FortiGuard Outbreak Alerts provide a comprehensive report about critical and significant security outbreaks. Each report can assist customers in understanding the background, as well as how to check their environment, ensure they are protected, and plan for augmentation of any gaps.
Across the attack surface there are a significant number of attack vectors, which translates to a large number of products and services available in the market. That can be often-times confusing to gain assurance of being fully protected. One objective of FortiGuard Outbreak Alerts is to provide the context around the entire attack surface, and to help clarify which components can aide in protection, detection and response activities.
FortiGuard Outbreak Alerts provide all information surrounding the outbreak itself, the attack surface and the end-to-end security lifecycle.
Outbreak reports provide technical information relevant to the individual outbreak, and do not provide product/service information that is not related. Outbreaks also do not provide hearsay or gossip associated with the outbreak or the victims.
Version 3.0 of the FortiGuard Outbreak Alerts use established frameworks to assist CISO and Security Operations (SOC) teams in checking their environment plus reporting to InfoSec or other stakeholders.
The frameworks employed include:
1. NIST Cyber Security Framework (CSF) - the top-level report is structured around the NIST CSF lifecycle components of Protect, Detect, Respond, Recover and Identify.
2. Cyber Kill Chain - given the huge number of products & services available, the Protect phase of NIST CSF is further broken down using the Cyber Kill Chain stages. This adds context around which stage of attack each product or service is deployed.
3. NIST Incident Response Framework - the Detect, Respond and Recover phases are guided by the NIST IR framework.
4. MITRE ATT&CK - each Outbreak is analyzed by FortiGuard Labs to provide a comprehensive view of the tactics & techniques employed, in order to provide more detailed information for SOC analysts. These details are provided together with the outbreak alert as supplementary information when appropriate.