Indicators of Compromise
The FortiGuard labs collect the Indicators of Compromise (IoCs) and combine them into a package on a daily basis for delivery to Fortinet products via the FDN (Fortiguard distribution network). For example, FortiAnalyzer product can use the IOC package to alert on suspicious or infected hosts in the network.
Submitted samples are processed daily to extract IOCs
Security analysts in the FortiGuard labs tirelessly search and hunt for threats around the globe
Threat sharing agreements with Governments, Certs and Strategic vendors around the globe.
Fortiguard Labs collects indicators of compromise (IOCs) by a variety of methods. Following are some examples:
ML techniques are used to capture IOCs (indicators of compromise) such as malicious IP addresses, domains and urls.
Millons of sensors deployed around the globe consisting of participating customer devices, honeypots and deception decoys pick up early signals of compromise in the global cyber space.
Fortinet propriety web crawlers armed with Artificial Intelligence crawl the Internet looking for malicious sites.
Fortinet has 200+ threat sharing agreements with Governments, Certs and Strategic vendors around the globe.
Participating customers submit new threats to Fortinet for analysis. The submission is either manual or through Fortinet Cloud Sandbox technology. On a daily bases, FortiGuard lab executes 500,000+ malware samples to extract IOCs.
200+ Security analysts in the FortiGuard labs tirelessly search and hunt for threats around the globe
Troll the underground/darknet to uncover zero-day threat events.