FortiGuard Labs
Fortinet’s Global Threat Intelligence and Research Organization
Read the lastest Threat Landscape Report
Get an overview of FortiGuard Labs operationsThreat Intelligence at Machine Speed
FortiGuard Labs is the global threat intelligence and research organization at Fortinet. Its mission is to provide customers the industry’s best threat intelligence to protect them from malicious cyberattacks. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats.
The efforts of the global team of experienced threat hunters, researchers, analysts, tool developers, and data scientists enable FortiGuard Labs to keep all Fortinet products updated with the best threat identification and protection information available.
FortiGuard Labs has also been instrumental in developing the concepts of threat sharing and collaboration in the threat intelligence industry. Through these efforts, FortiGuard Labs has built a valuable partner ecosystem that includes threat intelligence peers, governmental agencies and international law enforcement organizations.
Latest Research
-
21/05/2020Offense and Defense – A Tale of Two Sides: (Windows) OS Credential Dumping
-
18/05/2020The Use – and Abuse – of DotNet Files, and the Value of FortiResponder Automation in the Threat Analysis Process
-
05/05/2020FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe Illustrator CC 2020
Practical Threat Intelligence
Actionable Threat Research
Fortinet Security Fabric
Fortinet Distribution Network
FortiGuard Security Subscriptions
Want to know how you can leverage FortiGuard Labs to optimize performance and maximize the protection of your Fortinet solutions? Simply add the appropriate FortiGuard Subscriptions and Services to your Fortinet Security Fabric deployments. Available as both individual and bundled subscriptions.
Threat Intelligence Leadership
Complete Attack Surface Coverage
FortiGuard Labs monitors and responds to global threat activity across the entire attack surface. With over 100 billion threat events processed every day, and updates delivered as often as every 5 minutes, FortiGuard Labs provides Fortinet customers with the absolute latest protection against new and emerging threats.
AI-driven Security Pioneer
FortiGuard Labs pioneered the use of artificial intelligence (AI) and machine learning (ML) in 2012 to discover and fight cyberthreats. These technologies greatly improve time-to-detection and enable Fortinet to detect, prevent and respond to cyberattacks at machine speed.
Cybercrime Prevention Leader
FortiGuard Labs advocates for the sharing of intelligence with law enforcement and other global security organizations, and has been instrumental in the design and creation of these secure communication channels. Fortinet co-founded the Cyber Threat Alliance (CTA) and has worked with international law enforcement to take down cybercrime organizations.
Adversary Playbooks
FortiGuard Labs adversary playbooks detail the activity of specific cyberattack campaigns and specify the tools, techniques, and procedures (TTPs) that adversaries leverage to deploy them. These playbooks help organizations understand the lifecycle of cyber-threat campaigns and what technologies and best practices defend against them. FortiGuard Labs playbooks include tactics and techniques that are mapped to the MITRE ATT&CK framework.
Explore adversary playbooks
Zero-day Research
Dedicated researchers and analysts regularly analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric.
Explore zero-day research
Threat Intelligence Briefs
FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.
Explore Threat Intelligence Briefs
Threat Signals
FortiGuard Labs Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.
Explore Threat Signals
Threat Blogs
FortiGuard Labs threat blogs deliver in-depth research for security professionals on new malware, new variants or targets, and critical vulnerabilities being exploited. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.
Explore threat blogsFortinet Distribution Network
FortiGuard Labs knows that cybersecurity defenses are only as good as the threat intelligence informing them. Coupled with an ever-evolving threat landscape, speed is inherent to a strong defense—customers need the latest protections at their fingertips, fast. The Fortinet Distribution Network rapidly delivers world-class threat intelligence updates to customer solutions, enabling updates to multiple products across the globe each day.
Malicious hashes/URLs/IP/Domains updated every 15 minutes
Anti-malware updates every 60 minutes
FortiSandbox 0-day malware updates every 5 minutes
IPS signatures updated every 42 hours
* update frequencies based on historical average
FortiGuard Labs Threat Map
Industry and Partner Community Leadership
FortiGuard Labs has been committed to delivering the best threat intelligence to customers for over 20 years. This includes sharing intelligence with law enforcement and other security vendors to access to as much information as possible. Fortinet firmly believes that sharing this intelligence improves protection for customers as well as the effectiveness of the entire cybersecurity industry.
FortiGuard Labs joined FIRST in 2012, an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.
Co-founded the Cyber Threat Alliance (CTA) in 2014 and wrote the first sharing bylaws for the organization.
FortiGuard Labs joined INTERPOL ICGEG (Global Expert Group) in 2016.
FortiGuard Labs contributed to the development of the STIX/TAXII protocols as well as the MISP platform, both of which are now deployed globally for threat intelligence sharing.
FortiGuard Labs has over 200 individual sources of threat intelligence from partners in cyberspace.
Independent Third-party Validation
Independent, third-party tests provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision.
Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that is right for their needs.
Product CertificationsAI-Driven Security Operations
Want more information on how FortiGuard Labs’ proven artificial intelligence and machine learning systems?