Skip to content Skip to navigation Skip to footer

FortiGuard Labs

Fortinet Threat Intelligence and Research Organization

Deeper Dive into FortiGuard Labs

Visibility + Innovation = Actionable Threat Intelligence

FortiGuard Labs is the threat intelligence and research organization at Fortinet. It is comprised of experienced threat hunters, researchers, analysts, engineers, and data scientists. Its mission is to provide customers with the industry’s best threat intelligence to protect them from malicious cyberattacks. It has three areas of focus:

  • FortiGuard Labs – Its threat intelligence efforts keep Fortinet security products armed with the best threat identification and protection information available. Its threat research keeps our customers informed of the latest threats, campaigns, actors, and trends so they can take proactive measures to better secure their environments.
  • FortiGuard Security Subscriptions – These are different security options you can choose to add on to your Fortinet devices, enabling you to tailor your security choices to your environment. FortiGuard Labs provides the security detections and prevention capabilities to these security options. Find out more.
  • FortiGuard Labs Consulting – Consulting services are designed to provide threat intelligence value to organizations without threat intelligence. FortiGuard Labs Consulting helps organizations better understand the threats they face, identifies gaps in their security infrastructure, and ensures their people have the skill sets they need. Custom engagements are also offered. Need help?

Highlighted Assets

Proactive Threat Research

In-depth research for security professionals on new malware and variants, zero-day exploits, targeted systems, and critical vulnerabilities being exploited in the wild. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.

Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.

These playbooks detail the activity of specific cyberattack campaigns and specify the tools, techniques, and procedures (TTPs) that adversaries leverage to deploy them. These playbooks are mapped to the MITRE ATT&CK framework and help organizations understand the lifecycle of cyber-threat campaigns and what technologies and best practices can be used to defend against them.

Researchers proactively analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric. FortiGuard Labs is an industry leader in zero-day discoveries with over 900 vulnerabilities discovered to date.

FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.

Why FortiGuard Labs

What sets the FortiGuard Labs team apart are three key differentiators: breadth of visibility into the threat landscape, ground-breaking use of innovation, and rapid delivery of actionable threat intelligence to the Fortinet Security Fabric. Some specifics:

  • Telemetry gathered from Fortinet’s millions of sensors (5.6M+ devices deployed globally) give FortiGuard Labs visibility into the actual real-world threats our customers face and covers threats found in the network, endpoint, IoT devices, in emails, applications, and web threat vectors.
  • The Fortinet Distribution Network is an innovative bi-directional network that both collects telemetry threat data from Fortinet and was also designed to efficiently distribute actionable security protection updates to the Fortinet Security Fabric components deployed in customer networks around the world several times each day.
  • Zero-day research demonstrates the effectiveness of our research and provides proactive analysis and actionable intelligence on discovered vulnerabilities before they become discovered exploits. The over 900 discovered vulnerabilities to date set us apart from of our competitors.
  • Our industry and information-sharing leadership comes out of our early use or AI and the belief that sharing intelligence with other threat intelligence organizations improves protection for customers as well as the effectiveness of the entire cybersecurity industry. Highlights include:
    • Co-founded the Cyber Threat Alliance (CTA) in 2014
    • Co-founder of the World Economic Forum’s Center for Cybersecurity created in 2018
    • Member of the computer incident response organization FIRST since 2012
    • Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. Receives and processes over 200 individual sources of threat intelligence from partners

Independent Third-party Validation

Independent, third-party tests provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that is right for their needs.

See Product Certifications

FortiGuard Security Subscriptions

Want to know how you can leverage FortiGuard Labs to optimize performance and maximize the protection of your Fortinet solutions? Simply add the appropriate FortiGuard Subscriptions and Services to your Fortinet Security Fabric deployments. Available as both individual and bundled subscriptions.

AI-Driven Security Operations

Want more information about FortiGuard Labs’ proven artificial intelligence and machine learning systems ?



FortiGuard Labs Threat Map


Protect Your Organization from the Constantly Evolving Threat Landscape

FortiGuard Security Subscriptions refer to the different security options you can choose to add on to your Fortinet devices. FortiGuard Security Subscriptions can help customer stop in-flight threats, eliminate attacks from common entry points, proactively prevent and detect breaches, and secure their expanded attack surfaces. FortiGuard Labs, the threat intelligence and research organization at Fortinet, provides the security updates to the detections and prevention capabilities to these security add-ons. FortiGuard Security Subscriptions:

  • Are fully integrated to maximize the protection across the Fortinet Security Fabric
  • Provide protection across the attack vector spectrum
  • Enable you to tailor your security choices to your environment
  • Validate their threat effectiveness through independent, real-world testing results
  • Are available as both individual and bundled subscriptions

Subscription Details

FortiGuard Security Subscriptions include intrusion prevention, web filtering, antivirus/anti-spyware, anti-spam, database security, virus outbreak protection service, IP reputation updates, content disarm and reconstruction, security rating services, and network and web application control capabilities. Here are just some of the different security options we provide to help protect our customers:


FortiGuard 反病毒服务可抵御最新病毒、间谍软件及其他内容级威胁。它使用行业领先的高级检测引擎来防止不断演进的新威胁侵袭您的网络并访问重要内容。


通过实时、全面了解用户正在运行的应用,轻松实施可接受的使用策略,从而提高安全性,并满足合规要求。借助 FortiGuard 应用控制服务,您可以快速创建策略,以允许、拒绝或限制对应用或整个应用类别的访问。

内容阻断 & 复原

内容消除与重建 (CDR) 能够实时清除文件中的所有“活动”内容,并生成干净的文件。所有“活动”内容均被视为可疑内容,并予以删除。CDR 将处理所有传入文件,对其进行解构,并删除所有不符合防火墙策略的元素。

FortiCloud 沙箱

FortiCloud 沙箱服务是一款高级威胁检测解决方案,可执行动态分析,以识别以前未知的恶意软件。FortiCloud 沙箱生成的可执行情报将应用到您网络内的预防控制系统中,从而消除威胁。


FortiGuard Industrial Security Service(工业安全服务)会持续更新签名,以识别和监控大多数常见的 ICS/SCADA (监控和数据采集)协议,以实现精细可见化和精细控制。另外还对主要 ICS 制造商的应用和设备提供漏洞保护。




安全审计更新服务旨在引导客户设计、实现并持续维护适合其组织的目标 Security Fabric 安全架构安全状态。Security Fabric 安全架构从根本上是构建于最佳安全实践之上,通过运行这些审计检查,安全团队将能够识别 Security Fabric 安全架构设置中的关键漏洞和配置弱点,并实施最佳实践建议。


FortiGuard 病毒爆发防护服务 (VOS) 通过 FortiCloud 沙箱分析填补了杀毒更新之间的空白,可检测并阻止在特征库更新期间发现的恶意软件威胁,以免波及整个组织。操作系统将启动对我们全球威胁情报数据库的实时查阅。

Should you need immediate assistance with a potential security incident, learn how FortiGuard Incident Response service can help.

Which Subscriptions Apply

Due to platform and technology considerations, not all FortiGuard Security Subscriptions run on every Fortinet solution. To see the FortiGuard security options available for individual products, please follow the links below.





Secure Web Gateway

Cloud Infrastructure Security

Public Cloud

Private Cloud



Web Application Firewall

Application Delivery



Fabric Management & Security Operations

Management & Analytics






FortiGuard Security Bundles

FortiGuard Security Subscriptions cover the realm of security protection needed to respond faster and effectively address the complex and evolving threat landscape. From our unparalleled Advanced Malware Protection (AMP) subscription service to IPS, Web Filtering, Security Rating, and many more, FortiGuard services are designed to offer comprehensive security coverage against the latest threats. With Fortinet, customers gain the confidence of knowing they are protected against today’s evolving threat landscape and sophisticated threats backed by FortiGuard Labs.

Fortinet offers a flexible consumption model for use with FortiGuard Security Subscriptions that allows enterprises to choose these security options using either an a-la-carte model by selecting individual subscriptions or as part of pre-defined packaged bundles built and recommended for specific use cases.


FortiGuard Subscription Bundles

Our bundles are designed to help customers readily improve their security posture, reduce their cyber risk, simplify their operations and management, and address their challenges with compliance and policy enforcement. To ensure business continuity, all of our bundles include 24x7 FortiCare support services.

360 Protection

The 360 Protection Bundle provides the most comprehensive level of security and operational services available. It helps organizations of all sizes manage the complexity in their networks while delivering full protection across the entire attack surface. This includes Secure SD-WAN capabilities and upgraded FortiCare support for faster issue resolution and greater business continuity.

Enterprise Protection Bundle

Enterprise Protection Bundle consolidates the broad protection needed to protect and defend against all cyber-attack channels from the endpoint to the cloud. It includes the technologies needed to address today’s challenging OT, risk, compliance, and management concerns.

Unifed Threat Protection Bundle

Unifed Threat Protection Bundle

Unified Threat Protection Bundle (UTP) extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTP bundle adds coverage for web and email-based attacks.

Advanced Threat Protection Bundle

Advanced Threat Protection Bundle

Advanced Threat Protection Bundle provides the foundational antivirus, intrusion prevention, and application control security technologies needed to protect and defend against known and unknown cyber threats.

Which Bundle is Right for Me?

Our FortiGuard Subscription Bundles are right-sized to help arm Fortinet’s customers with all the services needed to readily achieve their desired outcomes, and get the most of out their Fortinet Security Fabric.

Here are our recommended bundles and use cases:

Next-generation Firewall (NGFW)

Secure Web Gateway


Compliance & Benchmarking








Additional Deployment Use Cases

FortiGuard Security Subscriptions are optimized to work with the Fortinet Security Fabric to protect all deployment use case needs.  

To learn more about the individual security subscription options, visit the FortiGuard Security Subscriptions web page.

To learn more about what individual FortiGuard Security Subscriptions are available to work with different Fortinet solutions, please follow the links below.

FortiGuard Labs Consulting

Threat intelligence consulting services from the FortiGuard Labs team

FortiGuard Labs offers consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge.

Faced with an evolving threat landscape, increasingly advanced adversaries, and a chronic cybersecurity skills gap, many organizations are looking to external teams for help in solving basic and advanced security questions:

  • What are the topical and most important threats on which I should focus?
  • Is my environment as secure as it needs to be?
  • Are my people properly trained to defend us against the threats we face?

FortiGuard Labs Consulting is a set of specialized consulting services designed to provide proven threat intelligence to organizations lacking that function internally. These services leverage the expertise and experience of the FortiGuard Labs team to deliver the benefits of threat intelligence CISOs are looking for without the typical threat intelligence costs.

Focused Threat Intelligence and Analysis

Know your enemy. Understanding the threats and threat actors you face enables you to focus your defensive actions on the threats that matter most. It also enables you to prioritize your security spending on solutions that match your most likely threats. This consulting service allows you to choose the subject of your detailed analysis and includes:

  • Detailed reporting and analysis
  • FortiGuard Labs’ global telemetry data, specialized honeypots, and SIEM logs
  • FortiGuard Labs’ expertise and insight to identify ongoing hidden threats, protection gaps, and appropriate mitigation steps

Security Architecture Evaluation

The Security Architecture Evaluation service analyzes your threat spectrum and then uses different methods to evaluate how well your deployed security infrastructure does against the threats you face. This enables you to make the necessary changes to your security technologies to close any gaps and streamline operations. This consulting engagement will:

  • Assess and document your current security design, including systems, tools, owners, and processes
  • Use Breach and Attack Simulation exercises to uncover the security architecture gaps
  • Evaluate your security architecture against industry measurement/compliance frameworks (e.g., NIST)
  • Develop operational runbooks and a roadmap to help improve your comprehensive security architecture, including design and priorities

Cybersecurity Workshops

Organizations face an evolving threat landscape, increasingly advanced adversaries, and a chronic skills gap internally. FortiGuard Labs offers a number of full- and half-day security workshops to help close this skills gap, ensure that your people are sufficiently trained for the roles you need them to perform, and help them become cybersecurity subject-matter experts.

Organizations will benefit from the experience and expertise of FortiGuard Labs team members in training your personnel to better understand specific cybersecurity concepts and tools. Pre-defined workshops reflect the subjects we get asked about the most and will include hands-on training on:

Introduction to MITRE ATT&CK Framework

Provides an overview of the MITRE ATT&CK framework and knowledge base that is used to develop specific threat models and methodologies. Hands-on labs include exercises covering initial access, execution, privilege escalation and persistence, credential access, discovery, and lateral movement.

Cyber Hunting with Blockchains

Blockchain technologies are used in malware hunting, categorization, and file analysis. This workshop will help participants gain an understanding of Blockchain, the technology behind Bitcoin and other cryptocurrencies. The focus will be on the cybersecurity aspects of Blockchain and how organizations are starting to utilize threat hunting aspects of Blockchain.                


Malware Hunting and Analysis

This fast-paced, hands- on, lab-centric course will introduce you to the world of Windows malware, mobile malware concepts, and a basic understanding of Mac malware. More importantly, you will learn how to extract threat intelligence, IOCs, and other threat information from malware to better protect your environment.

SOC Threat Hunting

FortiGuard Labs will develop and train your team on Red Team threat hunting and mitigation techniques specifically applicable to your security operations center (SOC). This includes developing standard operating procedures (SOPs) on how your SOC should respond to ransomware and phishing attacks – or any other type of attack your organization chooses. This will enable your team to track/hunt/respond to these attacks, determine if the organization is at risk, methods to mitigate risks, and how to collect forensics evidence when threats occur.

That’s Not All

We all understand the value organizations get from good threat intelligence, but many cannot staff this critical function in house. That is why FortiGuard Labs offers these consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge. But if you have a need related to threat intelligence that is not covered here, FortiGuard Labs Consulting can easily design a custom engagement. Just let us know.

If you are interested in finding out more, contact your local Fortinet sales rep.