Description | This article describes what actions to take in case of Ransomware Attacks and lists some documents related to this thread. |
Scope | FortiGate 5.X, 6.X and 7.X. |
Solution |
The FortiGate alone is not sufficient to prevent ransomware attacks. The following information discusses few remediation steps that can help to get protected from ransomware:
1) It is possible to configure antivirus in the extreme database and IPS in all policies which connect to the internet. Also, configure a web filter to block access to malicious sites can be efficient. Enable botnet scanning in FortiGate. Consider content filtering, Sandbox, Malware protection, etc.
2) Use a High-Security IPS profile for inbound traffic to servers.
3) Use deep inspection in the Firewall Policies so that the firewall can inspect encrypted traffic.
4) Consider control of End Points via FortiClient or EMS which require additional licensing for security modules in End Point computers.
5) Verify published services and ports in firewall policies.
6) Do testing of Penetration and validations of vulnerabilities in your servers.
7) Keep the equipment updated with the most recent versions and security patches and keep firewalls updated with the latest firmware versions. Refer to Release notes for known and resolved issues.
8) Log analysis, vulnerability reports, and its mitigation of the results obtained.
9) Create policies to deny traffic through the IP Reputation Database.
10) The Ransomware issue can only be prevented by mitigating all the weak points on all the computers. The Firewall is just one of the many security factors that must be analyzed.
Related documents:
http://docs.fortinet.com/document/fortigate/6.4.3/administration-guide/668865/botnet-c-c-ip-blocking https://www.fortinet.com/solutions/small-business/stop-ransomware-phishing
- Antivirus and Sandbox techniques: https://www.fortinet.com/products/sandbox/fortisandbox
- Deep packet Inspection and web filtering: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/122078/deep-inspection
- IPS Best Practices: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/48143/intrusion-prevention-system-ips
- Other documents related to ransomware:
https://www.fortinet.com/solutions/small-business/stop-ransomware-phishing https://www.fortinet.com/resources/cyberglossary/ransomware https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/836396/antivirus https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks https://www.fortinet.com/resources/cyberglossary/how-to-prevent-ransomware https://www.fortinet.com/blog/industry-trends/10-steps-for-protecting-yourself-from-ransomware https://www.fortinet.com/corporate/about-us/contact-us/experienced-a-breach
- Related KB Article: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.