- Machine Learning - ML techniques are used to capture IOCs (indicators of compromise) such as malicious IP addresses, domains and urls.
- Global Sensors - millons of sensors deployed around the globe consisting of participating customer devices, honeypots and deception decoys pick up early signals of compromise in the global cyber space.
- Web Crawlers - Fortinet propriety web crawlers armed with Artificial Intelligence crawl the Internet looking for malicious sites.
- Threat Exchange - Fortinet has 200+ threat sharing agreements with Governments, Certs and Strategic vendors around the globe.
- Hacker Sites/Forums - Troll the underground/darknet to uncover zero-day threat events.
- Community Submissions - Participating customers submit new threats to Fortinet for analysis. The submission is either manual or through Fortinet Cloud Sandbox technology. On a daily bases, FortiGuard lab executes 500,000+ malware samples to extract IOCs.
- Human Analysis - 200+ security analysts in the FortiGuard labs tirelessly search and hunt for threats around the globe
For example the FortiAnalyzer product can use the IOC package to alert on suspicous or infected hosts in the network.
This service allows you to:
- Dynamically receive updates from FortiGuard.
- Run Security Rating checks for each licensed device in a Security Fabric.
- Run Security Rating checks in the background or on demand.
- Submit rating scores to FortiGuard and compare how you rank against peers in the same region, industry and/or company size.
Anti-Reconnaissance and Anti-Exploit Service (ARAE) service are available on FortiDeceptor responsible for tracking hackers' activities on Decoys and alert in real time. Similar to how FortiSandbox traces malware behaviour activities, ARAE will record outside and insiders' malicious activities, such as on files extracted, intrusions activities, malware planted, web sites visited, achieving the goal of Deceive, Expose and Eliminate.
FortiAI Artificial Neural Networks (ANN) is the latest AI based technology that emulates functions of human brain and logic, as part of Fortinet's AI-driven Security Operations. It allows updates of Virtual Security AnalystTM to classify malware into more than 20+ attack scenarios and trace the source of infection, coupled with Outbreak Search and Similarity Engine, VSA is the ideal of a maturing SOC operation and offloading daily load of operations team.
FortiTester offers network performance testing and Breach Attack Simulation (BAS) service with CVE-based Intrusion, Web application and IOT attacks, along with malware strike pack and MITRE ATT&CK service package. In day-to-day SOC operations penetration testing and breach simulation becomes important to ensure technology, people and processes are working correctly. FortiTester provides testing against your NGFW, IOT and WAF (Web application firewall) signatures to ensure you are up-to-date with protection on internet edge and also internal segmentation controls.
Malware via different network protocols such as Email, Web, network protocols such as SMB are common methods of attacks. FortiTester provides a up-to-date malware strike pack with different types of malware (such as Ransomware, trojans etc) to test your Advance Threat Protection solutions, regardless of which vendors you are using. To ensure your network, endpoint, and applications are secure and constantly detecting the latest malware, constant testing and simulation can play a significant role in SOC day-to-day operations.
ATT&CK MITRE package includes Beach Attack Simulation such as credentials dumping, lateral movements, scheduling malicious tasks on servers, remote API calls, Powershell execution etc. An excellent, non-intrusive way to test your network and Advance Threat solutions. FortiTester constantly provides MITRE ATT&CK updates via a subscription based service, along with CVE based intrusions, web/IOT attacks and a malware strike pack.
FortiGuard Device Detection service helps customers significantly reduce their attack surface by enabling Fortinet devices to automatically identify discovered IoT devices based on FortiGuard intelligence, and provide visibility which then enforce appropriate policies against them. With this service, When a new device is detected, Fortinet devices can query the result from the cloud-based FortiGuard servers for more information about the device.
FortiGuard GeoIP database is used by Fortinet devices for configurations with geography-based policy address objects. This service allows Fortinet devices to query the cloud-based FortiGuard servers for location of public IP addresses.
There are various attack vectors adversaries use to target victims. DNS is a very common way to attack and divert users to visit malicious websites/domains. Attackers often use different FQDN to host malicious websites that can change dynamically.
FortiGuard Secure DNS services offer a secure lookup from FortiGate NGFW to FortiGuard Secure DNS servers. Evaluating DNS lookups of clean and malicious websites, or even malware initiated DNS lookups can be blocked successfully with this service. Users can configure block settings at the DNS level based on various categories. FortiGate NGFW allows users to block connections at both DNS and connection level (with botnet C&C domain blocking), providing the best and complete protection for clients.


11,000
Number of intrusion prevention rules1.8M
Number of new and updated anti-virus definitions every week4,383
Application Control Rules in FortiGuard’s database32,000
Number of botnet command and control attempts blocked every minute of every day by FortiGuard Labs66M
malicious/phishing/spam URLs blocked by FortiGuard labs, through approximately 307 million categorized URLs80 Million
New and updated anti-spam signatures every week98.11%
Block rate achieved by the FortiWeb Web App Firewall in a 2017 NSS Labs test40%
Organisations recorded an exploit for a CVE 10 years old**Fortinet Threat Landscape Report Q4 2016
500,000+
Submitted samples are processed daily to extract IOCs20+ attack scenario
Traces source of infection
Outbreak search
Similarity
- Adult/Mature Content
- Bandwidth Consuming
- General Interest - Personal/Business
- Potentially Liable
- Security Risk
FortiAI Firmware and Services:
Version: 1.3.1, Updated: 5 months ago
Version: 1.059, Updated: 3 months ago
Version: 1.059, Updated: 3 months ago
Version: 1.059, Updated: 3 months ago
Version: 1.059, Updated: 3 months ago
Version: 1.055, Updated: 1 month ago
Version: 1.055, Updated: 1 month ago
Version: 1.055, Updated: 1 month ago
FortiTester Services:
Version: 0.00044, Updated: 1 day ago
Version: 1.00012, Updated: 14 hours ago
Version: 20.00908, Updated: 4 months ago
Version: 1.70006, Updated: 12 days ago