Celebrating our Community: Thank You for an Incredible Month
Blogs
Recently active
We are continuously the data disclosed by FireEye on the “Sunburst”/UNC2452 operation and working with customers ensure their protection, detect and mitigate this issue. All published and subsequent discovered IOCs were immediately added to our FortiGuard threat intelligence network will be leveraged by solutions including FortiGate, FortiAnalyzer, FortiEDR, FortiSandBox, FortiSIEM and FortiClient. As new IOCs are uncovered, they will also be immediately added to our databases. Here is a summary of resources and how to stay current with the Fortinet products and solutions you have to ensure your protection and on-going detection. FortiGuard Threat Signal – Supply Chain Attack on SolarWinds Orion Affecting Multiple organizations https://www.fortiguard.com/threat-signal-report/3770/supply-chain-attack-on-solarwinds-orion-platform-affecting-multiple-organizations-worldwide-apt29 The latest research on this attack is summarized in this blog https://www.fortinet.com/blo
FortiPenTest, Fortinet pentest-as-a-service cloud-based service has been recently updated to version 20.4. This new version brings improvements to all parts of the portal and also new features, that we will be highlighting below. If you are already accustomed to FortiPenTest web user interface, you will be able to notice new changes here and there. The easiest one to spot, will be the threat level score, which is a numeric value ranging from 0 to 10. It is computed from the CVSS scores of each OWASP Top 10 categories. Figure 1: Top right, threat score is displayed, 5.8/10 in the example The threat score is also listed in the inventory asset page. It can give operators a quick glance to prioritize and choose an asset for vulnerability remediation. With our new big feature – schedule and recurring scans, there is no need for you to be in front of the interface to run a scan. You can plan your scan strategy way ahead of time. Schedule it for daily, weekly, monthly o
A more updated version of this blog is now available: https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack By now you may have read from various media coverage regarding a state-sponsored campaign that has compromised SolarWinds “SunBurst/ UNC2452” that lead to the breach of multiple government agencies. We are currently analyzing all of the data disclosed on the “Sunburst”/UNC2452 operation and are taking proactive steps to ensure the security of our customers. What we know so far: Based on our research and details disclosed to this point, this was a highly evasive and carefully planned attack that was orchestrated by a nation-state. The campaign was based on a supply-chain attack that leveraged backdoored SolarWinds update packages to.SolarWinds’s Orion IT monitoring and management software (affected versions are 2019.4 through 2020.2.1 HF1) in order to infiltrate into the target organizations. &nb
Endpoints are a critical and growing part of a corporate infrastructure. Especially now in changing times with a growing teleworker force, endpoints need to be protected vigilantly. Cybersecurity attacks often start at the endpoint and then pivot to critical data sources. Thus, it is critical to bring endpoint detection data into a central view and orchestrate protection and remediation by utilizing multiple security controls and processes. Trend Micro has been proudly protecting customers from cyber-threats for over three decades, allowing them to consistently respond quickly to threats and protect their businesses from attack with high confidence. A partnership with Fortinet, which shares our commitment to open approach and putting customers first, enables us to offer best of breed solutions to mutual customers who can extract maximum value from security data shared between our solutions and ensure their security posture is optimized. Fortinet FortiSOAR™ | Trend Micro ApexOne
In this blog post, I would like to bring to the attention one of the key features in FortiManager 6.4 release which has considerably improved the workflow for IPS Administrator for organizations that are following the consolidation of function by eliminating the need for a dedicated standalone Intrusion prevention system(IPS) by turning on IPS capability in their existing FortiGate network firewall. Restricted IPS Admin Profile The restricted IPS admin profile feature helps customers who are transitioning from dedicated IPS solutions to Fortinet products. This feature provides replacement functions for IPS administrations Problem Introduction Let’s look at the problem we are trying to address for our customers and build our case from there. Traditionally most enterprises deployed dedicated IPS systems that were managed by the security teams. The security teams responsible for creating the security policy and posture would wield the control over the IPS console to create a new policy, a
SD-WAN has taken the WAN Edge market by storm over the past few years. Businesses and organizations are rapidly choosing SD-WAN in favor of traditional routers due to the added resiliency, traffic engineering possibilities and cost savings it brings. On the other hand, OT networks thus far have not benefited from SD-WAN due to the lack of vendor support for ruggedized edge devices. That changes now as we are proud to announce the FortiGate Rugged FGR-60F/60F-3G4G – the industry’s first OT Secure SD-WAN line of WAN edge devices. The FGR-60F and 60F-3G4G feature all the industry leading security and SD-WAN capabilities our customers have grown accustomed to in a form factor that can withstand harsh industrial environments. Before we go any further, let us take a step back and see how we got here. Traditionally, OT and IT were completely separate networks. OT networks were more or less “air-gapped” from their IT counterparts. However, the lines between the two networks have been rap
Many organizations have recently seen a shift to more remote and home working in response to world events. An expansion of the off-net workforce brings additional organizational security challenges. How can organizations easily maintain visibility when the user is working remotely? Traditional monitoring solutions may rely on network device logs, which aren't relevant to a remote worker, or on complex and difficult to deploy log forwarding architectures which just aren't designed for the new way of working.Enter Fortinet UEBA solutions. Our UEBA solutions provide flexibility, visibility and ease of use. They use advanced machine learning to identify anomalous behavior, and a lightweight agent to easily gather accurate and reliable logs, both on-net and off-net. Logs are uploaded to the system via an encrypted TLS connection - If your user is connected, at home or in the office, your Fortinet UEBA solution has visibility.Fortinet offers two UEBA solutions; FortiInsight and FortiSIEM. Fo
Today Fortinet is proud to announce our enhanced support for securing SAP S/4HANA – SAP’s flagship ERP application. Fortinet offers unprecedented security and visibility for organizations seeking to secure SAP S/4HANA. Fortinet’s support for SAP includes network security for secure access, segmentation and intrusion protection, workload protection to analyze users, policies, and traffic in the cloud, and application protection to protect the SAP S/4HANA application from attack including API protection. Fortinet also offers two-factor authentication tools, device, and access control to help ensure that only approved users and devices are allowed to connect, and endpoint security and remediation. All Fabric components receive actionable threat intelligence updates via FortiGuard Labs. SAP S/4HANA, along with Oracle ERP are the dominant solutions of their type, are being used by nearly all of the Fortune 1000 organizations. Only Fortinet has announced solutions designed and tested t
SAP is among the world's largest software companies, with some 92% of the Forbes Global 2000 using at least some of their enterprise application solutions. Most of these companies will deploy SAP S/4HANA in the cloud—either public or private. In fact, by 2027, some SAP customers will need to migrate to SAP S/4HANA as they have announced the end-of-life of older versions of their integrated application solutions (SAP Business Suite). Fortinet's Dynamic Cloud Security offerings provide organizations the key security elements they require to help secure their SAP S/4HANA cloud deployments during this transition. But as organizations work to become intelligent enterprises that run agile, integrated business processes, security must remain top of mind if they are to be successful in their endeavors. Fortinet’s solutions for SAP provide organizations the key security elements they require to help secure their SAP S/4HANA cloud deployments during this transition. Rethinking Inte
Securing Email before the advent of Data-Centric Security Teleworking, public and home networks, personal devices, and cloud email services have combined to open up email to become the dominant source of security and information breaches. On the one hand spam, malware and spyware are increasingly making its way into the enterprise, and on the other hand, confidential information being shared, even with internal employees, is winding up on unmanaged personal devices. Daily collaboration with external agencies like partners, vendors, and customers, has escalated the problem of addressing security, visibility, and compliance exponentially. Enterprises have hitherto been focused on inspecting and blocking emails at the “perimeter” of the enterprise, which in turn breaks the business process flows. Conversely monitoring the flow of sensitive information via email places the enterprise in a reactionary security paradigm, chasing data and the “bad actors”, as the data has already
Fortinet just released another free offer for organizations designed to further enhance the ability of their workforce to be cyber aware. This new Information Security Awareness and Training service will help companies better educate their workforce on how to identify and protect themselves and their organizations against all types of cybersecurity threats and to help keep security top of mind. This new service, researched and developed by Fortinet’s NSE Training Institute—a world-class team of cybersecurity experts, is in full alignment with two key sets of NIST guidelines: NIST 800-50 , which outlines requirements for Building an Information Technology Security Awareness and Training Program, and NIST 800-16, which discusses Information Technology Security Training Requirements. This powerful turnkey service from Fortinet is made up of three components, each of which include both training and awareness elements. These components, outlined belo
Companies are leveraging the power of Kubernetes to accelerate the delivery of resilient and scalable applications to meet the pace of business. These applications are highly dynamic, making it operationally challenging to securely connect to databases or other resources protected behind firewalls. Visibility into Kubernetes Infrastructure is Essential Lack of visibility has compliance implications. Like any on-premises or cloud-based networked services, Kubernetes production containers must address both organizational and regulatory security requirements. If compliance teams can’t trace the history of incidents across the entire infrastructure, they can’t adequately satisfy their audit requirements. To enable the successful transition of Kubernetes pilot projects to enterprise-wide application rollouts, companies must be able to extend their existing enterprise security architecture into the Kubernetes environment. In response, Fortinet and Tigera jointly developed a suite
When discussing our Fortinet Security Fabric, we often focus heavily on the integration between the solutions across our own product suite. And why not? The Fortinet Security Fabric spans multiple solutions, is seamlessly integrated, provides dynamic automation, and is supported by a single company – all good things. But an essential element of the Security Fabric is its ability to also integrate with other products found in many customer environments. That’s why we also sponsor the Open Fabric Ecosystem, which is one of the largest cybersecurity ecosystems in the industry. It is comprised of Fabric-Ready technology alliance partners whose solutions are also fully integrated into the Security Fabric, collaboration with threat-sharing organizations, open APIs and commons standards to facilitate integration with other third-party solutions, and other Fabric integrations. This ecosystem approach enables organizations to integrate a wide variety of security and networking solutions with t
[Recap] It’s now been about 2 years since Wi-Fi 6 Access Points first showed up on the market, and about one year since we first looked at Wi-Fi 6 last year on our FortiCast podcast (link) where we talked about some of the technological aspects of the standard. The transition is now in full swing we see most customers now evaluating Wi-Fi 6 for their needs before looking at older technologies. In many ways, Wi-Fi 6 has been one of the most successful standards as client devices have been available much quicker this time around than in previous technology shifts. Yet even though Wi-Fi 6 isn’t yet old news, there’s a new topic on the horizon being talked about, Wi-Fi 6e. [General overview] Wi-Fi 6E is the industry name for users to identify Wi-Fi devices that will operate in 6 GHz. Wi-Fi is getting faster and faster. Faster internet is in constant demand, especially as we consume more bandwidth-demanding apps, games, and videos with our laptops, hand held devices and phones.
Fortinet is proud to announce our latest addition to the FortiCloud group of products: FortiPenTest. FortiPenTest is a subscription based Penetration Test tool that can perform OWASP Top 10 vulnerably based testing on a target IP or FQDN (Fully Qualified Domain Name). As DevOps initiatives continue to grow, there’s an ever-increasing need for application security to be on-demand. Ensuring the proper security of developed applications is often about more than compliance, as disruption to business and loss of business records are often as much if not more motivation to ensure a properly secured application than managing a compliance check mark. In fact, Forbes recently carried an article showing the strong correlation between DevOps and the need for Penetration Testing as a service. Fortinet’s FortiPenTest product will run detailed analysis and produces a report covering all found vulnerabilities as well as suggested remediation steps. FortiCloud premium customers
The Case in Point : How to block incoming connections sourced from IP addresses supplied as a list by a 3rd party commercial Threat Intelligence feed. Until FortiOS 6.0.1 we had to resort to custom scripting which downloaded those block lists, then parsed and compiled Fortigate CLI commands to add them as address objects, circumventing limitations by grouping addresses into Address Groups. In short, it was doable but painful. But no more - starting with FortiOS 6.0.1 we have a Fabric Connector for the IP address/domains block lists which we can use in DNS FIltering (6.0.1 and newer) and also as regular Address objects in Source/Destination fields of Security Rules (starting with 6.2 and newer). So let's see how to do it. For this post I will be using free "Bogons List" by Cymru Team as in the original case I was using commercial and confidential one which cannot be disclosed here. The idea is identical - the feed provider gives (usually) HTTP/HTTPS link to downloa
Protect your Datacenter infrastructure and deliver uptime with FortiDDoS Appliances By Vinod Sundarraj and Hemant Jain | Just when you thought DDoS attacks are being taken care by large cloud-based DDoS mitigation service providers, a company which ensures the reliability of companies' websites and internet-connected services had a bit of online trouble itself 1. And this is not the first time that this kind of outage has happened with this provider and it has impacted even cloud service providers 2. Why is that data centers do not have adequate technology to block 754 million packets per second coming from just over 300,000 IPs is simply because of using traditional technology and manually operated scrubbing centers with large staff that add and subtract rules based on attacks on their routers and switches. This kind of equipment is not geared for variety of DDoS attacks that today’s hackers can generate by just switching a few bits in packets here and there. The nature of
The Fortinet Veterans Program (FortiVet) Community is LIVE! This is an open group for #veterans and #militaryspouses that are looking to transition into a career in #cybersecurity, military ready #employers, and current and past #Fortinet veteran employees and #allies. Whether you currently are a veteran looking to transition into the private sector, a hiring partner who hires veterans (feel free to post opportunities), or just want to learn more about the impact that veterans and military spouses have in the civilian workforce, this group will provide a place to show your support! Interested in joining this group? https://www.linkedin.com/groups/8958490/
One of our nonprofit partners, IVMF has issued a brief, “The Business Case for Hiring a Veteran: Beyond the Clichés,” which draws from academic literature to suggest a robust, specific and compelling business case for hiring individuals with military background and experience. The report details the results of a comprehensive review of academic literature from the fields of business, psychology, sociology, and organizational behavior positioned to illustrate the foundational elements around which employers can formulate a research-informed logic for recruiting and developing military veterans in the civilian workforce. The business case is based on 10 research-informed propositions on the value of a veteran in a competitive business environment.Read the full brief here.
Are you a Fortinet Expert and interested in sharing your technology & industry expertise with your peers? If so, here comes an opportunity to showcase your knowledge, and show-off a Blogger badge on your community profile . We are currently recruiting guest bloggers or writers for our community blog team who will contribute regularly for the benefit of our fellow community members. If interested, send us today an original piece of content - a story of your successful product implementation, best use case of a particular Fortinet product, a how-to tutorial with tips & tricks, or any other content relevant to our technical audience. The submission can be written, visual (video with an interactive demo, whiteboard or a panel/Q&A session) or a mix of both. Whichever the method of delivery is, make sure that your submission is in english with approximately 2-3 minutes of view time (1000-1500 words or 180 sec) and does not advertise o
There are more than 2.9 million unfilled cybersecurity jobs globally, according to a study by (ISC)2. And 59 percent of cybersecurity professionals surveyed for that study believe the widening talent gap put their organizations at risk. This shortfall has been discussed long enough that the tendency is to dismiss it with a “Yes, yes, we know about that.” And the gap gets bigger. What can be done about this escalating issue? This large problem demands innovation, cooperation, and concerted effort from many areas. Governments, enterprises, and higher education institutions are working on both separate and joint initiatives to raise up the cybersecurity workforce needed to address serious threats to industry, commerce, and even critical infrastructure. But the question is, will these efforts be enough? Helping to Fill the Gap Securing the digital landscape around the world requires critical security technology innovation, coupled with the effective deployment, integration, and o
Use case: Customer has two ISP connections at both sites. Two VPNs configured. ISP1 to ISP1 and ISP2 to ISP2. Customer wanted to lower the time it takes for the VPN to drop and the other VPN come up. One of the options I discussed with the customer was running route-based VPN and OSPF. This also has its challenges but in this article I will cover modifying the DPD settings to decrease the time for the VPN to fail-over. config vpn ipsec phase1-interface edit <tunnel_name> set dpd on-idle set dpd-retrycount <#> <---------------- by default, this value is 3 set dpd-retryinterval <#> <------------- by default, this value is 20 Here is the explanation of the options. dpd-retrycountHow often will the DPD be attempted. dpd-retryintervalHow long is the interval in seconds after which a DPD will be attempted again. On a dial-up server, if a multitude of VPN connections are idle, the increased DPD exchange could negatively impact the performance/load of the IKE proc
First and foremost, a special shout out to a friend that helped with this config. Juan Perez, thank you brother. Use Case: Customer wants a single SSID in his environment. He wants Teachers on a VLAN once they connect on a managed workstation (AD Member), Students on a different VLAN when THEY connect on managed workstation, Computers to authenticate and kept in a Computer VLAN until the user logs in, and a BYOD VLAN for the users connecting with personal devices. These use cases can be delivered via an 802.1x PEAP configuration on FortiAuthenticator Setting up AD Groups First lets create two groups and two test users. Here we create two AD groups; Teacher and Student I then created a user and added him to the Student group. Likewise, I created a user and added HIM to the Teacher group. FortiGate Configuration Now we are going to configure the pieces we are going to need Creating the VLAN Interface Here we have the SSID at the top where all devices will connect to.&nbs
Networks are undergoing fundamental changes fuelled by the accelerated adoption of BYOD, the Internet of Things, and the cloud-first strategy. The new dynamic affects the efficiency of traditional networking monitoring stacks and brings security challenges for IT infrastructure as they adapt to the expanding boundaries of traditional perimeters. Hand in hand with benefits that bring greater agility and scalability, organizations now battle an expanding attack surface, coupled with increasingly sophisticated threats and shortage of skilled security practitioners. These challenges intensify pressure on organizations that want to defend their critical assets confidently. Actionable Intelligence is Imperative In overcoming these challenges, it turns out that since it is not possible to protect all the assets and prevent every breach, the traditional “prevent and protect” mindset must shift towards “detect and respond”. Simply put, it is time to accept that breaches will happen and business
Fuse community just got an update! The latest site provides a refreshing look and feel, simplified UI, enhanced functionality for user engagement & group administration and opportunities for leadership/volunteerism. Just to name a few, here are some of the latest updates: Ability to RSVP & Register for upcoming events and know if any of your contacts are going to the event. New Profile page where members can add and show off their current NSE certifications to the public. Auto assignment of "NSE Badges" based on the certifications that members add to their profile. and many more. We are also excited to inform about out new volunteering opportunities like posting blogs, start & lead/moderate groups, speaking at events etc, which would help our members to contribute, network, learn and lead. Now that we have done our part in bringing the best to you, we encourage you to be active and get involved in
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.