Fortinet leads Industry in Zero-Day Discoveries

25th April 2014 | By Mouseworld Now Correspondent |

Fortinet-logoBangalore, India, April 25, 2014: Fortinet (NASDAQ: FTNT),a leading player in high-performance network security, today announced that FortiGuard Labs, the global threat research arm of Fortinet, discovered 18 critical zero-day vulnerabilities in 2013 – more than any other network security vendor in the industry.  This adds to the 140+ zero-day vulnerabilities identified since 2006.  Of these, 128 vulnerabilities have been fixed by the appropriate vendors.

 

“FortiGuard Labs has been doing threat research work for Fortinet for more than a decade. It’s time to acknowledge the more than 200 unsung heroes who toil behind the scenes around the world,” said Rajesh Maurya, Country Manager, India & SAARC at Fortinet. “FortiGuard Labs is the collaborative team that uncovers new threats, liaises with enforcement and emergency response and discovers evasion techniques while developing cutting edge mitigation technology. We have a tactical security research team tasked with breaking the applications most of us take for granted on a daily basis, who then forward their findings to vendors so they can update their software to better protect their customers. Every hole they find is one less vulnerability for the hackers to exploit. In the end, affected products are hardened and clients are protected before and after holes are closed.”

 

A zero-day vulnerability is a previously unknown threat that does not yet have a patch or update available from the vendor to close a security hole, thus leaving it open to attack. Once a zero-day vulnerability is identified, FortiGuard Labs analyzes and verifies it before vendors are notified. Upon verification, FortiGuard Labs develops an advanced zero-day IPS signature(s) that is pushed out to Fortinet customers well in advance of a vendor’s patch release, which helps protect against the open security hole(s). These signatures are unique to Fortinet and play an important role in the fight against advanced persistent threats (APTs).

 

“Zero-day vulnerabilities can be developed into dangerous weapons by cyber criminals or nation states and can be used to effectively subvert targeted systems. Our mission is to take the fuel out of their fire, protecting targets before they are under attack,” Rajesh Maurya continued. “Zero-day protection is a tough task, and our approach offers unique and effective protection against APTs.”

 

 

FortiGuard Labs’ responsible disclosure dictates a discovered vulnerability be patched before public disclosure. Even without a working patch, a signature for the vulnerability can be generated to prevent intrusions. Once a signature is created, it is put through FortiGuard Labs’ zero-day signature process and assigned a generic name. The goal is to provide protection while disclosing as few details as possible. From there, FortiGuard works together with vendors to create a patch for the vulnerability. After a patch is released, FortiGuard continues to work with the vendor to analyze the source of the vulnerability and to help prevent similar zero-days from being exploited in the future.

 

As malware numbers have increased exponentially in recent years, network security vendors have had to find alternate methods for malware detection and mitigation. Fortinet, for example, incorporates several new protective features and functionalities into its FortiOS operating system. FortiOS 5 includes more than 150 new security features that help protect against today’s Advanced Persistent Threats (APTs) and Advanced Targeted Attacks (ATAs). These enhancements include advanced malware detection, exploit discovery and protection, cloud-based reputation systems and a multi-vector policy engine, which offers the ability to apply policy based on the user and device identity; an important attribute for distributed, virtual and cloud networks.

 

In addition to analyzing the threat landscape, FortiGuard Labs researchers write and present papers at global security conferences, including EICAR, Blackhat, Virus Bulletin, Insomni’Hack and Hashdays.

 

 

FortiGuard Labs has identified the most recent threats based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Services should be protected against the vulnerabilities outlined in this report as long as the appropriate configuration parameters are in place.

 

 

Tags: , , , , , , , , , , ,

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 10 + 8 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • Second Edition of Annual 4.5G & 5G Innovation Summit concludes on a successful note more...
  • Wydr launches India Wholesale E-Fair more...
  • Snapdeal clocks record 3x growth in Kids Category more...
  • Paytm ensures 100% security for users’ identity in Money transfers more...
  • HP Rolls out Four New PageWide Web Presses more...
Subscribe via email

Enter your email address:

Follow us on Facebook
QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration