Extensive knowledge of the threat landscape and the ability to respond quickly at multiple levels are critical elements of effective defenses that prevent and mitigate advanced cyber threats.
In the three months from April 1 to June 30, 2016, participants in the Fortinet Cyber Threat Assessment Program (CTAP) – part of a broader effort by Fortinet and its FortiGuard Labs threat research team to integrate advisory capabilities on cyber risks with its end-to-end security platform – with Fortinet monitoring devices strategically located across hundreds of networks around the world and recording over 185 million threat events and incidents. Many of these security attacks were getting past traditional perimeter security defenses and onto the internal network when Fortinet conducted a series of assessments.
In the latest CTAP Threat Landscape Report, the FortiGuard Labs researchers correlated a large number of ransomware attacks on the financial industry, far greater than in other observed industries during the same timeframe using similar sample sizes. They had observed a variety of new or improved ransomware variants, which is gaining increasing notoriety, including CryptXXX, Locky, Fsociety Locker, Cerber and CryptoWall.
The lure of ransomware’s lucrative rewards draws cybercriminals to band together to increase their rate of success. This makes collaboration among security vendors even more critical.
To process the overwhelming volumes of data traffic for global coverage and malware analysis, Fortinet and other co-founders of the Cyber Threat Alliance (CTA) have pooled their threat intelligence and collaborated on research efforts to protect their customers and open community.
Recently, close cooperation between Fortinet and Interpol helped to take down an international criminal network behind thousands of online scams totaling more than US$60 million. As part of its ongoing collaboration with global law enforcement agencies, governments and industry organizations, Fortinet also tied up with the Korea Internet & Security Agency (KISA) to further boost threat intelligence and information sharing between private and public entities to secure networks across South Korea, especially from growing offshore attacks.
The ultimate aim of these alliances is to break the kill chain of advanced attacks – reconnaissance, weaponization and delivery – of an advanced attack. “Even with multi-layered solutions, it does not mean that we wait until the malware is downloaded onto the PC,” says Gavin Chow, Network Security Strategist of FortiGuard Labs. “Why can’t we block [malicious web sites] even before anyone accesses the link? To take it a step further, if we are aware of known threats and we filter the email, users won’t even receive it. You break the kill chain at the beginning of the malware infection cycle.”
Similarly, to ensure early detection of attacks amid overwhelming volumes of threat data, feeds that align to earlier phases of the kill chain are generally more valuable than those that inform at later phases. From that standpoint, visibility into threats across the distributed network isn’t enough. Security needs to be augmented with an integrated architecture, such as the Fortinet Security Fabric, that can actively convert that visibility and intelligence into actionable response with great efficiency.
According to IDC’s recent Worldwide Quarterly Security Appliance Tracker report, Fortinet has shipped over 2.7 million security appliances to literally every corner of the globe, ranging from large service providers and enterprises to small businesses, which form the very core of its intelligence network. This essential component of the Fortinet Security Fabric gets stronger with each and every new shipment. Collectively, FortiGuard form the largest network of threat collection sensors in the world when acting in unison with other tools such as honeypots and web crawlers.
Intelligence to act
Fortinet’s millions of deployments worldwide identify and track threat events round the clock in real time and intelligently communicate them to Fortinet’s cloud-based analysis centers, where the FortiGuard Labs threat team correlates, analyzes and converts the flood of global data into actionable threat intelligence. The information is then fed dynamically back on a 24x7 basis via FortiGuard Distribution Network (FDN) to all Fortinet devices deployed by some 280,000 customers. This has allowed Fortinet to identify more zero-day threats than the average security vendor and consistently respond to threats with updated signatures in record time.
FortGuard’s ability to provide timely threat analysis and security intelligence offer not only valuable insights into the lifecycle of advanced attacks, including ransomware, but also effective counter measures and resolutions for advanced attack prevention and mitigation. For example, the FortiGuard Labs’ quarterly threat landscape report and weekly Threat Intelligence briefs present critical actionable advice that can be taken to effectively work against threats that are already identified and documented.
“We talk about buying the latest and greatest products and technologies to protect the organization but in the end, the most important aspect in ensuring you’re secure is the people’s awareness of security,” Chow emphasized. “If an organization does not have any anti-virus or high-end security products, but the people are aware that the threats exist, you’d have won half the battle against the scammers and their social engineering emails. Then, you’ll be one step ahead in terms of preventing [IT assets] from getting compromised.”
This is a QuestexAsia feature commissioned by Fortinet.