|
Fortinet® (NASDAQ: FTNT), the world's leading high-performance network security company, today announced a major update to the company's FortiOS network security operating system to further enhance the multifaceted capabilities of the FortiGate platform. This release incorporates a number of innovative technologies that leverage the industry's leading advanced threat defense architecture to provide organizations with the ability to combat advanced persistent threats (APT), zero-day attacks and other complex malware. The framework uses Fortinet's award-winning technologies, including access control, threat prevention and detection, incident response and continuous monitoring. These capabilities address the need to respond to increasingly complex cyber threats and reduce the risk of network damage and data loss.
The key elements of the Fortinet Advanced Threat Protection Architecture are:
· Access Control: Reduces the attack plane and allows only authorized users to access the network through the authorized port.
· Threat Defense: Detects program code, traffic, websites, and applications to proactively block possible attacks.
· Threat Detection: Continue to search for the clues of threats and identify advanced attack techniques that bypass traditional defenses.
· Incident Response: Expert-level security services, as well as automated operations and updates to verify and suppress security incidents.
· Continuous monitoring: Adjust and improve defense levels in accordance with personal and corporate security defense standards to adapt to rapidly evolving threat environments.
FortiOS 5.2: The cornerstone of Fortinet's advanced threat protection architecture
Today's cyber threats are full of highly targeted zero-day and APT attacks for stealing corporate intellectual property or other important data. Experts at the FortiGuard Threat Response and Research Laboratory have discovered more than 140 new zero-day vulnerabilities, including 18 discovered in 2103. The Fortinet APT protection architecture should be in line with Gartner's defense recommendations for advanced threat protection. As Gartner reported on February 12 this year, "Designing an Adaptive Security Architecture for Protection from Advanced Attacks," by Neil MacDonald and Peter Firstbrook, "All organizations are now It should be assumed that they are in a state of constant intrusion attacks. Integrated defense requires an adaptive process that integrates predictive, preventive, detection, and response processing capabilities."
Based on this, Fortinet builds new security features into the upgraded operating system, making APT and other targeted attack protection more effective. FortiAnalyzer log and report management devices and FortiManager centralized management devices also support FortiOS 5.2 after updating the operating system.
Apt.jpg
Fortinet APT Threat Protection Architecture:
· Access control:
o Added graphical policy table control to make firewall policy configuration simpler and more consistent.
· Threat defense:
o New advanced anti-malware engine based on deep data flow, more powerful than traditional feature file comparison and heuristic scanning. High-speed data stream analysis and extensive proactive detection technologies, including shelling reduction and behavioral simulation.
o The new inline SSL engine uses Fortinet's proprietary ASIC processor CP8 to increase the detection speed of encrypted data streams by up to five times.
o Enhanced explicit web proxy support for https, further improving performance.
o Enhanced IPS intrusion prevention engine, using advanced decoders and dynamic analysis technologies to protect against the latest attack technologies.
· Threat detection:
o Deep integration of FortiGate and FortiSandbox for easy deployment and optimized protection.
o Enhanced client behavior analysis, introducing new intrusion reporting and criticality ratings to enhance detection of unknown attacks.
o Provide more pre-defined reporting options, including botnet activity, and locate compromised systems.
· Incident response:
o Control panel design can be based on user devices, applications, websites, and threat displays, including criticality and drill down to speed up responsiveness.
o Adopt a new role-based workflow model to adjust response mechanisms in other event activities.
o Based on the event adjustment strategy table processing and corresponding actions.
o Through these inspection methods, direct control of the policy form to implement mitigation measures.
· Continuous monitoring:
o Added comprehensive view based on identity policy (combining users and their devices), cross-log view to further complete network visibility.
o Added access to the FortiSandbox eco-group to invoke its intelligence.
o Deep application management to improve the visibility of cloud applications.
|
