FortiGuard Labs

Fortinet’s Global Threat Intelligence and Research Organization

Read the new 1H 2020 Threat Landscape Report

Get an overview of FortiGuard Labs operations

Threat Intelligence at Machine Speed

FortiGuard Labs is the global threat intelligence and research organization at Fortinet. Its mission is to provide customers the industry’s best threat intelligence to protect them from malicious cyberattacks. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats.

The efforts of the global team of experienced threat hunters, researchers, analysts, tool developers, and data scientists enable FortiGuard Labs to keep all Fortinet products updated with the best threat identification and protection information available.

FortiGuard Labs has also been instrumental in developing the concepts of threat sharing and collaboration in the threat intelligence industry. Through these efforts, FortiGuard Labs has built a valuable partner ecosystem that includes threat intelligence peers, governmental agencies and international law enforcement organizations.

Practical Threat Intelligence

Actionable Threat Research

FortiGuard Labs supplements threat protection product updates with research publications to help customers better understand threats, inform of zero-day vulnerabilities, and provide Indicators of Compromise to ensure they have the appropriate protections in place.

Fortinet Security Fabric  

FortiGuard Labs provides the threat intelligence foundation for all of the Fortinet Security Fabric components, keeping them up-to-date with the latest threat identification and protection information.

Fortinet Distribution Network

FortiGuard Labs designed and built a global network to ensure that threat intelligence and protection updates reach customers within minutes regardless of where they reside, enabling FortiGuard Labs to deliver multiple security updates each day.

FortiGuard Security Subscriptions

Want to know how you can leverage FortiGuard Labs to optimize performance and maximize the protection of your Fortinet solutions? Simply add the appropriate FortiGuard Subscriptions and Services to your Fortinet Security Fabric deployments. Available as both individual and bundled subscriptions.

Learn More

Threat Intelligence Leadership

threat

Complete Attack Surface Coverage

FortiGuard Labs monitors and responds to global threat activity across the entire attack surface.  With over 100 billion threat events processed every day, and updates delivered as often as every 5 minutes, FortiGuard Labs provides Fortinet customers with the absolute latest protection against new and emerging threats.

ai driven innovation

AI-driven Security Pioneer

FortiGuard Labs pioneered the use of artificial intelligence (AI) and machine learning (ML) in 2012 to discover and fight cyberthreats.  These technologies greatly improve time-to-detection and enable Fortinet to detect, prevent and respond to cyberattacks at machine speed.

prevention

Cybercrime Prevention Leader

FortiGuard Labs advocates for the sharing of intelligence with law enforcement and other global security organizations, and has been instrumental in the design and creation of these secure communication channels. Fortinet co-founded the Cyber Threat Alliance (CTA) and has worked with international law enforcement to take down cybercrime organizations.

 

Actionable Threat Research

playbook

Adversary Playbooks

FortiGuard Labs adversary playbooks detail the activity of specific cyberattack campaigns and specify the tools, techniques, and procedures (TTPs) that adversaries leverage to deploy them. These playbooks help organizations understand the lifecycle of cyber-threat campaigns and what technologies and best practices defend against them. FortiGuard Labs playbooks include tactics and techniques that are mapped to the MITRE ATT&CK framework.

Explore adversary playbooks
zero day

Zero-day Research

Dedicated researchers and analysts regularly analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric.

Explore zero-day research
threat brief

Threat Intelligence Briefs

FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.

Explore Threat Intelligence Briefs
threat signal

Threat Signals

FortiGuard Labs Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.  

Explore Threat Signals
blog

Threat Blogs

FortiGuard Labs threat blogs deliver in-depth research for security professionals on new malware, new variants or targets, and critical vulnerabilities being exploited. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.

Explore threat blogs

 

Fortinet Distribution Network

FortiGuard Labs knows that cybersecurity defenses are only as good as the threat intelligence informing them. Coupled with an ever-evolving threat landscape, speed is inherent to a strong defense—customers need the latest protections at their fingertips, fast. The Fortinet Distribution Network rapidly delivers world-class threat intelligence updates to customer solutions, enabling updates to multiple products across the globe each day.

 

checkmark icon

Malicious hashes/URLs/IP/Domains updated every 15 minutes

checkmark icon

Anti-malware updates every 60 minutes

checkmark icon

FortiSandbox 0-day malware updates every 5 minutes

checkmark icon

IPS signatures updated every 42 hours

checkmark icon

* update frequencies based on historical average

FortiGuard Labs Threat Map

partner

Industry and Partner Community Leadership

FortiGuard Labs has been committed to delivering the best threat intelligence to customers for over 20 years. This includes sharing intelligence with law enforcement and other security vendors to access to as much information as possible. Fortinet firmly believes that sharing this intelligence improves protection for customers as well as the effectiveness of the entire cybersecurity industry. 

checkmark icon

FortiGuard Labs joined FIRST in 2012, an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

checkmark icon

Co-founded the Cyber Threat Alliance (CTA) in 2014 and wrote the first sharing bylaws for the organization.

checkmark icon

FortiGuard Labs joined INTERPOL ICGEG (Global Expert Group) in 2016.

checkmark icon

FortiGuard Labs contributed to the development of the STIX/TAXII protocols as well as the MISP platform, both of which are now deployed globally for threat intelligence sharing.

checkmark icon

FortiGuard Labs has over 200 individual sources of threat intelligence from partners in cyberspace.

Independent Third-party Validation

Independent, third-party tests provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision.

Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that is right for their needs.

Product Certifications

AI-Driven Security Operations

Want more information on how FortiGuard Labs’ proven artificial intelligence and machine learning systems?

Learn More