threat research


There is an incredible urgency for organizations, especially those undergoing digital transformation, to reprioritize security hygiene and identify emerging risks. However, as the volume, velocity, and automation of attacks continues to increase, it is also becoming increasingly important to align patching prioritization to what is happening in the wild so you can better focus your limited resources on the most critical and emerging risks. [Read More]
by RSS Anthony Giandomenico  |  Jan 17, 2018  |  Filed in: Industry Trends, Security Research
To predict the future, simply look at the past. With that in mind, here’s a quick overview of the current state of cybersecurity, along with what lies on the horizon and what organizations can do to secure their networks. [Read More]
by RSS Anthony Giandomenico  |  Jan 02, 2018  |  Filed in: Industry Trends, Security Research
2017 was another landmark year for cybersecurity. In reviewing our quarterly Threat Landscape reports, it is clear that 2017 has been notable primarily for three things: the rapid digital transformation and expansion of the potential attack surface, the increasing sophistication of cyber attacks, and a lapse in basic cybersecurity hygiene, largely being driven by digital transformation coupled with the growing cybersecurity skills gap. [Read More]
by RSS John Maddison  |  Dec 29, 2017  |  Filed in: Industry Trends
The entire security arms race between IT professionals and cybercriminals is really about one side constantly trying to outsmart the other. Security isn’t just about tools. It’s also about the intelligence that powers them. Which is why when we started Fortinet 16 years ago we were every bit as committed to developing security intelligence and research solutions that were as innovative as the technology we were developing. [Read More]
by RSS Michael Xie  |  Dec 07, 2017  |  Filed in: Business and Technology, Industry Trends
Fortinet today announced the findings of its latest Global Threat Landscape Report. The research reveals that high botnet reoccurrence rates and an increase of automated malware demonstrate that cybercriminals are leveraging common exploits combined with automated attack methods at unprecedented speed and scale. [Read More]
by RSS Anthony Giandomenico  |  Nov 28, 2017  |  Filed in: Security Research
A look back and forward for our 2017 Cybersecurity Predictions. Threats are compounding at digital speeds, while resolutions, like manufacturers building security safeguards into their products, are proceeding at a snail’s pace. We need to start building security into tools and systems on day zero. We need alignment on ways to effectively see and combat new cybercrime. And we need to adopt integrated, collaborative, and automated procedures and technologies end to end to help us see and protect resources. [Read More]
by RSS Derek Manky  |  Aug 08, 2017  |  Filed in: Industry Trends, Security Research
This blog post is a summary of SSTIC, a major infosec conference held in France. As usual, this year’s conference came with excellent presentations. The sessions have been recorded, and the papers are available on the website, although most of the content is in French. For a detailed wrap-up of SSTIC, please read @xme: Day 1 Day 2 Day 3 SSTIC is one of the few IT conferences which (1) ask authors to submit full papers, (2) from which you return with information or tools to work on, and (3) whose presentations are mostly... [Read More]
by RSS Axelle Apvrille  |  Jul 04, 2017  |  Filed in: Security Research
As human beings, we are continually looking for knowledge or information to help improve any situation. If we live or work in a crowded city, for example, we want to know which routes are best to avoid getting stuck in traffic. When we enter a restaurant or movie theater we look for the exits. And when suspicious looking person enters the room, part of our mind automatically keeps track of him. This behavior is known as situational awareness, and it’s second nature to most of us. But while such behavior often occurs in our everyday... [Read More]
by RSS Anthony Giandomenico  |  Jun 27, 2017  |  Filed in: Industry Trends
Summary In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft... [Read More]
by RSS Honggang Ren  |  Jun 14, 2017  |  Filed in: Security Research
The recent WannaCry attack was interesting for a couple of reasons. First, the speed and scale of the attack was impressive. Over the course of a couple of days, hundreds of thousands of systems were affected and disrupted. Second, it also unveiled a disturbing trend. The attack malware exploited a known vulnerability that not only had been revealed through the highly public release of stolen cyber tools, but Microsoft had also released a patch for the targeted vulnerability over two months before. Which means that the scale of the attack was... [Read More]
by RSS Derek Manky  |  Jun 14, 2017  |  Filed in: Industry Trends