – Large‑scale data analysis establishes what “normal” traffic looks like; deviations trigger alerts.
Enhanced Monitoring – AI augments SOC teams across EDR, NDR, and SIEM platforms, delivering faster detection and automated response.
Reduced False Positives – By correlating massive data sets, AI filters out noise, letting analysts focus on real threats.
Zero‑Day Detection – Anomaly‑based models can spot previously unknown attack patterns.
Predictive Analytics – Forecasting techniques anticipate future threats before they materialize.
Instant Response Automation – AI‑driven playbooks execute containment actions (e.g., block IPs, isolate endpoints) within seconds.

Security Products Leveraging AI

Endpoint Detection & Response (EDR)
Network Detection & Response (NDR)
Secure Email Gateways & Web Filters
Next‑Generation Firewalls (NGFW) with XDR capabilities
AI‑enhanced Threat Intelligence platforms
Security Orchestration, Automation & Response (SOAR) tools

Limitations of Non‑AI Solutions

Static Signatures – Rely on known patterns; ineffective against novel or polymorphic attacks.
Delayed Updates – New threats require manual signature updates, creating a detection lag.
Human‑Centric Monitoring – Limited data visibility leads to higher error rates and slower response.
Lack of Dynamism – Inflexible tools cannot adapt quickly to evolving threat landscapes.

Fortinet’s AI Vision & Platform

Company Snapshot – Founded in 2000, ~14,000 employees, 140 cloud locations, 800,000+ customers, and the world’s leading NGFW vendor.
Security Fabric – A single operating system unifies networking, endpoint, and cloud security, enabling AI‑driven automation across the stack.
FortiAI (Generative AI Assistant) – Natural‑language interface that pulls from FortiGuard threat intel, runs RAG (Retrieval‑Augmented Generation), and produces actionable playbooks.
Key Benefits Demonstrated in the Demo
Rapid incident triage (slow server case) using voice‑driven commands.
Automated threat hunting, IP blocking, and report generation.
Seamless hand‑off to forensics and CISO communication.

ROI & Operational Impact

Detection Time – Independent study: average detection reduced from 21 days to under an hour with AI‑enabled SOAR.
Analyst Efficiency – One AI‑augmented analyst can perform the work of two to four traditional analysts, expanding coverage from a single campus to multiple sites.
Cost Savings – Faster containment lowers breach costs (average $9.4 M) and reduces on‑site visits by up to 25 %.

Adoption Checklist for Generative AI in Security Operations

Data Governance – Document data sources, processing methods, and storage; ensure compliance with privacy regulations.
Risk Assessment – Evaluate internal and third‑party AI risks, especially when using external AI services.
Policy Development – Define transparency, accountability, and usage guidelines for generative AI.
Use‑Case Inventory – List all AI‑driven applications and assess associated vulnerabilities.
Integration Strategy – Embed AI into existing SIEM, SOAR, and analytics tools.
Performance Metrics – Track MTTR (Mean Time to Detect/Respond) and continuously refine models.
Continuous Evaluation – Monitor AI impact on security KPIs and adjust strategies accordingly.

Future Outlook

By 2025, 20 % of network configurations will be AI‑assisted; by 2026, 60 % of network operations will rely on generative AI.
Expected improvements: 25 % better network performance, fewer on‑site visits, and higher user satisfaction.

Closing Remarks

The webinar emphasized that AI is not a plug‑and‑play solution but a strategic journey. Organizations that integrate AI across detection, investigation, and response can outpace attackers, reduce operational overhead, and achieve measurable ROI.

Key Takeaway: Leveraging AI across the entire security stack—from threat hunting to automated remediation—transforms reactive defenses into proactive, scalable operations, dramatically shortening detection times and lowering breach costs while empowering security teams to do more with less.

AI is reshaping cybersecurity by giving attackers powerful new tools, but it also equips defenders with faster, more accurate detection and automated response capabilities. Organizations that adopt AI‑driven security platforms like Fortinet’s Security Fabric can dramatically cut detection times, reduce false positives, and achieve a strong ROI, while those that cling to static, non‑AI solutions risk falling behind in an increasingly automated threat landscape.

Frequently Asked Questions

Who is eSecurity Solutions Cybersecurity on YouTube?

eSecurity Solutions Cybersecurity is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Fortinet Fortigate Firewall Hardware Recommended

Provides enterprise‑grade next‑generation firewall protection with built‑in AI threat detection, essential for modern network security

Amazon →

Cisco Secure Firewall 3100 Series

Offers AI‑enhanced intrusion prevention and deep packet inspection for midsize to large organizations seeking robust perimeter defense

Amazon →

Cybersecurity For Dummies Paperback

A beginner‑friendly guide that explains core concepts, including AI‑driven security tools, helping teams build foundational knowledge

Amazon →

Artificial Intelligence For Cybersecurity Book

Explores how AI is used by both attackers and defenders, providing practical insights for implementing AI solutions in security operations

Amazon →

Network Security Essentials 2nd Edition

Covers fundamentals of network protection and includes chapters on AI‑based detection and response, useful for security professionals upgrading their skill set

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

hi I'm Tom rufalo cisa at ecurity
Solutions I've got Ed Holt the director
of foret today we're going to talk about
how AI will impact cyber
security basically today we want to
cover a few topics I want to quickly go
over how attackers are leveraging AI how
AI powered Solutions are being used for
defense detection and
response and which security products are
using AI today and maybe what we even
anticipate and then also a little bit
about limitations of non-ai solutions so
it's like what happens if you don't
adopt them over time and then foret will
talk about AI broadly speaking first
thing I like to talk about is how AI
leverages is being leveraged in cyber
security tax criminals are leveraging AI
to automate and enhance attack
sophistication by personalizing attacks
by using AI to make zero day attacks
easier and also by using AI to create
deep fakes in images videos and messages
they're also using AI to increase the
efficiency of of attacks and AI
automation makes it easier to launch
attacks with minimal efforts and it
enables costeffective attacks on even
smbs uh small businesses as well as M
and
Enterprise aitech methods would include
social engineering by using generated AI
generated AI to make more personalized
and compelling
communication also AI makes fake
websites look more similar to the
original website it also enables malware
by enabling easier creation of dynamic
real-time zero day
attacks enables ransomware attacks by
helping to automate
exploitation AI Bots to that will then
automate the detection of weaknesses
within websites networks and
systems it also helps Brute Force
attacks by enabling improved uh
deciphering of
algorithms and it definitely enables
deep fakes which we've seen generative
AI do across the board to manipulate um
Audio Visual and messages to
impersonate um or to confuse the user to
think that something is something that
is not and it facilitate that
facilitates things like CEO fraud and
social engineering also facilitates data
data theft by automating the extraction
analysis of the data that's going to be
stolen and lastly it enables Internet of
Things attacks by enabling AI based
input attacks and vulnerability
detection now ai powered Solutions work
by doing things like Baseline
establishment um establishing what would
be normal versus abnormal so it's
looking at data large amounts of data to
determine
what is is determined to be something
that you would normally expect to be
occurring in your network or in your
systems versus what's abnormal and the
anomaly detection looks for these
abnormal events once it once you've
established the
Baseline um it also uh helps with AI
based enhanced monitoring for your sock
team for use in EDR ndr uh Network
detection response and endpoint
detection response Sims and also so it
does enable faster attack prevention by
blocking faster after having done the
faster detection through the use of AI
also reduces false positives by
leveraging larger data
sets enables zero day attack detection
again using baselines and anomaly
detection it also enables predictive
analysis by by forecasting based on
large data that's being an analyzed that
people can't possibly wrap their heads
around and then it provides instant resp
response automation by leveraging faster
detection for automated
response now the security products that
leverage AI include very large number of
products that you would uh that we're
already using today such as endpoint
detection response Network detection
response Sim socks email bar walls sore
Solutions and then it also enables a a
security platform to to provide better
security through the use of AI with
their xdr and also AI threat
intelligence also AI driven Security
operation tools will enable your Tech
teams to be more efficient and effective
by again processing these large amounts
of data and being able to provide you
quick analysis and and and solutions for
remediation it also enhances more timely
fishing and computer assisted training
and when you net it all out AI Security
will provide better security leveraging
Ai and large data models and new ways to
discover and respond to attacks it also
enables more efficient and effective
solutions for your Tech Team so the
limitations of non-ai solutions include
the fact that there's a limited response
to zero day attacks right because of
static Solutions if you think of
endpoint security especially the older
endpoint Security Solutions that don't
leverage AI they're really static
Solutions they're looking for they're
mat doing pattern matches based on what
it already knows meanwhile there may be
new Solutions or attacks being brought
to be it delays the ability to detect
attacks by waiting because you have to
wait for updates to give you the next
generation of of updated uh data it
requires manual
monitoring because basically humans are
Le leveraging limited data there's more
AER prone method because of again
because of human use versus automated
computers uh technology and then
Solutions are not dynamic because they
can't react to Tech to changes very
quickly
just one slide about e Security
Solutions our business is focused on
providing complete solutions to to
businesses of almost all sizes we have
three types of solutions we provide
which is GRC Services which includes
risk assessment type Solutions U manage
security and security products so it's
the everything pretty much that a
company would need to become either
compliant or to provide good strong
Security Solutions their best practices
kind of solutions or even just for basic
security
and we work with a very large number of
vendors including foret which is one of
our top
partners with that I'd like to turn it
over to add why work harder when you can
really work smarter so AI powered set
Go's goal in any networks to respond
swiftly to network issues and really the
the threat landscape leveraging gen AI
can assist with really a number of
things Network
configurations automate complex task
reduce the likelihood of errors in your
network minimize manual interventions
really help troubleshoot the network
reduce outages analyze threat responses
and then really speed time to
investigate and remediate
incidences enhance decision making and
streamline your operations I think at
the end of the day there's reduced costs
provide a better user experience for
your users and then those users have
increased productivity if is what AI can
do so I wanted to mention who foret is
our mission is to secure people devices
data and applications everywhere we're
really the number one cyber security
company in the world so that's a that's
a tall task to do I want to kind of
highlight why I most think that um we're
established in 2000 we're a us-based
company nearly 14,000 employees we've
got support centers and Development
Centers all over the world 140
cloudbased locations globally we
actually provide training there's a
training shortage cyber security expert
shortage and for it actually provides
the academic materials to colleges and
universities you can see there's a lot
of them there we have a full broad
portfolio of products that really
protect everything from let's say code
to the cloud and everything in between
we build everything from really the
ground up we have about 50% more patents
than our nearest cyber security
competitor we're in a 100 analyst
reports and we're proud of the gardener
magic quadrants that we're in and many
of them the leader we've got nearly
800,000 customers worldwide these are
customers that um cesos cios and even
CEOs have looked at our technology
versus the Alternatives out there and
selected foret we're the number one
firewall Next Generation firewall in the
world we actually sell over 50 2% of the
fortigate or firewall which is actually
more than all our competitor competitors
combined we're number one in product
energy and fishing so we don't take much
power to run our products and we have
over nearly almost 12 million unit
shipped and they provide all that
Telemetry information into our threat
intelligence and research
arm from a perspective of uh the Fortune
100 and Global 2000s we uh there's a lot
of them out there that really rely on
foret so keeping up with the threat
landscape is really complex and
complexity is really the enemy and
security foret has actually done a study
in our cyber cyber security skills Gap
report and these are some of the stats
that that that we've seen attacks are
actually moving 43% faster than they did
in the previous year they're more
targeted and more automated and they're
really coming at us at at more channels
a recovery from a Cyber attack can take
up to 2.7 months
and 87% of organization have actually
had a breach last year there's a skills
Gap shortage um but with that said then
that provides additional risk to your
company because of the skills uh it's
hard to recruit Talent they're expensive
uh when you do have the talent in your
team you got to train them they need to
upskill their opportunities because if
you don't train them they tend to uh
that's the number one retention
challenge they tend to leave your
company the top cause of breach is
really the lack of training so you
definitely want to train your your folks
in your sock team and then um 54% says
here blame lack of essential cyber
security products or tools to protect
the
network so with that said foret actually
provides a comprehensive and advanced
cyber security platform the
consolidation of a lot of different
point products into a platform and we
have three pillars of Technology they
secure networking we take the
convergence of security um and and uh
protect all edges so taking the best of
our fortigate and extending it to the
access layer we have unified sassy which
is securing um every user to
Applications really in any Cloud that
includes our secure Services Edge and
sdwan type Technologies and then what
we're really going to be talking about
today is AI driven security operations
so we really want to detect investigate
and respond to those threats very very
quickly we do that with our security
fabric platform it's a again a broad
portfolio but what's nice about it we
have a single operating system across
these Technologies and so uh with that
it's it's integrated and then when you
get an integrated platform and
Technology can actually have Automation
and that's really what you need to to
protect any network um some of the core
technologies that build our platform is
our as6 custom as6 we call them security
processor so it provides a very very
fast Network and then it also does
content in inspection very very fast we
taking that technology and even it's in
the cloud but in a slightly different
way we have our Ai and machine learning
uh our intelligence with fora guard Labs
what I'll be talking about today is that
middle one fora AI That's our generative
AI we also have an endpoint called fora
client that's our fabric agent um that
provides that consolidation of maybe
take anywhere from 5 to 10 agents on a
device and really just using one agent
because um uh for a client we've taken
the best of it and we've extended to the
OT Network obviously OT needs to talk to
the cloud they're not air gapped anymore
so we can take the best of foring that
and extend it to the OT Network and we
actually have an open ecosystem of about
770 different companies and technologies
that actually can talk to the forgate
and the 4os and our threat intelligence
and keep your network safe so you don't
have to forklift up their Technologies
and and maybe put in foret so it's all
about
TCO there was a study done by Enterprise
strategy group and they came out and
said hey the average time to detect is
21 days if at all and then the average
time to uh for 12 six and 12 to contain
investigate remediate is 12 hours 6
hours and 12 they also said that in the
study stud that se Ops is much harder to
implement today than it was two years
ago they're citing the threats the
attack surface and the Really the volume
and complexity of
attacks um large companies they have to
disclose now a material cyber security
incident within four days to the SEC
which is interesting and then they even
said the average breach cost is 9.4
million what what the study did is uh
ESG is they said hey when you implement
foret SE Ops technology you can take
this detect contain investigate
remediate from 21 days plus to less than
an hour and sometimes just second so
we're really proud of this independent
study that was done uh as we move in
these
Technologies so for those that are
looking for AI um it's absolutely a
journey it's not something you can just
turn on I wanted to kind of maybe
highlight some consideration
and some maybe a checklist for you so
from starting from left to right um You
really need to understand your data your
data management you need to document the
types of data your AI systems will use
you need to really include uh sources
processing techniques and storage
methods you need to understand these
aspects that help establish clear
boundaries of the data usage and you
want to ensure compliancy with relevant
security standards and privacy
regulations so you want to evaluate
internal and
external geni risk so what is that mean
you want to understand how third-party
AI Services may impact your
organization consider scenarios such as
processing your data using external AI
power tools and their potential dangers
actually you want to develop some policy
so this policy should really outline the
standards of safe deployment of gen
AI including guidelines for
transparency and your accountability and
then really involve your employees so
that they know their responsibilities
and expectations of of developing these
policies you want to document some use
cases so really create that detailed
inventory of the plan gen applications
within your organization you want to
identify potential vulnerabilities
related to that data privacy um security
and even compliance so develop that
comprehensive risk assessment document
which is
interesting um you want to integrate GNA
with your existing infrastructure so you
have existing infrastructure let's use
it so you need to enhance the overall
efficiency focus on embedding that GNA
within your existing existing tools and
workflows um Central data and analytics
management tools security information
and vent Management systems and really
your security orchestration Automation
and response platforms I think you want
to optimize the performance metrics so
you want to kind of kpis or key
performance indicators to Monitor and
really optimize uh your systems
understand the meantime to detect and
meantime to respond and then you want to
continuously evaluate the impact of gen
on the metrics and adjust your
strategies to improve the efficiency and
really Ensure that robust security
operations within your team again I
think the message here is AI really is a
journey it's um this outline only
provides a highlevel checklist of things
to consider GNA adoption in network
operation this is kind of some stats I
really found interesting by 2025
20% um of configurations will utilize
geni in your network uh really it's up
from 0% from a troubleshooting and
install
time it's going to really reduce that
and then the on-site visits by up to
25% here's a stat that's interesting by
2026 which is really two years away 60%
of network operations is really going to
rely on J AI for the management and
that's really up from 5% this year and
then Network performance and
availability improvements could really
enhance the user experience uh of your
users on the network by
25% we talked about Roi and you want to
kind kind of uh analyze that and see
where you know what improvements you can
make I mean this is just really high
level but I thought I'd kind of show you
here so expanded resources let's say you
have three analysts on your team and
when you add AI maybe an Roi is you now
have maybe six analysts from an expanded
coverage you might be able to coverage a
campus but with AI now you coverage the
size of two
campuses and then if you had expertise
in your department so maybe two senior
analysts into two entry level analysts
but when you add the AI component or
generative AI now you could have
equivalent of let's say four senior
analyst so if you do if you do geni or
AI capabilities definitely uh try to
understand your Roi in the
program all right fora AI um that's the
technology it's for it's gen based
security assistant that's essentially
what it is that utilizes natural
language and generative AI to guide you
simplify and automate your security
analyst activities with the help of for
AI a security team can really make
better informed decisions rapidly
respond to threats and save time on
complex task so the release of 4A is
seamlessly integrated into a number of
Technology our fora manager our fora
analyzer fora Sim and for sore and
really help optimize that threat
investigation and response the Sim
queries and the sore
playbooks the integration improv threat
analysis and response it really
streamlines the network and Security
operation so it's highly integrated
that's really what sets foron net apart
it's integrated it's 10 years of AI
development we've developed a deep
neural network capable of subc
classification and then near realtime
remediation and our security fabric
really unifies the knock and sock making
AI accessible to your teams of all sizes
so it's a Security First AI it's really
a platform approach it's use case
focused which you'll hear a little bit
more and then automation
driven so how does fora AI really work
as AI Technologies become increasingly
integrated to cyber security there is an
importance in securing AI processes so
the process in ensuring customer data
privacy so as part of that dedication
Bonet really hosts AI proxy servers
within foret data centers and then they
we proxy all AI
connections this setup really optimizes
AI performance and enhances the security
of customers data by Central izing AI
traffic through secure proxies important
it ensures that all interactions are
monitored and protected mitigating risks
associated with AI driven operations so
4aa is not simply a call to the public
gen
Services Foria and our product
Specialists continually curate a foret
database of proprietary threat
intelligence product specific knowledges
knowledge use case examples and then
really to augment the AI engine data
source when a user enters a request
prompt relevant data from the database
is also sent to the Gen engine to enable
fully relevant contextual
response this process is really known as
rag it stands for retrieval augmented
generation so foret really transform
simple natural language user prompts
into we call precise queries that best
reflect that user's intent and will
generate a actual contextual response
fora AI then really builds out a
complete relevant and product actionable
user response you will see this in the
demo coming up best a aspect of this
approach is really its incremental
training system so it's always
learning so unified knock and sock with
a to provide cyber defense so
integrating for a with fora analyzer and
manager really significantly lowers the
complexity of managing Advanced security
systems and really guides the security
analyst reducing the need for extensive
technical expertise effectively
upskilling your security team and
bridging their security
gaps so if you look on the KNX side here
it's going to help with uh simplified
configuration and changes
troubleshooting and then automatic
enforcement so there's kind of two
categories here quicker and easier
configuration so helps with scripting
it's a VPN advisory validating and
recommending editing for you it actually
moves you from a reactive approach to a
proactive approach with this the device
assistant it can drill down on
vulnerabilities and prioritize those
make recommended actions and then really
providing the reporting that you need if
you look on the sock side it's really
going to save you time on complex tasks
making optional decisions rapidly
respond to threats it's going to be
context tow so it's going to look at
Network anomalies within PTO analy
analyzer data streams it's going to do
best practice recommendations
remediation actions and guidance it's
going to query data and then generate
reports it's all going to be the natural
language it's going to speed hunting and
investigating and response so you can
use voice commands you'll see that here
in our demo and then you're going to get
U graphical representations and charts
fora Nets gen AI is going to guide and
simplify and help automate your
department so we're getting ready to do
a demo but before I I show you this demo
the first thing that you're going to
hear is an incident about a slow server
and so you want to investigate that so
you're going to run a Playbook on that
that client and see what's happening in
real time and then you're going to
investigate that public address and
determine if it's uh uh malicious and
then you're going to search for that IP
address connecting to uh malicious IP
you're going to generate a threat
Hunting
report search for anomalies login
activity see how they got on that
endpoint display log view begin
investigating and run a scan you're
going to reassign the endpoint to maybe
your for forensics team you're going to
run that Playbook again um to block
malicious IPS on the fortigate and then
that's going to really enhance your
security posture you're going to
generate a report you're going to email
that report download the report email
copy to the ceso and then update the
incidents and hand off to the friend6 so
for the next uh four minutes or so
you're going to hear a demo and then uh
we'll close things out so here here we
go hi there please retrieve the incident
for the slow
server hello I found an incident related
to the issue you mentioned this incident
in
00000011 involves the file backup server
at IP address 17216 18823 categorized as
malicious code with a high severity
level the reported issue is that the
server is running slow would you like to
check more details about this particular
endpoint I can provide additional
information and offer a 40 analyzer
Playbook via 40 client EMS connector for
further
investigation note ensure that the 40
client EMS connector is properly
configured for seamless
integration yes please run the Florida
client
Playbook performance overview the file
backup server
17216 18823 is experiencing slowdowns
primarily due to the qcloud process
consuming 98% of the CPU process details
in addition to qcloud other processes
like Apache sshd Etc are also running on
the server recommendations further
checks on the IP 13624 39099 using 40
guard and virus total are
recommended sounds good please
investigate this public IP address
40 guard alert threat Monero
cryptocurrency minor impact Network
resource consumption Technologies
involved browser based Network protocol
client server peer-to-peer cloud-based
mobile device observed Behavior
excessive bandwidth usage on default
ports tcp8 and TCP 443 potential
consequence server slowness on 17266
18823 may be due to a Monero
cryptocurrency minor recommendations
immediate remediation steps are strongly
recommended to address and eliminate
this potential security threat credit
forg guard application control signature
information forg guard.com
appcontrol 44
zo please search for any other IP
addresses connecting to the same
malicious
IP investigation result source is
attempting to connect to malicious IP
13624
39.99 the 40 analyzer API query has
identified multiple sources attempting
to connect to the malicious IP notably
the server at IP address 17262 18823
currently experiencing slowness is among
them recommendations investigate Source
IPS for potential threats check 40
analyzer threat hunting for more
information on 13624
39.99 please load the threat hunting
page so I can take a look
sure I've redirected you to the 40
analyzer threat hunting page with a
focus on the malicious destination IP
13624
39.99 if you have any questions or need
further assistance don't hesitate to
ask thank you please search for abnormal
login activity related to these Source
IP
addresses I've investigated the login
events related to Source IP 17268 23
from the threat hunting list here's a
detailed summary of the login
attempts if you'd like to explore these
login attempts in more detail I can take
you to the log view for a closer
examination would you like to proceed
sure please
proceed to examine the Linux server
login logs forwarded to 40 analyzer by
40 client apply the following filter in
40 analyzer log view considering the
potential Brute Force attempt identified
in the login logs it is recommended to
perform a vulnerability scan on the
affected Linux server this scan can help
identify and address potential security
weaknesses please initiate a
vulnerability scan on the Linux server
using your preferred scanning tool or
platform if you need assistance with
specific scanning procedures or
recommendations feel free to ask please
reassign the incident to the forensics
team sure thing before I do the handoff
do you want to block the IP on fortigate
to the Crypt Miner server 13624
39.99 and quarantine all infected
hosts good idea please go
ahead I have successfully executed the
following actions one blocking IP The
Playbook block IP was executed to block
the IP address 13624
39.99 which was associated with the
suspicious Cloud process these measures
aim to enhance the security posture and
mitigate potential threats identified
during the
investigation please generate a report
for this incident sure thing I've
generated a preview of the following
incident into a report for you would you
like to save a copy of this
report yes please download it to my
computer all right I've downloaded the
report to your device please also email
a copy of the report to the ceso the
incident summary report has been
successfully sent to the Chief
Information Security Officer ciso using
the designated output profile the email
includes detailed information regarding
the endpoint slowness incident along
with recommended actions and future
recommendations if there are any further
inquiries or updates required please
don't hesitate to let me know great
please update the incident details and
hand off to forensic team understood
I've updated the incident with a new
comment summarizing the
issue all right I hope you enjoy the
fora a demo on fora analyze the Ben
benefits of integrated AI security
operations really is a game Cher with
forets integrated and AI enhanced tools
your organization can outpace and
outsmart the attackers with agility and
confidence you can detect in minutes not
days streamline your operations and
reduce your workload eliminate blind
spots scale when you're ready thank you
for joining the ecurity and foret we
webinar I hope you enjoy the
introduction of foret security fabric Ai
and Gena tools and the demo should you
have additional questions or interest in
learning more reach out to ecurity or
foret for more information all thanks Ed
appreciate appreciate your uh your
presentation and your demo um I just
wanted to close it out by saying that
that ecurity Solutions can help you if
you're interested in foret solutions
that be any of the any of the foret
solutions our our Global sort of charter
is really to help companies with in all
areas of security including assessing
the risk defining security plans
defining security road maps and then
acquiring products and then implementing
monitoring and managing their security
so I appreciate your attendance today
and if you have any questions my contact
information as well as the rest of the
contact information for E Security
Solutions is provided on my screen
thanks very much