FortiGuard Labs

Fortinet Threat Intelligence and Research Organization

Deeper Dive into FortiGuard Labs

Visibility + Innovation = Actionable Threat Intelligence

FortiGuard Labs is the threat intelligence and research organization at Fortinet. It is comprised of experienced threat hunters, researchers, analysts, engineers, and data scientists. Its mission is to provide customers with the industry’s best threat intelligence to protect them from malicious cyberattacks. It has three areas of focus:

  • FortiGuard Labs – Its threat intelligence efforts keep Fortinet security products armed with the best threat identification and protection information available. Its threat research keeps our customers informed of the latest threats, campaigns, actors, and trends so they can take proactive measures to better secure their environments.
  • FortiGuard Security Subscriptions – These are different security options you can choose to add on to your Fortinet devices, enabling you to tailor your security choices to your environment. FortiGuard Labs provides the security detections and prevention capabilities to these security options. Find out more.
  • FortiGuard Labs Consulting – Consulting services are designed to provide threat intelligence value to organizations without threat intelligence. FortiGuard Labs Consulting helps organizations better understand the threats they face, identifies gaps in their security infrastructure, and ensures their people have the skill sets they need. Custom engagements are also offered. Need help?

Highlighted Assets

Proactive Threat Research

In-depth research for security professionals on new malware and variants, zero-day exploits, targeted systems, and critical vulnerabilities being exploited in the wild. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.

Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.

These playbooks detail the activity of specific cyberattack campaigns and specify the tools, techniques, and procedures (TTPs) that adversaries leverage to deploy them. These playbooks are mapped to the MITRE ATT&CK framework and help organizations understand the lifecycle of cyber-threat campaigns and what technologies and best practices can be used to defend against them.

Researchers proactively analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric. FortiGuard Labs is an industry leader in zero-day discoveries with over 900 vulnerabilities discovered to date.

FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.

Why FortiGuard Labs

What sets the FortiGuard Labs team apart are three key differentiators: breadth of visibility into the threat landscape, ground-breaking use of innovation, and rapid delivery of actionable threat intelligence to the Fortinet Security Fabric. Some specifics:

  • Telemetry gathered from Fortinet’s millions of sensors (5.6M+ devices deployed globally) give FortiGuard Labs visibility into the actual real-world threats our customers face and covers threats found in the network, endpoint, IoT devices, in emails, applications, and web threat vectors.
  • The Fortinet Distribution Network is an innovative bi-directional network that both collects telemetry threat data from Fortinet and was also designed to efficiently distribute actionable security protection updates to the Fortinet Security Fabric components deployed in customer networks around the world several times each day.
  • Zero-day research demonstrates the effectiveness of our research and provides proactive analysis and actionable intelligence on discovered vulnerabilities before they become discovered exploits. The over 900 discovered vulnerabilities to date set us apart from of our competitors.
  • Our industry and information-sharing leadership comes out of our early use or AI and the belief that sharing intelligence with other threat intelligence organizations improves protection for customers as well as the effectiveness of the entire cybersecurity industry. Highlights include:
    • Co-founded the Cyber Threat Alliance (CTA) in 2014
    • Co-founder of the World Economic Forum’s Center for Cybersecurity created in 2018
    • Member of the computer incident response organization FIRST since 2012
    • Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. Receives and processes over 200 individual sources of threat intelligence from partners

Independent Third-party Validation

Independent, third-party tests provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that is right for their needs.

See Product Certifications

FortiGuard Security Subscriptions

Want to know how you can leverage FortiGuard Labs to optimize performance and maximize the protection of your Fortinet solutions? Simply add the appropriate FortiGuard Subscriptions and Services to your Fortinet Security Fabric deployments. Available as both individual and bundled subscriptions.

AI-Driven Security Operations

Want more information about FortiGuard Labs’ proven artificial intelligence and machine learning systems ?

 

 

FortiGuard Labs Threat Map

FortiGuard Security Subscriptions

Protect Your Organization from the Constantly Evolving Threat Landscape


FortiGuard Security Subscriptions refer to the different security options you can choose to add on to your Fortinet devices. FortiGuard Security Subscriptions can help customer stop in-flight threats, eliminate attacks from common entry points, proactively prevent and detect breaches, and secure their expanded attack surfaces. FortiGuard Labs, the threat intelligence and research organization at Fortinet, provides the security updates to the detections and prevention capabilities to these security add-ons. FortiGuard Security Subscriptions:

  • Are fully integrated to maximize the protection across the Fortinet Security Fabric
  • Provide protection across the attack vector spectrum
  • Enable you to tailor your security choices to your environment
  • Validate their threat effectiveness through independent, real-world testing results
  • Are available as both individual and bundled subscriptions

Subscription Details

FortiGuard Security Subscriptions include intrusion prevention, web filtering, antivirus/anti-spyware, anti-spam, database security, virus outbreak protection service, IP reputation updates, content disarm and reconstruction, security rating services, and network and web application control capabilities. Here are just some of the different security options we provide to help protect our customers:

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.

sandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiSandbox Cloud is fed back into preventive controls within your network—disarming the threat.

Industrial Control Systems

The FortiGuard Industrial Security Service continuously updates signatures to identify and police most of the common ICS/SCADA (supervisory control and data acquisition) protocols for granular visibility and control. Additional vulnerability protection is provided for applications and devices from the major ICS manufacturers.

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

IoT Service

FortiGuard IoT Service helps shrink the attack surface stemming from IoT devices. With this service, the Fortinet Security Fabric will leverage FortiGuard intelligence to automatically identify, segment, and assign policies to IoT devices, both known and unknown.

Security Rating Service

Security Audit Update Service is intended to guide customers to design, implement and continually maintain the target Security Fabric security posture suited for their organization. The Security Fabric is fundamentally built on security best practices and by running these audit checks, security teams will be able to identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup, and implement best practice recommendations.

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiSandbox Cloud analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

Should you need immediate assistance with a potential security incident, learn how FortiGuard Incident Response service can help.

Which Subscriptions Apply

Due to platform and technology considerations, not all FortiGuard Security Subscriptions run on every Fortinet solution. To see the FortiGuard security options available for individual products, please follow the links below.

Network Security

SD-WAN

NGFW

IPS

Secure Web Gateway

Cloud Infrastructure Security

Public Cloud

Private Cloud

Application Security

Email

Web Application Firewall

Application Delivery

Endpoint Security

Endpoint

Fabric Management & Security Operations

Management & Analytics

SIEM

Sandbox

Deception

 

 

FortiGuard Security Bundles

FortiGuard Security Subscriptions cover the realm of security protection needed to respond faster and effectively address the complex and evolving threat landscape. From our unparalleled Advanced Malware Protection (AMP) subscription service to IPS, Web Filtering, Security Rating, and many more, FortiGuard services are designed to offer comprehensive security coverage against the latest threats. With Fortinet, customers gain the confidence of knowing they are protected against today’s evolving threat landscape and sophisticated threats backed by FortiGuard Labs.

Fortinet offers a flexible consumption model for use with FortiGuard Security Subscriptions that allows enterprises to choose these security options using either an a-la-carte model by selecting individual subscriptions or as part of pre-defined packaged bundles built and recommended for specific use cases.

 

FortiGuard Subscription Bundles

Our bundles are designed to help customers readily improve their security posture, reduce their cyber risk, simplify their operations and management, and address their challenges with compliance and policy enforcement. To ensure business continuity, all of our bundles include 24x7 FortiCare support services.

360 Protection

The 360 Protection Bundle provides the most comprehensive level of security and operational services available. It helps organizations of all sizes manage the complexity in their networks while delivering full protection across the entire attack surface. This includes Secure SD-WAN capabilities and upgraded FortiCare support for faster issue resolution and greater business continuity.

Enterprise Protection Bundle

Enterprise Protection Bundle consolidates the broad protection needed to protect and defend against all cyber-attack channels from the endpoint to the cloud. It includes the technologies needed to address today’s challenging OT, risk, compliance, and management concerns.

Unifed Threat Protection Bundle

Unifed Threat Protection Bundle

Unified Threat Protection Bundle (UTP) extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTP bundle adds coverage for web and email-based attacks.

Advanced Threat Protection Bundle

Advanced Threat Protection Bundle

Advanced Threat Protection Bundle provides the foundational antivirus, intrusion prevention, and application control security technologies needed to protect and defend against known and unknown cyber threats.

Which Bundle is Right for Me?

Our FortiGuard Subscription Bundles are right-sized to help arm Fortinet’s customers with all the services needed to readily achieve their desired outcomes, and get the most of out their Fortinet Security Fabric.

Here are our recommended bundles and use cases:

  ATP UTP ENT 360
Next-generation Firewall (NGFW)

Secure Web Gateway

 

Compliance & Benchmarking

 

 

SD-WAN

 

   

 

 

Additional Deployment Use Cases

FortiGuard Security Subscriptions are optimized to work with the Fortinet Security Fabric to protect all deployment use case needs.  

To learn more about the individual security subscription options, visit the FortiGuard Security Subscriptions web page.

To learn more about what individual FortiGuard Security Subscriptions are available to work with different Fortinet solutions, please follow the links below.

FortiGuard Labs Consulting

Threat intelligence consulting services from the FortiGuard Labs team


FortiGuard Labs offers consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge.

Faced with an evolving threat landscape, increasingly advanced adversaries, and a chronic cybersecurity skills gap, many organizations are looking to external teams for help in solving basic and advanced security questions:

  • What are the topical and most important threats on which I should focus?
  • Is my environment as secure as it needs to be?
  • Are my people properly trained to defend us against the threats we face?

FortiGuard Labs Consulting is a set of specialized consulting services designed to provide proven threat intelligence to organizations lacking that function internally. These services leverage the expertise and experience of the FortiGuard Labs team to deliver the benefits of threat intelligence CISOs are looking for without the typical threat intelligence costs.

Focused Threat Intelligence and Analysis

Know your enemy. Understanding the threats and threat actors you face enables you to focus your defensive actions on the threats that matter most. It also enables you to prioritize your security spending on solutions that match your most likely threats. This consulting service allows you to choose the subject of your detailed analysis and includes:

  • Detailed reporting and analysis
  • FortiGuard Labs’ global telemetry data, specialized honeypots, and SIEM logs
  • FortiGuard Labs’ expertise and insight to identify ongoing hidden threats, protection gaps, and appropriate mitigation steps

Security Architecture Evaluation

The Security Architecture Evaluation service analyzes your threat spectrum and then uses different methods to evaluate how well your deployed security infrastructure does against the threats you face. This enables you to make the necessary changes to your security technologies to close any gaps and streamline operations. This consulting engagement will:

  • Assess and document your current security design, including systems, tools, owners, and processes
  • Use Breach and Attack Simulation exercises to uncover the security architecture gaps
  • Evaluate your security architecture against industry measurement/compliance frameworks (e.g., NIST)
  • Develop operational runbooks and a roadmap to help improve your comprehensive security architecture, including design and priorities

Cybersecurity Workshops

Organizations face an evolving threat landscape, increasingly advanced adversaries, and a chronic skills gap internally. FortiGuard Labs offers a number of full- and half-day security workshops to help close this skills gap, ensure that your people are sufficiently trained for the roles you need them to perform, and help them become cybersecurity subject-matter experts.

Organizations will benefit from the experience and expertise of FortiGuard Labs team members in training your personnel to better understand specific cybersecurity concepts and tools. Pre-defined workshops reflect the subjects we get asked about the most and will include hands-on training on:

Introduction to MITRE ATT@CK Framework

Provides an overview of the MITRE ATT&CK framework and knowledge base that is used to develop specific threat models and methodologies. Hands-on labs include exercises covering initial access, execution, privilege escalation and persistence, credential access, discovery, and lateral movement.



Cyber Hunting with Blockchains

Blockchain technologies are used in malware hunting, categorization, and file analysis. This workshop will help participants gain an understanding of Blockchainblockchain, the technology behind Bitcoin bitcoin and other cryptocurrencies. The focus will be on the cybersecurity aspects of Blockchain blockchain and how organizations are starting to utilize threat hunting aspects of Blockchainblockchain.

 

Malware Hunting and Analysis

This fast-paced, hands- on, lab-centric course will introduce you to the world of Windows malware, mobile malware concepts, and a basic understanding of Mac malware. More importantly, you will learn how to extract threat intelligence, IOCs, and other threat information from malware to better protect your environment.



SOC Threat Hunting

FortiGuard Labs will develop and train your team on Red Team threat hunting and mitigation techniques specifically applicable to your security operations center (SOC). This includes developing standard operating procedures (SOPs) on how your SOC should respond to ransomware and phishing attacks – or any other type of attack your organization chooses. This will enable your team to track/hunt/respond to these attacks, determine if the organization is at risk, methods to mitigate risks, and how to collect forensics evidence when threats occur.

That’s Not All

We all understand the value organizations get from good threat intelligence, but many cannot staff this critical function in house. That is why FortiGuard Labs offers these consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge. But if you have a need related to threat intelligence that is not covered here, FortiGuard Labs Consulting can easily design a custom engagement. Just let us know.

If you are interested in finding out more, contact your local Fortinet sales rep.