FortiGuard Labs
Fortinet Threat Intelligence and Research Organization
Deeper Dive into FortiGuard LabsVisibility + Innovation = Actionable Threat Intelligence
FortiGuard Labs is the threat intelligence and research organization at Fortinet. It is comprised of experienced threat hunters, researchers, analysts, engineers, and data scientists. Its mission is to provide customers with the industry’s best threat intelligence to protect them from malicious cyberattacks. It has three areas of focus:
- FortiGuard Labs – Its threat intelligence efforts keep Fortinet security products armed with the best threat identification and protection information available. Its threat research keeps our customers informed of the latest threats, campaigns, actors, and trends so they can take proactive measures to better secure their environments.
- FortiGuard Security Subscriptions – These are different security options you can choose to add on to your Fortinet devices, enabling you to tailor your security choices to your environment. FortiGuard Labs provides the security detections and prevention capabilities to these security options. Find out more.
- FortiGuard Labs Consulting – Consulting services are designed to provide threat intelligence value to organizations without threat intelligence. FortiGuard Labs Consulting helps organizations better understand the threats they face, identifies gaps in their security infrastructure, and ensures their people have the skill sets they need. Custom engagements are also offered. Need help?
Highlighted Assets
-
2020년 12월 2일FortiGuard Labs ConsultingLeverage the Value of Threat Intelligence
-
2020년 11월 10일Cyber Threat Predictions for 2021An Annual Perspective by FortiGuard Labs
-
2020년 8월 1일Global Threat Landscape ReportA Semiannual Report by FortiGuard Labs
Proactive Threat Research
In-depth research for security professionals on new malware and variants, zero-day exploits, targeted systems, and critical vulnerabilities being exploited in the wild. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.
Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.
These playbooks detail the activity of specific cyberattack campaigns and specify the tools, techniques, and procedures (TTPs) that adversaries leverage to deploy them. These playbooks are mapped to the MITRE ATT&CK framework and help organizations understand the lifecycle of cyber-threat campaigns and what technologies and best practices can be used to defend against them.
Researchers proactively analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric. FortiGuard Labs is an industry leader in zero-day discoveries with over 900 vulnerabilities discovered to date.
FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.
Why FortiGuard Labs
What sets the FortiGuard Labs team apart are three key differentiators: breadth of visibility into the threat landscape, ground-breaking use of innovation, and rapid delivery of actionable threat intelligence to the Fortinet Security Fabric. Some specifics:
- Telemetry gathered from Fortinet’s millions of sensors (5.6M+ devices deployed globally) give FortiGuard Labs visibility into the actual real-world threats our customers face and covers threats found in the network, endpoint, IoT devices, in emails, applications, and web threat vectors.
- The Fortinet Distribution Network is an innovative bi-directional network that both collects telemetry threat data from Fortinet and was also designed to efficiently distribute actionable security protection updates to the Fortinet Security Fabric components deployed in customer networks around the world several times each day.
- Zero-day research demonstrates the effectiveness of our research and provides proactive analysis and actionable intelligence on discovered vulnerabilities before they become discovered exploits. The over 900 discovered vulnerabilities to date set us apart from of our competitors.
- Our industry and information-sharing leadership comes out of our early use or AI and the belief that sharing intelligence with other threat intelligence organizations improves protection for customers as well as the effectiveness of the entire cybersecurity industry. Highlights include:
- Co-founded the Cyber Threat Alliance (CTA) in 2014
- Co-founder of the World Economic Forum’s Center for Cybersecurity created in 2018
- Member of the computer incident response organization FIRST since 2012
- Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. Receives and processes over 200 individual sources of threat intelligence from partners
Independent Third-party Validation
Independent, third-party tests provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that is right for their needs.
See Product CertificationsFortiGuard Security Subscriptions
Want to know how you can leverage FortiGuard Labs to optimize performance and maximize the protection of your Fortinet solutions? Simply add the appropriate FortiGuard Subscriptions and Services to your Fortinet Security Fabric deployments. Available as both individual and bundled subscriptions.
AI-Driven Security Operations
Want more information about FortiGuard Labs’ proven artificial intelligence and machine learning systems ?
FortiGuard Labs Threat Map
FortiGuard Security Subscriptions
FortiGuard Security Subscriptions refer to the different security options you can choose to add on to your Fortinet devices. FortiGuard Security Subscriptions can help customer stop in-flight threats, eliminate attacks from common entry points, proactively prevent and detect breaches, and secure their expanded attack surfaces. FortiGuard Labs, the threat intelligence and research organization at Fortinet, provides the security updates to the detections and prevention capabilities to these security add-ons. FortiGuard Security Subscriptions:
- Are fully integrated to maximize the protection across the Fortinet Security Fabric
- Provide protection across the attack vector spectrum
- Enable you to tailor your security choices to your environment
- Validate their threat effectiveness through independent, real-world testing results
- Are available as both individual and bundled subscriptions
Subscription Details
FortiGuard Security Subscriptions include intrusion prevention, web filtering, antivirus/anti-spyware, anti-spam, database security, virus outbreak protection service, IP reputation updates, content disarm and reconstruction, security rating services, and network and web application control capabilities. Here are just some of the different security options we provide to help protect our customers:
안티 바이러스
FortiGuard 안티바이러스는 최신 바이러스, 스파이웨어, 기타 콘텐츠 수준의 위협으로부터 보호합니다. 업계 최고의 고급 감지 엔진을 이용하여 새로운 위협과 진화하는 위협이 네트워크에 거점을 두고 민감한 콘텐츠에 접근하는 것을 방지합니다.
애플리케이션 제어
사용자가 실행 중인 애플리케이션에 대한 실시간 가시성을 통해 허용되는 사용 정책을 쉽게 적용함으로써 보안을 강화하고 규정 준수를 충족합니다. FortiGuard 액세스 제어를 사용하면 빠르게 정책을 만들어서 애플리케이션 또는 전체 애플리케이션 카테고리에 대한 액세스를 허용, 거부, 제한할 수 있습니다.
콘텐츠 해체 및 재구성
CDR은 파일에 있는 모든 활성 콘텐츠를 실시간으로 제거해 완전히 깨끗한 상태의 파일을 만듭니다. 모든 활성 콘텐츠는 의심스러운 것으로 간주되어 제거됩니다. CDR은 모든 수신 파일을 처리하고, 해체하고, 방화벽 정책에 맞지 않는 모든 요소를 제거합니다.
FortiCloud 샌드박스
FortiCloud 샌드박스 서비스는 동적 분석을 수행하여 아직 알려지지 않은 멀웨어를 찾아내는 지능형 위협 감지 솔루션입니다. FortiCloud 샌드박스에서 생성되어 즉각 조치가 가능한 인텔리전스가 네트워크 내에 전달되어 위협을 제거합니다.
산업 제어 시스템
FortiGuard 산업 보안 서비스는 서명을 연속적으로 업데이트해 일반적인 ICS/SCADA(감독 제어 및 데이터 수집) 프로토콜 대부분을 식별, 감독하고, 섬세한 가시성과 관리 기능을 제공합니다. 주요 ICS 제조사의 애플리케이션과 장치에 추가적인 취약성 보호 기능을 제공합니다.
보안 등급
보안 감사 업데이트 서비스는 고객이 각 기업에 맞게 보안 패브릭 보안 환경을 설계, 구현하고 지속적으로 관리할 수 있도록 유도합니다. 보안 패브릭은 보안 모범 사례를 기초로 구축되었으며, 보안팀은 이러한 감사 검사를 실행하여 보안 패브릭 설정에서 중대한 취약성과 구성 약점을 찾아내고 모범 사례에 따른 권고 사항을 구현할 수 있습니다.
바이러스 실행 차단 서비스
FortiGuard VOS(Virus Outbreak Protection Service)는 안티바이러스 업데이트와 FortiCloud 샌드박스 분석의 간극을 메워 시그니처(Signature) 업데이트 사이에 발견된 멀웨어 위협이 기업 전체로 확산되기 전에 감지하고 차단합니다. OS는 글로벌 위협 인텔리전스 데이터베이스를 실시간으로 조회합니다.
Should you need immediate assistance with a potential security incident, learn how FortiGuard Incident Response service can help.
Which Subscriptions Apply
Due to platform and technology considerations, not all FortiGuard Security Subscriptions run on every Fortinet solution. To see the FortiGuard security options available for individual products, please follow the links below.
Network Security
SD-WAN
NGFW
IPS
Secure Web Gateway
Cloud Infrastructure Security
Public Cloud
Private Cloud
Application Security
Web Application Firewall
Application Delivery
Endpoint Security
Endpoint
Fabric Management & Security Operations
Management & Analytics
SIEM
Sandbox
Deception
FortiGuard Security Bundles
FortiGuard Security Subscriptions cover the realm of security protection needed to respond faster and effectively address the complex and evolving threat landscape. From our unparalleled Advanced Malware Protection (AMP) subscription service to IPS, Web Filtering, Security Rating, and many more, FortiGuard services are designed to offer comprehensive security coverage against the latest threats. With Fortinet, customers gain the confidence of knowing they are protected against today’s evolving threat landscape and sophisticated threats backed by FortiGuard Labs.
Fortinet offers a flexible consumption model for use with FortiGuard Security Subscriptions that allows enterprises to choose these security options using either an a-la-carte model by selecting individual subscriptions or as part of pre-defined packaged bundles built and recommended for specific use cases.
FortiGuard Subscription Bundles
Our bundles are designed to help customers readily improve their security posture, reduce their cyber risk, simplify their operations and management, and address their challenges with compliance and policy enforcement. To ensure business continuity, all of our bundles include 24x7 FortiCare support services.
360 Protection
The 360 Protection Bundle provides the most comprehensive level of security and operational services available. It helps organizations of all sizes manage the complexity in their networks while delivering full protection across the entire attack surface. This includes Secure SD-WAN capabilities and upgraded FortiCare support for faster issue resolution and greater business continuity.
Enterprise Protection Bundle
Enterprise Protection Bundle consolidates the broad protection needed to protect and defend against all cyber-attack channels from the endpoint to the cloud. It includes the technologies needed to address today’s challenging OT, risk, compliance, and management concerns.
Unifed Threat Protection Bundle
Unified Threat Protection Bundle (UTP) extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTP bundle adds coverage for web and email-based attacks.
Advanced Threat Protection Bundle
Advanced Threat Protection Bundle provides the foundational antivirus, intrusion prevention, and application control security technologies needed to protect and defend against known and unknown cyber threats.
Which Bundle is Right for Me?
Our FortiGuard Subscription Bundles are right-sized to help arm Fortinet’s customers with all the services needed to readily achieve their desired outcomes, and get the most of out their Fortinet Security Fabric.
Here are our recommended bundles and use cases:
| ATP | UTP | ENT | 360 | |
|---|---|---|---|---|
| Next-generation Firewall (NGFW) | ● |
● | ● | ● |
| Secure Web Gateway |
|
● |
● |
● |
| Compliance & Benchmarking |
|
|
● |
● |
| SD-WAN |
|
● |
Additional Deployment Use Cases
FortiGuard Security Subscriptions are optimized to work with the Fortinet Security Fabric to protect all deployment use case needs.
To learn more about the individual security subscription options, visit the FortiGuard Security Subscriptions web page.
To learn more about what individual FortiGuard Security Subscriptions are available to work with different Fortinet solutions, please follow the links below.
FortiGuard Labs Consulting
FortiGuard Labs offers consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge.
Faced with an evolving threat landscape, increasingly advanced adversaries, and a chronic cybersecurity skills gap, many organizations are looking to external teams for help in solving basic and advanced security questions:
- What are the topical and most important threats on which I should focus?
- Is my environment as secure as it needs to be?
- Are my people properly trained to defend us against the threats we face?
FortiGuard Labs Consulting is a set of specialized consulting services designed to provide proven threat intelligence to organizations lacking that function internally. These services leverage the expertise and experience of the FortiGuard Labs team to deliver the benefits of threat intelligence CISOs are looking for without the typical threat intelligence costs.
Focused Threat Intelligence and Analysis
Know your enemy. Understanding the threats and threat actors you face enables you to focus your defensive actions on the threats that matter most. It also enables you to prioritize your security spending on solutions that match your most likely threats. This consulting service allows you to choose the subject of your detailed analysis and includes:
- Detailed reporting and analysis
- FortiGuard Labs’ global telemetry data, specialized honeypots, and SIEM logs
- FortiGuard Labs’ expertise and insight to identify ongoing hidden threats, protection gaps, and appropriate mitigation steps
Security Architecture Evaluation
The Security Architecture Evaluation service analyzes your threat spectrum and then uses different methods to evaluate how well your deployed security infrastructure does against the threats you face. This enables you to make the necessary changes to your security technologies to close any gaps and streamline operations. This consulting engagement will:
- Assess and document your current security design, including systems, tools, owners, and processes
- Use Breach and Attack Simulation exercises to uncover the security architecture gaps
- Evaluate your security architecture against industry measurement/compliance frameworks (e.g., NIST)
- Develop operational runbooks and a roadmap to help improve your comprehensive security architecture, including design and priorities
Cybersecurity Workshops
Organizations face an evolving threat landscape, increasingly advanced adversaries, and a chronic skills gap internally. FortiGuard Labs offers a number of full- and half-day security workshops to help close this skills gap, ensure that your people are sufficiently trained for the roles you need them to perform, and help them become cybersecurity subject-matter experts.
Organizations will benefit from the experience and expertise of FortiGuard Labs team members in training your personnel to better understand specific cybersecurity concepts and tools. Pre-defined workshops reflect the subjects we get asked about the most and will include hands-on training on:
Introduction to MITRE ATT@CK Framework
Provides an overview of the MITRE ATT&CK framework and knowledge base that is used to develop specific threat models and methodologies. Hands-on labs include exercises covering initial access, execution, privilege escalation and persistence, credential access, discovery, and lateral movement.
Cyber Hunting with Blockchains
Blockchain technologies are used in malware hunting, categorization, and file analysis. This workshop will help participants gain an understanding of Blockchainblockchain, the technology behind Bitcoin bitcoin and other cryptocurrencies. The focus will be on the cybersecurity aspects of Blockchain blockchain and how organizations are starting to utilize threat hunting aspects of Blockchainblockchain.
Malware Hunting and Analysis
This fast-paced, hands- on, lab-centric course will introduce you to the world of Windows malware, mobile malware concepts, and a basic understanding of Mac malware. More importantly, you will learn how to extract threat intelligence, IOCs, and other threat information from malware to better protect your environment.
SOC Threat Hunting
FortiGuard Labs will develop and train your team on Red Team threat hunting and mitigation techniques specifically applicable to your security operations center (SOC). This includes developing standard operating procedures (SOPs) on how your SOC should respond to ransomware and phishing attacks – or any other type of attack your organization chooses. This will enable your team to track/hunt/respond to these attacks, determine if the organization is at risk, methods to mitigate risks, and how to collect forensics evidence when threats occur.
That’s Not All
We all understand the value organizations get from good threat intelligence, but many cannot staff this critical function in house. That is why FortiGuard Labs offers these consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge. But if you have a need related to threat intelligence that is not covered here, FortiGuard Labs Consulting can easily design a custom engagement. Just let us know.
If you are interested in finding out more, contact your local Fortinet sales rep.