Industry Trends

Advances in Advanced Threat Protection

By David Finger | April 25, 2016

This week Fortinet announced even more advances to our award-winning, ICSA-certified Advanced Threat Protection solution – because, apparently, awesome simply wasn’t good enough.

What is Advanced Threat Protection?

The unprecedented growth of devices, users, applications, transactions, and services passing through the increasingly distributed corporate infrastructure is transforming networks. And much of this data is highly prized by the cybercriminal community as it often includes confidential and sensitive information, customer data, financial transactions, and intellectual property. Not only has the attack surface grown, but at the same time criminals continue to evolve highly sophisticated attacks designed to circumvent most traditional security technologies.

Specifically, with inline security requirements of high performance and high accuracy at least as important as high levels of effectiveness, cybercriminals need to only introduce a small degree of doubt into a very quick security inspection in order to slip through.

This means that security professionals need more rigorous and intelligent inspection capabilities that extend in-line products, and actually bring them together as a cohesive solution set without impacting performance or accuracy.  The traditional approach of deploying a single security device looking at a certain set of traffic or data on a single segment of the network isn’t working. Even deploying multiple technologies that can’t share intelligence or coordinate a response doesn’t address the problem. What is required is an integrated set of purpose-built technologies working together to identify and respond to advanced threats.

Fortinet’s ATP framework was engineered for intelligent and automated interoperability between both Fortinet devices and an expanding ecosystem of leading security solutions in order to effectively detect and respond to today’s most advanced and sophisticated attacks. As a result, it is the only ATP solution on the market that is NSS Labs Recommended from edge to endpoint.  Further, the value of this approach is demonstrated in the 99.6% effectiveness against sophisticated threats determined during independent ICSA testing, earning Fortinet their Advanced Threat Defense certification.

What’s new?

First, Fortinet has added the ability for its FortiSandbox advanced threat detection solution to dynamically generate threat intelligence for each of the previously unknown threats it identifies.  This intelligence can be automatically delivered to integrated products such as FortiGate (network security) and FortiClient (endpoint security).

Second, Fortinet has made this same advanced analysis and resulting threat intelligence available to security products from other vendors via the FortiSandbox API and 3rd party update packages.  In fact, Fortinet has partnered with leading security provider Carbon Black to deliver a pre-defined integration, which demonstrates the power of this API. New or suspicious objects identified by the Carbon Black Enterprise Protection deployed at the endpoint can now be automatically passed to the FortiSandbox for analysis. Threat analysis results are then returned for pre-defined threat response by Carbon Black. And FortiSandbox then automatically shares this new threat intelligence across the entire security infrastructure for updated protection.

Third, Fortinet has delivered a number of significant feature enhancements across the wide array of technologies that are part of the integrated ATP framework.

Key ATP enhancements include:

FortiSandbox Advanced Threat Detection

  • New features include visual attack timelines, dynamically generated threat intelligence, automatically delivered updates, and deep sandbox analysis of Android applications files (APKs). 
  • A new hardware platform, the FortiSandbox 3500D chassis system, which provides scalable sandboxing with support for up to 58 concurrent virtual analysis environments. 

FortiClient Endpoint Protection Software

  • Now, both on and off network endpoints can dynamically block access to new files until they can be analyzed. And devices can even quarantine themselves based on FortiSandbox analysis and automatic threat intelligence updates.
  • New highly scalable central controls (Enterprise Management System) have been released to manage the deployment, configuration, management, and response of FortiClient protected endpoints.

FortiMail Secure Email Gateway

  • Enhancements include granular controls over what is sent to a cloud or on-premise FortiSandbox, and what to do with returned ratings, as well as integration with FortiGate firewalls in order to enhance the ease of deployment and ongoing administration.
  • These capabilities and more are available in all FortiMail form factors; including the new E-Series appliances (FortiMail 400E, 800E today) as well as the flagship FortiMail 3200E that incorporates 10 Gigabit interfaces for large data center deployments.


A collection of individual security products, however powerful, simply cannot adequately protect your organization from today’s threats if they act in isolation. Optimal protection requires that each piece of your security portfolio works as part of an integrated threat detection and response system.

Fortinet’s Advanced Threat Protection Framework leverages the common global intelligence of FortiGuard Labs, as well as the real-time local intelligence across FortiGate next-generation and internal segmentation firewalls, FortiMail secure email gateways, FortiWeb web application firewalls, FortClient endpoint security, and ecosystem partner solutions such as Carbon Black Enterprise Protection, to continually optimize and improve your ability to effectively detect and automatically coordinate response to today’s most advanced threats.   This close coordination among Fortinet and non-Fortinet security products is a critical element of the Fortinet Security Fabric.