FortiGuard Labs

Fortinet Threat Intelligence and Research Organization

Deeper Dive into FortiGuard Labs

Visibility + Innovation = Actionable Threat Intelligence

FortiGuard Labs is the threat intelligence and research organization at Fortinet. It is comprised of experienced threat hunters, researchers, analysts, engineers, and data scientists. Its mission is to provide customers with the industry’s best threat intelligence to protect them from malicious cyberattacks. It has three areas of focus:

  • FortiGuard Labs – Its threat intelligence efforts keep Fortinet security products armed with the best threat identification and protection information available. Its threat research keeps our customers informed of the latest threats, campaigns, actors, and trends so they can take proactive measures to better secure their environments.
  • FortiGuard Security Subscriptions – These are different security options you can choose to add on to your Fortinet devices, enabling you to tailor your security choices to your environment. FortiGuard Labs provides the security detections and prevention capabilities to these security options. Find out more.
  • FortiGuard Labs Consulting – Consulting services are designed to provide threat intelligence value to organizations without threat intelligence. FortiGuard Labs Consulting helps organizations better understand the threats they face, identifies gaps in their security infrastructure, and ensures their people have the skill sets they need. Custom engagements are also offered. Need help?

Highlighted Assets

Proactive Threat Research

In-depth research for security professionals on new malware and variants, zero-day exploits, targeted systems, and critical vulnerabilities being exploited in the wild. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.

Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.

These playbooks detail the activity of specific cyberattack campaigns and specify the tools, techniques, and procedures (TTPs) that adversaries leverage to deploy them. These playbooks are mapped to the MITRE ATT&CK framework and help organizations understand the lifecycle of cyber-threat campaigns and what technologies and best practices can be used to defend against them.

Researchers proactively analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric. FortiGuard Labs is an industry leader in zero-day discoveries with over 900 vulnerabilities discovered to date.

FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.

Why FortiGuard Labs

What sets the FortiGuard Labs team apart are three key differentiators: breadth of visibility into the threat landscape, ground-breaking use of innovation, and rapid delivery of actionable threat intelligence to the Fortinet Security Fabric. Some specifics:

  • Telemetry gathered from Fortinet’s millions of sensors (5.6M+ devices deployed globally) give FortiGuard Labs visibility into the actual real-world threats our customers face and covers threats found in the network, endpoint, IoT devices, in emails, applications, and web threat vectors.
  • The Fortinet Distribution Network is an innovative bi-directional network that both collects telemetry threat data from Fortinet and was also designed to efficiently distribute actionable security protection updates to the Fortinet Security Fabric components deployed in customer networks around the world several times each day.
  • Zero-day research demonstrates the effectiveness of our research and provides proactive analysis and actionable intelligence on discovered vulnerabilities before they become discovered exploits. The over 900 discovered vulnerabilities to date set us apart from of our competitors.
  • Our industry and information-sharing leadership comes out of our early use or AI and the belief that sharing intelligence with other threat intelligence organizations improves protection for customers as well as the effectiveness of the entire cybersecurity industry. Highlights include:
    • Co-founded the Cyber Threat Alliance (CTA) in 2014
    • Co-founder of the World Economic Forum’s Center for Cybersecurity created in 2018
    • Member of the computer incident response organization FIRST since 2012
    • Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. Receives and processes over 200 individual sources of threat intelligence from partners

Independent Third-party Validation

Independent, third-party tests provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that is right for their needs.

See Product Certifications

FortiGuard Security Subscriptions

Want to know how you can leverage FortiGuard Labs to optimize performance and maximize the protection of your Fortinet solutions? Simply add the appropriate FortiGuard Subscriptions and Services to your Fortinet Security Fabric deployments. Available as both individual and bundled subscriptions.

AI-Driven Security Operations

Want more information about FortiGuard Labs’ proven artificial intelligence and machine learning systems ?

 

 

FortiGuard Labs Threat Map

FortiGuard Security Subscriptions

Protect Your Organization from the Constantly Evolving Threat Landscape


FortiGuard Security Subscriptions refer to the different security options you can choose to add on to your Fortinet devices. FortiGuard Security Subscriptions can help customer stop in-flight threats, eliminate attacks from common entry points, proactively prevent and detect breaches, and secure their expanded attack surfaces. FortiGuard Labs, the threat intelligence and research organization at Fortinet, provides the security updates to the detections and prevention capabilities to these security add-ons. FortiGuard Security Subscriptions:

  • Are fully integrated to maximize the protection across the Fortinet Security Fabric
  • Provide protection across the attack vector spectrum
  • Enable you to tailor your security choices to your environment
  • Validate their threat effectiveness through independent, real-world testing results
  • Are available as both individual and bundled subscriptions

Subscription Details

FortiGuard Security Subscriptions include intrusion prevention, web filtering, antivirus/anti-spyware, anti-spam, database security, virus outbreak protection service, IP reputation updates, content disarm and reconstruction, security rating services, and network and web application control capabilities. Here are just some of the different security options we provide to help protect our customers:

FG Antivirus

안티 바이러스

FortiGuard 안티바이러스는 최신 바이러스, 스파이웨어, 기타 콘텐츠 수준의 위협으로부터 보호합니다. 업계 최고의 고급 감지 엔진을 이용하여 새로운 위협과 진화하는 위협이 네트워크에 거점을 두고 민감한 콘텐츠에 접근하는 것을 방지합니다.

FG Application Control

애플리케이션 제어

사용자가 실행 중인 애플리케이션에 대한 실시간 가시성을 통해 허용되는 사용 정책을 쉽게 적용함으로써 보안을 강화하고 규정 준수를 충족합니다. FortiGuard 액세스 제어를 사용하면 빠르게 정책을 만들어서 애플리케이션 또는 전체 애플리케이션 카테고리에 대한 액세스를 허용, 거부, 제한할 수 있습니다.

Product Category Thumb SS security audit

콘텐츠 해체 및 재구성

CDR은 파일에 있는 모든 활성 콘텐츠를 실시간으로 제거해 완전히 깨끗한 상태의 파일을 만듭니다. 모든 활성 콘텐츠는 의심스러운 것으로 간주되어 제거됩니다. CDR은 모든 수신 파일을 처리하고, 해체하고, 방화벽 정책에 맞지 않는 모든 요소를 제거합니다.

icon sandbox cloud

FortiCloud 샌드박스

FortiCloud 샌드박스 서비스는 동적 분석을 수행하여 아직 알려지지 않은 멀웨어를 찾아내는 지능형 위협 감지 솔루션입니다. FortiCloud 샌드박스에서 생성되어 즉각 조치가 가능한 인텔리전스가 네트워크 내에 전달되어 위협을 제거합니다.

FG Industrial control systems

산업 제어 시스템

FortiGuard 산업 보안 서비스는 서명을 연속적으로 업데이트해 일반적인 ICS/SCADA(감독 제어 및 데이터 수집) 프로토콜 대부분을 식별, 감독하고, 섬세한 가시성과 관리 기능을 제공합니다. 주요 ICS 제조사의 애플리케이션과 장치에 추가적인 취약성 보호 기능을 제공합니다.

FG Intrusion Prevention

침입 방지

FortiGuard IPS는 위협이 네트워크 장치에 도달하기 전에 감지하고 차단함으로써 네트워크 침입을 방지합니다.

FG security rating

보안 등급

보안 감사 업데이트 서비스는 고객이 각 기업에 맞게 보안 패브릭 보안 환경을 설계, 구현하고 지속적으로 관리할 수 있도록 유도합니다. 보안 패브릭은 보안 모범 사례를 기초로 구축되었으며, 보안팀은 이러한 감사 검사를 실행하여 보안 패브릭 설정에서 중대한 취약성과 구성 약점을 찾아내고 모범 사례에 따른 권고 사항을 구현할 수 있습니다.

Product Category Thumb SS virus outbreak

바이러스 실행 차단 서비스

FortiGuard VOS(Virus Outbreak Protection Service)는 안티바이러스 업데이트와 FortiCloud 샌드박스 분석의 간극을 메워 시그니처(Signature) 업데이트 사이에 발견된 멀웨어 위협이 기업 전체로 확산되기 전에 감지하고 차단합니다. OS는 글로벌 위협 인텔리전스 데이터베이스를 실시간으로 조회합니다.

Should you need immediate assistance with a potential security incident, learn how FortiGuard Incident Response service can help.

Which Subscriptions Apply

Due to platform and technology considerations, not all FortiGuard Security Subscriptions run on every Fortinet solution. To see the FortiGuard security options available for individual products, please follow the links below.

Network Security

SD-WAN

NGFW

IPS

Secure Web Gateway

Cloud Infrastructure Security

Public Cloud

Private Cloud

Application Security

Email

Web Application Firewall

Application Delivery

Endpoint Security

Endpoint

Fabric Management & Security Operations

Management & Analytics

SIEM

Sandbox

Deception

 

 

FortiGuard Security Bundles

FortiGuard Security Subscriptions cover the realm of security protection needed to respond faster and effectively address the complex and evolving threat landscape. From our unparalleled Advanced Malware Protection (AMP) subscription service to IPS, Web Filtering, Security Rating, and many more, FortiGuard services are designed to offer comprehensive security coverage against the latest threats. With Fortinet, customers gain the confidence of knowing they are protected against today’s evolving threat landscape and sophisticated threats backed by FortiGuard Labs.

Fortinet offers a flexible consumption model for use with FortiGuard Security Subscriptions that allows enterprises to choose these security options using either an a-la-carte model by selecting individual subscriptions or as part of pre-defined packaged bundles built and recommended for specific use cases.

 

FortiGuard Subscription Bundles

Our bundles are designed to help customers readily improve their security posture, reduce their cyber risk, simplify their operations and management, and address their challenges with compliance and policy enforcement. To ensure business continuity, all of our bundles include 24x7 FortiCare support services.

360 Protection

The 360 Protection Bundle provides the most comprehensive level of security and operational services available. It helps organizations of all sizes manage the complexity in their networks while delivering full protection across the entire attack surface. This includes Secure SD-WAN capabilities and upgraded FortiCare support for faster issue resolution and greater business continuity.

Enterprise Protection Bundle

Enterprise Protection Bundle consolidates the broad protection needed to protect and defend against all cyber-attack channels from the endpoint to the cloud. It includes the technologies needed to address today’s challenging OT, risk, compliance, and management concerns.

Unifed Threat Protection Bundle

Unifed Threat Protection Bundle

Unified Threat Protection Bundle (UTP) extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTP bundle adds coverage for web and email-based attacks.

Advanced Threat Protection Bundle

Advanced Threat Protection Bundle

Advanced Threat Protection Bundle provides the foundational antivirus, intrusion prevention, and application control security technologies needed to protect and defend against known and unknown cyber threats.

Which Bundle is Right for Me?

Our FortiGuard Subscription Bundles are right-sized to help arm Fortinet’s customers with all the services needed to readily achieve their desired outcomes, and get the most of out their Fortinet Security Fabric.

Here are our recommended bundles and use cases:

  ATP UTP ENT 360
Next-generation Firewall (NGFW)

Secure Web Gateway

 

Compliance & Benchmarking

 

 

SD-WAN

 

   

 

 

Additional Deployment Use Cases

FortiGuard Security Subscriptions are optimized to work with the Fortinet Security Fabric to protect all deployment use case needs.  

To learn more about the individual security subscription options, visit the FortiGuard Security Subscriptions web page.

To learn more about what individual FortiGuard Security Subscriptions are available to work with different Fortinet solutions, please follow the links below.

FortiGuard Labs Consulting

Threat intelligence consulting services from the FortiGuard Labs team


FortiGuard Labs offers consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge.

Faced with an evolving threat landscape, increasingly advanced adversaries, and a chronic cybersecurity skills gap, many organizations are looking to external teams for help in solving basic and advanced security questions:

  • What are the topical and most important threats on which I should focus?
  • Is my environment as secure as it needs to be?
  • Are my people properly trained to defend us against the threats we face?

FortiGuard Labs Consulting is a set of specialized consulting services designed to provide proven threat intelligence to organizations lacking that function internally. These services leverage the expertise and experience of the FortiGuard Labs team to deliver the benefits of threat intelligence CISOs are looking for without the typical threat intelligence costs.

Focused Threat Intelligence and Analysis

Know your enemy. Understanding the threats and threat actors you face enables you to focus your defensive actions on the threats that matter most. It also enables you to prioritize your security spending on solutions that match your most likely threats. This consulting service allows you to choose the subject of your detailed analysis and includes:

  • Detailed reporting and analysis
  • FortiGuard Labs’ global telemetry data, specialized honeypots, and SIEM logs
  • FortiGuard Labs’ expertise and insight to identify ongoing hidden threats, protection gaps, and appropriate mitigation steps

Security Architecture Evaluation

The Security Architecture Evaluation service analyzes your threat spectrum and then uses different methods to evaluate how well your deployed security infrastructure does against the threats you face. This enables you to make the necessary changes to your security technologies to close any gaps and streamline operations. This consulting engagement will:

  • Assess and document your current security design, including systems, tools, owners, and processes
  • Use Breach and Attack Simulation exercises to uncover the security architecture gaps
  • Evaluate your security architecture against industry measurement/compliance frameworks (e.g., NIST)
  • Develop operational runbooks and a roadmap to help improve your comprehensive security architecture, including design and priorities

Cybersecurity Workshops

Organizations face an evolving threat landscape, increasingly advanced adversaries, and a chronic skills gap internally. FortiGuard Labs offers a number of full- and half-day security workshops to help close this skills gap, ensure that your people are sufficiently trained for the roles you need them to perform, and help them become cybersecurity subject-matter experts.

Organizations will benefit from the experience and expertise of FortiGuard Labs team members in training your personnel to better understand specific cybersecurity concepts and tools. Pre-defined workshops reflect the subjects we get asked about the most and will include hands-on training on:

Introduction to MITRE ATT@CK Framework

Provides an overview of the MITRE ATT&CK framework and knowledge base that is used to develop specific threat models and methodologies. Hands-on labs include exercises covering initial access, execution, privilege escalation and persistence, credential access, discovery, and lateral movement.



Cyber Hunting with Blockchains

Blockchain technologies are used in malware hunting, categorization, and file analysis. This workshop will help participants gain an understanding of Blockchainblockchain, the technology behind Bitcoin bitcoin and other cryptocurrencies. The focus will be on the cybersecurity aspects of Blockchain blockchain and how organizations are starting to utilize threat hunting aspects of Blockchainblockchain.

 

Malware Hunting and Analysis

This fast-paced, hands- on, lab-centric course will introduce you to the world of Windows malware, mobile malware concepts, and a basic understanding of Mac malware. More importantly, you will learn how to extract threat intelligence, IOCs, and other threat information from malware to better protect your environment.



SOC Threat Hunting

FortiGuard Labs will develop and train your team on Red Team threat hunting and mitigation techniques specifically applicable to your security operations center (SOC). This includes developing standard operating procedures (SOPs) on how your SOC should respond to ransomware and phishing attacks – or any other type of attack your organization chooses. This will enable your team to track/hunt/respond to these attacks, determine if the organization is at risk, methods to mitigate risks, and how to collect forensics evidence when threats occur.

That’s Not All

We all understand the value organizations get from good threat intelligence, but many cannot staff this critical function in house. That is why FortiGuard Labs offers these consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge. But if you have a need related to threat intelligence that is not covered here, FortiGuard Labs Consulting can easily design a custom engagement. Just let us know.

If you are interested in finding out more, contact your local Fortinet sales rep.