Blogs

What is Wi-Fi 7 and why should you care? Wi-Fi 7, technically known as IEEE 802.11be or Extremely High Throughput (EHT), is the next generation of wireless technology that will revolutionize the way we connect to the internet. Building on the foundation of Wi-Fi 6 and Wi-Fi 6E, Wi-Fi 7 promises to deliver unprecedented speed, capacity, and reliability for a wide range of applications and devices. In this blog, we will explore some of the key features and benefits of Wi-Fi 7 and how it will impact our digital lives. How we reached here? As with most generational improvements, Wi-Fi 7(802.11be) is designed to offer faster speeds and improved performance than its predecessor, Wi-Fi 6(802.11ax). When FCC voted to open a part of 6 GHz spectrum in April 2020 for unlicensed use, all wireless industry experts saw this the biggest opportunity for Wi-Fi upgrade since the FCC opened DFS channels for Wi-Fi in 2003. This quadrupled the amount of spectrum available to users, meaning the Wi-Fi issue

FortiSIEM is a highly flexible solution providing a wide collection of inbuilt Remediation Scripts, integrating FortiSOAR Playbooks or giving the user the ability to create his own custom remediation scripts.Predefined and custom FortiSIEM scripts can be invoked on-demand (manually) or automatically when the incident happens. A common situation for using remediation scripts includes blocking sources and/or destinations IP address for reported attacks or suspicious activities (ex. port scanning activities, communication with a C&C server, botnets, etc.). These situations can also be addressed in an easy and reliable way by using a new remediation method based on a FortiSIEM publishing script leveraging Fortinet Security Fabric External Connectors and/or 3rd party NGFW Connectors.  Video Presentation & Demo Main advantages of this method: One single publishing script can be used to integrate multiple and different FGT FOS versions and/or 3rd party firewall devices Sources

Description:   This article describes how FortiWeb's Machine Learning for Anomaly Detection can detect and protect against such attacks out of the box, without requiring any special configuration.   Recently, security researchers posted several blogs describing a method for bypassing some vendor's WAF solutions. The method described bypasses malicious requests that used JSON (JavaScript Object Notation) syntax appended to SQL injection payloads. Attackers could then use these techniques to get access to a backend database and use additional vulnerabilities to exfiltrate information via either direct access to the server or over the cloud.   Fortinet customers using the FortiWeb web application firewall are protected against this type of evasion technique using FortiWeb's Machine Learning for Anomaly Detection.   Scope: FortiWeb   Solution:   The attack:  The researchers crafted new SQLi payloads by appending JSON syntaxes. These payloads, since it is

This is a real-world example of how not to design a Wi-Fi network. Some caveats upfront – the serious Wi-Fi guys around here are not going to learn anything new, but they might slow down and look, just like for a train wreck. And I don’t mean to pick on the motel I’m using for an example – why would a motel manager know how this stuff works? I do, however, blame whatever consultant/reseller/brother-in-law set this network up. That guy needs to be kept away from anything technical forever! Earlier this year, I took my wife and kids on a long overdue trip to see grandma. Making a leisurely trip of it, we stopped a few other places for the night, including a few popular California tourist destinations. Now, I guarantee you the most important thing to the kids when we got to any motel (dad too, truth be told) was to get on the Wi-Fi – immediately! I’m sure readers can relate. In fact, customer satisfaction with Wi-Fi is a key metric across the hospitality industry these days. One particula

Feature Introduction AWS Cloud WAN AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.   Fortinet SD-WAN Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-firs

Fortinet is one of the leading Firewall vendors that Alkira’s customers use in their deployments. These enterprise customers consider Fortinet their trusted partner whether they are looking to deploy security appliances inside their data centers or as a virtual form factor in private and public cloud environments. Figure 1: Network View on Alkira Portal with Fortinet Firewall Service Firewall deployments in the public clouds are complex, require many steps, lack standardization in the Multi-Cloud environment, and do not offer the same functionality as the on-premise deployment. For example, at a minimum, a cloud engineer needs to do the following for a successful cloud firewall deployment in any CSP environment: Deploy a Security VPC/VNET spanning multiple Availability Zones for high-availability Support connecting large quantities of cloud networks and propagating routes dynamically. Secure inbound and outbound traffic flows. Ensure traffic symmetry when there are multiple fir

Feature IntroductionAWS Cloud WAN AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.  Fortinet SD-WAN Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-first, se

Feature IntroductionAWS Cloud WAN AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.  Fortinet SD-WAN Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-first, se

Feature Introduction AWS Cloud WAN AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.   Fortinet SD-WAN Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-firs

Secure RISE with SAP – How to secure the unknown?What is RISE with SAP? Today enterprises are turning to new business models to avoid disruption, to gain efficiencies, to drive innovation, and to transform mission-critical systems without business risk. SAP offers RISE with SAP to enable companies in all industries to reach these goals. SAP for Rise includes Cloud ERP for every business need, industry best practices and extensibility, analytics and business process intelligence, and outcome-driven services from SAP and partners.With RISE, customers can take the lead with industry innovation for top-line, bottom-line, and green-line growth. Rise enables customers to constantly improve with real-time insights, allowing them to continuously optimize processes. Rise includes embedded cybersecurity and automated data protection to help to protect SAP applications and data.But are these security features and functions sufficient? Let’s look at this more in detail. Challenges to sec

Our previous blog covered how FortiEDR eliminates malware and attacks early in the cyber kill chain and the benefits of proactive security. We know nothing in this life is guaranteed and no form of security is perfect. As stated before, Threat Hunting helps identify what circumvented the first line of defence. This blog will cover post-attack threat hunting. Post-attack, Threat Hunting can assist in ‘following the breadcrumbs’ and identifying patient zero, peering back days, weeks or even months. While FortiEDR’s Forensics suite provides much of the answer with patented code-tracing technology, Threat Hunting is also an essential component. While investigating an event, FortiEDR provides an intuitive experience with contextualised Threat Hunting hyperlinks enabling the SOC analyst to quickly retrieve the information required. Figure 1.1 – Contextualized Threat Hunting – Events View Figure 1.2 – Contextualized Threat Hunting – Forensics View   It is also possible to scan all (or

Fortinet releases a new version of FortiClient to protect classrooms that adopt Chromebook usage integrated into the curriculum. This adds to Fortinet’s significant investment to secure the Education segment.   FortiClient Chromebook Benefits: Automated updates keep defenses up-to-date with the latest website ratings. Fully customized policy-based access control based on categories, websites, and individual pages via granular blocking & filtering. Comprehensive protection - URL database with more than 75 categories, more than 43 million rated websites, and more than two billion web pages. Faster update times by customizable update options. Helps attain CIPA (US HR4577) and BECTA (UK) compliance. It is astounding that education has more security incidents than healthcare or manufacturing as evidenced by 254 incidents recorded in 20151 and accounts for 27.4% of all attacks seen across various verticals2. Schools continue to be key targets for cyber attackers since they possess

Fortinet's annual mid-year check-in with Global Security Strategist Derek Manky (FortiGuard Labs) is live. This is an update to our yearly predictions rolled out at the beginning of each year.    More Information! Read can read Derek's blog, an article in CSO.com, and a Dark Reading byline about the topic.   Excerpts: Technology is making our lives easier. We have access to unprecedented levels of information, resources, social media, and entertainment at our fingertips, 24 hours a day. Much of our reliance on this technology has become invisible, from traffic control systems to medical devices to applications that allow us to make and monitor financial transactions. While new classes of connected devices provide valuable services, they are being woven into an increasingly complex ecosystem of data, devices, applications, and services that we are becoming more dependent on every day. Which is why we are also seeing a rise in the number and

Outside of the various forms of social engineering such as phishing, the most common observed access vector for adversaries is the targeting of external facing services/applications (T1190 – Exploit Public-Facing Application). In the last 12 months there has been a significant focus from threat actors on targeting zero- day vulnerabilities present in external facing services like Microsoft Exchange1 2, Confluence3, and services employing vulnerable log4j libraries4. Despite intrusions related to exploitation of these new zero-day vulnerabilities dominating the spotlight recently the FortiGuard Responder Managed Detection and Response (MDR) team continues to observe attacks where the initial attack vector is a brute-force attack on an external facing service, most commonly SQL database services such as postgres and MSSQL. Attacks on these services are linkedto multiple different actors, majority of which are financially motivated groups (criminals) looking to deploy ransomware or cr

Executive Summary Organizations with global offices delivering hypeconnectivity between workloads and users face more challenges than ever due to market economics, competitor dynamics, and consumer behaviors. Competitors are changing strategies and product iterations faster than ever to match consumer expectations. Those expectations might include 24/7 great user experience, secure connectivity, and high performance. Fortinet can work with AWS Cloud WAN to deliver the secure connectivity across your global private networks by providing complete end to end security through each part within the transit network. Fortinet's Security Fabric can integrate with AWS Cloud WAN to help customers onboard their journey to the cloud or provide smart routing through its SD-WAN capabilities to help customers have more flexibility in their design architecture. Ultimately, the integration between Fortinet and AWS Cloud WAN help reduce complexity in your network while still securing your last mile traff

FortiSIEM 6.4.0 introduces the ability of enriching Analytics with information from Lookup Tables to provide insight into the data being retrieved from logs. It also introduces the ability to create Correlation Rules based on contents and conditions in one or more Lookup Tables. New out of the box LookupTables have been included in this release, which rely on reports to create a baseline of processes and user logins:AWSLoginCountry – Source countries for successful AWS loginAzurePortalLoginCountry – Source countries for successful Azure Portal loginGSuiteLoginCountry – Source countries for successful GCP loginCommonLinuxProcess – Common Linux Process CreatedCommonWindowsProcess – Common Windows Process CreatedO365MailLoginCountry – Source countries for successful O365 Mail loginServerLogin – Servers that users login toVPNLoginCountry – Source countries for Successful VPN LoginThese are accompanied by new Correlation Rules which will trigger in real-time when FortiSIEM receives an

Over 2,500 CISOs and other leaders in IT security attended the annual Gartner Security & Risk Summit in National Harbor, MD. We had the privilege to not only meet with customers at the event but to also attend several sessions and speak with numerous Gartner subject matter experts about trends in the market. Judging from that, here are some key highlights for us: XDR language was everywhere, and diverse. Many attendees were not sure what XDR is and were looking for definitions. We think many vendors had conflicting positioning, often quite different than Gartner’s definition in the XDR market guide. It was a modern example of the proverbial blind men trying to explain their part of the elephant. We feel our XDR is closely aligned with Gartner expectations and will be a market leader as industry adoption continues to accelerate. With market penetration being around 1%, you can ignore those who claim to be an XDR leader. For now, we suggest focusing on what makes you more secure whi

Executive summary  Fortinet is pleased to announce that FortiGate Virtual Appliance Firewall protecting public and private clouds has scored an overall rating of AAA in the recent cloud network firewall report done by CyberRatings, the highest score possible. CyberRatings’ independent testing on Fortinet virtual appliances resulted in AAA scoring in all 5 areas tested (Management & Reporting Capabilities, Routing and Policy Enforcement, SSL/TLS Functionality, Threat Prevention, Performance). The score reflects Fortinet’s continuous commitment to providing holistic architecture that protects our customers’ environment regardless of where they might be located in. The achievement establishes FortiGate virtual appliances as leaders when it comes to protecting workloads on public or private cloud platforms. To learn more about Fortinet’s AAA score from CyberRatings Cloud Network Firewall report, visit their website located here     Fortinet sets the bar for cloud ne

We are pleased to announce the release of FortiEDR 5.2. Our focus this time around was to improve extended detection and response (XDR), the lives of our administrators, and introduce Japanese language support. Our long-term roadmap and plan is to build the industry’s most robust multi-Data Lake XDR platform, and this release features a small part of that plan. For instance, we added advanced XDR visibility, allowing pointed insights into the different correlated detection incident sources, and by doing so accelerated the forensics process. Secondly, we extended our multi-Data Lake XDR-feed support to include Google Cloud Logging, enabling extended detection and visibility via data correlations of Google Cloud services. Please stay tuned for more announcements involving XDR and other items on our roadmap. In case you were not aware, our EDR platform comes with prebuilt, customized enabled connectors for third-party appliances and solutions, such as firewalls, identity, mail, sandboxes,

Together, Fortinet and Rubrik protect businesses from ransomware infection and spread, and in the event of an infection, simplify their ability to recover from ransomware attacks. All, while integrating the advantages of hybrid multi-clouds quickly and effectively.   Challenges/Business Drivers Data is at the heart of most organizations today. Protecting data and preventing potential security breaches – detecting incidents that would otherwise remain undetected and streamlining compliance reporting – remains critical for every organization. Organizations want integrated, simple, easier to manage and more cost-effective solutions for instant recovery and immutability from ransomware, to enable users to recover quickly and integrate the advantages of public and private clouds into IT architectures.   Joint Solution  To solve the challenge, Fortinet and Rubrik have come together with a joint solution between FortiSIEM with Rubrik Cloud Data Management. The Fortine

Due to staffing and technical challenges, organizations are turning to Managed Security Service Providers (MSSPs) for IT security management, and one of the biggest trends is to use MSSPs to deploy and Endpoint Detection and Response (EDR) solutions on their endpoints. EDR offers an MSSP the highest level of security for an endpoint while avoiding the level of administrative complexity and nuance of traditional endpoint protection solutions. Additionally, as MSSPs turn up EDR Managed Detection and Response (MDR) services to help reduce the risks users and vulnerabilities introduce, there are key capabilities that service organizations need to consider, especially in a multitenant environment. One core capability an MSSP needs to look at is how multiple customers are managed. A solution that lacks true multitenancy adds administrative burden by forcing one to turn up individual console instances that need to be administered separately or develop custom portals to integrate into their SO

Exception Manager FortiEDR offers behavioral detection capabilities to detect living-of-the-land, file-less (memory-based), and script-based attacks. FortiEDR behavioral detection provides real-time containment capabilities by blocking external communication or access to the file system. FortiEDR surgically stops data breaches and ransomware damage in real-time, automatically allowing business continuity even on already compromised devices. FortiEDR Exception Manger offers comprehensive feature set to create granular exception rules based on multiple attributes and even create automatic exceptions if Fortinet Cloud Services (FCS) classifies an event as safe. FortiEDR allows exceptions based on collector groups, external destinations, and users. Further security admins can add exceptions based on security rules that triggered the event in which case admin can specify following options: Specify “exact” path to the application or “any path” to allow an application to run Create an except

FortiEDR offers a single unified endpoint agent with machine learning Next Generation Anti-Virus (NGAV), application communication control, automated EDR, and XDR capabilities. All these features are configured and managed via an easy-to-use single unified management console. FortiEDR is the only solution in the market to offer real-time post-execution prevention, helping security analysts to perform forensic investigations at their own pace without racing with time. The solution offers comprehensive protection against advanced persistent threats and massively reduces mean time to detection (MTTD) and mean time to remediate (MTTR). The FortiEDR management console has multiple tabs controlling different features. But the event viewer tab is the one that holds the most relevance for security analysts since each investigation begins from the event viewer tab which lists all the unhandled events in the default view. Users can filter events based on multiple criteria like unread, applicatio

As one of the most valuable tools of EDR, Threat Hunting helps identify bad actors that have otherwise circumvented the first line of defence. It achieves this by proactively identifying threat indicators and vulnerabilities that lurk undetected. FortiEDR’s Threat Hunting is a powerful tool that provides benefits earlier and later in the cyber kill chain. This blog will cover how FortiEDR eliminates attacks before execution. It will cover scanning for metadata, behavior correlation (MITRE ATT&CK), and scheduled queries while a secondary blog will cover post-execution.  Threat Hunting While FortiEDR’s pre and post-infection engines offer protection at multiple stages of the cyber kill chain, how can you proactively scan endpoints for Tactics, Techniques and Procedures (TTPs) which could indicate a potential attack? How can you search for threats that may have otherwise slipped through the net? Figure 1.1 – Cyber Kill Chain Threat Hunting enables the SOC analyst to proactive