FortiOS

The main articles are:

• Operating systems
• Firewall

2023

Two-thirds of Fortinet's firewalls were found to be leaky. You can easily run arbitrary code on them

More than two-thirds of Fortinet's in-service firewalls contain a critical vulnerability that cybercriminals can exploit to seize control of hardware. This is stated in a study by Bishop Fox, the results of which were released on June 30, 2023.

We are talking about a CVE-2023-27997 hole that has a hazard rating of 9.8 points out of 10 (CVSS). This is a remote code execution (RCE) vulnerability associated with a heap buffer overflow problem in FortiOS, an operating system used on FortiGate firewalls. Fortinet released a fix for the hole in June 2023: all users are urged to download firmware versions 7.2.5, 7.0.12, 6.4.13 and 6.2.15 as soon as possible to solve the problem. However, in reality, hundreds of thousands of firewalls remain defenseless against hackers.

Fortinet Firewall

According to Bishop Fox estimates, by the end of June 2023, approximately 490,000 SSL VPN interfaces related to Fortinet devices were available on the Internet. Moreover, about 69% of them, or more than 338 thousand, remain vulnerable. It has been established that software on some hardware has not been updated for eight years. The situation is aggravated by the fact that attackers are actively exploiting the gap.

Bishop Fox also demonstrated an example of a hole exploit. This code causes a heap buffer overflow, connects to a server controlled by attackers, loads a BusyBox binary file, and opens an interactive shell. The exploit is executed in about one second: thus, cybercriminals can potentially carry out attacks as quickly as possible. Many corporate users who use Fortinet hardware are at risk.^[1]

Government hacking through Fortinet VPN devices

In mid-January 2023, it became known that cybercriminals are exploiting the SSL zero-day vulnerability FortiOS VPN to carry out attacks on government organizations and targets related state to structures.

We are talking about the problem described in the CVE-2022-42475 security bulletin. The flaw was fixed in the operating system 7.2.3 in November 2022, but then a wave of cyber attacks followed. The vulnerability is related to a heap-based buffer overflow error. The hole allows non-authenticated attackers to cause a vulnerable device to malfunction or remotely execute arbitrary program code on it using specially created requests.

How hackers attack governments through Fortinet's leaky VPN devices

On January 12, 2023, Fortinet, the developer of FortiOS, confirmed the fact of attacks using exploits for the CVE-2022-42475 hole. It is said that attackers used a modified version of the IPS Engine with Trojan components to deliver malicious software. According to Fortinet, the attacks were targeted, with the investigation finding evidence suggesting government networks were the main targets of cybercriminals.

The sophistication of the exploit speaks of the high qualifications of attackers. The attacks are largely focused on government or government-related targets, Fortinet noted.

Cybercriminals have used various techniques to complicate intrusion detection and confuse analysis. In particular, malware can modify FortiOS log files. In addition, the malware disables the functions of the intrusion prevention system (IPS) of affected devices, which should detect threats by constantly monitoring network traffic. Experts say that depending on the circumstances, an attacker, exploiting vulnerabilities in VPN interfaces, can gain access to confidential information or run a program on the victim's system to encrypt data and obtain a ransom.^[2]

2021

Use of Iranian groups in attacks

The cyber conflict between the United States and Iran continues to heat up. This became known on November 18, 2021. Information security agencies have warned of a growing number of attacks by Iranian groups using vulnerabilities in Fortinet FortiOS (CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591) and Microsoft Exchange. Read more here.

FortiOS 7.0 with 300 additional features

Fortinet on February 15, 2021 announced the release of the seventh version of FortiOS, the flagship operating system Fortinet. With more than 300 additional features, FortiOS 7.0 will enhance Fortinet Security Fabric and Fortinet's ability to provide holistic security for all networks, endpoints, and clouds.

The development of network frontiers such as DPC WAN, LAN, LTE off-network, computing, operating technologies, CASB, SASE, to Internet which a home network has recently been added, has expanded and split the perimeter throughout the infrastructure. Security that can keep pace with network changes and performance requirements while providing holistic visibility, data analysis, detection, and timely coordinated response to cyber attacks requires an integrated platform approach.

Major updates in FortiOS 7.0 address some of the most complex security issues related to home work, security at the SASE border, etc., and extend to the following key areas:

• Zero Trust Access
  Zero trust network access for remote access and application management: FortiOS 7.0 allows each FortiGate client to leverage Zero Trust Network Access (ZTNA) capabilities, making Fortinet a firewall-based provider of ZTNA . ZTNA, included in FortiOS 7.0, improves the user experience by supporting the evolution of improved remote access to replace traditional VPNs. It also reduces the surface of the attack by checking the user and device for each application session, while hiding business-critical applications from the Internet. Fortinet's ZTNA further simplifies management by using the same access policy no matter where users are - on or off the network.
• Security-Based Network
  • Consistent security anywhere with SASE: Fortinet gives businesses the flexibility they need to get their employees to work from anywhere with a consistent enterprise-level security system delivered on the ground and now with SASE (Security-as-a-Service) cloud technology. Offline remote users receive the same level of security regardless of their location. Customers who prefer Thin Edge are also supported through SASE.
  • Updated SD-WAN self-healing capabilities: Fortinet Secure SD-WAN now includes self-healing capabilities through adaptive WAN patches to make applications more resilient. Fortinet has also expanded its passive application monitoring for SaaS and multi-cloud applications to improve user experience and support users from anywhere.
  • LTE Edge Expansion with 5G: Fortinet expands network connectivity and security beyond WAN Edge with 5G and LTE innovations that improve performance and improve wireless resiliency. With a variety of WAN and LTE offerings, organizations can achieve secure, scalable, and highly available network connectivity anywhere.

• Adaptive Cloud Security
  Optimized performance and security in multi-cloud environments - Organizations struggle to manage and optimize application access and overall performance in multi-cloud environments. With the introduction of FortiOS 7.0, Fortinet's adaptive cloud security offerings now provide centralized management of hybrid clouds with automatic scaling for practical resource utilization, dynamic load balancing, and user experience visibility - all designed to proactively improve overall performance and security across the entire cloud perimeter.
• NOC/SOC
  Improving the operational efficiency of NOC and SOC: FortiOS 7.0 introduces advanced tools that offer network security teams of any size and complexity additional capabilities to improve operational efficiency, including/with integration FortiManager FortiAnalyzer the latest version of FortiSOAR as a container for complete orchestration of organization security processes. The update also simplifies SaaS management and operations with a single interface. For FortiCloud organizations that want to leverage our security expertise to expand their operating groups, Fortinet now offers SOC-as-a-Service and NOC Best Practice Service.
• FortiGuard Labs Threat Intelligence
  Home-optimized web protection: FortiGuard's security portfolio includes a rich set of advanced security capabilities to protect content, users, devices, Internet access, and applications. In FortiOS 7.0, Fortinet extends its web protection offering with video filtering to provide even more granular protection in the face of growing video content consumption driven by working from home.

FortiOS 7.0 will be available at the end of the first quarter of 2021.

Most suppliers focus on one particular security site, but the reality is that with this approach, it is impossible to match the complex landscape of cyber threats. The changes to FortiOS 7.0 support Fortinet's commitment to providing a cybersecurity platform that works across the entire surface of digital attacks and delivers extensive, integrated, and automated device, data, and application security, "said John Maddison, First Vice President of Product and Solution Marketing at Fortinet.

2020

Publishing exploits for 50 thousand vulnerable Fortinet VPN devices with FortiOS

Bank_Security security analyst stumbled upon one of the hacker forums on a discussion thread in which someone under the pseudonym pumpedkicks published a list of IP addresses of 49,577 organizations with vulnerable Fortinet VPN devices. This became known on November 23, 2020. According to the hacker, he also has unencrypted credentials associated with these IP addresses. data Among others, the list of potential targets includes those domains belonging to large to banks and government organizations around the world.

All devices are subject to the manufacturer's well-known and already fixed directory traversal vulnerability in Fortinet FortiOS SSL VPN (CVE-2018-13379). With its help, an unauthorized remote attacker can access system files by sending a specially configured HTTP request. An exploit published on a hacker forum allows you to access sslvpn_websession files in Fortinet FortiOS VPN and steal credentials, with which you can then compromise the corporate network and, for example, deploy ransomware in it .

Of the almost 50 thousand vulnerable devices, about fifty belong to authoritative financial organizations and government agencies.

To better find out which companies were affected, I launched nslookup for all IP addresses in the list, and for many of them I found a related domain, "Bank Security told BleepingComputer.

Then the analyst clarified the results and identified domain names associated with organizations of interest and well-known banks. Although the vulnerability has long been known and easy to exploit, the process of deploying updates in organizations is very slow, so hackers continue to exploit known vulnerabilities in their attacks.

This is an old, well-known and easily exploited vulnerability. Attackers have been exploiting it for a long time. Unfortunately, companies have a very slow patch process or an uncontrolled perimeter of access through, and Internet therefore attackers can exploit vulnerabilities to relatively easily compromise companies in any industry, the analyst said.

As previously reported, the vulnerability was CVE-2018-13379 exploited by cybercriminals in attacks on government election support systems in the United States^[3].

FortiOS 6.4

On March 5, 2020, Fortinet announced the release of FortiOS 6.4, the latest version of the flagship operating system for Fortinet Security Fabric. With 350 additional features, FortiOS 6.4 has ample automation, scaling, performance and AI capabilities - all to protect the entire digital infrastructure.

As Fortinet noted, digital innovation is a force that can change the world. It transforms every industry and enables organizations to grow their business, reduce costs, improve efficiency and improve customer service. However, this power also carries increased risks safety as organizations must cope with large surfaces, hacker attacks advanced digital threats, increased ecosystem complexity, and expanding compliance requirements. Only the most advanced platform cyber security can create the conditions for digital innovation, while providing:

• An advanced overview of the entire surface of hacker attacks for better risk management,
• Integrated solutions that reduce the complexity of supporting multiple point products,
• Automated workflows to increase the speed of operations and response.

According to the developer, in version 6.4, FortiOS has added features to support organizations in achieving their goals of digital innovation. This support will be carried out in four key areas of Fortinet Security Fabric and FortiGuard Labs:

• Security-driven Networking: Network Security and Acceleration, Customer Experience Improvement
  • Intuitive SD-WAN orchestrator and detailed application analysis in Fabric Management Center to simplify and automate Secure SD-WAN deployment.
  • Optimizes the use of real-time SD-WAN in FortiGate for reliable business applications.
  • Enhanced segmentation overview capabilities by connecting multi-client VDOMs to Security Fabric and FortiGate to protect against internal risks in your organization.
  • Advanced Secure Web Gateway and IPS use cases provide good protection and simplify administrative operations.
  • Enhanced SD-Branch capabilities with FortiAP controller and simplified LTE links through integrated management with FortiExtender and an expanded FortiAP portfolio with six WiFi modules.

• access Zero-trust Network Access concept Identification : and security of users and devices inside and outside the network
  • Improved visibility of embedded devices in the Fortinet Security Fabric perimeter through integration FortiNAC in Fabric Topology Map and with. FortiAnalyzer
  • A more accurate definition of devices in the loop, FortiNAC including an improved overview of devices on Linux and simplifying the implementation of the Zero-trust Network Access concept, including the ability to automatically identify and segment IoT devices to simplify their security.
  • Enhanced user identification and management with FortiManager docker for FortiAnalyzer Cloud to improve overall workflow and enhanced SAML in FortiAuthenticator along with two-factor authentication in FortiToken Cloud.
  • Intra- and non-network review and management using Fortinet Security Fabric agent telemetry for devices within the network; secure VPN link over FortiClient and secure external access over FortiGuard Cloud for off-net devices.

• Dynamic cloudy Cloud Security Strategy: Security and Control cloud infrastructure and Applications
  • Enhanced security for Office 365 cloud applications through integration with FortiMail and FortiCASB; Additional FortiWeb deep learning capabilities to protect ever-changing applications running anywhere. FortiWeb can be deployed as a physical and virtual device, as a SaaS offering in a public or private cloud, or as a Docker container.
  • Improve cloud security by supporting advanced use cases, hybrid cloud including SD-WAN for AWS Outposts GCP Anthos and using, FortiGate VM and auto-remediation capabilities with FortiGate VM Cloud IDS.
  • Enhanced workload protection and visibility across multiple clouds with FortiCWP asset inventory and optimized security workflows.

• AI-driven Security Operations: Automatic prevention, detection and response to cyber threats
  • Adds advanced endpoint threat detection and prevention capabilities with next-generation AV (NGAV) capabilities, complementing FortiClient endpoint strengthening with machine learning-based NGAV, real-time ransomware protection, and the ability to defuse threats in FortiEDR.
  • Enhanced automation in FortiAnalyzer and FortiSIEM, and full orchestration by FortiSOAR to reduce SOC load and company vulnerability. FortiAnalyzer is the backbone of Security Fabric analytics, and FortiSIEM extends to multi-vendor environments, while FortiSOAR, among other things, allows robust automatic collection of additional context and data to improve incident response (IR), manage scenarios for more efficient coordination and collaboration of client cybersecurity departments, orchestrate, and manage response.
  • Security Fabric is also complemented by dynamic threat discovery and virtual staffing capabilities to expand the limited resources of cybersecurity departments through remote monitoring of Fortinet and 24/7 incident response.

• FortiGuard Labs: Fortinet 360 Protection, developed by FortiGuard Labs, provides a complete suite of operations, support, and security services to enable customers to easily deploy and leverage all of the features of Fortinet Security Fabric. The package is fully optimized for SD-WAN deployments.
  • Security Rating enhancements in 360 Protection also allow customers to proactively identify and address gaps in configuration, policy, security, and compliance procedures, and compare relative position and investment strategies to industry peers.

The combination of FortiOS, specialized SPU technology and threat mining demonstrates Fortinet's commitment to cybersecurity innovation.

2019: FortiOS 6.2

On April 10, 2019, Fortinet announced an updated version of its flagship operating system FortiOS 6.2. The release of FortiOS 6.2 continues the evolution of Security Fabric solutions and contains more than 300 changes covering the entire portfolio of Forinet products and solutions and helping organizations build networks based on security principles, which, according to the developer, is a prerequisite for peripheral and multi-cloud environments that are the result of digital transformation.

"Continued digital transformation means that the entire periphery, not just the cloud, is increasingly important to business. The most difficult task is to protect the network in conditions when the attack surface is growing at an exponential rate due to a sharp increase in the number of peripheral devices. Because business success is actually measured in microseconds, organizations cannot compromise performance for security reasons. And to implement such protection, organizations should take advantage of a comprehensive structural approach (fabric-based approach) to security, which is not limited to individual devices and security platforms, but covers the entire network at the same time, even during its changes. This requires comprehensive, integrated, and automated protection. "

According to Fortinet, improvements in FortiOS 6.2 enhance the capabilities of Fortinet Security Fabric solutions by optimizing end-to-end protection against advanced threats, while reducing the complexities traditionally encountered in designing, implementing, managing, and updating most security architectures. Highlights include:

Expanding the structure

• FortiOS 6.2 includes the following Security Fabric enhancements:
  • FortiADC - Application Delivery Controller
  • FortiToken - User and Device Authentication Tool
  • FortiCASB-cloud - security broker cloudy access for public clouds
  • FortiDDoS - Protection against distributed denial-of-service attacks
  • FortiNAC - Network Access Control
  • VDOM — virtual domains

SD-WAN protection

• The SD-WAN capabilities implemented in Fortinet Security Fabric include a set of functions and services for WAN protection. With these features, customers can improve the performance of mission-critical applications using cost-effective branch office connections. Among the features noted by the developer:
  • Restore the WAN link using the Forward Error Correction mechanism to work with unstable WAN connections in unified communications applications
  • Measurement of WAN capacity on demand
  • Overlay controller allows you to better manage complex connection problems
  • Ability to split the aggregate bandwidth of an overlay network between different connections to improve performance and minimize delay problems
  • High-speed application recognition for faster package management, enabling end users to gain quality experience and high application performance at any given time

Multi-Cloud Security

• Fortinet FortiGate NGFW is integrated with Kubernetes via FortiOS 6.2 Fabric Connectors, which opens up, according to the developer, wide possibilities for container protection. This enables customers to secure any external traffic coming in or out of their container clusters by logically defining policies based on labels and metadata from containers and cloud resources.
• FortiMail Integrated with O365 Exchange, allowing customers to apply the latest to the analyst FortiGuard threat intelligence to better protection email across Exchange O365. Integration does not require any reconfiguration of the network or mail settings, and directly connects API to the O365. This provides organizations with advanced threat protection and protects their email.
• Virtual The FortiGate-VM SPU architecture supports high-performance computing cloud-based operation. processor FortiGate Virtual Security VM (vSPU) improves performance in both xx and private public cloud xx, enabling customers to migrate their high-performance applications to the cloud. Using this architecture, FortiGate VM provides support for virtualizations high-performance application technologies such as C5n AWS Instance, QAT, Intel Native Oracle Acceleration, and others.

Open ecosystems

• FortiOS 6.2 improves Fortinet's control and control panel for the entire growing Fortinet security suite, third-party solutions from the Fortinet Fabric-Ready partner community, and native third-party APIs (connectors). Integration into Security Fabric of additional security capabilities and automation function allows you to:
  • Automatically assess threats and implement a holistic approach to response
  • Ensure compliance through advanced risk analysis in line with industry standards.

Automation and orchestration

• FortiOS 6.2 extends end-to-end automation, orchestration, and response capabilities across all Security Fabric solutions with FortiManager and FortiAnalyzer, including:
  • Single orchestration tool - Provisioning and configuration management is simplified across all Fortinet Security Fabric solutions. Among the main improvements are automatic provisioning for FortiGates, FortiSwitches, FortiAPs, secure SD-WAN and Fabric Connectors for more optimal orchestration of services and the cloud.
  • Automation: The ability to comprehensively automate manual, resource-intensive processes makes operations less complex. This includes scanning IOC history for threat tracking, and incident history and SOC dashboard for incident analysis and priority management.
  • Response: Use asset and entity data to detect, match, and quickly resolve advanced threats. Integration with Scripts, Webhooks, ServiceNow and many other tools allows you to quickly respond to incidents, according to Fortinet.

Providing Security with Artificial Intelligence

• FortiGuard Labs has developed the FortiGuard AI threat detection and analysis system. According to the developer, the underlying neural network consists of more than 9 billion interconnected nodes and is able not only to detect and classify threats at high speed, FortiGuard Labs publishes highly accurate threat analytics that is actively used by Fortinet solutions.
• Developed by FortiGuard Labs, the AI-based threat detection system supports improved detection technologies leaks and is integrated into FortiGate NGFW,, FortiWeb FortiMail, and FortiClient, FortiSandbox which allows you FortiSIEM to speed up detection and response to threats.
• Automated orchestration uses analytics from a wide variety of sources, including the FortiGuard Labs threat analytics service, third-party sources, and native analytics obtained through Security Fabric solutions. In addition, this function performs the necessary actions after detecting threats using UEBA in FortiSIEM.

"We decided to protect our network with Fortinet Security Fabric, which involves deploying, among other things, FortiGate NGFW, FortiMail, FortiSIEM, FortiWeb, FortiClient, FortiSandbox, FortiManager and FortiAnalyzer solutions. As a result, the Institute of Aerospace Technology (INTA) gained more complete control over each network segment and device, whether it is on a local network or in the cloud. We have noted improved operational efficiency as well as easier operation management, given that our security architecture is deployed through a single console. We are excited to see the expansion of Security Fabric with the release of FortiOS 6.2, which will help us provide comprehensive protection against advanced threats across the entire attack surface. " Jesus Garrido Antonio (Jesús Garrido Antonio), Director of Information Technology and Communications at the National Institute of Aerospace Technology

2018: FortiOS 6.0

On March 6, 2018, it became known that INFORMATION SECURITY the company Fortinet introduced OS FortiOS 6.0, which is the basis for all network security systems and enterprise-level security systems developed by the company. In addition to improving the OS protection mechanisms against advanced network threats, including APT attacks, zero-day vulnerabilities and other threats, the sixth edition of FortiOS has acquired an improved cloudy environment monitoring system, built-in network protection, and SD-WAN an improved network security audit system.

FortiOS 6.0 has cloud connectors - they are required to ensure full visibility of multi-cloud environments and can be updated without updating the OS itself

As Fortinet explained, the Security Fabric security architecture based on FortiOS appeared to help customers solve some of the problems facing modern hyper-connected enterprises. Security Fabric implements a comprehensive approach to security, acting as a link for several technologies of the company. Among the main attributes of the system are visibility of network elements, advanced detection of advanced threats and the ability to automatically respond to threats. Fortinet's product range includes both physical and virtual network security devices that have built-in FortiOS firmware.

Listing the capabilities that the OS received, Fortinet mentioned the so-called cloud connectors. They are required to ensure the full visibility of multi-cloud environments and offer the ability to include end-to-end policies, taking into account the requirements of local law enforcement acts on cross-border data transfer.

"Cloud connectors are a kind of API that abstracts FortiOS from objects in the cloud, and therefore the functionality of the cloud connector can be updated without the need to update FortiOS itself." 'John Madison, Senior Vice President, Product and Solutions, Fortinet '

The Security Fabric Audit Update Service (SFAUS) has learned to communicate recommendations for the updated FortiGuard, an intelligent platform for detecting and investigating threats. Fortinet over time plans to add match patterns to SFAUS - first PCI and then GDPR.

Also among the business goals of interest to Fortinet, the company named software-defined distributed WAN (SD-WAN) networks. Intelligent traffic management, which is transmitted from the center to the branch office and vice versa, is one of the main characteristics and tasks that SD-WAN faces. In addition, SD-WAN is characterized by a single point of management of the entire infrastructure and flexible monitoring of network activity.

Given the surge in interest in this fast-growing network business, Fortinet has given FortiOS 6.0 enhanced SD-WAN protection features. This will help organizations reduce risks and limit the offensive actions of hackers. In 2018, the company's plans include the release of products enriched with AI capabilities, as well as the further development of tools for tracking the state of multi-cloud environments.^[4]

Network security.

• Improvements in SD-WAN protection technology allow you to prioritize applications to effectively implement granular management of SaaS, VoIP, and other business applications. Other updates include a traffic shaping feature that provides online bandwidth allocation for important applications, an automatic deployment feature for managing self-tuning SD-WAN locations, and a one-touch VPN technology that aims to provide VPN access to the cloud everywhere.

Multi-circuit infrastructure security.

• Now the advanced cloud connectors in the adaptive network security system are equipped with multi-cloud tracking features. The scope includes private cloud connectors (support for VMware NSX, Cisco ACI, and Nokia Nuage), public clouds (support for AWS, Microsoft Azure, Google Cloud Platform, and Oracle Cloud), and SaaS clouds with CASB connectors (support for Salesforce.com, Office 365, Dropbox, Box, AWS, etc.). These cloud connectors provide comprehensive monitoring of security components across all cloud networks to correlate both intra-network and off-network traffic using a single management console.
• FortiCASB 1.2 integrates security with the FortiCloud Sandbox and antivirus module, provides advanced security and threat detection features, and reports on shadow IT assets. In addition, FortiCASB provides advanced AWS support to effectively track and administer AWS users with advanced compliance, analysis, and reporting tools.

Endpoint security. IoT

• FortiClient 6.0 will include new support features operating system Linux designed to transfer up-to-date OS status data to adaptive network security. Also, FortiClient will provide more complete data on all types of endpoints, including application lists for each device.
• The security agent supports the transfer of telemetry endpoint data to adaptive network security, which helps to more effectively track the status of network endpoints and quickly identify vulnerabilities. In addition, the agent has certificates of compatibility with a number of endpoints developed by partners who have joined the adaptive network security integration program.

Advanced Threat Protection (ATP).

• The entry into force of the GDPR (General Data Protection Provisions) document in May 2018 will complicate the legislative regulation of international business. Great importance is attached to the availability of automated audit tools in corporate network security systems. The FortiGuard Security Assessment Service has the following advantages: advanced audit rules, the ability to customize the audit procedure depending on the characteristics of the network environment, and reporting on compliance with standards and regulatory requirements on demand.
• FortiGuard Virus Protection Service (VOS) provides protection between antivirus updates. To do this, use the analysis function in the FortiCloud Sandbox, which detects malware and blocks its distribution on the corporate network during the intervals between signature updates.
• FortiGuard's Content Disposal and Reconstruction Service (CDR) proactively eliminates potentially malicious content embedded in Microsoft Office and Adobe files in order to clean up files belonging to the most common formats that are often used to distribute malware. This approach prevents infection through social engineering or due to errors related to the human factor.
• The FortiGuard Compromise Indicator Service (IOC) uses a regularly updated list of known malicious elements and constantly scans devices connected to an adaptive network security system in order to timely identify infected devices and take measures to counter threats.
• Available both on-demand and under the Proprietary License Usage Model (BYOL), FortiSandbox ATP for Amazon Web Services is designed to protect enterprise networks from advanced cloud-focused threats. This solution supports both collaboration with network, email, endpoint, and other security capabilities, and application as an extension within the local security architecture.

E-mail and web applications.

• FortiMail now supports the new FortiGuard VOS and CDR services. These services prevent the spread of new attacks and extract active content to counter attacks by executing embedded code.
• The new widgets provide a single, comprehensive view of all email and web applications on the network. Applications that are part of an adaptive network security system are equipped with integrated protection against advanced threats.

Security analysis and administration functions.

• With new threat response capabilities throughout their lifecycle, equipped with adaptive network security, users can automate response based on both specific triggers (system events, threat alerts, user and device health) and direct integration of ITSM. With responses such as quarantine, notifications, reconfiguration, and reporting, organizations can manage their business process environments in real time.
• Automated Enhanced Attack Protection across the board provides guidance and trends in best practices and security requirements. The accompanying benchmarking function is designed to compare organizations that have similarities in terms of size, scope, and geographic location.

Unified access.

• With FortiOS 6.0, the integrated security components in Fortinet switches and wireless access points automate the response to events related to a policy violation by an infected switch or access point. Responses such as quarantine, segmentation and blocking are available.

2017: FortiOS 5.6

On January 17, 2017, Fortinet announced the development of advanced functionality solutions and the release of FortiOS 5.6.

In this release:

• FortiOS 5.6 allows you to quickly monitor the status of all security elements using a single-window management interface. It is equipped with open APIs (application programming interfaces) for integration with partner solutions compatible with our security system.
• Fortinet's more efficient tracking of wireless access points, switches, and sandboxes helps improve efficiency and centralize management of network components and advanced threat protection.
• To ensure the prompt adoption of security measures based on the received IT data, an updated user interface (UI) was developed. With new visualizations of network topologies and updated interactive views for audit, logging, and reporting purposes, IT can change network structures in real time.
• FortiOS 5.6 proactively provides protection recommendations to improve network health and compliance.
• FortiOS 5.6 technology, based on the adaptive Fortinet network security system, supports scalability from IoT to the cloud, covering physical, virtual, and hybrid environments to segment and protect the networks of the largest distributed companies from attacks across the board.

FortiOS 5.6 will be available for download in the first quarter of 2017.

2016: FortiOS 5.4

On February 17, 2016, Fortinet announced the release of updates to the FortiOS information security operating system. FortiOS 5.4 offers features that enable customers to implement internal segmentation to deter and protect against advanced threats.

Screenshot of the application window (2016)

FortiOS simplifies protection against advanced threats. Through the analytical features and actions introduced in FortiOS 5.4, organizations will be able to implement Internal Segmentation Firewall (ISFW) and Secure Access Architecture, and move from traditional perimeter protection systems to tiered security strategies.

Organizations constantly face regularly emerging sophisticated threats. To effectively combat such attacks, security tools are needed that support network segmentation without adversely affecting their performance. FortiOS 5.4 is equipped with new features that make it possible to deploy internal segmentation strategies in corporate networks to isolate and destroy malicious software that penetrates the network perimeter. Michael Xie, Founder, President and CTO of Fortinet

FortiOS 5.4 has a subscription service to ensure the security of mobile devices from the FortiGuard Labs command. The number of mobile devices in corporate networks is growing steadily, which makes such devices the main target of attackers. FortiOS uses threat data that is collected on an ongoing basis by the FortiGuard Labs team specifically for mobile devices. This improves the effectiveness of automated protection against new threats directed at Android, iOS and Windows platforms.

FortiOS 5.4 Properties

• Integration of Advanced Threat Protection Infrastructure (ATP): The solution is integrated with Fortinet's Advanced Threat Protection infrastructure, which serves as the foundation for services such as FortiClient, FortiMail, FortiSandbox, and FortiWeb. This allows automatic distribution of threat data and simultaneous elimination of threats that penetrate the network both directly and using the main attack conductors.
• Single User Interface (UI) - With a single user interface, administrators gain an overall understanding of network health, simplifying management and tracking of all Fortinet products and providing access to analytics.
• FortiHeartbeat connection - Use this function to create detailed visualizations of network topologies. Information security managers have access to the analytics needed to deploy end-to-end policies and develop architectures like ISFW.
• Incident Response - FortiOS 5.4 supports automatic threat detection and one-click response, such as quarantine, source blocking, etc. Using this functionality, response teams can effectively identify and resolve threats as soon as possible.
• Software-Configurable Network Integration (SDN) - Manage leading SDN solutions, including VMware NSX and Cisco ACI.

Availability

As of February 17, 2016, FortiOS 5.4 is available for purchase.

2014: FortiOS OS Updates

On March 5, 2014, Fortinet announced the release of updates to the FortiOS operating system.

The updated FortiOS 5 supports:

• Even faster analysis of SSL protocols
• Deeper reporting and more built-in reports and high-level analysis from FortiAnalyzer
• Built tightly with FortiAuthenticator and FortiSandbox for comprehensive authentication and enhanced threat protection

FortiGate FortiOS 5.0 FSTEC Certificates

As stated in the compliance certificates, FSTEC of Russia Fortinet's 5.0 version FortiGate firewall software (Certificate No. 3171) is a software and hardware tool that does information protection not contain information constituting a state secret and meets the requirements of the guidelines:

• "Means of computing. Firewalls. Protection against unauthorized access to information. Indicators of protection against unauthorized access to information "(State Technical Commission of Russia, 1997) in class 3 of security;
• "Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of control of the absence of undeclared opportunities "(State Technical Commission of Russia, 1999) - by the 4th level of control.

The obtained certificates show that FortiGate firewalls can be used to protect information in personal data information systems up to level 1 of security and in state information systems up to and including class 1 of security, as indicated in the relevant applications to the certificate.

Certificate of conformity No. 3171 is issued by the Federal Service for Technical and Export Control on June 30, 2014. The corresponding certificate is received on the following equipment with a performance from 200 Mbit to 560 Gbit: FortiGate-40C-LENC, FortiGate-80C-LENC, FortiGate-100D-LENC, FortiGate-300C-LENC, FortiGate-600C-LENC, FortiGate-1000C-LENC, FortiGate-3040B-LENC, ForiGate-3950B-LENC, FortiGate-5101C-LENC.

FortiGate's end-to-end network security devices provide unmatched performance and protection while simplifying your network infrastructure. Fortinet offers a wide range of devices suitable for a wide variety of customers: from small enterprises and offices, to large companies and providers. To provide comprehensive and high-performance network protection, FortiGate platforms use the FortiOS™ operating system with FortiASIC coprocessors and other hardware.

FortiGate devices provide high protection against today's most advanced network and application-level threats. FortiGate platforms have broad network functionality, including clustering (active/active, active/passive) and virtual domains (VDOM).

FortiOS 5.2

This version presents innovations aimed at strengthening Fortinet's defense against advanced network threats, including APP attacks, zero-day vulnerabilities and other sophisticated threats. This defense system combines both Fortinet's time-tested threat mitigation mechanisms and entirely new approaches. It is supported by the FortiGuard laboratory, whose experts investigate the ever-growing cyber threats and offer effective measures to eliminate them.

The main components of Fortinet's protection against advanced network threats:

• Access Control: Reduces the risk of attacks by allowing only registered users to access the network through authorized ports.
• Threat Prevention: Actively blocks attacks by scanning codes, analyzing traffic, websites, and applications.
• Threat Detection: Constantly searching for signs of network intrusions that could lead to problems, in order to identify previously unknown attacks that usually bypass the traditional defense system.
• Incident Response: Recognizes and localizes network intrusions using specialized devices based on security policies with predefined action algorithms. The actions of the system depend on the type of threat detected, and are supported by continuously updated automatic FortiGuard signatures.
• · Continuous monitoring: Continuously analyzes and improves the effectiveness of current security policies in accordance with individual or industrial requirements, and adapts to constantly changing conditions and threats.

The FortiOS 5.2 update is still supported by the current versions of FortiAnalyzer 5.0 and FortiManager 5.0 and helps strengthen advanced threat protection at the following levels:

• Access Control:
  • The new table policy management GUI facilitates consistent configuration of firewall policies.

• Threat Prevention:
  • New malicious code detection engine that works at the level of user sessions and goes beyond the search for ordinary signatures and heuristic procedures; combines the speed of user session analysis with the breadth of proactive detection technologies such as unpacking and emulation.
  • The new built-in engine for processing SSL traffic uses a modern chip CP8 recently developed by the company, which gives a fivefold increase in the speed of processing encrypted data (depending on the model of the device used and the version of the software used ).
  • Improved web traffic proxying features with https protocol support and improved performance.
  • An improved IPS engine that protects against the latest and most dangerous network threats, with built-in decoding, dynamic analysis and others.

• Threat Detection:
  • Deeper cross-integration between FortiGate and FortiSandbox for easy deployment and high protection.
  • Improved traffic analysis based on client behavior, indicating the level of attack and ranking the importance of identified vulnerabilities, helping to classify previously unknown types of attacks.
  • More pre-configured reports, including reports on the activity of botnets and other types of compromised systems.

• Incident Response:
  • A new control panel that can be configured to sort by user devices, applications, websites, and vulnerabilities.
  • New modes of operation help you configure your device for the appropriate threat management model based on your enterprise security policy.
  • Easy and easy-to-use policy settings based on the detection and mitigation options you select.

• Continuous monitoring:
  • New capabilities for analyzing and applying policies based on an identification security methodology (combining both users and end devices), with support for cross-logging to identify the full picture of what is happening.
  • Access to the FortiSandbox community.
  • Deep application control to view cloud applications.

2013: FortiOS 5 Features

Fortinet announced on June 30, 2013 the new features of the FortiOS 5 operating system, which underlies all integrated FortiGate security platforms.

As part of the list:

• Choice of functionality: Customers can easily choose from a variety of security options such as high-speed firewall, next-generation firewall (NGFW), advanced Targeted Persistent Threat Protection (ATP), web filtering, unified threat management, etc.
• Visibility of context: allows real-time analysis, as well as retrospective analysis of network operation, taking into account the application, user and device
• Enhanced Protection Against Targeted, Persistent Threats (ATPs): Enhanced security to counter persistent, cross-directional attacks

"Today, customers are looking to reduce costs, simplify management, and increase threat protection. They are increasingly inclined to choose security solutions from one manufacturer, "said John Maddison, vice president of marketing at Fortinet. - For example, an enterprise can use highly efficient firewalls for data centers, next-generation firewalls (NGFWs) for LAN perimeters, and unified threat management (UTM) for remote offices. With a unique innovative approach to security and advanced R&D, Fortinet provides a comprehensive network security platform with a range of necessary features to protect against data center, LAN, and remote office threats. "

Deeper analysis - higher protection

The new function of Contextual Visibility FortiOS 5 allows administrators to more closely track and analyze the history of network traffic, network operations in real time. Data types include IP and access port, geographic IP, session type, user name, network usage, network coverage, and application and connected device types. Thus, with the help of a special "client reputation" function, administrators can correlate data and recognize clients associated with certain threats, and more effectively isolate suspicious sites and IP addresses.

Advanced Targeted Attack Protection (ATA)

Targeted attacks (ATAs) or targeted sustained threats (APTs) are aimed at a certain type of organization, penetration into the system can be carried out using various methods. The threat can go unnoticed for a long time before a data breach occurs. The new FortiGuard service to prevent targeted, persistent threats provides a comprehensive approach to security, including protection against zero-day vulnerabilities, undetected threats, phishing attacks, and/or password hacks. The service includes a list of botnets, malicious signatures and a cloud sandbox mechanism.

2012

FortiOS 4.3

FortiOS 4.3 received Common Criteria EAL4 + certification in early 2012. This independent certification confirms the high level of information security technologies, which is a fundamentally important criterion for choosing solutions for both government organizations and commercial companies.

Common Criteria certification includes rigorous research and testing that examines the products or systems under test in detail in terms of safety aspects. Extensive multi-stage testing is carried out to verify the degree of compliance with the safety features declared by the manufacturer. Particular attention is paid during testing to possible security flaws and potential vulnerabilities.

Common safety assessment criteria, also known as the ISO-15408 standard, have been developed by national security organizations in the United States, Canada, the United Kingdom, France, Germany and the Netherlands. This standard provides a wide range of criteria for evaluating safety products for use in commercial and government organizations.

"The latest EAL4 + certification has once again demonstrated Fortinet's commitment to high international standards, FortiGate devices have been tested annually since 2005," said Erin Connor, director of the EWA-Canada Common Criteria Test Lab, which tested. - Companies that use FortiGate devices to protect their infrastructure can trust these products that are easy to configure and operate. They can also be sure that Fortinet is ready to provide comprehensive protection and full support. "

FortiGate devices already have certificates such as, ISO 9001:2008, NSS, ICSA Labs, Virus Bulletin, FIPS, Dod UC APL, U.S. Army IAAPL and Common Criteria Evaluation Assurance Level 2 (EAL 2 +). FortiGate's multifunctional end-to-end security (UTM) devices provide comprehensive, high-performance and flexible protection for all areas of the business, from small remote offices to large corporations and service providers. In general, FortiGate provides protection and network services for the entire infrastructure and includes functionality firewall, SSL and IPSec, VPN antivirus, intrusion prevention systems, web filtering, anti-spam, application control, data leakage prevention systems (), DLP SSL traffic verification and WAN optimization. The FortiGate platform is based on FortiOS, a specialized platform operating system that uses hardware acceleration of FortiASIC processors, which provide a wide range of network services in a single device.

FortiOS 5.0

FortiOS 5.0 contains over 150 new features. Fortinet also introduces new versions of FortiGate, FortiManager, FortiAnalyzer, and FortiClient. The update contains a large number of new security and intelligent control features that will help customer companies more effectively counter the latest sophisticated threats and protect their data when employees use personal devices for business purposes.

With intelligent and more effective security policies, Fortinet will enable enterprises of all sizes and industries to protect and manage their networks, taking into account not only the fundamentally changing methods of attackers for targeted attacks, but also the ways in which users connect to corporate resources. Fortinet strengthens its leadership by integrating innovative user and device identification and management systems, including reputational policy mechanisms, optimizing botnet detection systems, protecting and monitoring encrypted traffic.

"Of the three most important innovations in release 5.0, it is worth noting, firstly, the" client reputation "function. It will allow you to identify threats in real time, based on the rating of the device, assigned taking into account dozens of parameters, including applications used on the client, visited sites, network activity, etc., "- comments on the new capabilities of the system Elena Gorbunkova, leading manager for working with partners Headtechnology RU, the official distributor Fortinet in Eastern Europe and Asia. - "The second most important can be considered multi-pass filters to protect against complex multilevel and targeted threats. Next come smart policies. "

In addition to the release of the new version operating system of FortiOS 5.0 for FortiGate devices, Fortinet announced the release of FortiManager 5.0, FortiAnalyzer 5.0 and FortiClient 5.0, which meet the growing need for more complex systems for managing and analyzing network infrastructure and activity at endpoints for large, medium and small enterprises.

The new FortiOS 5.0 contains over 150 new features that allow customers to reliably protect themselves from new types of threats and the avalanche-like growth of new mobile devices and applications.

Key Opportunities and Benefits:

• More protection mechanisms to counter sophisticated new threats.
• The "customer reputation" function, which allows you to obtain a cumulative security rating of each device in the network based on behavioral analysis. Provides an action-specific decision-making system to identify compromised endpoints and potential zero-day attacks in real time.
• New innovative malware protection systems have built-in heuristic analysis mechanisms and connections to cloud-based antivirus services that include reputational IP databases and sandboxes.
• With some of the industry's most accurate signatures, FortiOS 5.0 provides unrivaled tiered protection against the latest sophisticated malware attacks.
• More flexible controls that enable data security in a BYOD environment with different mobile devices by accurately identifying and applying access policies and specific security profiles based on device type, location, and activity.
• Smarter mechanisms with automatic policy enforcement for user and guest roles based on location, data profile, and device applications.
• Advanced reporting and analysis capabilities provide administrators with more accurate data about users, devices, applications, and threats on the corporate network.

In the fall of 2012, the FortiOS 5 operating system successfully passed Virus Bulletin certification with a RAP rating of 96.6% (Reactive and Proactive - reactive and proactive detection efficiency). RAP assesses the security solution's ability to detect already known malicious software (reactivity), as well as new malware that appeared after the solution was transferred to Virus Bulletin for tests (proactivity). The efficiency of detecting previously unknown viruses is an extremely important feature, as it provides protection against the latest malware using, among other things, advanced detection protection methods. Of the 30 participants, Fortinet became the only company whose decision received a VB100 award and a proactivity rating above 90%.

Enhanced malware detection

The advanced malware detection mechanism includes three elements: the first is an advanced antivirus engine with one-to-many signatures, reducing the size and increasing the performance of the signature database. For example, one signature now allows multiple virus variants to be detected instead of using a separate signature for each variant discovered. The second element scans and filters the files to determine if the file is suspicious. Such files are run through a built-in sandbox, where its behavior model is checked to determine if it is a threat. The third element is a cloud inspection mechanism: suspicious files are automatically sent to the FortiGuard global research team for more detailed analysis. Identified malicious signatures are placed in the FortiGuard database to create feedback that improves detection proactivity.

On April 17, 2012, in his report "Buyer's Guide to the Endpoint Protection Platform," Gartner Vice President Peter Firstbrook noted: "Antivirus/antispyware databases are 90% to 99% effective at detecting known and widespread threats. However, they are only 20% to 50% effective in detecting new or minor threats. The level of security is significantly improved by non-signaled analysis methods. Modeling unknown code before executing it to determine malware without requiring any action from the end user is another example of a detection technique. "

Vulnerability Detection and Protection

Although social engineering has become a favorite technique in targeted attacks, exploits with vulnerabilities are still widespread. Exploit Discovery and Protection technology in FortiOS 5 can scan and identify vulnerabilities using network scanning or agents, providing complete protection. Intrusion Prevention System (IPS) can be deployed to protect vulnerable endpoints for the period before installing vulnerability remediation packages.

Cloud Reputation System

A system in which reputation is calculated in the cloud significantly improves the efficiency of any network protection system or endpoint. The reputation database checks the unreliability of domains and URLs. The next layer, called the application control layer, classifies applications to detect attempts by them to establish suspicious network connections, for example, with known control servers of botnets.

Local Endpoint Reputation System

This system is based on dynamic analysis of client behavior. Reputation is calculated on the basis of numerous parameters, such as: the use of dangerous applications, conducting IPS attacks, the presence of malware and visiting untrusted websites. A calculated assessment of the reliability of each client allows you to take the necessary preventive actions that should be taken against potential violators.

Multi-Vector Security Policies

Since the above security features must be applied to endpoints, networks in general, and specific applications using security profiles, the security system must be multi-vector. Unlike traditional policies, which can be applied depending on the source (IP address), multi-vector policies can be based on user and device identification, which is an important property of security systems for distributed, virtual and cloud networks.

FortiOS 4

The enhancements offered by FortiOS 4.0 MR3 extend the functionality of the wireless controller to support automatic initialization of wireless access points, identify and suppress unauthorized access points, support a variety of authentication methods, and more unified management for wired and wireless networks on a single FortiGate platform. This update for FortiOS, which already includes a firewall, VPN, IPS, antivirus, application control and many other technologies, also adds functionality for active profiles and stream inspection.

Advanced Wireless Options

With the release of FortiOS 4.0 MR3, new security features and performance enhancements are becoming available for FortiGate end-to-end security devices. The FortiOS operating system extends the functionality of the wireless controller for any FortiGate device running FortiOS 4.0 MR3. This functionality, along with advanced technologies for identifying and suppressing, unauthorized access points, management and reporting for wireless networks and security, increases the degree of security by using role-based access control, which allows you to restrict access to confidential or private data based on the user profile, which ensures compliance with PCI DSS requirements.

In addition to the FortiOS update, Fortinet also introduces an external FortiAP-222B access point that complements the FortiAP family of access points and provides wireless connectivity throughout the enterprise campus with seamless roaming. FortiAP-222B is an external, environmentally resistant, thin access point. This device is intended for enterprises wishing to expand their wireless network outside the building. An easily installed and controlled access point FortiAP-222B uses highly sensitive receivers and amplification at the output in the 27dB, which provides coverage of huge areas.

Enhancement of FortiOS inspection functionality

The functionality of active profiles provides the ability to use behavioral analysis to create and actively apply policies based on deviations from corporate, group or individual basic profiles. The following set of actions are available when suspicious behavior is detected: fixation, notification, quarantine or complete blocking.

Streaming inspection enhances features such as web filtering and traffic shading, intrusion prevention (IPS), and data loss prevention. Streaming inspection uses FortiASIC processors to accelerate functionality such as antivirus protection, application control, IPS, and IPv6 firewall. The user can now choose between streaming or proxy-based security technologies, identifying the most appropriate solution for their infrastructure, as well as in terms of risks.

Other important extensions to FortiOS 4.0 MR3:

• Strong authentication. Two-factor authentication using - FortiToken, SMS messages and e-mail. FortiToken supports one-time password authentication, IPSec and SSL VPN authentication, and administrator login.
• Extended compliance. The functionality of vulnerability scanning has been expanded, which allows you to identify and suppress unauthorized installed access points in accordance with the requirements of the PCI DSS standard.
• Configuration wizards. The new configuration wizards for all FortiGate devices make it easier to configure both basic and advanced firewall, UTM, backup WAN connectivity, and VPN functionality.

FortiGate and FortiOS received EAL 4 + certification

The FortiGate-200B and FortiGate-620B UTM devices, as well as the FortiOS 4.0 operating system, meet the Common Criteria with an Evaluation Assurance Level of 4 +. Certification conducted by third-party expert services demonstrates a high degree of reliability of security products, which is fundamentally important for corporate customers and government agencies.

Common Criteria certification includes rigorous research and testing that examines the products or systems under test in detail in terms of safety aspects. Extensive multi-stage testing is carried out to verify the degree of compliance with the safety features declared by the manufacturer. Particular attention is paid during testing to possible security flaws and potential vulnerabilities.

FortiGate's multifunctional end-to-end security (UTM) devices provide comprehensive, high-performance and flexible protection for all areas of the business, from small remote offices to large corporations and service providers. The FortiGate platform is based on FortiOS, a specialized highly reliable operating system that uses hardware acceleration of FortiASIC processors, which provide a wide range of network services in a single device.

Common safety assessment criteria, also known as the ISO-15408 standard, have been developed by national security organizations in the United States, Canada, the United Kingdom, France, Germany and the Netherlands. This standard provides a wide range of criteria for evaluating safety products for use in commercial and government organizations.

Notes