FortiGuard Labs
Fortinet Threat Intelligence and Research Organization
Global Threat Landscape Report, 2H 2022
Overview
Visibility + Innovation = Actionable Threat Intelligence
The threat intelligence and research team at Fortinet is comprised of very experienced threat hunters, researchers, analysts, engineers, and data scientists. Consequently, Fortinet security products are armed with the best threat identification and protection information available, including the latest threats, campaigns, bad actors, and trends. This threat research allows our customers to take proactive measures to better secure their organizations.
Highlights
- Co-founded the Cyber Threat Alliance (CTA) in 2014
- Co-founder of the World Economic Forum’s Center for Cybersecurity created in 2018
- Member of the computer incident response organization FIRST since 2012
- Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. Receives and processes over 200 individual sources of threat intelligence from partners
Why FortiGuard Labs
What sets apart the FortiGuard Labs team from others? Three key differentiators:
- Breadth of visibility into the threat landscape
- Ground-breaking use of innovation
- Rapid delivery of actionable threat intelligence to the Fortinet Security Fabric
TELEMETRY
Gathered from millions of Fortinet sensors (5.6M+ devices deployed globally), giving FortiGuard Labs visibility into the actual real-world threats our customers face and covering threats found in the network, endpoint, IoT devices, emails, applications, and web threat vectors.
FORTINET DISTRIBUTION NETWORK
ZERO-DAY RESEARCH
Demonstrates the effectiveness of our research and provides proactive analysis and actionable intelligence on discovered vulnerabilities before they become discovered exploits. The 900+ vulnerabilities discovered so far set us apart from of our competitors.
INDUSTRY AND INFORMATION-SHARING LEADERSHIP
Comes out of our early use of AI and the belief that sharing intelligence with other threat intelligence organizations improves protection for customers as well as the effectiveness of the entire cybersecurity industry.
Independent Third-party Validation
Tests by independent third parties provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that best meets their needs.
Threat Intelligence Industry Leadership
FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protection for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships. Partner highlights include:
The partnership links below give a more detailed look into the work we’ve been doing and the advancements these partnerships have provided to the threat intelligence industry.
View by:
Microsoft Active Protections Program (MAPP)
FortiGuard Labs Projects
Zero-Day Research Program – Over 1,000 Zero Days Discovered in 16 Years
Fortinet performs security research on a variety of non-Fortinet products and services with the aim to identify potential security threats. The Fortinet research team is part of FortiGuard Labs, which creates the security service that powers Fortinet solutions. The security research achievements help to protect customers, companies, and the general public. FortiGuard Labs creates virtual patches via IPS to protect customers prior to patches being available when the vulnerability is still in a zero-day state.
Fortinet is committed to a responsible disclosure process that allows impacted companies an opportunity to fix the issue, while also increasing consumer protection by blocking exploits against unpatched security vulnerabilities.
Learn MoreCyber Threat Alliance (CTA)
FortiGuard Labs Projects
Magellan CTI Platform — Co-developed, full STIXv2 platform to enable the secure sharing/exchange of threat intelligence among CTA members.
Partnership Timeline
- 2014 – Co-founded the Cyber Threat Alliance (CTA)
- 2015 – CryptoWall 3.0 whitepaper released, disrupts gang
- 2016 – 6 members
- 2017 – CTA formed as non-profit, expands to 11 members
- 2018 – 20 members
- 2019 – Magellan platform launched, expands to 25 members
- 2020 – 30 members
- 2021 – 34 members
- 2022 – 35 members
MITRE
FortiGuard Labs Projects
STIX/TAXII participated in the original development of the protocols used to securely transmit threat intelligence related data.
Partnership Timeline
- 2013 – Contributed to the development of the v1 STIX/TAXII protocols with MITRE as it was pioneered, before moving to OASIS
- 2015 – Continued to work with OASIS on the CTI Technical Committee for further development and adoption of STIX/TAXII
- 2020 – Joined the MITRE Engenuity CTID (Center for Threat Informed Defense)
MITRE Engenuity Center for Threat Informed Defense
FortiGuard Labs Projects
ATT&CK Sightings Ecosystem
ATT&CK Flow
FortiGuard Threat Intelligence Insider – the industry’s first working implementation/model of the ATT&CK Sightings Ecosystem. This provides Fortinet customers with a heatmap analysis of the most active TTPs according to the ATT&CK framework, prevalence, or by industry.
Partnership Timeline
- 2020 – Joined Center for Threat Informed Defense
- 2022 – “2021 ATT&CK Sightings Report” published
FIRST.ORG
FortiGuard Labs Projects
The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Its goal is to assist network defenders in better prioritizing vulnerability remediation efforts in conjunction with an existing CVSS score. Read the blog
Partnership Timeline:
- 2012 – Became member of the computer incident response organization FIRST
- 2021 – Joined EPSS SIG
Interpol
Cybercrime Threat Response
FortiGuard Labs Projects
Project Gateway
INTERPOL Global Cybercrime Expert Group (IGCEG)
Project MIKE, Operation Cyclone, Cyber SURGE (Various)
Partnership Timeline
- 2015 – Inaugural meeting of Global Expert Group at new INTERPOL Global Complex for Innovation
- 2016 – Project “Mike” – Arrest of $60M USD BEC ring through IGCEG
- 2017 – Cybercrime operation in ASEAN region, identified nearly 9,000 command and control servers
- 2018 – Fortinet signs Threat Information Sharing Agreement on Project Gateway
- 2021 – Fortinet featured at INTERPOL’s First Global Conference on Ransomware
- 2021 – Operation Cyclone takedown on CL0P ransomware with Fortinet contributions, $500M USD attributed to gang
NATO NCI Agency
FortiGuard Labs Projects
NATO NICP
Partnership Timeline
- 2016 – NATO signs cyber partnership with Fortinet
- 2022 – FortiGuard Labs participates in NATO Locked Shields
Agreement with Fortinet
The agreement with Fortinet boosts two-way information sharing, in particular on cyberthreat intelligence. This is often a high impact and efficient way to enhance cyber resilience and mitigate vulnerability to attack. Some of the expectations of this initiative are:
- Improve cyber defense in NATO’s defense supply chain
- Facilitate participation of industry organizations in multinational Smart Defense projects
- Improve sharing of expertise, information, and experience of operating under the constant threat of cyberattack, including information on threats and vulnerabilities, e.g., malware information sharing
- Raise awareness and improve the understanding of cyber risks
- Leverage private sector developments for capability development
- Generate efficient and adequate support in case of cyber incidents
World Economic Forum (WEF)
FortiGuard Labs Projects
Centre for Cybersecurity (C4C)
Partnership Against Cybercrime (PAC)
Cybercrime ATLAS Project
FortiGuard Labs leading pilot project
Public/private sector mix
Map cybercriminal ecosystem
Universal taxonomy
Measure efforts vs. disruption
Bridge between technical private sector and public
Partnership Timeline
- 2018 – Co-founded the World Economic Forum’s Centre for Cybersecurity
- 2020 – Joined the Partnership Against Cybercrime Project
- 2020 – Co-authored and published WEF PAC Report
- 2021 – Launched Cybercrime ATLAS Project under the PAC
THREAT BLOGS
In-depth research for security professionals on new malware and variants, zero-day exploits, targeted systems, and critical vulnerabilities being exploited in the wild. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.
THREAT SIGNALS
Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.
ZERO-DAY RESEARCH
Researchers proactively analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric. FortiGuard Labs is an industry leader in zero-day discoveries with over 1,000 vulnerabilities discovered to date.
THREAT-INTELLIGENCE BRIEFS
FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.
THREAT-INTELLIGENCE PODCASTS
Threat experts from FortiGuard Labs provide insight and commentary on trending threat intelligence issues and the ever-evolving cyber threat landscape.
FORTIGUARD LIVE VIDEOS
Experts from FortiGuard Labs discuss topical and trending cybersecurity subjects, providing insight from their back-end intelligence operations and the extensive experience of the team.
