Beruflich Dokumente
Kultur Dokumente
Table of Contents
Introduction 3
2 www.fortinet.com
WHITE PAPER: THE FORTINET ADVANCED THREAT PROTECTION FRAMEWORK
Introduction
“All organizations should
Sophisticated Attacks Yield Big Rewards now assume that they are
in a state of continuous
The past few years have seen many major brands, large companies and compromise.”
government agencies making headlines, not for some remarkable post- – Gartner
recession economic recovery or innovative product, but for massive data
breaches. More than 100 million customers had personal and/or credit card
“77% of executives cited
information stolen through just one of these bold and extended attacks.
protection from/detection
of APTs as a high or critical
These kinds of attacks grab the attention of consumers, lawmakers, and the
priority in 2015.”
media when they breach very large organizations with dedicated security
teams and infrastructure designed to keep hackers at bay. Nobody is – IDG/Fortinet
immune – smaller organizations are targets as well, either as part of a larger
coordinated attack, or through a variety of distributed malware.
“55% of organizations
experienced 6 or more
The bottom line? It’s time for a deeper, more integrated approach to cyber
security incidents over the
security.
past 12 months.”
– Forrester/Fortinet
3 www.fortinet.com
WHITE PAPER: THE FORTINET ADVANCED THREAT PROTECTION FRAMEWORK
intelligence networkwide
Define Research Obtain Outbound
target target credentials communication n Mitigate – Respond to potential incidents
initiated
Build or Strengthen
acquire tools footprint Exfiltration This framework is conceptually simple; it covers a broad set
data
Test tools + of both advanced and traditional tools for network, application
detection and endpoint security, threat detection, and incident response.
These tools are powered by strong research and threat
intelligence competencies that transform information from a
Sub-Zero Planning Initial intrusion Initial intrusion variety of sources into actionable protection. Although elements
Getting In Getting Out
of the framework (and even technologies within them) can
operate in a vacuum, organizations will achieve much stronger
protection if they are used together as part of an integrated and
Survive automated security solution.
4 www.fortinet.com
WHITE PAPER: THE FORTINET ADVANCED THREAT PROTECTION FRAMEWORK
5 www.fortinet.com
WHITE PAPER: THE FORTINET ADVANCED THREAT PROTECTION FRAMEWORK
Handoffs – The Missing Link Protection Ahead of the Threats: As a new threat emerges
certain detection and prevention products communicate directly
The most critical feature of the Fortinet Advanced Threat
for immediate, automated response. Additionally, FortiGuard
Protection framework – one that is missing in most
Labs 24x7x365 global operations pushes up-to-date security
organizations’ security implementations – is the notion of
intelligence in real-time to Fortinet solutions, delivering instant
the handoff, beyond any particular technology or element. protection against new and emerging threats.
Advanced threat protection relies on multiple types of security
technologies, products, services and research, each with High-Performance Solutions: The Fortinet portfolio of
different roles. To be most effective, they must be aware of and Integrated Security Services is designed from the ground up to
communicate with each other on a continuous basis, handing maximize protection and optimize performance across Fortinet
off data from one to the next. security solutions – physical or virtual and cloud.
As seen in Figure 2, the prevention phase, Element 1, will hand The handoff between Element 3 back to 1 and 2, where the
off high-risk items to the detection phase, Element 2, with advanced threat protection cycle is routinely completed, occurs
previously unknown threats handed off in Element 3 for further when the extensive threat intelligence from FortiGuard Labs is
analysis or mitigation. Ultimately, threat intelligence and updated delivered to all users of Fortinet solutions via the global Fortinet
protection from Element 3 is handed off back to products Distribution Network. Additionally, as part of the Cyber Threat
in Elements 1 and 2, for this efficient cycle of constantly Alliance and other related initiatives, Fortinet shares threat
improving protection and detection against increasingly intelligence with a larger body of researchers, further extending
sophisticated attacks. the reach of its work.
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 120 rue Albert Caquot 300 Beach Road 20-01 Paseo de la Reforma 412 piso 16
899 Kifer Road 06560, Sophia Antipolis, The Concourse Col. Juarez
Sunnyvale, CA 94086 France Singapore 199555 C.P. 06600
United States Tel: +33.4.8987.0510 Tel: +65.6513.3730 México D.F.
Tel: +1.408.235.7700 Tel: 011-52-(55) 5524-8428
www.fortinet.com/sales
Copyright © 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal
lab tests. Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable. May 27, 2016