Choice 01
The FortiGuard Intrusion Prevention Service provides the latest defenses against stealthy network-level threats. It uses a customizable database of more than 11000 known threats to enable FortiGate and FortiWiFi appliances to stop attacks that evade conventional firewall defenses.
Fortinet consistently receives superior effectiveness results in industry testing with AV Comparatives and Virus Bulletin. AV Comparatives awarded Fortinet its highest award, the Advanced+ rating for file detection and real-world protection. The 2015 VB100 Reactive and Proactive Test ranked Fortinet the security industry’s second highest business AV solution for security effectiveness.
FortiGate next gen firewalls with FortiOS and centralized management solutions offer extensive visibility into application usage in real time, as well as trends over time through views, visualizations, and reports. You can use application control to keep malicious, risky, and unwanted applications out of your network through control points at the perimeter, in the data center, and internally between network segments.
The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.
FortiGuard Web Filtering is the highest rated VBWeb certified web filtering service in the industry for security effectiveness by Virus Bulletin. It blocked 97.8% of direct malware downloads and stopped 98.6% of malware served through all tested methods in Virus Bulletin’s 2017 VBWeb security testing. According to Virus Bulletin, Fortinet is the only vendor in the 2017 VBWeb tests confident enough in our security solution to share results in a public test.
FortiGuard Antispam provides a comprehensive and multi-layered approach to detect and filter spam processed by organizations. Dual-pass detection technology can dramatically reduce spam volume at the perimeter, giving you unmatched control of email attacks and infections. Additionally, FortiClient endpoint agents can block spam messages on remote computers and mobile devices.
FortiGuard Web Application Security uses information based on the latest application vulnerabilities, bots, suspicious URL patterns and data-type patterns, and specialized heuristic detection engines, to ensure your web applications remain safe from application-layer threats. Protect your critical data and applications against sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, file inclusions and more, by staying up to date using the FortiGuard Web Application Security service.
Malware have evolved to slip past traditional security controls by pairing with an exploit. This insidious behavior relies on vulnerabilities of legitimate software thus can operate freely and undetected. Fortinet provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface within an organization and helping meet regulatory compliance.
Fortiguard Labs collects indicators of compromise (IOCs) by a variety of methods. Following are some examples:
  • Machine Learning - ML techniques are used to capture IOCs (indicators of compromise) such as malicious IP addresses, domains and urls.
  • Global Sensors - millons of sensors deployed around the globe consisting of participating customer devices, honeypots and deception decoys pick up early signals of compromise in the global cyber space.
  • Web Crawlers - Fortinet propriety web crawlers armed with Artificial Intelligence crawl the Internet looking for malicious sites.
  • Threat Exchange - Fortinet has 200+ threat sharing agreements with Governments, Certs and Strategic vendors around the globe.
  • Hacker Sites/Forums - Troll the underground/darknet to uncover zero-day threat events.
  • Community Submissions - Participating customers submit new threats to Fortinet for analysis. The submission is either manual or through Fortinet Cloud Sandbox technology. On a daily bases, FortiGuard lab executes 500,000+ malware samples to extract IOCs.
  • Human Analysis - 200+ security analysts in the FortiGuard labs tirelessly search and hunt for threats around the globe
The FortiGuard labs collect the IOC indicators and combine them into a package on a daily basis for delivery to Fortinet products via the FDN (Fortiguard distribution network).

For example the FortiAnalyzer product can use the IOC package to alert on suspicous or infected hosts in the network.
Stay on track of your Security Roadmap and Target Security Maturity level with measurable and meaningful feedback in the form of actionable Configuration Recommendations, and Key Performance/Risk Indicators. Build Senior Management Confidence by demonstrating effective business asset protection and compliance with regulatory requirements. Security Rating is now a subscription service that FortiGuard offers when you purchase a Security Rating license.

This service allows you to:
  • Dynamically receive updates from FortiGuard.
  • Run Security Rating checks for each licensed device in a Security Fabric.
  • Run Security Rating checks in the background or on demand.
  • Submit rating scores to FortiGuard and compare how you rank against peers in the same region, industry and/or company size.
For more information, see our Security Best Practices.

Anti-Reconnaissance and Anti-Exploit Service (ARAE) service are available on FortiDeceptor responsible for tracking hackers' activities on Decoys and alert in real time. Similar to how FortiSandbox traces malware behaviour activities, ARAE will record outside and insiders' malicious activities, such as on files extracted, intrusions activities, malware planted, web sites visited, achieving the goal of Deceive, Expose and Eliminate.

Version 1.01000, Updated: 1 year ago

FortiAI Artificial Neural Networks (ANN) is the latest AI based technology that emulates functions of human brain and logic, as part of Fortinet's AI-driven Security Operations. It allows updates of Virtual Security AnalystTM to classify malware into more than 20+ attack scenarios and trace the source of infection, coupled with Outbreak Search and Similarity Engine, VSA is the ideal of a maturing SOC operation and offloading daily load of operations team.

FortiTester offers network performance testing and Breach Attack Simulation (BAS) service with CVE-based Intrusion, Web application and IOT attacks, along with malware strike pack and MITRE ATT&CK service package. In day-to-day SOC operations penetration testing and breach simulation becomes important to ensure technology, people and processes are working correctly. FortiTester provides testing against your NGFW, IOT and WAF (Web application firewall) signatures to ensure you are up-to-date with protection on internet edge and also internal segmentation controls.

Malware via different network protocols such as Email, Web, network protocols such as SMB are common methods of attacks. FortiTester provides a up-to-date malware strike pack with different types of malware (such as Ransomware, trojans etc) to test your Advance Threat Protection solutions, regardless of which vendors you are using. To ensure your network, endpoint, and applications are secure and constantly detecting the latest malware, constant testing and simulation can play a significant role in SOC day-to-day operations.

ATT&CK MITRE package includes Beach Attack Simulation such as credentials dumping, lateral movements, scheduling malicious tasks on servers, remote API calls, Powershell execution etc. An excellent, non-intrusive way to test your network and Advance Threat solutions. FortiTester constantly provides MITRE ATT&CK updates via a subscription based service, along with CVE based intrusions, web/IOT attacks and a malware strike pack.

FortiGuard Device Detection service helps customers significantly reduce their attack surface by enabling Fortinet devices to automatically identify discovered IoT devices based on FortiGuard intelligence, and provide visibility which then enforce appropriate policies against them. With this service, When a new device is detected, Fortinet devices can query the result from the cloud-based FortiGuard servers for more information about the device.

FortiGuard IP Geolocation database is used by Fortinet devices for configurations with geography-based policy address objects. This service allows Fortinet devices to query the cloud-based FortiGuard servers for location of public IP addresses.

There are various attack vectors adversaries use to target victims. DNS is a very common way to attack and divert users to visit malicious websites/domains. Attackers often use different FQDN to host malicious websites that can change dynamically.

FortiGuard Secure DNS services offer a secure lookup from FortiGate NGFW to FortiGuard Secure DNS servers. Evaluating DNS lookups of clean and malicious websites, or even malware initiated DNS lookups can be blocked successfully with this service. Users can configure block settings at the DNS level based on various categories. FortiGate NGFW allows users to block connections at both DNS and connection level (with botnet C&C domain blocking), providing the best and complete protection for clients.

FortiGuard Responder Services: An Extension of Your Team and Technology

To help security leaders address these challenges, Fortinet offers FortiGuard Responder Services. FortiGuard Responder Services enable organizations to achieve continuous monitoring as well as incident response and forensic investigation.

The FortiGuard Responder Services team is staffed with professionals who possess years of training and experience in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics, incident response processes, and the tactics, techniques, and procedures of bad actors. FortiGuard Responder Service is available as two separate services:

FortiGuard Managed Detection and Response (MDR)

The FortiGuard Managed Detection and Response (MDR) Service is designed for customers of the FortiEDR advanced endpoint security platform. FortiGuard MDR provides organizations with 24x7 continuous threat monitoring, alert triage, and incident handling by experienced analysts and the platform. FortiGuard MDR is designed to help organizations defeat even the most advanced attacks.

In order to do so, Fortinet focuses on monitoring the events produced by FortiEDR/XDR for customers. This team of threat experts reviews and analyzes every alert, proactively hunts threats, and takes actions on behalf of customers to ensure they are protected according to their risk profile. Additionally, the FortiGuard team provides guidance and next steps to incident responders and IT administrators.

For more information, see FortiGuard Managed Detection and Response Service - Fact Sheet.

FortiGuard Incident Response Service

The FortiGuard Incident Response Service provides organizations in the midst of a cyber security incident, including targeted ransomware attacks, with the experienced staff, expert skills, powerful tools and established process needed to efficiently assess the situation, its scope and steps necessary to contain the impact and help recover operations.

FortiGuard Incident Response consultants have decades of first-hand investigatory experience and draw on the full support resource of FortiGuard Labs, the threat intelligence and research organization at Fortinet. The FortiGuard Incident Response Service is the ideal choice to help enterprise IT and security teams of all sizes navigate through high pressure and high stakes of cybersecurity incidents.

For more information, see FortiGuard Incident Response Service - Fact Sheet.

The FortiGuard Industrial Security Service for FortiGate combines IPS and Application control signatures focused on Operational Technology.

FortiGuard Industrial Security Service provides Industrial Control Systems with the capability to detect and protect against network-level threats, while enabling extensive visibility into the industrial applications used in such environments.


Number of intrusion prevention rules
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


Number of new and updated anti-virus definitions every week
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


Application Control Rules in FortiGuard’s database
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


Number of botnet command and control attempts blocked every minute of every day by FortiGuard Labs
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


malicious/phishing/spam URLs blocked by FortiGuard labs, through approximately 307
million categorized URLs
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.

80 Million

New and updated anti-spam signatures every week
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


Block rate achieved by the FortiWeb Web App Firewall in a 2017 NSS Labs test
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


Organisations recorded an exploit for a CVE 10 years old*

*Fortinet Threat Landscape Report Q4 2016
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


Submitted samples are processed daily to extract IOCs
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.

20+ attack scenario
Traces source of infection
Outbreak search


Sum of IPS and Application Control rules in Industrial DB
Version 18.164
Updated: 2 days ago
Added (4)     Modified (18)
  • 18.164           2 days ago
  • 18.163           3 days ago
  • 18.162           4 days ago
  • 18.161           5 days ago
  • 18.160           1 week ago
968 Zero-day vulnerabilities discovered to date.
Low latency and high capacity ensure speed and security for applications
Version 89.03490
Updated: 20 minutes ago
  • 89.03490           20 minutes ago
  • 89.03480           1 hour ago
  • 89.03470           2 hours ago
  • 89.03380           3 hours ago
  • 89.03370           12 hours ago
Protects against latest malware variants with proactive technologies to block new threats

Keeps your protection up-to-date with hourly updates
Version 18.166
Updated: 22 hours ago
  • 18.166           22 hours ago
  • 18.162           4 days ago
  • 18.157           1 week ago
  • 18.154           2 weeks ago
  • 18.151           3 weeks ago
Applications: 4149
Categories: 24
Lets you fine-tune your policies based on application type via application categories
Optimizes bandwidth usage on your network by prioritizing or blocking traffic based on application
Blocks large-scale DDoS attacks from known infected sources
Protects against web attacks, phishing activity, web scanning, scraping, and more
Version 25.10097
Updated: 13 minutes ago
  • 25.10097           13 minutes ago
  • 25.10096           23 minutes ago
  • 25.10095           33 minutes ago
  • 25.10094           48 minutes ago
  • 25.10093           58 minutes ago
Major Web Filter Categories
  • Adult/Mature Content
  • Bandwidth Consuming
  • General Interest - Personal/Business
  • Potentially Liable
  • Security Risk
Prevents malware downloads from malicious or hacked websites
Meets compliance requirements for both CIPA and BECTA
Version: 103.11503
Updated: 1 hour ago
  • IP Update:
    103.11503           1 hour ago
  • URI Update:
    95.35858           1 hour ago
  • Checksum Update:
    81.51208           1 hour ago
Reduces volume of spam at your perimeter with dual- pass detection technology.
Push and pull options give you the fastest possible security updates
Blocks large-scale DDoS attacks from known infected sources
Protects against web attacks, phishing activity, web scanning, scraping, and more
Gives you the highest level of protection with multiple, correlated threat detection methods.
Stops the latest application threats with real-time updates
FortiWeb Application Security
Version 0.00299
Updated: 1 week ago
Added (0)     Modified (0)
  • 0.00299           1 week ago
  • 0.00298           1 week ago
  • 0.00297           3 weeks ago
  • 0.00296           1 month ago
  • 0.00295           1 month ago
IP Reputation DB
Version 4.713
Updated: 2 days ago
Added (476)     Modified (0)
  • 4.713           2 days ago
  • 4.712           1 week ago
  • 4.711           2 weeks ago
  • 4.710           2 weeks ago
  • 4.709           3 weeks ago
Version 1.265
Updated: 23 hours ago
Added (24)     Modified (2)
  • 1.265           23 hours ago
  • 1.264           1 week ago
  • 1.263           2 weeks ago
  • 1.262           3 weeks ago
  • 1.261           4 weeks ago

FortiAI Firmware and Services:


Version: 1.5.1, Updated: 2 months ago

Scenario AI DB

Version: 1.077, Updated: 1 day ago

Text AI Feature DB

Version: 1.077, Updated: 1 day ago

Text AI Group DB

Version: 1.077, Updated: 1 day ago

Text AI Learning Feature DB

Version: 1.077, Updated: 1 day ago

Binary AI Feature DB

Version: 1.083, Updated: 2 days ago

Binary AI Group DB

Version: 1.083, Updated: 2 days ago

Binary AI Learning Feature DB

Version: 1.083, Updated: 2 days ago

FortiTester Services:

Version: 0.00074, Updated: 1 week ago

Malware Strike Pack

Version: 1.00019, Updated: 2 weeks ago

Web Protection

Version: 20.00908, Updated: 1 year ago

Version: 1.70011, Updated: 3 weeks ago

Version 18.164
Updated: 2 days ago
  • 18.164           2 days ago
  • 18.162           4 days ago
  • 18.155           2 weeks ago
  • 18.149           3 weeks ago
  • 18.147           4 weeks ago
Lets you fine-tune your policies based on application type via application categories

Optimizes bandwidth usage on your network by prioritizing or blocking traffic based on application

Certified by