Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGuard
Fortinet’s Global Threat Intelligence and Research
- Fortinet Community
- Knowledge Base
- FortiGuard
- FortiGuard Outbreak Alert: Version 4.0
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
What is an Outbreak Alert?
An Outbreak Alert is a comprehensive report that provides in-depth insights into cybersecurity threats serving as a vital tool for organizations to stay informed about critical and or emerging cybersecurity risks that may compromise sensitive data, disrupt business operations, and pose significant risks to the organization’s overall security.
Each report can assist customers in understanding the background of the attack, the timeline of events, affected technologies, and related threat intelligence such as Indicators of Compromise (IoCs), Tactics, Techniques, and Procedures (TTPs), and Attack sequence used by the adversaries.
Across the attack surface, there are a significant number of attack vectors. At the same time, many products and services are available in the market which can make it confusing to gain assurance of being fully protected. The FortiGuard Outbreak Alerts address that challenge by providing the context around the entire attack surface and to help clarify which Fortinet product or service can aid in the Protection, Detection, Response, Recovery, and Identification of the threat.
What is the scope of Outbreak Alerts?
FortiGuard Outbreak Alert covers the latest and emerging cybersecurity threats, security incidents, newly discovered vulnerabilities, malware and/or ransomware.
FortiGuard Outbreak Alerts provides end-to-end security products or services that can help mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
It typically includes:
-
Threat Overview: A summary of the latest threats, including malware, phishing schemes, and vulnerabilities in software or hardware.
-
Threat Assessment: An evaluation of how these threats could compromise sensitive data, disrupt operations, or impact overall security posture.
-
Indicators of Compromise (IOCs): Specific signs that may indicate a security breach or potential attack, such as unusual network traffic or suspicious files.
-
Mitigation Strategies: Recommended actions to prevent or respond to threats, including software updates, employee training, and incident response plans.
-
Case Studies or Real-world Examples: Real-world incidents that highlight the nature and impact of the threats.
-
Resources and Tools: Links to additional tools, services, or guidelines that can assist in strengthening cybersecurity measures.
Outbreak reports provide technical information relevant to the individual outbreak and does not include unrelated product/service information. Outbreaks also do not provide hearsay or gossip associated with the outbreak or the victims.
What’s new in the Outbreak Alerts 4.0 Solution?
The new report format of the FortiGuard Outbreak Alerts uses a comprehensive structure to assist CISO and Security Operations (SOC) teams in checking their environment for reporting to InfoSec or other stakeholders.
In this new 4.0 format, the report has been broken down into five different sections to easily navigate through the outbreak. These are Overview, Analysis, Solutions, Threat Intelligence, and References.
The report includes the following well-defined frameworks and solutions:
1. NIST Cyber Security Framework (CSF) - The top-level solution section of the report is structured around the NIST CSF lifecycle components of Identify, Protect, Detect, Respond, and Recover. This helps to understand the available mitigations for security threats and vulnerabilities by leveraging the range of FortiGuard products and services. The Outbreak leads with the Protect as initial protection coverage of the cyberattack.
2. MITRE ATT&CK - Each outbreak is analyzed by FortiGuard Labs to provide a comprehensive view of threat actors’ tactics, techniques, and procedures (TTPs), and to provide more detailed information for SOC analysts. These details are provided together with the outbreak alert as supplementary information when appropriate.
3. Threat Radar – The new threat radar combines both FortiGuard telemetries and external threat landscape. This combination provides a holistic rating of the cyber threat. Learn more about Threat Radar below.
4. Attack sequence - A simple diagram of the cyber-attack and its components deployed to compromise a target system or network and the steps involved.
How does Threat Radar supplement the Outbreak Alert?
Users may use the Threat Radar values in conjunction with other vulnerability management processes to make informed decisions about patching, mitigation, and defense strategies. A higher value suggests a higher priority for remediation efforts and actionable Intelligence as they represent a more immediate or severe threat.
The Threat Radar combines ratings from five different sources:
|
CVSS v3.0 |
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to the threat. Scores are calculated based on a formula that depends on several metrics that approximate the ease and impact of an exploit. Scores range from 0 to 10, with 10 being the most severe.
|
||||||||||||||
|
Exploit Prediction Score |
The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. The higher the value means the greater likelihood of exploitation. https://www.first.org/epss/
Below is the conversion:
|
||||||||||||||
|
FortiRecon |
FortiRecon provides visibility into the external threat landscape. Fortinet experts monitor the dark web, Pastebin, forums, markets, OSINT, and more, to get ahead of hard-to-find potential threats.
Below is the conversion:
|
||||||||||||||
|
Known Exploited Vulnerability |
CISA KEV is a database of security flaws in software applications and weaknesses that have been exposed and leveraged by attackers. https://www.cisa.gov/known-exploited-vulnerabilities
|
||||||||||||||
|
|
FortiGuard tracks the attempted exploitation attacks on the number of unique IPS devices in the last 30 days. The higher the number means the more widespread the attack is. Below is the conversion:
|
When an outbreak has multiple CVEs, we use the highest possible value from each CVE when creating Threat Radar. This is to anticipate the Outbreak Threat level as compared to each related CVEs.
How can you improve and optimize your Security Operations with limited resources?
If you have a FortiGate, with the FortiGuard IPS service you are able to protect your network and block adversaries from getting inside the perimeter. However, it becomes crucial to identify gaps in current programs and processes as there are multiple attack vectors and advanced threats that could take advantage of it. FortiGate customers can use FortiAnalyzer to streamline threat intelligence, and security automation to detect Outbreak traces in their network. This lightweight deployment delivers essential SecOps capabilities, transforming raw data into actionable insights reducing complexity and cost, while elevating efficiency and effectiveness.
Which products support automated Outbreak Detection Services?
- Customers using FortiAnalyzer may subscribe to the Outbreak Detection Service, which delivers the outbreak reports plus real-time updated event handlers and reports to check the customer environment (logs) for any triggers associated with the outbreak.
- FortiAnalyzer can then raise incidents and generate reports for customer SOC teams to further investigate or take remediation action.
- Other products also support automated Outbreak Detection Services, including pre-built decoys for FortiDeceptor, automated security rating packages for FortiGate, targeted threat hunting for FortiSIEM, endpoint tagging rules for FortiClient, and playbook response packages for FortiSOAR.
Learn more: Outbreak Detection Service
How can you get Outbreak alerts delivered directly to your inbox?
Anyone can subscribe to receive the FortiGuard Outbreak Alert report using the link below and signing up using your email address. https://www.fortinet.com/fortiguard/labs
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.