FortiGuard

The subscription of FortiGuard allows to receive continuously in the automatic mode updates for an antivirus, a fayervoll, the web filter and an antispam for products FortiGate FortiWiFi, FortiMail and FortiClient. This subscription is based on work of the specialized Global Research group "Threats of Fortinet" which investigates and develops protection against various known and unknown security risks.

2018: Start of FortiGuard AI and updating of FortiGuard TIS

The Fortinet company announced on April 3, 2018 FortiGuard AI exit. The solution is built in the platform of collection of data on threats of Fortinet and intended for the automated analysis and identification of threats for the purpose of ensuring continuous updating of the user means as a part of adaptive system of network security.

FortiGuard AI by means of machine learning technologies and a continuous training with a high accuracy collects, analyzes and classifies threats at a machine speed.

Taking into account forecasts about the future growth of requirements to speed and a scope of means of protecting from the automated cyber attacks FortiGuard developers started creation of the automated system of machine learning supporting careful and operational processing of huge amounts of data about threats for the purpose of identification of threats.

Development and training of the solution FortiGuard AI by means of technologies of the managed training continued more than five years. This solution weekly analyzes millions of models of threats. Processing of samples is performed with the help more than five billion processing nodes which reveal both the harmful, and not infected components of each sample. In the anticipatory mode defines degree of danger of each new sample by modern algorithms FortiGuard AI and creates data on threats which are used for updating of protective signatures of all means as a part of adaptive system of network security of Fortinet, told in the company.

Speed, scale of a scope and accuracy of work of FortiGuard AI optimize work of services of collection of data on threats of Fortinet by means of which development of updates in real time and means of the anticipating protection against threats for adaptive system of network security of Fortinet is performed.

In addition to an exit of FortiGuard AI, Fortinet also announced release of updates of service FortiGuard Threat Intelligence Service (TIS) and implementation of functions of the analysis of behavior of FortiSIEM:

• Service FortiGuard TIS
  • The beta of service FortiGuard TIS was started in 2017. Now the corporate version of this service which provides indicators of distribution of cloud threats and data on trends of their development for specific corporate network is available. Thanks to it heads on information security gain an impression about a status of all directions of threats at the international level and can make the informed decisions on selection of priority resources and coincidence tuning of security policies of infrastructure.

• FortiSIEM is functions of the analysis of an entity and behavior of users (UEBA)
  • Fortinet also uses machine learning technology for the purpose of optimization of identification of threats due to implementation of the UEBA functions in the version of FortiSIEM 5.0. This means reveals such patterns in behavior of users as location, time of day, the used devices and access to servers. Then the solution FortiSIEM automatically notifies security department specialists in case of detection of abnormal activity, for example simultaneous login from different arrangements, access for users to corporate data at night or too frequent access to seldom used servers.

2017: Start of the international service of collection of data on threats

On July 27 the Fortinet company announced start of the international service of collection of data on threats of FortiGuard Threat Intelligence Service (TIS). The service provides to heads on information security important and up-to-date data about cyberthreats and risks for the organizations that, in turn, provides operational acceptance of anticipatory responses to the purposeful attacks.

Thanks to high degree of development and a wide scope of network of sensors the Fortinet company provides the exact telemetered informations about threats obtained from the most different sources worldwide. Data on 50 billion events daily come to department of FortiGuard Labs. Through service of collection of data on threats of FortiGuard Threat Intelligence Service we provide to our customers and community of security experts access to detailed data on threats — John Maddison, the senior vice president of marketing department of products and solutions of Fortinet company said

In the whole FortiGuard TIS — it is a cloud platform of collection of data on threats which provides indicators of distribution of threats and data on trends of their development thanks to what heads on information security gain an impression about a status of all directions of threats at the international level. The FortiGuard TIS platform uses data of the last researches of department of Fortinet FortiGuard Labs.

Specific Features

The FortiGuard TIS platform is developed especially for collection of data on threats using which heads on information security can consider recent trends of development of threats, inform the top management on risks in the field of cybersecurity and manage effectively transactions of security for the purpose of the maximum involvement of resources and operational acceptance of anticipatory measures of protection.

The platform arranges the threats operating at the international level on gravity degree thanks to what heads can determine by cybersecurity what cyberthreats extend most quicker. Heads in the field of security can distribute these data provided in an available form among personnel of the organization or formulate tasks for security department specialists.

Function of drawing up reports on chains of implementation of cyberthreats provides the additional information on the threats which gained the greatest distribution in specific industry. Heads in the field of security get access to data on the most active threats, signatures intended for an intrusion prevention the malware and botnets in representation on the industries and can compare trends of development of threats both in the general scale, and within the necessary industry depending on the size of the company and its geographical location.

Heads on cybersecurity can select more detailed data view about specific threat to reveal patterns of its activity and also to consider indicators of prevalence and gravity. Thanks to integration into the reference book FortiGuard Encyclopedia the platform provides the detailed descriptions of threats containing data on their origin, behavior and measures of elimination.

Data on separate vulnerabilities of applications and the malware also contain in made by researchers of FortiGuard Labs threats additional notes which can be used for timely elimination of new and specific threats. Besides, expanded comments are periodically published in blogs of Fortinet, quarterly reports on a research of threats FortiGuard and weekly reports of data on FortiGuard threats.

Availability

As of July 27 the service of collection of data on threats of FortiGuard Threat Intelligence Service from Fortinet is available in the open beta.^[1]

2016: Fortinet provided adaptive system of network security

The Fortinet company provided in the spring of 2016 a security system — the complex, integrated, adaptive architecture providing distributed security of networks of the global organizations from the threats connected with IoT and remote devices based on a core of infrastructure and cloud computing.

According to developers, the provided security system "has huge value for support of business innovations during an era of virtual economy". Thanks to the improvements implemented in infrastructure of Advanced Threat Protection (ATP) from Fortinet, the data on threats and function of the automated reaction which are dynamically obtained on places are used for security together with new services of collection of data on global threats of FortiGuard.

The security system of Fortinet is intended for fight against the vulnerabilities which resulted from development of virtual economy and corporate IT infrastructures due to consolidation of earlier independently working systems in uniform architecture. This architecture is under construction on five interdependent principles — scalabilities, awarenesses, security, efficiency and openness.

For detection and elimination of threats in the modern networks deprived of a clear boundary, the security system should not only support dynamic scaling for the purpose of adaptation to the requirements connected with the volume and performance. It should support intra network scaling that is important for providing a comprehensive, comprehensive protection.

The portfolio of security technologies of Fortinet includes solutions for all areas of infrastructure, including wired and wireless networks, devices of end users and IoT, the access levels, different models of "clouds" — from public to hybrid, program the configured networks and means of virtualization. Use of modern technologies (such as FortiASIC processors serving for hardware acceleration, and network devices, including virtual and cloud copies which are built in a security system) ensures smooth operation, high performance and scalability of network.

The scaling option of infrastructure of Fortinet acts as a basis of the second fundamental property of a security system: awarenesses. A system represents complete community of elements and allows to trace a status of the devices, users, contents entering and outgoing data streams and also to analyze traffic templates. At the expense of it management becomes simpler, costs decrease thanks to what process of deployment of new features and the innovation strategy of security, for example, of comprehensive segmentation for protection against advanced threats becomes simpler.

The possibility of tracking of a status of infrastructure is extremely important for security at the level necessary for counteraction to constantly appearing threats, consider in the company. The operating system of security FortiOS provides system management of security of Fortinet from one window. Such Fortinet technologies as Advanced Threat Protection Framework, serve for a careful research of traffic, dynamic data acquisition about threats and data transmissions in department of FortiGuard Labs for automatic use of updates in real time to all means which are logging in. Continuous data collection in combination with the fast, careful and giving-in to scaling process of the analysis optimizes system architecture of security due to fast detection and elimination of threats in process of their emergence.

For the purpose of ensuring due return from investments into the existing infrastructures of security of the companies clients the security system supports integration with large ecosystems of third-party suppliers. Fortinet cooperates with global partners and also with industrial enterprises for the purpose of development of open API based on which the security system is under construction. Thanks to it the organizations can freely unroll the solutions Fortinet for joint work with the existing or new security protections and create the integrated protection infrastructures. So, recently the Fortinet company signed the agreement on cooperation with Carbon Black for the purpose of automation of means of protecting of networks of the companies clients, providing these means with the latest data and management by means of integration with infrastructure of ATP.

Notes