Skip to content Skip to navigation Skip to footer

FortiGuard Labs

Fortinet Threat Intelligence and Research Organization

Latest Outbreak Alert News

Overview

Visibility + Innovation = Actionable Threat Intelligence

FortiGuard Labs is the threat intelligence and research organization at Fortinet. It is comprised of experienced threat hunters, researchers, analysts, engineers, and data scientists. Its mission is to provide customers with the industry’s best threat intelligence to protect them from malicious cyberattacks. It has three areas of focus:

  • FortiGuard Labs – Its threat intelligence efforts keep Fortinet security products armed with the best threat identification and protection information available. Its threat research keeps our customers informed of the latest threats, campaigns, actors, and trends so they can take proactive measures to better secure their environments.
  • FortiGuard Security Subscriptions – These are different security options you can choose to add on to your Fortinet devices, enabling you to tailor your security choices to your environment. FortiGuard Labs provides the security detections and prevention capabilities to these security options. Find out more.
  • FortiGuard Labs Consulting – Consulting services are designed to provide threat intelligence value to organizations without threat intelligence. FortiGuard Labs Consulting helps organizations better understand the threats they face, identifies gaps in their security infrastructure, and ensures their people have the skill sets they need. Custom engagements are also offered. Need help?

FortiGuard 安全服務

To break the attack sequence and protect your organization, you need to detect and rapidly adjust your security posture to newly discovered attacks across ever expanding attack surface.

FortiGuard Security Services is a suite of market-leading, AI-enabled security capabilities that provide  content, web, device, and user security that continuously assesses risks and automatically adjusts protection across the Fortinet Security Fabric. This enables coordinated and consistent real-time defense for the latest attacks

 

Why FortiGuard

security fabric SMB

Comprehensive

You can only protect against what you see, and in places that you can influence the enforcement in real time. We close the security gaps.

  • Be everywhere. Coordinated and consistent security detection and response across the attack surface and cycle with the largest portfolio of products supporting hybrid models of hardware, software and as-a-service.
  • Impact everything. The largest technology and threat intelligence ecosystem with native and API based integration.

Quality of the Analysis

Quality of the analysis

AI and analytics systems are only as good as the inputs and training that go into them. We deliver credible security analysis results based on a unified data set.

  • Trainers matters. Our AI is trained by one of the largest and most experienced security research organizations in the industry the FortiGuard Labs.
  • Data matters. Our AI is trained on one of the largest and most diverse datasets in the industry spanning intelligence from endpoints, networks and clouds.
  • Scale matters. Our platform ingests and analyzes more then 100 billion events every day, on average, to deliver over one billion security updates daily across the Fortinet security Fabric and ecosystem
  • Community matters. We see and protect you against millions of events from our global fabric deployments and from our partners preventing a “second” Patient Zero for community known threats
Threats

Time to protection for newly discovered threats

You can only break the attack sequence if you can update your security posture, in time. We deliver coordinated and automated protection in near real time.

  • Break the Sequence. We generate in near real time holistic set of new protection for all relevant security technologies, enabling coordinated enforcement that is tailored for the attack sequence
  • Have the Reach. We automatically distribute the newly created protections, adjusting the Fortinet Security Fabric and ecosystem with coordinated market leading defense
  • Empower. We continually invest in advanced SOC and NOC tools, training and capabilities making sure that your teams are set for success.
Simplicity

Simplicity

Faster time to activation is key in supporting the pace of digital innovation. We deliver easy to choose, attach and consume high performing security.

  • Operation. Mixes and match security capabilities to fit your diverse set of use cases across the organization, attached them to the desire product across HW, VM and As-A-Service models. Rest assure that they are all designed from the ground up to work together in synergy. Leverage our Fabric management center to gain unified view across your deployment.
  • Purchasing. We provide you with the freedom of choose a-la-care, optimized bundles for NGFW, cloud, mail, endpoint, etc. AND Enterprise Agreement.
更多

Integrated Market Leading Security Capabilities

Web Security

Optimized to monitor and protect data and applications against web-based attack tactics while assisting you with meeting compliance

Content Security

Optimized to monitor and protect against file-based attack tactics, while assisting you with meeting compliance

Device Security

Optimized to monitor and protect against device and vulnerability -based attack tactics while assisting you with meeting compliance.

Advanced Tool

From our threat reseachers to yours. Continuously evaluate and advanced your security posture and set your team for success

Learn more about our market leading security capabilities
& How we deliver our context aware coordinated security across our Fabric and Ecosystem

FortiGuard Integrated Market-leading Security Services

Coordinated market leading security capabilities providing protecting across the attack lifecycle and surface.

 

 

View by:

Web Security

Optimized to monitor and protect data and applications against web-based attack tactics while assisting you with meeting compliance.

Web & Video Filtering FortiGuard’s massive web content rating, and URL databases and AI enabled analysis environments power our accurate web and video filtering services. Providing granular blocking and filtering for web and video categories to allow, log, or block for rapid and comprehensive protection and regulatory compliance

DNS & C2 Consistent protection against malicious domain blocking attack tactics like DNS tunneling, C2 server identification and Domain Generation Algorithms.

Antibot & C2 Block unauthorized attempts to communicate with compromised remote serves for both receiving malicious commands or extract information

Geo IP Geo IP add additional protection to this category by providing location information on IP traffic to help manage region-based threats.

WAF

Geo IP add additional protection to this category by providing location information on IP traffic to help manage region-based threats.

Content Security

Optimized to monitor and protect against file-based attack tactics, while assisting you with meeting compliance.

Cloud Sandbox

 

Top-rated behavior-based AI-powered static and dynamic malware analysis to address the rapidly evolving and more targeted threats including ransomware, crypto-malware, and others across a broad digital attack surface. Delivers real-time actionable intelligence and preventions through the automation of zero-day advanced malware detection and response. MITRE ATT&CK – based reporting and investigation tools.

AV FortiGuard Antivirus delivers automated updates that protect against the latest polymorphing attack components. viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network, endpoint and clouds and access invaluable content.

Innovative capabilities Additional capabilities like mobile malware, credential protection, content disarm & reconstruction, Virus outbreak prevention, DLP, dynamic adult image analysis add additional protection to this category

Antispam Work in conjunction with our mail product to dramatically reduce spam volume at the perimeter, giving you unmatched control of email attacks and infections provide greater protection than standard real-time blacklists

Device Security

Optimized to monitor and protect against device and vulnerability -based attack tactics while assisting you with meeting compliance.

IPS

 

IPS block the latest stealthy network-level threat & network intrusions working with the most comprehensive IPS Library with thousands of signatures AND backed up by FortiGuard research credited with 850+ Zero-day discoveries. Natively embedded in our context aware policies for full control of attack detection methods to suit complex security applications, resistance to evasion techniques.

OT & IoT Identify and police common ICS/SCADA protocols and equipment for granular visibility and control with our OT service, and reduce your attack surface with automated discovery, real time query, segmentation and enforcement for IoT devices.
Additional capabilities like device and OS detection, IoT hardware MAC address vendor mapping updates provide additional protection within this category.

Advanced Tools for SOC/NOC

Security Operational Teams / Network Operational Teams
Continuously evaluate and advanced your security posture and set your team for success

Fabric Rating Provide you with guided experience to design, implement, and continually advance your security posture Fabric Rating Service provides audit checks, identify critical vulnerabilities, configuration weaknesses and recommend best practice implimentations.

IoC Automated breach defense system that continuously monitors your network for attacks, vulnerabilities, and persistent threats. It provides protection against legitimate threats, guarding your data, defending against fraudulent access, malware, and breaches.

Vulnerability Scan Vulnerability scan network assets for security weaknesses, with on demand or scheduled scans. Comprehensive reports on the security posture of your critical assets and automated scanning of remote location

SOC-As-a-Service Free your teams to focus on major executions, by offloading all tier one analysis to our team of exports. We will notify you of any significant events that needs your attention and recommend an action plan.

Consistent and Coordinated Security Detection and Response

The Fortinet Security Fabric is natively integrated with FortiGuard actionable threat intelligence which is continuously updating rich set of capabilities for content, web, device and user security across the Fabric.

FortiGuard maintain AI-powered analysis environments across unified databases, ensuring that all products operate from the same up to the minute data. Different products gain access to all relevant security technologies appropriate to their function and location across the attack plane ensuring security is deployed consistently and enforced cohesively.

The Fabric is based on common standards and open APIs, so you can connect and leverage your existing investments with our threat insights

 

FortiGuard Security Bundles

FortiGuard 安全服務

Simplicity. Faster time to activation is key in supporting the pace of digital innovation. We deliver easy to choose, attach and consume high performing security.

Operation. Mixes and match security capabilities to fit your diverse set of use cases across the organization, attached them to the desire product across HW, VM and As-A-Service models. Rest assure that they are all designed from the ground up to work together in synergy. Leverage our Fabric management center to gain unified view across your deployment.

Purchasing. We provide you with the freedom of choose a-la-care, optimized bundles for NGFW, cloud, mail, endpoint, etc. AND Enterprise Agreement.

Purchase Options

Flexible Purchasing Options

We provide you with the freedom to choose and mix and match between:
•    A-la-care
•    Optimized bundles for products and use cases
•    Enterprise Agreements  
This Datasheet includes purchasing options and bundles for the FortiGate product line. For enabling FortiGuard Security Services on all other products and for other use cases please referrer to the relevant product datasheet.

FortiGate: FortiGuard Security Services Bundles

ATP Bundle
UTP Bundle
Enterprise Bundle
360 Bundle
FortiCare and Content protection FortiCare, Content and Web protection FortiCare, Content, Web and Device protection with migration and compliance tools FortiCare, Content, Web and Device protection with full set of advance tools for your SOC and NOC team combined with priority routing to our support and Soc-As-a Service
Optimized for:
  • Cloud, data sensitive use cases, ransomware, malware, AI powered analysis and response with sandboxing, and IPS projects
Optimized for:
  • Organization looking for advanced protection and are not device sensitive. SWG.
Optimized for:
  • Organization looking to add Device protection to there branch, campus and remote location
  • ICS/SCADA/ HC industries
  • Regulated industries
  • Segmentation project
Optimized for:
  • Organizations with mature SOC and NOC teams
  • SD-WAN Branch and Hub deployments
  • Large scale deployment with hybrid models
   
A-La-Carte
Advanced Threat Protection Bundle
Unifed Threat Protection Bundle
Enterprise Bundle
360 Bundle
FortiCare 24*7
FortiCare ASE      

Content Security

Content Security +IPS
AV ●(+SBX)
IPS
IoT mac to vendor mapping  
Device/OS Detection  
Sandbox Cloud
DLP Native (not a service)  
Virus Outbreak  

Web Security

Web Security
IP Rep    
Web & Video Filtering  
Botner DB    
Geo IP    
DNS ● (+WVF)  

Device Security

Device Security & Compliance
Iot Real Time Query      
OT Detection & Protection    
FortiConvertor    
Fabric Rating    

Advanced Tools

Advanced Tools for SOC/NOC
FortiAnalyzer Cloud      
FortiManager Cloud      
SD-WANBW test Orchestrator OCVPN      
SOC-as-a-Service
     

Learn More about FortiGuard Security Services Bundles

The FortiGuard security services bundles provide granular protection across the attack cycle, and are optimized to support leading use cases across the enterprise.

 

ATP Bundle

Our basic bundle optimized for data sensitive use cases and IPS projects, includes our market-leading security capabilities for vulnerabilities (IPS) and content-based attacks. It includes advanced file analysis with our AI powered, cloud-delivered, sandbox, near real time antivirus updates and more. We also include 24x7 support with our bundles to empower your teams to effectively secure your organization.

 

Learn more about our content security offerings

UTP Bundle

Our UTP bundle optimized for organizations looking for advanced web and content protection. This bundle includes our market leading security capabilities for vulnerabilities (IPS), content and web-based attacks. It includes advanced file analysis with our AI powered, cloud-delivered, sandbox, near real time antivirus updates as well as our market leading cloud-delivered URL filtering with granular video filtering capabilities, C2, DNS and more. We also include 24x7 support with our bundles to empower your teams to effectively secure your organization.

Learn more about our content security offerings

Enterprise Bundle

Our Enterprise bundle was created for organizations that are looking for full protection across the different attack vectors. The enterprise bundle adds device security capabilities to the UTP bundle. It is optimized for organizations looking to add device protection to their branch, campus, and remote locations. The inclusion of migration and compliance evaluation tools in this bundle makes it the ideal choice for operational technology (OT), regulated industries, and segmentation projects.

 

 

Learn more about our content, web, and device security offerings

360 Bundle

The 360 bundle provides SOC and NOC teams with all the tools needed to effectively protect your organization. It includes full protection across the different attack vectors, content, web and device, generating comprehends log/data sets across network, end point and clouds for both AI-powered analysis environments and the NOC and SOC teams to work from. Working from rich set of coordinated data guarantee results accounting for the full attack cycle and not just symptoms in isolation. This bundle also offers SOC-as-a-Service to help augment your team by offloading to our exports your Tier 1 analysis as well as priority routing to our support teams.

This bundle is often chosen for large-scale deployments with hybrid models (hardware, virtual machine, X-as-a-Service, and SD-WAN projects and it’s also popular with organizations looking to offload tier 1 analysis to us.

FortiGuard Labs Consulting

Threat intelligence consulting services from the FortiGuard Labs team

FortiGuard Labs offers consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge.

Faced with an evolving threat landscape, increasingly advanced adversaries, and a chronic cybersecurity skills gap, many organizations are looking to external teams for help in solving basic and advanced security questions:

  • What are the topical and most important threats on which I should focus?
  • Is my environment as secure as it needs to be?
  • Are my people properly trained to defend us against the threats we face?

FortiGuard Labs Consulting is a set of specialized consulting services designed to provide proven threat intelligence to organizations lacking that function internally. These services leverage the expertise and experience of the FortiGuard Labs team to deliver the benefits of threat intelligence CISOs are looking for without the typical threat intelligence costs.

Focused Threat Intelligence and Analysis

Know your enemy. Understanding the threats and threat actors you face enables you to focus your defensive actions on the threats that matter most. It also enables you to prioritize your security spending on solutions that match your most likely threats. This consulting service allows you to choose the subject of your detailed analysis and includes:

  • Detailed reporting and analysis
  • FortiGuard Labs’ global telemetry data, specialized honeypots, and SIEM logs
  • FortiGuard Labs’ expertise and insight to identify ongoing hidden threats, protection gaps, and appropriate mitigation steps

Security Architecture Evaluation

The Security Architecture Evaluation service analyzes your threat spectrum and then uses different methods to evaluate how well your deployed security infrastructure does against the threats you face. This enables you to make the necessary changes to your security technologies to close any gaps and streamline operations. This consulting engagement will:

  • Assess and document your current security design, including systems, tools, owners, and processes
  • Use Breach and Attack Simulation exercises to uncover the security architecture gaps
  • Evaluate your security architecture against industry measurement/compliance frameworks (e.g., NIST)
  • Develop operational runbooks and a roadmap to help improve your comprehensive security architecture, including design and priorities

Cybersecurity Workshops

Organizations face an evolving threat landscape, increasingly advanced adversaries, and a chronic skills gap internally. FortiGuard Labs offers a number of full- and half-day security workshops to help close this skills gap, ensure that your people are sufficiently trained for the roles you need them to perform, and help them become cybersecurity subject-matter experts.

Organizations will benefit from the experience and expertise of FortiGuard Labs team members in training your personnel to better understand specific cybersecurity concepts and tools. Pre-defined workshops reflect the subjects we get asked about the most and will include hands-on training on:

Introduction to MITRE ATT&CK Framework

Provides an overview of the MITRE ATT&CK framework and knowledge base that is used to develop specific threat models and methodologies. Hands-on labs include exercises covering initial access, execution, privilege escalation and persistence, credential access, discovery, and lateral movement.



Cyber Hunting with Blockchains

Blockchain technologies are used in malware hunting, categorization, and file analysis. This workshop will help participants gain an understanding of Blockchain, the technology behind Bitcoin and other cryptocurrencies. The focus will be on the cybersecurity aspects of Blockchain and how organizations are starting to utilize threat hunting aspects of Blockchain.                

 

Malware Hunting and Analysis

This fast-paced, hands- on, lab-centric course will introduce you to the world of Windows malware, mobile malware concepts, and a basic understanding of Mac malware. More importantly, you will learn how to extract threat intelligence, IOCs, and other threat information from malware to better protect your environment.



SOC Threat Hunting

FortiGuard Labs will develop and train your team on Red Team threat hunting and mitigation techniques specifically applicable to your security operations center (SOC). This includes developing standard operating procedures (SOPs) on how your SOC should respond to ransomware and phishing attacks – or any other type of attack your organization chooses. This will enable your team to track/hunt/respond to these attacks, determine if the organization is at risk, methods to mitigate risks, and how to collect forensics evidence when threats occur.

That’s Not All

We all understand the value organizations get from good threat intelligence, but many cannot staff this critical function in house. That is why FortiGuard Labs offers these consulting services designed to help your organization address your specific threat landscapes and improve your organization’s ability to use threat intelligence to meet that challenge. But if you have a need related to threat intelligence that is not covered here, FortiGuard Labs Consulting can easily design a custom engagement. Just let us know.

If you are interested in finding out more, contact your local Fortinet sales rep.

Highlighted Assets

Proactive Threat Research

THREAT BLOGS

In-depth research for security professionals on new malware and variants, zero-day exploits, targeted systems, and critical vulnerabilities being exploited in the wild. They include detailed analysis of the malware/vulnerability/exploit, the impact of the situation, mitigation suggestions, and any Fortinet product-based protections that are available.

THREAT SIGNALS

Threat Signals provide insight on emerging issues within the threat landscape. They offer technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team in an FAQ format.

ADVERSARY PLAYBOOKS

These playbooks detail the activity of specific cyberattack campaigns and specify the tools, techniques, and procedures (TTPs) that adversaries leverage to deploy them. These playbooks are mapped to the MITRE ATT&CK framework and help organizations understand the lifecycle of cyber-threat campaigns and what technologies and best practices can be used to defend against them.

ZERO-DAY RESEARCH

Researchers proactively analyze third-party products and software applications for weaknesses and exploitable vulnerabilities. When a vulnerability is found, the team creates protective measures and updates the appropriate elements of the Fortinet Security Fabric. FortiGuard Labs is an industry leader in zero-day discoveries with over 900 vulnerabilities discovered to date.

THREAT INTELLIGENCE BRIEFS

FortiGuard Labs uses its industry-leading global infrastructure of threat sensors, honeypots, and collectors to provide a weekly recap of the incidents and threats trending in cyberspace.

Why FortiGuard Labs

What sets the FortiGuard Labs team apart are three key differentiators: breadth of visibility into the threat landscape, ground-breaking use of innovation, and rapid delivery of actionable threat intelligence to the Fortinet Security Fabric. Some specifics:

What sets the FortiGuard Labs team apart are three key differentiators: breadth of visibility into the threat landscape, ground-breaking use of innovation, and rapid delivery of actionable threat intelligence to the Fortinet Security Fabric. Some specifics:

  • Telemetry gathered from Fortinet’s millions of sensors (5.6M+ devices deployed globally) give FortiGuard Labs visibility into the actual real-world threats our customers face and covers threats found in the network, endpoint, IoT devices, in emails, applications, and web threat vectors.
  • The Fortinet Distribution Network is an innovative bi-directional network that both collects telemetry threat data from Fortinet and was also designed to efficiently distribute actionable security protection updates to the Fortinet Security Fabric components deployed in customer networks around the world several times each day.
  • Zero-day research demonstrates the effectiveness of our research and provides proactive analysis and actionable intelligence on discovered vulnerabilities before they become discovered exploits. The over 900 discovered vulnerabilities to date set us apart from of our competitors.
  • Our industry and information-sharing leadership comes out of our early use or AI and the belief that sharing intelligence with other threat intelligence organizations improves protection for customers as well as the effectiveness of the entire cybersecurity industry. Highlights include:
    • Co-founded the Cyber Threat Alliance (CTA) in 2014
    • Co-founder of the World Economic Forum’s Center for Cybersecurity created in 2018
    • Member of the computer incident response organization FIRST since 2012
    • Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. Receives and processes over 200 individual sources of threat intelligence from partners

Independent Third-party Validation

Independent, third-party tests provide a critical and impartial measure of the quality of a product, and a reliable reference for customers making a purchase decision. Fortinet is committed to participation in unbiased credible testing so customers can see how Fortinet solutions compare to other vendors and select the solution that is right for their needs.

See Product Certifications

FortiGuard Security Subscriptions

Want to know how you can leverage FortiGuard Labs to optimize performance and maximize the protection of your Fortinet solutions? Simply add the appropriate FortiGuard Subscriptions and Services to your Fortinet Security Fabric deployments. Available as both individual and bundled subscriptions.

AI-Driven Security Operations

Want more information about FortiGuard Labs’ proven artificial intelligence and machine learning systems ?

 

 

FortiGuard Labs Threat Map