The Fortinet Advanced Threat Protection Framework



Similar documents
MSSP Advanced Threat Protection Service

SDN Security for VMware Data Center Environments

How To Get A Fortinet Security System For Free

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

Use FortiWeb to Publish Applications

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Fortinet FortiGate App for Splunk

FortiGuard Security Services

Improving Profitability for MSSPs Targeting SMBs

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

FortiVoice Enterprise

Securing the Data Center

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

The Enterprise Cloud Rush

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

FortiSandbox. Multi-layer proactive threat mitigation

Fortinet Partner Program

FortiGate 100D Series

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

Fighting Advanced Threats

FortiGate 200D Series

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

FortiGate/FortiWiFi 60D Series

WHITE PAPER. Empowering the MSSP. Part 1: Real World Customer Needs

Advanced Threat Protection Framework: What it is, why it s important and what to do with it

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits.

Secure Access Architecture

FortiGate/FortiWiFi 90D Series

FortiVoice Enterprise

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

Fortinet Presence Analytics Solution

WHITE PAPER. Securing ICS Infrastructure for NERC Compliance and beyond

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

FortiAuthenticator TM User Identity Management and Single Sign-On

Place graphic in this box

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

Same great products, different brand name

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

Types of cyber-attacks. And how to prevent them

FortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE

Perspectives on Cybersecurity in Healthcare June 2015

FortiGate. Accelerated security for mid-enterprise and branch office. Designed for today s network security requirements

The Hillstone and Trend Micro Joint Solution

Load Balancing Microsoft Exchange 2013 with FortiADC

Achieve Deeper Network Security

FortiSandbox. Multi-layer proactive threat mitigation

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Fortinet Secure Wireless LAN

The Fortinet SDN Security Framework

What s New for FortiMail 5.2.0

Cisco Advanced Malware Protection

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Veranderende bedreigingen Security in het virtuele datacenter

Purchase and Import a Signed SSL Certificate

Anti-exploit tools: The next wave of enterprise security

Load Balancing Microsoft Exchange 2013 with FortiADC

FortiAP Wireless Access Points

FORTINET SURVEY The Fortinet Security Census 2014

Advanced Threat Protection with Dell SecureWorks Security Services

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Achieve Deeper Network Security and Application Control

Content Security: Protect Your Network with Five Must-Haves

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Securing Next Generation Education A FORTINET WHITE PAPER

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

Fortinet s Partner Programme

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

WHITE PAPER. Understanding How File Size Affects Malware Detection

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

CFO Changing the CFO Mindset on Cybersecurity

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

The Evolution of the Enterprise And Enterprise Security

Fortinet s Data Center Solution

How To Buy Nitro Security

Disaster Recovery with Global Server. Load Balancing

IBM Security Intrusion Prevention Solutions

Fortinet Advanced Threat Protection- Part 3

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

Protecting against cyber threats and security breaches

Spear Phishing Attacks Why They are Successful and How to Stop Them

Transcription:

WHITE PAPER The Fortinet Advanced Threat Protection Framework A Cohesive Approach to Addressing Advanced Targeted Attacks

The Fortinet Advanced Threat Protection Framework Table of Contents Introduction 3 The Fortinet Advanced Threat Protection Framework 4 Staying Ahead of the Threat Curve with Fortinet 6 2 www.fortinet.com

Introduction Sophisticated Attacks Yield Big Rewards 2013 and 2014 saw many major brands and large companies making headlines, not for some remarkable post-recession economic recovery or innovative product, but for massive data breaches. More than 100 million customers had personal and/or credit card information stolen through just one of these bold and extended attacks. These types of attacks grab the attention of consumers, lawmakers, and the media when they manage to breach very large organizations with dedicated security teams and extensive infrastructure designed to keep hackers at bay. Nobody is immune smaller organizations are targets as well, either as part of a larger coordinated attack or through a variety of distributed malware. The bottom line? It s time for a deeper, more comprehensive approach to cyber security. All organizations should now assume that they are in a state of continuous compromise. Gartner 18% of organizations in a 2014 survey reported a successful network penetration by outsiders. PwC 44% of organizations surveyed cited a recent data breach as the primary driver for their NGFW project. Forrester/Fortinet 3 www.fortinet.com

Deception, the Most Powerful Tool in a Hacker s Arsenal Fueled by the success of profile hacks, we expect to see continued innovation among cybercriminals with an even greater focus on deceiving and evading existing security solutions. Malicious hackers have attempted to conceal malware by using different file types and compression schemes with the intent to exploit weaknesses in traditional means of network protection. We also anticipate an increase in sophisticated malware platforms that can be customized for targeted attacks. Once malware has breached a network, it will, either automatically or under control of cybercriminals, morph, adapt, and move about undetected for as long as possible, mining data ranging from customer records and intellectual property to device profiles and employee credentials. If security controls cannot detect the malware or its communication during this period, then it s only a matter of time before collected data is staged and exfiltrated, that is, sent back to the cybercriminal. Keep Safe > Evade Law Enforcement Advanced Threats Require Advanced Threat Protection There is no silver bullet to protect organizations against the types of advanced targeted attacks outlined above. Rapid innovation on the malware front, frequent zero-day attacks, and emerging evasion techniques can all render any single approach ineffective at preventing tailored intrusion. Instead, the most effective defense is founded on a cohesive and extensible protection framework. This framework incorporates current security capabilities, emerging technologies and a customized learning mechanism that creates actionable security intelligence from newly detected threats. The latter component is arguably most critical to staying ahead of the threat curve. A Simple Framework for Complex Threats The Fortinet Advanced Threat Protection Framework consists of three elements: Prevent Act on known threats and information Detect Identify previously unknown threats Mitigate Respond to potential incidents Define target Sub-Zero Research target Build or acquire tools Test tools + detection Planning Obtain credentials Strengthen footprint Initial intrusion Getting In FIGURE 1: THE ANATOMY OF AN ADVANCED THREAT Survive Outbound communication initiated Exfiltration data Initial intrusion Getting Out This framework is conceptually simple; it covers a broad set of both advanced and traditional tools for network, application and endpoint security, threat detection, and mitigation. These tools are powered by strong research and threat intelligence capabilities that transform information from a variety of sources into actionable protection. Although elements of the framework (and even technologies within them) can operate in a vacuum, organizations will achieve much stronger protection if they are used together as part of a holistic security strategy. Element 1 Prevent Act on Known Threats and Information Known threats should be blocked immediately (Element 1 in the Fortinet Advanced Threat Protection Framework) whenever possible through the use of next-generation firewalls, secure email gateways, endpoint security, and similar solutions that leverage highly accurate security technologies. Examples include anti-malware, web filtering, intrusion prevention, and more. This is the most efficient means of screening out a variety of threats with minimal impact on network performance. 4 www.fortinet.com

Anti-malware technology, for example, can detect and block viruses, botnets, and even predicted variants of malware with the use of technology such as Fortinet s patented Compact Pattern Recognition Language (CPRL) with minimum processing time. Attacks can also be thwarted by reducing the attack surface. The fewer points of entry or potential threat vectors available to cybercriminals the better, meaning that carefully controlling access and implementing VPNs is also an important aspect of Element 1 and part of the first line of defense against targeted attacks. Traffic that can t be swiftly dealt with here gets handed off to Element 2... Element 2 Detect Identify Previously Unknown Threats There are obvious advantages to addressing threats in Element 1. The more threats that fall into the known category, the better. However, unknown zero-day threats and sophisticated attacks designed to hide themselves from traditional measures are being used every day to penetrate high-stakes targets. Element 2 of the framework uses advanced threat detection technologies to examine the behavior of network traffic, users. and content more closely in order to identify novel attacks. Element 3 Mitigate Respond to Potential Incidents Once potential incidents and new threats are identified in Element 2, organizations immediately need to validate the threat and mitigate any damage. Users, devices, and/or content should be quarantined, with automated and manual systems in place to ensure the safety of network resources and organizational data until this occurs. At the same time, threat detections trigger another critical handoff: moving the discovered information back to the research and development groups. Tactical protections can be put in place. Previously unknown threats now can be analyzed in depth, resulting in fixes that take all of the security layers into account, providing the right mix of up-to-date protection for every layer. At this stage, eliminating redundancy and creating synergy between different security technologies is the key to deploying a high-performing security solution, where the unknown becomes known. Of course, the cycle is not completed until this actionable threat intelligence is available at the different enforcement points and shared globally so that Element 1 is strengthened to act on the new known. This keeps cybercriminals at bay not just for one organization but for all organizations worldwide. There are a number of new approaches that can automatically detect previously unknown threats and create actionable threat intelligence. Sandboxing, in particular, allows potentially malicious software to be handed off to a sheltered environment so that its full behavior can be directly observed without affecting production networks. Additionally, botnet detection flags patterns of communication that suggest botnet activity while client reputation capabilities flag potentially compromised endpoints based on contextual profile. Executing detection and prevention in the most efficient way possible (combining Elements 1, 2, and 3) is essential to maintain high levels of network performance and maximize protection. Though incredibly powerful, this type of threat detection is resource intensive and thus reserved for threats that could not be identified by more efficient traditional methods. Detection, of course, is only another element of the ATP framework. The next handoff deals decisively with these new threats. FIGURE 2: THE FORTINET ADVANCED THREAT PROTECTION FRAMEWORK 5 www.fortinet.com

Handoffs The Missing Link Perhaps the most critical feature of the threat protection framework one that is missing in many organizations security implementations is the notion of the handoff rather than any particular technology or element. Advanced threat protection relies on multiple types of security technologies, products, and research, each with different roles. However, each will be less effective if they don t communicate with each other on a continuous basis, handing off data from one to the next. As seen in Figure 2, Element 1, the prevention phase, will hand off high-risk items to Element 2, the detection phase, with previously unknown threats handed off in Element 3 for further analysis or mitigation. Ultimately, threat intelligence and updated protection from Element 3 is handed back off to products in Elements 1 and 2, for this constant cycle efficiently improving protection and detection against increasingly sophisticated attacks. Staying Ahead of the Threat Curve with Fortinet FortiGuard Labs Synergy and Research One of Fortinet s greatest strengths is in the synergy of its proprietary software, high-performance appliances, and, most importantly, the FortiGuard Labs threat research teams. FortiGuard Labs research groups serve as the intelligence hub that ensures all three elements work seamlessly. They study previously unknown threats, develop comprehensive remediation strategies that are built from the ground up with high performance and efficient protection in mind, and deliver security intelligence that continually strengthens prevention and detection over time. Comprehensive Security: FortiGuard Labs leverages real-time intelligence on the threat landscape to deliver comprehensive security updates across the full range of Fortinet solutions and core technologies for synergistic protection. Protection Ahead of the Threats: As a new threat emerges FortiGuard Labs 24x7x365 Global Operations pushes up-to-date security intelligence in real-time to Fortinet solutions, delivering instant protection against new and emerging threats. High-Performance Solutions: Fortinet s portfolio of Integrated Security Services are designed from the ground up to maximize protection and optimize performance across Fortinet s security solutions both physical and virtual. The handoff between Element 3 back to 1 and 2, where the advanced threat protection cycle is routinely completed, occurs when the extensive threat intelligence developed by FortiGuard Labs gets handed off to all users of Fortinet solutions via the global Fortinet Distribution Network. Additionally, as part of the Cyber Threat Alliance and other related initiatives, Fortinet also shares threat intelligence with a larger body of researchers, further extending the reach of their work and of organization-generated threat intelligence discovered under this framework. Fortinet Solutions Together Deliver Better Protection A collection of individual security products, however powerful, cannot deliver optimal security if they are acting in isolation. Each piece of the solution needs to work together to deliver optimal protection. Fortinet integrates the intelligence of FortiGuard Labs into FortiGate next-generation firewalls, FortiMail secure email gateways, FortClient endpoint security, FortiSandbox advanced threat detection, and other security products in its ecosystem to continually optimize and improve each organization s level of security. For more information about Fortinet and their ecosystem of advanced threat protection products, visit www.fortinet.com/sandbox. GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales EMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel: +33.4.8987.0510 APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6513.3730 LATIN AMERICA SALES OFFICE Prol. Paseo de la Reforma 115 Int. 702 Col. Lomas de Santa Fe, C.P. 01219 Del. Alvaro Obregón México D.F. Tel: 011-52-(55) 5524-8480 Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information