Video Library
Configure IPSec VPN
Configure FortiGate and FortiClient (v5.0.2) IPSec VPN for Secure Remote Access to Work Network
All Videos 禄
Fortinet Blog
Analyst Coverage
Product Collateral
Product Demo Center
Product Downloads
Solution Guides
Webinars
White Papers
Configure FortiGate and FortiClient (v5.0.2) IPSec VPN for Secure Remote Access to Work Network
All Videos 禄
This comprehensive report answers all of your botnet related questions.
Download 禄
At first glance, the world of malware and other threats to your network may seem overwhelming: thousands of new malware variants found every day, advanced targeted attacks, zero-day vulnerabilities, key logging, phishing, trojans and botnets. In addition, there鈥檚 an ever-growing vocabulary of confusing and overlapping terms. It seems that almost every day you read stories of organizations being attacked, networks penetrated, data stolen, all resulting in financial damage. How do you stay on top of it all?
As a user of Fortinet technology, you may notice updates being sent to your FortiGate appliance multiple times a day. But what goes into these updates? How does the FortiGuard team create updates for your network? This brief will explain what happens on the front line and how the FortiGuard team obtains information and creates daily packages for your FortiGate and other Fortinet devices to help keep your networks secure.
FortiGuard is Fortinet鈥檚 threat research and response team. With more than 200 security engineers and forensic analysts around the globe providing 24 hours a day, 365 days a year analysis of current threats on the Internet, the FortiGuard team鈥檚 sole purpose is to protect customers.
The FortiGuard continuous protection model is a multilayered, multi-step process that the team uses to keep our customers safe. We learn about threats in a number of ways. We share what we learn with our customers by updating their devices and with industry in conferences and publications. We use the information that we know to protect our customers. And with tools like real-time sandboxing and our ability to detect new malware variants, we can recognize suspect content, that which exhibits malicious attributes, and investigate accordingly.
FortiGuard uses many data sources to collect samples and information about malware and other threats. FortiGuard monitors a host of different data feeds to harness the information used to identify malware and other threats circulating online. The team analyzes the information to create and deploy unique protection packages for Fortinet customers鈥 networks.
Sources include actual virus samples, alerts from partners about suspicious activity, or Fortinet鈥檚 own internal systems that replicate, analyze or reverse-engineer malware.
The FortiGuard team uses service portals to receive and provide information to Fortinet customers and the Internet security industry:
Our knowledge store is a repository of all the information we collect on every threat we analyze and protect against. For more than a decade, the knowledge store has been collecting hundreds of millions of malicious code samples. FortiGuard鈥檚 engineers, analysts and intelligent systems add an average of 160 thousand new samples to the store every single day of the year.
Malware and other malicious threats have long evolved passed the simple virus. The FortiGuard team analyzes and creates protection packages for not only viruses, but for botnets, intrusion detection and protection, web filtering, Distributed Denial of Service (DDoS) attacks, phishing attacks, vulnerabilities, exploits, IP reputation and antispam. Often we see malware that uses multiple components: a malware sample may have a virus component, a spamming component, an intrusion component and a botnet component (with its related command and control information).
Once we鈥檝e analyzed a threat, we generate a package to protect against it.
FortiGuard uses a unique and powerful proprietary programming language called Compact Pattern Recognition Language (CPRL). CPRL allows our analysts to describe entire families of malware with a single program instead of the traditional signature-based 鈥渙ne signature, one variant鈥 model used by other vendors. The FortiGuard team proactively uses CPRL not only to protect against today鈥檚 threats, but to predict tomorrow鈥檚 zero-day malware.
Once a threat has been investigated and a CPRL program created, it is thoroughly tested by the FortiGuard team. These tests ensure the new program detects what it is expected to detect. They also eliminate the risk of a false positive by checking a database of known clean content. Detecting clean files as malware is never a good thing.
Once an update has been tested and cleared for release, the package is released to the Primary FortiGuard Distribution Servers. When the primary servers have received the update, it鈥檚 distributed to our network of Secondary FortiGuard Distribution Servers. This secondary layer provides updates directly to the customer devices.
The FDN is a global network of servers that distribute updates to Fortinet devices, including FortiGate, FortiMail, FortiWeb and FortiDDOS appliances.
There are nine primary FDS servers and almost 100 secondary servers in data centers throughout the world. Customers with a large installation base can choose to use their FortiManager to receive and push the update to the devices that it manages.
FortiManager becomes a third tier within the FortiGuard Distribution Network hierarchy.
FortiGuard鈥檚 Premier Signature Service provides enhanced virus detection and threat analysis support to help mitigate breaking and advanced targeted attacks.
With the FortiGuard Premier Signature Service, you can submit requests for custom antivirus, intrusion protection or application control signatures 24 hours a day, seven days a week for prioritized support with guaranteed response times. Updated signatures are typically provided through Fortinet鈥檚 support site and later included in FortiGuard distribution network鈥檚 automatic updates.
FortiGuard鈥檚 live threat monitor is available any time online for you to discover more about FortiGuard and many of the current threats we鈥檙e observing on the Internet. If you鈥檇 like to see more, visit us at www.fortiguard.com. Security is our business.
Download Solution Guide Inside FortiGuard
We are pleased to be able to find a network security vendor who is able to provide us the desired security solution that is scalable and easy to manage while supporting up to 10,000 remote users. The FortiGate-310B's robust performance, network segmentation capabilities and high port density make it a very compelling and highly competitive buy. Fortinet's FortiGate platform is highly scalable to accommodate our future business growth plans.
