Celebrating our Community: Thank You for an Incredible Month
Blogs
Recently active
Executive Summary: Challenge: Hiring skilled employees that can adequately protect the business from evolving threats Orchestrating point solutions together & having consistent security protections across different environments Too many alerts Risk: Breaches caused from disgruntled ex-employees Exploitation from lack of visibility in patch management Security gaps from inconsistent security protections caused by the lack of communication between point products What is Security Orchestration and Automation Response (SOAR): Gartner defines SOAR as “technologies that enable organizations to take inputs from a variety of sources and apply workflows aligned to processes and procedures” In layman’s term, a SOAR solution aggregate large amount of data into a single location and uses automation & orchestration to streamline processes for consistency & predictability What is the problem FortiSOAR tries to solve: Staff shortages & evolving threa
We'd like to inform you that Accelerate 2020 Barcelona has been cancelled due to the health and safety concerns associated with the coronavirus. What to expect; actions to take: Registration fees paid by credit card will be fully refunded over the next 5 - 7 days. All registrations will be canceled. No further action will be required. Contact your airline to cancel your flights. If you booked your hotel reservation through the Accelerate Barcelona Housing Bureau (B.Networks), be assured we are working closely with them on an action plan. Please be patient and you will be notified soon. Additional information is being prepared and will be emailed within the following days. We recognize the impact canceling an event has, and will truly miss spending time with you in Barcelona. Have any questions? please feel free to start a discussion here.
Thanks to the cloud, companies of any sizes are able to take advantage of nearly unlimited resources almost instantaneously. With the increase in cloud adoption, enterprises are also finding themselves needing to keep up with development. Automation has always been a key component in helping teams improve their operational processes. This is especially true when talking about the cloud. Not only do development team need to leverage automation, but security and networking needs to move with it. Serverless functions help leverage elastic and flexible security design that can help automate tasks on demand. Combined with FortiGate, customers can automate security threats from within their cloud infrastructure while enjoying the consistent security protections whether on premise or in the cloud. With the introduction of VPC Port Mirroring in AWS, customers can now inspect, and mirror traffic sent to an elastic network interface (ENI). Using FortiGate with VPC Port Mirroring, AWS cust
The cliché of "threats are evolving" is unavoidable. That is because it is true. With threats constantly changing and becoming increasingly complex, organizations need a strategic vendor that can help them get not only visibility but is operationally smart. The vendor needs to have solutions that enable organizations to operate more efficiently while navigating complexity and big data. To improve on your security strategies, companies should implement solutions that can ingest data quickly from different security solutions and categorize them into events. At the minimum, these solutions should have a way to then alert administrators to take action based on these events. The security vendor should have flexible solutions that can complement not only their solutions, but also be vendor agnostic and enable security administrators to go through logs and events, build a baseline model that will help them detect anomalies faster, continuously monitor their environment, and take auto r
The FortiSwitch 400 series welcomes a new addition in the FortiSwitch 424E-Fiber. This is the first fiber only switch by Fortinet offering 24 slots which you can populate with a variety of long and short range fiber transceivers. Four 10GbE capable uplinks round out this new switch which is now available for order. In addition to our newest FortiSwitch 424E-Fiber, we have refreshed our 424 series switch with new hardware. The new FortiSwitch 424E, 424E-POE and 424E-FPOE are significant because they double the number of 10GbE capable uplink interfaces previously available in our D series to four making this a perfect switch for demanding campus and Secure SD-Branch environments. For further details and specifications can be found in our Secure Access Family Datasheet found here https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_Secure_Access_Series.pdf As well as the Fortinet.com website.
With reInvent coming up, there are some things that you should watch out for! Amazon's Web Services (AWS) reInvent 2019 is being held in Last Vegas, with professionals in all industries attending. With 60,000 people attending the biggest AWS conference of the year, you can expect some big announcements from Amazon in regard to their different services. Join Fortinet this year to see demonstrations on protecting and monitoring your assets on the cloud, integration with AWS' solutions, and advance threat protection! Come talk to one of us to get more information as to how we work with AWS to help businesses of any size secure their environments on premise and on the cloud using our Security Fabric. At this event, Fortinet is showing demonstrations releasing some new announcements that includes: Support for Fortinet Managed Rules for AWS WAFV2 AWS CloudFormation Registry VPC Ingress Routing Enhancement Support FortiCWP Demonstration FortiWeb Integration to Fortinet's
Don't you hate it when you have a really good, strong, fun password and then the associated program/business gets breached and you have to change it? Personally, I hate thinking of new passwords, and likely I am not alone. It can be hard to think of a password that meets strong password policies and is easy to remember. Often folks take the easy way out and implement something super easy to remember but less secure. In fact, here is a list of the 1000 most common passwords (be sure you don't use any listed here): Most Popular Passwords Some opt for a password manager. Dark Reading recently published an article listing 6 password managers you might consider, providing the ability to strengthen your access management: 6 Small-Business Password Managers The Identity Theft Resource Center is an excellent source of information on breaches and what to do if you were i
Cyber Monday draws millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online. CISA encourages Cyber Monday shoppers to review the following online shopping safety tips: Do business with reputable vendors. Before providing any information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks.) Use caution with email links and attachments. Take appropriate precautions when using email and web browsers to reduce the risk of an infection. Be wary of unsolicited email attachments and avoid clicking on email links, even if t
Watch theCUBE interview with FortiGuard Labs Derek Manky - 2020 Threat Landscape Predictions.
Multi-edge convergence is a term which describe enterprises moving to a complex architecture that requires converging multiple services into a single location. This means that the traditional approach of having the best of breed for networking, security, and other services can no longer compete in today hyper-competitive market. Rather than shying away from converging their infrastructure to work together, enterprises should embrace the idea of multi-edge convergence where multiple services are consolidated into a single solution. The emergence of multi-edge convergence came from a couple of reasons. First, enterprises of all sizes are required now to be more agile than ever. Development are required to produce at a faster rate while security needs to keep up with development. In order for development to push out applications at a competitive rate, using the cloud is unavoidable. With cloud vendors like Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Ora
The best defense to protect your organization from cyber threats is to promptly apply security updates. But it is difficult to patch timely for a variety of reasons. Organizations generally have a mixed OS environment which may include legacy and leading edge applications and technologies, each platform needing to test an update before releasing to production. When you count in that some months there are over one hundred security updates released across various platforms, and it can easily be overwhelming. How do you know which patch should be a priority? How can you better understand the risk of the vulnerability being patched is to your organization? Fortinet can help. Each quarter we release a Threat Landscape Report that provides the top 10 exploits, malware and botnets targeted by cyber criminals, all from a prevalence point of view. This list is a good place to start when you are prioritizing which patches you should apply first. Fortinet manages over one hundred billion security
With many of the enterprises moving to the cloud and many resources existing now in many different environments to keep product development agile and competitive, today's organizations need to be aware of securing one of their most important public-facing assets, web servers. Web servers are often a prime target for attackers simply because they are public facing and closest to the cloud edge. They often involve a large amount of transactions and data. Securing these servers involves being very knowledgeable with the OSI stack and protocols associated with the stack like HTTP and the vulnerabilities that web servers typically have. Dealing with complexities of the cloud while not having the correct resources to protect organizations from external attacks can lead to data breaches, failed audits, legal complications, and more. Organizations need a solution that would enable them to scale security at the speed of development while still being easy to enable and use. FortiWeb Cloud WAF-as
Each week FortiGuard Labs releases a Threat Brief to present some of the more notable hot topics and threats from the week's threat landscape. This week we start off discussing our cyber threat landscape predictions from FortiGuard's Chief of Security Insights and Global Threat Intelligence, Derek Manky. Derek's predictions include: Intelligent swarms of customizable bots grouped by specific attack-functions, designed to share and learn from each other in real-time, could attack an organizations and overwhelm its ability to defend itself The adoption of 5G is likely the impetus for the development of these swarm-based attacks Combining machine learning with statistical analysis will help organizations develop customized playbooks to enhance their ability to detect detect specific threats based on a cyber-fingerprint and intervene mid-attack be being able to predict an attacker’s next moves The use of deception technologies is going to spark
FortiGuard Labs Weekly Threat Brief summarizes the latest hot threat activity and insights from across this week's cyber threat landscape. Here is a recap of what we are covering in this week’s Threat Brief: This week Fortinet released our quarterly Threat Landscape Report. This report distills our intelligence and analysis garnered from billions of events per day into our own unique perspective of the threat landscape. Here are a few of the topics we discuss in this report: Older vulnerabilities continue to remain attractive to cybercriminals, who are aware that users have a hard time patching timely. We saw more vulnerabilities targeted from 2007, than from 2018-2019 combined. We expose the top ten chart toppers from our IPS, Malware and Botnet prevalence stats. It is important to know what is in the eyes of the bad actors so you know where to shore up your defenses. While phishing still remains one of the top attack vectors, in Q3 we saw some unexpected spikes in attacks targ
In case you were unable to attend Microsoft Ignite last week, here is what happened at the event and how to use lessons learned from this event moving forward to help your company improve security and reduce risk within your environment. Microsoft Ignite was held in Orlando, Florida this year with professionals ranging in all industries attending. As the biggest event for Microsoft this year with upwards of 30,000 attendees attending the event. Security vendors including Fortinet attended to spread security awareness and to release updates with the company. This year, Fortinet's key messages for the event was Connect, Protect, Integrate, and Deliver. With Connect, Fortinet partnered with Microsoft Azure to integrate Microsoft's Azure Virtual WAN solution to help deliver end to end secured connection. By automating tedious tasks like VPN tunnel configurations and routing configurations, organizations can operate more efficiently and reduce risk of human misconfig
This week Fortinet released our Q3 Global Threat Landscape report. Every second of every day, FortiGuard Labs is collecting data gathered from millions of devices and sensors around the world. We distill that threat intelligence into our quarterly threat report where we can provide our unique narrative of the threat world. Spikes at the Network Edge - In this issue we explore recent unexpected spikes in attacks targeting edge services with remote code execution exploits. Cybercriminals are more and more extending their tactics beyond phishing and establishing footholds at the network edge, then use that attack vector to begin delivering malware to targets inside the network. Design Flaw Exploited - A design flaw in legitimate ad blocking tools is being abused to support illicit schemes. Adblock Plus uses a key to detect approved advertisement sites so they can be whitelisted. However the key is being exploited to exempt malicious sites from being blocked. Old Vulnerabilities Targeted -
It is scary enough to think about all the bad things that wander outside our own houses. And our organizations have invested heavily to protect ourselves from these outsiders. Everyone—from the CEO, to the CFO, to the CIO and CISO, to the board of directors, wants to know what we are doing about them. But what lurks within our “houses” should be just—if not more so—disconcerting. Indeed, the sad reality is that a large percentage of exposed data, vulnerabilities, and compromised systems occur as a result of insiders. And even though many of us take steps to address insider threats, data suggests efforts are inadequate and despite these efforts, our organizations remain at serious risk of insider threats. Recognizing the need to raise awareness around insider threats, we commissioned Cybersecurity Insiders to conduct a survey of their security community on the topic. The resulting report, which was just released, sheds light on trends and challenges around insider threats, what organiz
Each week, FortiGuard Labs publishes a weekly Threat Brief discussing memorable threat activity during the week. Here is a recap of what we cover in this week's Threat Brief: Attacks against the BlueKeep vulnerability have started. Fortunately, these attacks are not deemed wormable, at least yet, but they instead exploit the BlueKeep vulnerability to simply install cryptocurrency mining malware on infected systems. Our FortiGuard Labs researchers have been assessing web applications with embedded Scalable Vector Graphics (SVG) images. While SVG provides flexibility that enables the creation of more dynamic web content, it also introduces additional security risks. We discuss common SVG attack vectors. A popular Android keyboard app, Ai.type, was removed from Google Play earlier this year, once it was deemed malicious, but not before it had been downloaded on 40 million devices. The app makes suspicious requests that trigger the purchase of premium
FortiGuard Labs published a weekly Threat Brief discussing memorable threat topics and activity discussed and analyzed during the week. Here is a recap of some of that activity: Mobile threats continue to increase in volume and impact. In this week's threat brief we outline five critical elements needed to enhance your mobile cyber security awareness program. This is critical as 14% of all cyber threats overall are detected on Android devices. In fact, this week we saw some prominent mobile threat activity. xHelper Trojan dropper is not only able to reinstall itself on Android devices after it has been removed, but it can also do so after a full factory reset of the device. You can read the analysis of this Trojan in this week's brief. Several humanitarian aid organizations were targeted with a mobile-focused phishing campaign. You can read more about this targeted phishing campaign and the various techniques that the bad actors used. Content management systems are often targete
Today Fortinet announced the fastest, most powerful, desktop SD-WAN appliance to date: the FortiGate 60F featuring our SOC4 security processor. This extends Fortinet’s commitment to providing Security-Driven Networking solutions by including this technology in our popular FortiGate 60 family, which has sold over 1.5 million units to date. Encrypted traffic represents a multi-faceted problem for most networks: With many cloud applications using secure tunnels, any SD-WAN solution that does not decrypt and inspect this traffic will not route and prioritize it correctly. Yet many vendors use standard processors in their products, which slows down performance greatly if inline decryption is enabled. To put it simply, attempting to improve User Quality of Experience (QoE) results in reduced QoE! The FortiGate 60F leverages security-driven networking principals (powered by our purpose-built security processor (SOC4) to deliver the fastest application steering and deep inspection of SSL/TLS
Each week, FortiGuard Labs publishes a Threat Brief that profiles notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief: Read about our FortiGuard Labs researchers analysis of several new spam samples caught in our proprietary spam monitoring system associated with a Remcos RAT campaign. Our researchers noticed an interesting tweet where they found a file that is part of a new BadPatch campaign. BadPatch is a tag used for a set of malware that was used in a campaign with possible link to Gaza hackers. We also review the ELECTRICFISH tool that is used to tunnel traffic between two IP endpoints, allowing one to export data without raising any flags. It is believed that this is one of the tools used by APT38 to amass more than $100 million in funds. The EternalBlue Downloader has been adapted to exploit the BlueKeep vulnerability. If a user is infected with this version of the EternalBlue Down
FortiGuard Labs Weekly Threat Brief summarizes the latest hot threat activity and insights from across this week's cyber threat landscape. https://fortiguard.com/resources/threat-briefHere are some interesting insights from this weeks issue: An Iran-linked advanced persistent threat (APT) group, Charming Kitten, with ties to attacks on the US presidential re-election campaign recently added new techniques to its stockpile in an apparent ramp-up of their operations. We discuss a new vulnerability discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. When executing commands on a Linux operating system, unprivileged users can use the sudo (superuser do) command to execute commands as root as long as they have been given permission or know the root user's password. This week we profile new research on analysis of the Winnti Group's backdoor dubbed "PortReuse". This is an interesting white paper that is
Fortinet is releasing version 8.5 of our FortiWLM software. This version adds the capability to monitor the statistics and RF health of FortiGate managed wireless APs. A FortiGate can now be added to FortiWLM in the ‘Add Controller’ configuration screen. Switching between the FortiGate and FortiWLC context can be done via a drop down menu at the top of the screen. When in FortiGate mode, the Monitor, Operate, and Administration tabs are accessible. Configure and Reports are not available for FortiGate controller in this release. This addition allows the FortiWLM platform to act as a unifying RF management platform for any Fortinet wireless controller hardware. To learn more about FortiWLM and see a demonstration of the new FortiGate management features, you can watch our presentation from Mobility Field Day: https://www.youtube.com/watch?v=mk0JVfj0KQM An additional feature added in this release is the ability to monitor applications an
Each week, FortiGuard Labs publishes our Threat Intelligence Brief that profiles some of the more interesting and impactful security events from the week. Here are some of the topics that we covered this week: FortiGuard Labs researchers recently analyzed a new Golang ransomware that is targeting Linux systems. Golang is a statically typed, compiled programming language designed at Google that is becoming more popular within the malware development community Our FortiGuard Labs researchers found some interesting websites associated with the current Rugby World Cup that advertise as free streaming service, but in fact are anything but. This article discusses the dangers of free streaming apps. On Tuesday, Microsoft released updates for 59 security vulnerabilities, with 9 of them rated critical. Apple and Google Android also provided updates. All we can say is, get patching. The Magecart cybercrime group places digital credit card skimmers on compromise
In our latest weekly Threat Brief, we look into a recently discovered critical vulnerability (FG-VD-19-117/CVE-2019-16920) affecting several EOL D-Link router models found by our FortiGuard researchers. This vulnerability could allow for remote code execution without authentication. This occurs when an attacker sends arbitrary input to the device's common gateway interface that could lead to command injection. We also review a spike in the Winnti backdoor observed over the last couple of months. Winnti is a Remote Access Trojan (RAT) being used against Linux and Windows platforms. It is memory resident, meaning that the malware and its behaviors are hard to detect. While it previously focused a lot of its attacks on the gaming industry to steal information, it most recently also began targeting the pharmaceutical industry. This week’s report discusses a Quest Software KACE K1000 endpoint management system vulnerability that is very simple to exploit, potentially leading to a breach int
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.