INSERT COMPANY LOGO HERE

Transcription

1 INSERT COMPANY LOGO HERE 2014 Global 2013 North Cyber American Threat Analysis SSL Certificate and Reporting Enabling Product Technology Leadership Leadership Award Award

2 Background and Company Performance Industry Challenges Global computing and communications often represent the best applied intelligence that humanity can offer. However, even as network and information technologies advance human endeavors economically, academically, and socially, there are obvious security issues. Cyber threat management reporting helps security professionals better understand the tactics and behaviors of would-be hackers and bad actors. Cisco, IBM, Secunia, Symantec, and Verizon, to name a few, are all companies that publish periodic reports about the cyber threat landscape. Any singular company can make a powerful contribution to the global information database on cyber threats. While each company offers a unique perspective on cyber threats, Frost & Sullivan notes that when viewed in its totality, a more accurate depiction of the global cyber threat landscape emerges. Many of these companies take the tact of public vulnerability reporting. Public vulnerability threat reporting has both selfish and charitable intentions. The for-profit companies that demonstrate excellence in cyber threat analysis and reporting build credibility and rapport with potential clients by cataloging threats to operating systems, devices, and infrastructure. A convincing sales pitch ties a company s representation of the research it has conducted in the global threat environment with the intelligence it has built into its security appliances and professional support to help mitigate and deny the actions of hackers. The charitable intentions are compelling, too. Companies publicly reporting vulnerabilities have internal best practices and will notify the Product Security Incident Response Team (PSIRT) of the affected vendor. The vendor then has the opportunity to verify and then patch the vulnerability. Companies working within public vulnerability guidelines will then leave it to the vendor to report the chain of events. Frost & Sullivan points out that proper cyber threat reporting is the touchstone toward the evolution of security product development. Everyone clearly has a stake in the outcome. As knowledge about the cyber threat landscape accumulates, superior security products evolve, and, by extension, IT teams are better able to develop customized tools unique to their industries. Frost & Sullivan feels that what makes Fortinet distinctive is its comprehensiveness in cyber threat analysis and reporting. The company collects, analyzes, and reports on cyber threats emanating from malware, mobile malware, botnets, Web, and spam incidents. Frost & Sullivan 2 We Accelerate Growth

3 Cyber Threat Analysis and Reporting Excellence of Fortinet Frost & Sullivan appreciates the fact that Fortinet has devoted many resources toward providing a global comprehensive view of the cyber threat environment. Additionally, Fortinet is also able to describe threats in such a way that actionable intelligence becomes a part of the reporting mechanism. Breadth of Security Coverage The 2014 Fortinet Threat Landscape Report includes sections detailing malware, mobile malware, botnets, Web, and spam incidents. For the purposes of the 2014 Frost & Sullivan Global Enabling Technology Leadership Award, the findings of FortiGuard Labs, which is the research arm of Fortinet, will be referred to as Fortinet. In malware research, Fortinet has made an invaluable contribution. Fortinet discovered that malware incidents happen in cycles. In January 2013 (after Christmas rush) and in August 2013 (noted for slower activity in European markets), malware discovery was the lowest with less than 10 million incidents in each month discovered. Also worth noting, in 2013, Fortinet discovered 20 million occurrences of malware stemming from the W32/ZeuS(Zbot) family of viruses; this strain being the most virulent discovered by Fortinet. Regarding botnets, Fortinet have been able to catalog and detail botnets related to the ZeroAccess virus. Earlier in 2013, the ZeroAccess botnet and its controllers were systematically adding about 100,000 new infections weekly. Botnets generate in excess of 90% of all malware. FortiGuard Labs researches and decodes botnet protocols, which allows Fortinet to intercept malicious communications and take proactive actions. Of course, botnets and viruses represent formal attack mechanisms on the Web, but malicious activity can be initiated by someone simply clicking onto a Web address. Phishing is the practice of creating Web pages that purport to offer legitimate service, yet are, in fact, engineered to collect information about the device accessing the site or connive the visitor into giving up personal information. Spam is almost as old as the Internet itself. Spam s often contain Web links to nefarious sites (adult content, false commerce, etc.). In 2013, Fortinet successfully detected between 1-3 million phishing sites or known spam URLs every month. Through its Application Delivery Controller, Fortinet is able to monitor Layer 7 (i.e., application layer) traffic. This capability helps to identify patterns of malicious behavior even if an IP address has not been blacklisted. FortiGate is the logistics and vulnerability detection system in Fortinet s VM and UTM platforms. As of April 2014, the FortiGate platform contains 15,500 vulnerability rules. Monitoring the cyber threat landscape is a massive undertaking and all types of companies Frost & Sullivan 3 We Accelerate Growth

4 contribute. Other competitors of Fortinet use the results of penetration testing, ethical hacking, network vulnerability detection, IP abnormalities from mobile phone networks, and the results of Web filtering. Like the proverbial blind man that is asked to describe an elephant by what he touches, the cyber threat landscape can only be fully understood by understanding the larger security picture. Fortinet in its threat environment reporting has the ability to summon information from all aspects of networking, mobile and Web environments to create an integrated threat management story (as well as a layered defense system for its customers). Attention to the Mobile Market Bring-your-own-device (BYOD) networking is becoming a viable option for companies that want to keep its expenses down and for workers who want a customized and personal work experience. Mobility enables workers to moderate their own hours, but also offer the opportunity for continuous productivity. Proactivity in discovering dangerous phone applications preserves network integrity and personal productivity. As business applications become more mobile, the threat environment will move along with mobility. Fortinet has precise coverage of the mobile threat environment. At the beginning of 2013, Fortinet was finding 50,000 incidence of malware on Google Android phones per day. By the end of 2013, 500,000 incidents per day were being found. The viruses are changing in 2013 alone, Fortinet found 1,800 new types of mobile viruses. In terms of mobile malware incidents, the United States experiences the most with 31 percent of all mobile incidents, but is closely followed by Israel and Germany. Fortinet reports that there is a comparative explosion in malicious Google Apps. Fortinet says Google takes many precautions to make sure its Apps store offers safe products; however, third-party app stores offering Google Apps are especially vulnerable. A common exploit might be to offer a popular application. An end user attempts to download the app and instead receives a fraudulent product. Embedded in the phony app is a product design kit (pdk) that has exploits designed to jailbreak the phone. Comprehensive coverage of the mobile threat environment helps CSOs understand the necessary technologies needed to protect heterogeneous networks from exploits. Network Vulnerability Reporting Traditionally, when the topic of vulnerabilities was brought up, the most common worry was hackers trying to breach sensitive information hidden behind network firewalls. While the threat environment is fluid and attacks are more likely to address Web and mobile applications and less likely to attack networks through firewalls, secure networking is an important aspect of any defense. In the context of the Internet of Things, a vulnerability is a vulnerability regardless of source and method. Frost & Sullivan 4 We Accelerate Growth

5 Toward formal network vulnerability reporting, Fortinet historically reports vulnerabilities to MITRE and to the National Vulnerabilities Database, and has been credited with discovering 143 public vulnerabilities. In Fortinet advisories, FortiGuard Labs uses its own (1-5) metric describing the exploit potential of a threat. Number of Assets Used to Discover Vulnerabilities Fortinet has three important assets in its arsenal used to bolster threat environment reporting: manpower, a global install base of security appliances, and the overlap and culmination of knowledge from security products in the field. In terms of manpower, Fortinet has more than 200 dedicated research analysts, engineers, and forensic specialists. The majority of the global team is located in Vancouver, Canada, and network, mobile, and Web monitoring is continuous. The results of the research team are used to update Fortinet products in the field and advise customers of potential attack vector. As a part of the global community and Fortinet best practices, Fortinet reports vulnerabilities back to the vendors and Fortinet contributes to various international Community Emergency Response Teams (CERTs), FIRST and special vulnerability task forces like MITRE and the National Vulnerability Database. Fortinet, the parent company of FortiGuard Labs, has roughly 1.3 million security appliances in the field. Fortinet products are classified under four major headings: network security, network access, application security, and management. While the four product groups can be used independently, when used in combination, a layered defense offers optimal threat detection and protection. In the course of protecting assets, Fortinet products are always learning and communicating this dynamically increases Fortinet s protected surface. In 2013, the Fortinet Web Application firewall, FortiGates, added almost 20 million new sites and IP addresses to its classification lists and updated over 64 million existing sites. If an IP address is thought to be malicious, FortiGuard Labs will analyze the IP address and server. Following this practice, in January 2013, Fortinet discovered nearly one billion malicious sites. Any learning promotes the greater security field. A mobile operator has important information, and endpoint security providers can shed light on persistent attacks. Fortinet has synergy between their product development and research activity. Interaction with the Global Community For the intent and purposes of this report, "Global" is taken to connotate a couple of meanings. Global is meant as interaction with global commissions and special interests. Literally, Frost & Sullivan 5 We Accelerate Growth

6 each country has its own computer emergency response team (CERT) the US-CERT is an example. An international global community that is representative of national CERTs is the Forum of Incident Response and Security Teams (FIRST). Currently, the Common Vulnerability Scoring System Special Interest Group (CVSS-SIG) is convening to develop Version 3 (v.3) scoring methods for vulnerabilities. Market vertical interests are important to interact with as well. In the United States, HITRUST Health Information Trust Alliance is the technology SIG accompanying The Health Insurance Portability and Accountability Act (HIPAA). Internationally, Payment Card Industry Data Security Standard (PCI-DSS) establishes international compliance standards. Several other vertical markets convene to set standards for the handling of personal information or assets. Security service and appliance providers make a powerful contribution to the advocacy of these groups. For reporting purposes, knowledge of individual countries is important. While communications are truly global each individual company has a different culture in what phones are purchased, how business is conducted, and what applications are used. Naturally, the ability to identify where a cyber threat is coming from goes a long way toward mitigating the threat. Fortinet is a prodigious and conscientious contributor to FIRST and participates in the technical wings of the CVSS-SIG. Fortinet offers advisories and white papers suggesting best practices for specific vertical markets. The 2014 Fortinet Threat Landscape Report provided information about which countries were most attacked by malware, mobile malware and botnets. Impact on Customer Satisfaction/Value Vulnerability reporting reveals a mixed bag of motivations. Penetration testers and ethical hackers will scan a network for vulnerabilities with the idea that they can claim a bounty or sell security products that will mitigate potential threats. Yet Fortinet takes a more holistic approach. Because Fortinet has a global presence, it is in the best interest of the company to encourage a global exchange of vulnerabilities. If Fortinet discovers a vulnerability, it will report the vulnerability straight to the affected vendor or CERT through its Product Security Incident Response Team (PSIRT). Fortinet will then let the affected vendor or CERT report the vulnerability either in an advisory or to a global interest group and after a patch or remediation has taken place. In general, Fortinet intimates its relationships with major PSIRT teams (Cisco, Google, Adobe, Microsoft, etc.) continue to improve. However, even as these relationships improve and Fortinet has increased credibility with key vendors, nine out of ten vulnerabilities still take six months or more to adequately patch. Frost & Sullivan 6 We Accelerate Growth

7 Currently, Fortinet lists 61 of the Global 100 as customers who at some point purchased a Fortinet product. This means that Fortinet can report on and design defenses based upon market verticals, specific network types, and the intersection of networks and applications. If customers wish to participate in the larger Fortinet net, Web facing and network defense products can be upgraded almost simultaneously to reflect new data about threats as Fortinet learns about them. While Fortinet takes an egalitarian approach to threat landscape reporting, Fortinet customers still gain an advantage. When the company uncovers a network vulnerability, malware, a botnet, or a malicious IP site, Fortinet will program its products to block or deny access to network or site instantaneously. This zero-day process happens even as an affected product vendor is notified and waits to issue an advisory or otherwise publicly report its vulnerability. Prior to a fix, zero-day protection is already available. Frost & Sullivan independent analysis indicates that Fortinet clearly establishes equipoise between being a good corporate citizen and offering proactivity for its clientele. Conclusion Frost & Sullivan recognizes Fortinet for excellence in cyber threat reporting for the depth of its research. Fortinet seamlessly fuses the results of its research and product development. Attributable to its internal best practices, Fortinet receives high marks for its ethical reporting of vulnerabilities. The company is a powerful contributor to standards-based organizations and CERT teams. In the process of cyber defense, Fortinet products are gaining knowledge about attack vectors and pattern of malicious behavior. Its impressive research team brings a high level of refinement to raw data sets: information obtained about the Internet, network vulnerabilities, and cellular communications. Driven by interior and ulterior motives, Fortinet research paints a comprehensive picture of the threat environment facing companies in information and network technologies. Frost & Sullivan 7 We Accelerate Growth

8 Significance of Enabling Technology Leadership Ultimately, growth in any organization depends upon customers purchasing from a company, and then making the decision to return time and again. In a sense, then, everything is truly about the customer and making those customers happy is the cornerstone of any long-term successful growth strategy. To achieve these goals through technology leadership, Frost & Sullivan believes that an organization must be best-in-class in three key areas: understanding demand, nurturing the brand, differentiating from the competition. Frost & Sullivan 8 We Accelerate Growth

9 Understanding Technology Leadership Product quality (driven by innovative technology) is the foundation of delivering customer value. When complemented by an equally rigorous focus on the customer, companies can begin to clearly differentiate themselves from the competition. From awareness and consideration, to purchase and follow-up support, best-practice organizations deliver a unique and enjoyable experience that gives customers confidence in the company, its products, and its integrity. Frost & Sullivan s Global Research Platform Frost & Sullivan maintains more than 50 years in business and is a global research organization of 1,800 analysts and consultants who monitor more than 300 industries and 250,000 companies. The company s research philosophy originates with the CEO s 360 Degree Perspective, a holistic research methodology that encourages us to consider growth challenges, and the solutions companies employ to solve them, from every angle. This unique approach enables us to determine how best-in-class companies worldwide manage growth, innovation and leadership. Based on the results of our research in enabling technology leadership, Frost & Sullivan is proud to present the 2014 Global Enabling Technology Leadership Award in Cyber Threat Analysis and Reporting to Fortinet. Frost & Sullivan 9 We Accelerate Growth

10 Key Benchmarking Criteria For the Enabling Technology Leadership Award, Frost & Sullivan analysts independently evaluated the total client experience and strategy implementation excellence according to the criteria detailed below. Cyber Threat Analysis Criterion 1: Breadth of Security Coverage Criterion 2: Attention to the Mobile Market Criterion 3: Web-Specific Weaknesses Criterion 4: Network Vulnerability Reporting Criterion 5: Coverage of Platforms Cyber Threat Reporting Criterion 1: Number of Assets Used to Discover Vulnerabilities Criterion 2: Actionable Intelligence Criterion 3: Interaction with the Global Community Criterion 4: International Coverage Criterion 5: Impact on Customer Satisfaction/Value The Intersection between 360-Degree Research and Best Practices Awards Research Methodology Frost & Sullivan s 360-degree research methodology represents the analytical rigor of our research process. It offers a 360-degree-view of industry challenges, trends, and issues by integrating all 7 of Frost & Sullivan's research methodologies. Too often, companies make important growth decisions based on a narrow understanding of their environment, leading to errors of both omission and commission. Successful growth strategies are founded on a thorough understanding of market, technical, economic, financial, customer, best practices, and demographic analyses. The integration of these research disciplines into the 360-degree research methodology provides an evaluation platform for benchmarking industry players and for identifying those performing at bestin-class levels. 360-DEGREE RESEARCH: SEEING ORDER IN THE CHAOS Frost & Sullivan 10 We Accelerate Growth

11 Decision Support Scorecard and Matrix To support its evaluation of best practices across multiple business performance categories, Frost & Sullivan employs a customized Decision Support Scorecard and Matrix. This analytical tool compares companies performance relative to each other. It features criteria unique to each Award category and ranks importance by assigning weights to each criterion. The relative weighting reflects current market conditions and illustrates the associated importance of each criterion according to Frost & Sullivan. This tool allows our research and consulting teams to objectively analyze performance, according to each criterion, and to assign ratings on that basis. The tool follows a 10-point scale that allows for nuances in performance evaluation; ratings guidelines are illustrated below. Best Practice Award Analysis for Fortinet, Inc. Decision Support Scorecard: Global Threat Analysis The Decision Support Scorecard illustrates the relative importance of each criterion and the ratings for each company under evaluation for the Enabling Technology Leadership Award. The research team confirms the veracity of the model by ensuring that small changes to the ratings for a specific criterion do not lead to a significant change in the overall relative rankings of the companies. Finally, to remain unbiased and to protect the interests of all organizations reviewed, we have chosen to refer to the other key players in as Company 2 and Company 3. Frost & Sullivan 11 We Accelerate Growth

12 Breadth of Security Coverage Attention to the Mobile Market Web-Specific Weaknesses Network Vulnerability Reporting Coverage of Platforms Weighted Rating BEST PRACTICES RESEARCH DECISION SUPPORT SCORECARD FOR ENABLING TECHNOLOGY LEADERSHIP AWARD: CYBER THREAT ANALYSIS Measurement of 1 10 (1 = poor; 10 = excellent) Award Criteria Cyber Threat Analysis Relative Weight (%) 20% 20% 20% 20% 20% 100% Fortinet Company Company Breadth of Security Coverage Requirement: Companies should cover the threat environment for networks, mobile, Web and The Internet of Things. Attention to the Mobile Market Requirement: Coverage of the mobile market has to include research into weaknesses in mobile operating systems and what applications are being used. Web-Specific Weaknesses Requirement: The Internet still represents the most commonly used medium for commerce and personal communications. Malware, botnets, phishing, and spamming should optimally be studied. Network Vulnerability Reporting Requirement: Public vulnerability reporting has always focused on network vulnerabilities. The CVSS scoring system helps to determine threat severity and points the way to remediation. Coverage of Platforms Requirement: Operating systems, technologies, and browsers could loosely be termed as platforms. Commonly used platforms like Android, Microsoft Internet Explorer, and Oracle Java are routinely used, and, unfortunately, highly targeted for exploits. Frost & Sullivan 12 We Accelerate Growth

13 Number of Assets Used to Discover Vulnerabilities Actionable Intelligence Interaction with the Global Community International Coverage Impact on Customer Satisfaction/Value Weighted Rating BEST PRACTICES RESEARCH Decision Support Scorecard: Technology Excellence DECISION SUPPORT SCORECARD FOR ENABLING TECHNOLOGY LEADERSHIP AWARD: CYBER THREAT REPORTING Measurement of 1 10 (1 = poor; 10 = excellent) Award Criteria Cyber Threat Reporting Relative Weight (%) 20% 20% 20% 20% 20% 100% Fortinet Company Company Number of Assets Used to Discover Vulnerabilities Requirement: The quality of reports is directly affected by manpower in the field and in labs. Many security appliance vendors have installed bases from which to draw knowledge. Actionable Intelligence Requirement: Cyber threat reporting should have the virtue of describing a threat in detail allowing IT teams to mitigate new threats based upon proven treatments of older vulnerabilities. Interaction with the Global Community Requirement: Cyber threats are often targeted to specific market verticals. International Coverage Requirement: The best threat reporting addresses where the threat emanates, what the consequences were (or are, if on-going) and which end-users are affected. Global geographies matter. Impact on Customer Satisfaction Values Requirement: Cyber threat reporting has the virtue of informing security appliance vendors or managed service providers how to build intelligence into their defenses. Frost & Sullivan 13 We Accelerate Growth

14 About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best in class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best practice models to drive the generation, evaluation and implementation of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from 31 offices on six continents. To join our Growth Partnership, please visit Frost & Sullivan 14 We Accelerate Growth