Fortinet has unveiled a major update to the company’s FortiOS Network Security operating system that powers the FortiGate platform. This release incorporates numerous innovations that strengthen Fortinet’s Advanced Threat Protection Framework, providing enterprises with a cohesive and coordinated way to combat Advanced Persistent Threats (APTs), zero-day attacks and other sophisticated malware.
This Framework uniquely combines Fortinet’s new and established technologies with FortiGuard’s threat research and response to address increasingly complex cyber threats and reduce the risk of network breach and data loss.
The key elements of Fortinet’s Advanced Threat Protection Framework are:
* Access control – reduces the attack surface by only allowing authorised users to access the network via authorized ports
* Threat prevention – proactively stops as many attacks as possible by inspecting code, traffic, web sites and applications
* Threat detection – continues seeking out indicators of compromise in order to identify previously unknown attacks that bypass traditional defences
* Incident response – validates and contains incidents with expert security services, as well as automated actions and updates
* Continuous monitoring – assesses and improves security posture against individual and industry baselines, while accommodating a rapidly evolving threat environment.
The threat landscape has seen a proliferation of highly targeted zero-day attacks and APTs that are designed to steal intellectual property or other critical enterprise data. Researchers at Fortinet’s FortiGuard Labs have discovered more than 140 new zero-day vulnerabilities to date, including 18 found in 2013 alone.
Fortinet’s ATP framework supports the recommendation of Gartner on protection from advanced targeted attacks. Indeed, according to their February 12th, 2014 report, Designing an Adaptive Security Architecture for Protection from Advanced Attacks, authors Neil MacDonald and Peter Firstbrook wrote “all organisations should now assume that they are in a state of continuous compromise”.
“Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.”
In such context, Fortinet has integrated significant new security features to its operating system for a more effective protection against APTs and other targeted attacks.
FortiOS 5.2 – which will still be supported by current versions of FortiAnalyzer 5.0 and FortiManager 5.0 with a new patch release – strengthens Fortinet’s Advanced Threat Protection Framework at the following levels:
Access control:
* A new graphical policy table manipulation feature allows easier and consistent configuration of firewall policies
Threat prevention:
* A new deep flow advanced malware engine that goes beyond traditional signatures and heuristics; combining the speed of flow-based analysis with the breadth of proactive detection technologies including unpacking and emulation
* A new inline SSL engine leverages the company’s CP8 custom ASIC for as much as 5 times faster content inspection of encrypted traffic (varies by model and previous version of FortiOS)
* An enhanced explicit web proxy with support for https and higher performance
* An enhanced IPS engine protects against the latest exploit techniques with enhanced decoders, dynamic analysis techniques and more
Threat detection:
* Deeper integration between FortiGate and an enhanced FortiSandbox for faster deployment and greater protection
* Enhanced client behavioural analysis with new indicators of compromise and severity rating for the threats to help detect previously unknown attacks
* More pre-defined reports, including botnet activity, pinpoint compromised systems
Incident response:
* New dashboard views- based on user devices, applications, websites and threats- include severity ratings and drill down to speed response
* New role-based workflow modes to guide incident response among other activities
* Direct policy table manipulation from those views to take mitigating action
Continuous monitoring:
* New consolidated views with identity-based policy (combining users and devices) and log cross-referencing for a more complete picture
* New access to FortiSandbox community leverages community intelligence
* Deep application control for cloud visibility