2013

2014

INSERT COMPANY LOGO HERE

2013 North
SSL Certificate
2014 Global
CyberAmerican
Threat Analysis
and Reporting
Product
Leadership
AwardAward
Enabling
Technology
Leadership

BEST PRACTICES RESEARCH

Background and Company Performance

Industry Challenges
Global computing and communications often represent the best applied intelligence that
humanity can offer. However, even as network and information technologies advance
human endeavors economically, academically, and socially, there are obvious security
issues.
Cyber threat management reporting helps security professionals better understand the
tactics and behaviors of would-be hackers and bad actors. Cisco, IBM, Secunia, Symantec,
and Verizon, to name a few, are all companies that publish periodic reports about the
cyber threat landscape. Any singular company can make a powerful contribution to the
global information database on cyber threats. While each company offers a unique
perspective on cyber threats, Frost & Sullivan notes that when viewed in its totality, a
more accurate depiction of the global cyber threat landscape emerges.
Many of these companies take the tact of public vulnerability reporting. Public vulnerability
threat reporting has both selfish and charitable intentions. The for-profit companies that
demonstrate excellence in cyber threat analysis and reporting build credibility and rapport
with

potential

clients

by

cataloging

threats

to

operating

systems,

devices,

and

infrastructure. A convincing sales pitch ties a companys representation of the research it

has conducted in the global threat environment with the intelligence it has built into its
security appliances and professional support to help mitigate and deny the actions of
hackers.
The charitable intentions are compelling, too. Companies publicly reporting vulnerabilities
have internal best practices and will notify the Product Security Incident Response Team
(PSIRT) of the affected vendor. The vendor then has the opportunity to verify and then
patch the vulnerability. Companies working within public vulnerability guidelines will then
leave it to the vendor to report the chain of events.
Frost & Sullivan points out that proper cyber threat reporting is the touchstone toward the
evolution of security product development. Everyone clearly has a stake in the outcome.
As knowledge about the cyber threat landscape accumulates, superior security products
evolve, and, by extension, IT teams are better able to develop customized tools unique to
their industries. Frost & Sullivan feels that what makes Fortinet distinctive is its
comprehensiveness in cyber threat analysis and reporting. The company collects,
analyzes, and reports on cyber threats emanating from malware, mobile malware,
botnets, Web, and spam incidents.

Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

Cyber Threat Analysis and Reporting Excellence of Fortinet

Frost & Sullivan appreciates the fact that Fortinet has devoted many resources toward
providing a global comprehensive view of the cyber threat environment. Additionally,
Fortinet is also able to describe threats in such a way that actionable intelligence becomes
a part of the reporting mechanism.
Breadth of Security Coverage
The 2014 Fortinet Threat Landscape Report includes sections detailing malware, mobile
malware, botnets, Web, and spam incidents. For the purposes of the 2014 Frost & Sullivan
Global Enabling Technology Leadership Award, the findings of FortiGuard Labs, which is
the research arm of Fortinet, will be referred to as Fortinet.
In malware research, Fortinet has made an invaluable contribution. Fortinet discovered
that malware incidents happen in cycles. In January 2013 (after Christmas rush) and in
August 2013 (noted for slower activity in European markets), malware discovery was the
lowest with less than 10 million incidents in each month discovered. Also worth noting, in
2013, Fortinet discovered 20 million occurrences of malware stemming from the
W32/ZeuS(Zbot) family of viruses; this strain being the most virulent discovered by
Fortinet.
Regarding botnets, Fortinet have been able to catalog and detail botnets related to the
ZeroAccess virus. Earlier in 2013, the ZeroAccess botnet and its controllers were
systematically adding about 100,000 new infections weekly. Botnets generate in excess of
90% of all malware. FortiGuard Labs researches and decodes botnet protocols, which
allows Fortinet to intercept malicious communications and take proactive actions.
Of course, botnets and viruses represent formal attack mechanisms on the Web, but
malicious activity can be initiated by someone simply clicking onto a Web address.
Phishing is the practice of creating Web pages that purport to offer legitimate service, yet
are, in fact, engineered to collect information about the device accessing the site or
connive the visitor into giving up personal information. Spam is almost as old as the
Internet itself. Spam emails often contain Web links to nefarious sites (adult content, false
commerce, etc.). In 2013, Fortinet successfully detected between 1-3 million phishing
sites or known spam URLs every month.
Through its Application Delivery Controller, Fortinet is able to monitor Layer 7 (i.e.,
application layer) traffic. This capability helps to identify patterns of malicious behavior
even if an IP address has not been blacklisted. FortiGate is the logistics and vulnerability
detection system in Fortinets VM and UTM platforms. As of April 2014, the FortiGate
platform contains 15,500 vulnerability rules.
Monitoring the cyber threat landscape is a massive undertaking and all types of companies
Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

contribute. Other competitors of Fortinet use the results of penetration testing, ethical
hacking, network vulnerability detection, IP abnormalities from mobile phone networks,
and the results of Web filtering. Like the proverbial blind man that is asked to describe an
elephant by what he touches, the cyber threat landscape can only be fully understood by
understanding the larger security picture.
Fortinet in its threat environment reporting has the ability to summon information from all
aspects of networking, mobile and Web environments to create an integrated threat
management story (as well as a layered defense system for its customers).
Attention to the Mobile Market
Bring-your-own-device (BYOD) networking is becoming a viable option for companies that
want to keep its expenses down and for workers who want a customized and personal
work experience. Mobility enables workers to moderate their own hours, but also offer the
opportunity for continuous productivity. Proactivity in discovering dangerous phone
applications

preserves

network

integrity

and

personal

productivity.

As

business

applications become more mobile, the threat environment will move along with mobility.
Fortinet has precise coverage of the mobile threat environment. At the beginning of 2013,
Fortinet was finding 50,000 incidence of malware on Google Android phones per day. By
the end of 2013, 500,000 incidents per day were being found. The viruses are changing
in 2013 alone, Fortinet found 1,800 new types of mobile viruses. In terms of mobile
malware incidents, the United States experiences the most with 31 percent of all mobile
incidents, but is closely followed by Israel and Germany.
Fortinet reports that there is a comparative explosion in malicious Google Apps. Fortinet
says Google takes many precautions to make sure its Apps store offers safe products;
however, third-party app stores offering Google Apps are especially vulnerable. A common
exploit might be to offer a popular application. An end user attempts to download the app
and instead receives a fraudulent product. Embedded in the phony app is a product design
kit (pdk) that has exploits designed to jailbreak the phone.
Comprehensive coverage of the mobile threat environment helps CSOs understand the
necessary technologies needed to protect heterogeneous networks from exploits.
Network Vulnerability Reporting
Traditionally, when the topic of vulnerabilities was brought up, the most common worry
was hackers trying to breach sensitive information hidden behind network firewalls. While
the threat environment is fluid and attacks are more likely to address Web and mobile
applications and less likely to attack networks through firewalls, secure networking is an
important aspect of any defense. In the context of the Internet of Things, a vulnerability is
a vulnerability regardless of source and method.
Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

Toward formal network vulnerability reporting, Fortinet historically reports vulnerabilities

to MITRE and to the National Vulnerabilities Database, and has been credited with
discovering 143 public vulnerabilities. In Fortinet advisories, FortiGuard Labs uses its own
(1-5) metric describing the exploit potential of a threat.
Number of Assets Used to Discover Vulnerabilities
Fortinet has three important assets in its arsenal used to bolster threat environment
reporting: manpower, a global install base of security appliances, and the overlap and
culmination of knowledge from security products in the field.
In terms of manpower, Fortinet has more than 200 dedicated research analysts,
engineers, and forensic specialists. The majority of the global team is located in
Vancouver, Canada, and network, mobile, and Web monitoring is continuous. The results
of the research team are used to update Fortinet products in the field and advise
customers of potential attack vector. As a part of the global community and Fortinet best
practices, Fortinet reports vulnerabilities back to the vendors and Fortinet contributes to
various international Community Emergency Response Teams (CERTs), FIRST and special
vulnerability task forces like MITRE and the National Vulnerability Database.
Fortinet, the parent company of FortiGuard Labs, has roughly 1.3 million security
appliances in the field. Fortinet products are classified under four major headings: network
security, network access, application security, and management. While the four product
groups can be used independently, when used in combination, a layered defense offers
optimal threat detection and protection.
In

the

course

of

protecting

assets,

Fortinet

products

are

always

learning

and

communicating this dynamically increases Fortinets protected surface. In 2013, the

Fortinet Web Application firewall, FortiGates, added almost 20 million new sites and IP
addresses to its classification lists and updated over 64 million existing sites. If an IP
address is thought to be malicious, FortiGuard Labs will analyze the IP address and server.
Following this practice, in January 2013, Fortinet discovered nearly one billion malicious
sites.
Any learning promotes the greater security field. A mobile operator has important
information, and endpoint security providers can shed light on persistent attacks. Fortinet
has synergy between their product development and research activity.
Interaction with the Global Community
For the intent and purposes of this report, "Global" is taken to connotate a couple of
meanings.
Global is meant as interaction with global commissions and special interests. Literally,
Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

each country has its own computer emergency response team (CERT) the US-CERT is
an example. An international global community that is representative of national CERTs is
the Forum of Incident Response and Security Teams (FIRST). Currently, the Common
Vulnerability Scoring System Special Interest Group (CVSS-SIG) is convening to develop
Version 3 (v.3) scoring methods for vulnerabilities.
Market vertical interests are important to interact with as well. In the United States,
HITRUST Health Information Trust Alliance is the technology SIG accompanying The
Health Insurance Portability and Accountability Act (HIPAA). Internationally, Payment Card
Industry

Data

Security

Standard

(PCI-DSS)

establishes

international

compliance

standards. Several other vertical markets convene to set standards for the handling of
personal information or assets. Security service and appliance providers make a powerful
contribution to the advocacy of these groups.
For

reporting

purposes,

knowledge

of

individual

countries

is

important.

While

communications are truly global each individual company has a different culture in what
phones are purchased, how business is conducted, and what applications are used.
Naturally, the ability to identify where a cyber threat is coming from goes a long way
toward mitigating the threat.
Fortinet is a prodigious and conscientious contributor to FIRST and participates in the
technical wings of the CVSS-SIG. Fortinet offers advisories and white papers suggesting
best practices for specific vertical markets. The 2014 Fortinet Threat Landscape Report
provided information about which countries were most attacked by malware, mobile
malware and botnets.
Impact on Customer Satisfaction/Value
Vulnerability reporting reveals a mixed bag of motivations. Penetration testers and ethical
hackers will scan a network for vulnerabilities with the idea that they can claim a bounty
or sell security products that will mitigate potential threats.
Yet Fortinet takes a more holistic approach. Because Fortinet has a global presence, it is in
the best interest of the company to encourage a global exchange of vulnerabilities. If
Fortinet discovers a vulnerability, it will report the vulnerability straight to the affected
vendor or CERT through its Product Security Incident Response Team (PSIRT). Fortinet
will then let the affected vendor or CERT report the vulnerability either in an advisory or to
a global interest group and after a patch or remediation has taken place.
In general, Fortinet intimates its relationships with major PSIRT teams (Cisco, Google,
Adobe, Microsoft, etc.) continue to improve. However, even as these relationships improve
and Fortinet has increased credibility with key vendors, nine out of ten vulnerabilities still
take six months or more to adequately patch.

Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

Currently, Fortinet lists 61 of the Global 100 as customers who at some point purchased a
Fortinet product. This means that Fortinet can report on and design defenses based upon
market

verticals,

specific

network

types,

and

the

intersection

of

networks

and

applications. If customers wish to participate in the larger Fortinet net, Web facing and
network defense products can be upgraded almost simultaneously to reflect new data
about threats as Fortinet learns about them.
While Fortinet takes an egalitarian approach to threat landscape reporting, Fortinet
customers still gain an advantage. When the company uncovers a network vulnerability,
malware, a botnet, or a malicious IP site, Fortinet will program its products to block or
deny access to network or site instantaneously. This zero-day process happens even as an
affected product vendor is notified and waits to issue an advisory or otherwise publicly
report its vulnerability. Prior to a fix, zero-day protection is already available.
Frost & Sullivan independent analysis indicates that Fortinet clearly establishes equipoise
between being a good corporate citizen and offering proactivity for its clientele.

Conclusion
Frost & Sullivan recognizes Fortinet for excellence in cyber threat reporting for the depth of
its research. Fortinet seamlessly fuses the results of its research and product development.
Attributable to its internal best practices, Fortinet receives high marks for its ethical
reporting of vulnerabilities. The company is a powerful contributor to standards-based
organizations and CERT teams. In the process of cyber defense, Fortinet products are
gaining knowledge about attack vectors and pattern of malicious behavior. Its impressive
research team brings a high level of refinement to raw data sets: information obtained
about the Internet, network vulnerabilities, and cellular communications.
Driven by interior and ulterior motives, Fortinet research paints a comprehensive picture of
the threat environment facing companies in information and network technologies.

Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

Significance of Enabling Technology Leadership

Ultimately, growth in any organization depends upon customers purchasing from a
company, and then making the decision to return time and again.

In a sense, then,

everything is truly about the customer and making those customers happy is the
cornerstone of any long-term successful growth strategy. To achieve these goals through
technology leadership, Frost & Sullivan believes that an organization must be best-in-class
in three key areas: understanding demand, nurturing the brand, differentiating from the
competition.

Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

Understanding Technology Leadership

Product quality (driven by innovative technology) is the foundation of delivering customer
value. When complemented by an equally rigorous focus on the customer, companies can
begin to clearly differentiate themselves from the competition. From awareness and
consideration, to purchase and follow-up support, best-practice organizations deliver a
unique and enjoyable experience that gives customers confidence in the company, its
products, and its integrity.

Frost & Sullivans Global Research Platform

Frost & Sullivan maintains more than 50 years in business and is a global research
organization of 1,800 analysts and consultants who monitor more than 300 industries and
250,000 companies. The companys research philosophy originates with the CEOs 360
Degree Perspective, a holistic research methodology that encourages us to consider
growth challenges, and the solutions companies employ to solve them, from every angle.
This unique approach enables us to determine how best-in-class companies worldwide
manage growth, innovation and leadership. Based on the results of our research in
enabling technology leadership, Frost & Sullivan is proud to present the 2014 Global
Enabling Technology Leadership Award in Cyber Threat Analysis and Reporting to Fortinet.

Frost & Sullivan

We Accelerate Growth

BEST PRACTICES RESEARCH

Key Benchmarking Criteria

For the Enabling Technology Leadership Award, Frost & Sullivan analysts independently
evaluated the total client experience and strategy implementation excellence according to
the criteria detailed below.
Cyber Threat Analysis
Criterion 1: Breadth of Security Coverage
Criterion 2: Attention to the Mobile Market
Criterion 3: Web-Specific Weaknesses
Criterion 4: Network Vulnerability Reporting
Criterion 5: Coverage of Platforms
Cyber Threat Reporting
Criterion 1: Number of Assets Used to Discover Vulnerabilities
Criterion 2: Actionable Intelligence
Criterion 3: Interaction with the Global Community
Criterion 4: International Coverage
Criterion 5: Impact on Customer Satisfaction/Value

The Intersection between 360-Degree Research and Best

Practices Awards
Research Methodology
Frost & Sullivans 360-degree research
methodology

represents

the

360-DEGREE RESEARCH: SEEING ORDER IN

THE CHAOS

analytical

rigor of our research process. It offers a

360-degree-view of industry challenges,
trends, and issues by integrating all 7 of
Frost & Sullivan's research methodologies.
Too

often,

growth

companies

decisions

understanding

of

make

based

on

their

important
a

narrow

environment,

leading to errors of both omission and

commission. Successful growth strategies
are founded on a thorough understanding
of market, technical, economic, financial,
customer, best practices, and demographic
analyses. The integration of these research
disciplines into the 360-degree research
methodology

provides

an

evaluation

platform for benchmarking industry players and for identifying those performing at bestin-class levels.
Frost & Sullivan

10

We Accelerate Growth

BEST PRACTICES RESEARCH

Decision Support Scorecard and Matrix

To support its evaluation of best practices across multiple business performance
categories, Frost & Sullivan employs a customized Decision Support Scorecard and Matrix.
This analytical tool compares companies performance relative to each other. It features
criteria unique to each Award category and ranks importance by assigning weights to each
criterion. The relative weighting reflects current market conditions and illustrates the
associated importance of each criterion according to Frost & Sullivan. This tool allows our
research and consulting teams to objectively analyze performance, according to each
criterion, and to assign ratings on that basis. The tool follows a 10-point scale that allows
for nuances in performance evaluation; ratings guidelines are illustrated below.

Best Practice Award Analysis for Fortinet, Inc.

Decision Support Scorecard: Global Threat Analysis
The Decision Support Scorecard illustrates the relative importance of each criterion and
the ratings for each company under evaluation for the Enabling Technology Leadership
Award. The research team confirms the veracity of the model by ensuring that small
changes to the ratings for a specific criterion do not lead to a significant change in the
overall relative rankings of the companies.
Finally, to remain unbiased and to protect the interests of all organizations reviewed, we
have chosen to refer to the other key players in as Company 2 and Company 3.

Frost & Sullivan

11

We Accelerate Growth

BEST PRACTICES RESEARCH

DECISION SUPPORT SCORECARD FOR ENABLING TECHNOLOGY LEADERSHIP AWARD:

CYBER THREAT ANALYSIS
Measurement of 110 (1 = poor;
10 = excellent)

Cyber Threat Analysis

Breadth of
Security Coverage

Attention to the
Mobile Market

Web-Specific
Weaknesses

Network
Vulnerability
Reporting

Coverage of
Platforms

Weighted Rating

Award Criteria

Relative Weight (%)

20%

20%

20%

20%

20%

100%

Fortinet

10.0

10.0

9.0

7.0

9.0

9.0

Company 2

9.0

8.0

8.0

8.0

8.0

8.2

Company 3

7.0

8.0

9.0

7.0

8.0

7.8

Breadth of Security Coverage

Requirement: Companies should cover the threat environment for networks, mobile, Web
and The Internet of Things.
Attention to the Mobile Market
Requirement: Coverage of the mobile market has to include research into weaknesses in
mobile operating systems and what applications are being used.
Web-Specific Weaknesses
Requirement: The Internet still represents the most commonly used medium for
commerce and personal communications. Malware, botnets, phishing, and spamming
should optimally be studied.
Network Vulnerability Reporting
Requirement: Public vulnerability reporting has always focused on network vulnerabilities.
The CVSS scoring system helps to determine threat severity and points the way to
remediation.
Coverage of Platforms
Requirement: Operating systems, technologies, and browsers could loosely be termed as
platforms. Commonly used platforms like Android, Microsoft Internet Explorer, and Oracle
Java are routinely used, and, unfortunately, highly targeted for exploits.

Frost & Sullivan

12

We Accelerate Growth

BEST PRACTICES RESEARCH

Decision Support Scorecard: Technology Excellence

DECISION SUPPORT SCORECARD FOR ENABLING TECHNOLOGY LEADERSHIP AWARD:
CYBER THREAT REPORTING
Measurement of 110 (1 = poor;
10 = excellent)

Number of Assets
Used to Discover
Vulnerabilities

Actionable
Intelligence

Interaction with
the Global
Community

International
Coverage

Impact on
Customer
Satisfaction/Value

Weighted Rating

Award Criteria

20%

20%

20%

20%

20%

100%

Fortinet

9.5

9.0

9.0

9.0

9.0

9.1

Company 2

9.0

8.0

8.0

8.0

8.0

8.2

Company 3

8.0

9.0

7.5

8.0

8.0

8.1

Cyber Threat Reporting

Relative Weight (%)

Number of Assets Used to Discover Vulnerabilities

Requirement: The quality of reports is directly affected by manpower in the field and in
labs. Many security appliance vendors have installed bases from which to draw knowledge.
Actionable Intelligence
Requirement:

Cyber threat reporting should have the virtue of describing a threat in

detail allowing IT teams to mitigate new threats based upon proven treatments of older
vulnerabilities.
Interaction with the Global Community
Requirement: Cyber threats are often targeted to specific market verticals.
International Coverage
Requirement: The best threat reporting addresses where the threat emanates, what the
consequences were (or are, if on-going) and which end-users are affected. Global
geographies matter.
Impact on Customer Satisfaction Values
Requirement:

Cyber threat reporting has the virtue of informing security appliance

vendors or managed service providers how to build intelligence into their defenses.

Frost & Sullivan

13

We Accelerate Growth

BEST PRACTICES RESEARCH

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth
and achieve best in class positions in growth, innovation and leadership. The company's
Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined
research and best practice models to drive the generation, evaluation and implementation
of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in
partnering with Global 1000 companies, emerging businesses and the investment
community from 31 offices on six continents. To join our Growth Partnership, please visit
http://www.frost.com.

Frost & Sullivan

14

We Accelerate Growth