sb-au logo
Story image

Advanced Threat Protection from Fortinet: Prevent, detect and mitigate

16 Nov 2020

Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why zero-day threats represent an unacceptable risk to your enterprise and how to protect your network by adopting Advanced Threat Protection security services.

The global threat landscape is awash with adversaries and exploits. Most are known and can be blocked with a judicious application of network security services and threat intelligence. Yet some exploits are unknown (so-called zero-day threats) and can cause significant damage if they bypass your security defences and execute behind the firewall. 

State actors, criminal gangs and disgruntled individuals ferret out these exploits, keep them hidden away and then deploy them at the time and place of their choosing for maximum profit and/or upheaval. 

You can’t stop them. There are thought to be hundreds of unknown exploits at any given time hidden in popular software and apps. Yet you can take concrete steps to mitigate the damage if your organisation is targeted by adversaries weaponising a previously unknown exploit for whatever purposes. 

Advanced Threat Protection

An Advanced Threat Protection (ATP) framework is a fabric of inter-related security services that act in concert to detect zero-day exploits (or any suspicious activity) as soon as they deploy inside your perimeter, isolate and analyse the activity to ascertain the threat level and then, if appropriate, update all of the other security services on your network to prevent a recurrence. 

ATP is self-learning. Once an exploit is detected, the ATP fabric isolates it in a ‘sandbox’ for further analysis. If benign, no problem. But if it displays unwanted characteristics the file is analysed in-depth, resulting in fixes to prevent any further attempts at breaching your defences at every edge.

ATP is integrated. Because they are united within a common overall security fabric, ATP security services can communicate with each other immediately upon the detection of an unknown threat. Similarly, as soon as the characteristics are observed, every security service on your network will be updated for prevention. 

ATP is manageable. Because the ATP framework is highly-automated and incorporates AI and self-learning, most of the work happens behind the scenes and can be monitored in real time from a combined SOC/NOC dashboard. And ATP capabilities can be deployed quickly and easily as you onboard new fabric-ready security services to protect your digital transformation initiatives.

Risk buy down 

No network is 100% secure. But there is a direct correlation between the resources you expend on protecting your network and the level of protection you receive. This is known as risk buy down. Risk buy down is predicated on your understanding the nature of threats to your business, where these threats manifest themselves and the potential ramifications if these threats do indeed come to pass. These ramifications are both quantitative (monetary) and qualitative (reputational). 

In short, investing in cybersecurity reduces risk. A single DDoS attack – or three – can have a huge impact on your business if you haven’t kept your cyber defences up to speed. The solutions are out there. It’s just a question of which ones are best for you.

Response and mitigation

Fortinet’s ATP tools provide a set of procedures that can move quickly whenever or wherever anomalous behaviour is detected. These ATP tools orchestrate response and mitigation inside your network to isolate the threat, update their security profiles and then communicate directly with the FortiGuard Labs for further analysis. This collaboration slams shut the window of vulnerability on a global basis and transforms previously unknown threats into easily-detected signatures that can be halted at the gateway.

Fortinet’s ATP Framework enhances the protection offered by the Fortinet Security Fabric’s interconnected security technologies and services. It is global in scope yet on-premise in deployment. As a result, you can build an advanced threat identification and mitigation framework that is customised for your own network topologies and interacts with the latest threat intelligence from the FortiGuard Labs.

Fortinet’s integrated ATP framework and Security Fabric Services are available from a network of Authorised Partners across A/NZ as appliances, virtual appliances and cloud-based or managed services. Fortinet’s Security Fabric is backed by the global constellation of FortiGuard Labs to ensure that your defences are always updated with the very latest threat intelligence. And Fortinet’s commitment to research and development means that, regardless of which way your network evolves, Fortinet will be right there with the fully-integrated security services to protect it.

About the author

Cornelius Mare is Director, Security Solutions at Fortinet A/NZ. As such, it is his business to know what’s happening in the cybersecurity world and how to help enterprises secure their transitional networks without sacrificing speed, functionality or control. In particular, Corne is an expert with hybrid cloud environments and artificial intelligence. These tools, along with other Fortinet security services, help organisations manage their digital transformations with confidence.

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprises, service providers and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.

Story image
Claroty and CrowdStrike form partnership to protect industrial control system environements
The integration will deliver visibility into industrial control system (ICS) networks and endpoints, with a one-stop-shop for information technology (IT) and OT asset information directly within The Claroty Platform.More
Story image
Businesses can save on the hefty cost of a security breach if they're honest
SMBs and enterprises that disclose breaches proactively tend to experience 40% less financial damage, according to new research from Kaspersky. More
Story image
Fortinet named Leader in Gartner Magic Quadrant for Network Firewalls
It is 11th time the company has been recognised in the annual report.More
Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More
Story image
NetMotion announces SASE platform leveraging Microsoft Azure
The platform offers integrated transport and web proxies, distributed firewalls, network access control (NAC), zero trust network access (ZTNA) or software-defined perimeters (SDP), a VPN highly optimised for mobile access, and AI-driven policy and risk analysis.More
Story image
Palo Alto Networks launches enterprise data loss prevention service
"As a single centralised cloud service, Palo Alto Networks Enterprise DLP can be deployed across an entire large enterprise in minutes with no need for additional infrastructure."More