Skip to content Skip to navigation Skip to footer

FortiGuard Labs

Fortinet Threat Intelligence and Research Organization

Global Threat Landscape Report, 2H 2022
FortiGuard Labs banner background banner dots


Visibility + Innovation = Actionable Threat Intelligence

The threat intelligence and research team at Fortinet is comprised of very experienced threat hunters, researchers, analysts, engineers, and data scientists. Consequently, Fortinet security products are armed with the best threat identification and protection information available, including the latest threats, campaigns, bad actors, and trends. This threat research allows our customers to take proactive measures to better secure their organizations.


  • Co-founded the Cyber Threat Alliance (CTA) in 2014
  • Co-founder of the World Economic Forum’s Center for Cybersecurity created in 2018
  • Member of the computer incident response organization FIRST since 2012
  • Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. Receives and processes over 200 individual sources of threat intelligence from partners

Why FortiGuard Labs

What sets apart the FortiGuard Labs team from others? Three key differentiators:

  1. Breadth of visibility into the threat landscape
  2. Ground-breaking use of innovation
  3. Rapid delivery of actionable threat intelligence to the Fortinet Security Fabric


Gathered from millions of Fortinet sensors (5.6M+ devices deployed globally), giving FortiGuard Labs visibility into the actual real-world threats our customers face and covering threats found in the network, endpoint, IoT devices, emails, applications, and web threat vectors.


An innovative bi-directional network that both collects telemetry threat data from Fortinet and was also designed to efficiently distribute actionable security protection updates to the Fortinet Security Fabric components deployed in customer networks around the world several times each day.


Demonstrates the effectiveness of our research and provides proactive analysis and actionable intelligence on discovered vulnerabilities before they become discovered exploits. The 900+ vulnerabilities discovered so far set us apart from of our competitors.


Comes out of our early use of AI and the belief that sharing intelligence with other threat intelligence organizations improves protection for customers as well as the effectiveness of the entire cybersecurity industry.

Independent Third-party Validation

Tests by independent third parties provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that best meets their needs.

Threat Intelligence Industry Leadership

FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protection for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships. Partner highlights include:

The partnership links below give a more detailed look into the work we’ve been doing and the advancements these partnerships have provided to the threat intelligence industry.

View by:

Microsoft Active Protections Program (MAPP)

Microsoft Active Protections Program (MAPP)

FortiGuard Labs Projects

Zero-Day Research Program – Over 1,000 Zero Days Discovered in 16 Years

Fortinet performs security research on a variety of non-Fortinet products and services with the aim to identify potential security threats. The Fortinet research team is part of FortiGuard Labs, which creates the security service that powers Fortinet solutions. The security research achievements help to protect customers, companies, and the general public. FortiGuard Labs creates virtual patches via IPS to protect customers prior to patches being available when the vulnerability is still in a zero-day state.  

Fortinet is committed to a responsible disclosure process that allows impacted companies an opportunity to fix the issue, while also increasing consumer protection by blocking exploits against unpatched security vulnerabilities.

Learn More

Cyber Threat Alliance (CTA)

Cyber Threat Alliance

FortiGuard Labs Projects

Magellan CTI Platform — Co-developed, full STIXv2 platform to enable the secure sharing/exchange of threat intelligence among CTA members.

Partnership Timeline

  • 2014 – Co-founded the Cyber Threat Alliance (CTA)
  • 2015 – CryptoWall 3.0 whitepaper released, disrupts gang
  • 2016 – 6 members
  • 2017 – CTA formed as non-profit, expands to 11 members
  • 2018 – 20 members
  • 2019 – Magellan platform launched, expands to 25 members
  • 2020 – 30 members
  • 2021 – 34 members
  • 2022 – 35 members
Learn More



FortiGuard Labs Projects

STIX/TAXII participated in the original development of the protocols used to securely transmit threat intelligence related data.

Partnership Timeline

  • 2013 – Contributed to the development of the v1 STIX/TAXII protocols with MITRE as it was pioneered, before moving to OASIS
  • 2015 – Continued to work with OASIS on the CTI Technical Committee for further development and adoption of STIX/TAXII
  • 2020 – Joined the MITRE Engenuity CTID (Center for Threat Informed Defense)
Learn More

MITRE Engenuity Center for Threat Informed Defense

MITRE Engenuity Center for Threat Informed Defense

FortiGuard Labs Projects

ATT&CK Sightings Ecosystem


FortiGuard Threat Intelligence Insider – the industry’s first working implementation/model of the ATT&CK Sightings Ecosystem. This provides Fortinet customers with a heatmap analysis of the most active TTPs according to the ATT&CK framework, prevalence, or by industry.

Partnership Timeline

Learn More


FortiGuard Labs Projects

The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Its goal is to assist network defenders in better prioritizing vulnerability remediation efforts in conjunction with an existing CVSS score. Read the blog

Partnership Timeline:

  • 2012 – Became member of the computer incident response organization FIRST
  • 2021 – Joined EPSS SIG 
Learn More


Cybercrime Threat Response


FortiGuard Labs Projects

Project Gateway

INTERPOL Global Cybercrime Expert Group (IGCEG)

Project MIKE, Operation Cyclone, Cyber SURGE (Various) 

Partnership Timeline

  • 2015 – Inaugural meeting of Global Expert Group at new INTERPOL Global Complex for Innovation
  • 2016 – Project “Mike” – Arrest of $60M USD BEC ring through IGCEG
  • 2017 – Cybercrime operation in ASEAN region, identified nearly 9,000 command and control servers
  • 2018 – Fortinet signs Threat Information Sharing Agreement on Project Gateway
  • 2021 – Fortinet featured at INTERPOL’s First Global Conference on Ransomware
  • 2021 – Operation Cyclone takedown on CL0P ransomware with Fortinet contributions, $500M USD attributed to gang
Learn More



FortiGuard Labs Projects


Partnership Timeline 

  • 2016 – NATO signs cyber partnership with Fortinet 
  • 2022 – FortiGuard Labs participates in NATO Locked Shields

Agreement with Fortinet

The agreement with Fortinet boosts two-way information sharing, in particular on cyberthreat intelligence. This is often a high impact and efficient way to enhance cyber resilience and mitigate vulnerability to attack. Some of the expectations of this initiative are:

  • Improve cyber defense in NATO’s defense supply chain
  • Facilitate participation of industry organizations in multinational Smart Defense projects
  • Improve sharing of expertise, information, and experience of operating under the constant threat of cyberattack, including information on threats and vulnerabilities, e.g., malware information sharing
  • Raise awareness and improve the understanding of cyber risks
  • Leverage private sector developments for capability development
  • Generate efficient and adequate support in case of cyber incidents
Learn More

World Economic Forum (WEF)

World Economic Forum

FortiGuard Labs Projects

Centre for Cybersecurity (C4C)

Partnership Against Cybercrime (PAC)

Cybercrime ATLAS Project
           FortiGuard Labs leading pilot project
           Public/private sector mix
           Map cybercriminal ecosystem
           Universal taxonomy
           Measure efforts vs. disruption
           Bridge between technical private sector and public 

Partnership Timeline

  • 2018 – Co-founded the World Economic Forum’s Centre for Cybersecurity
  • 2020 – Joined the Partnership Against Cybercrime Project
  • 2020 – Co-authored and published WEF PAC Report
  • 2021 – Launched Cybercrime ATLAS Project under the PAC
Learn More


In-depth research for security professionals on new malware and variants, zero-day exploits, targeted systems, and critical vulnerabilities being exploited in the wild. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.


Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.


Researchers proactively analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric. FortiGuard Labs is an industry leader in zero-day discoveries with over 1,000 vulnerabilities discovered to date.


FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.


Threat experts from FortiGuard Labs provide insight and commentary on trending threat intelligence issues and the ever-evolving cyber threat landscape.


Experts from FortiGuard Labs discuss topical and trending cybersecurity subjects, providing insight from their back-end intelligence operations and the extensive experience of the team.

FortiGuard Labs Threat Map