1
Threat Landscape Report Q2
Dennis Ladefoged – SE
DennisLadefoged
Company OverviewWho are we and what is FortiGuard?
Q2 2019 Key FindingsBy the numbers, Bluekeep, IOT, Ransomware & Fortnite
Key TakeawaysWhat to keep on the lookout for
Fortinet Security FabricBroad, Integrated & Automated
Wrapping upQuestions
Agenda
5,800+
EMPLOYEES WORLDWIDE
110+OFFICESACROSSTHE GLOBE
467PATENTS291 INPROCESS
ISSUED
4.6mSHIPPEDSECURITYDEVICES
340KCUSTOMERS
$1.8bnREVENUE
IN EXCESS OF
$1.5bnIN CASH
19%YEAR ON YEARGROWTH
2000BY KEN XIE
FOUNDED IN
HEADQUARTERED INSUNNYVALECALIFORNIA
Company Overview
4
Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, 4, October 2018
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability orfitness for a particular purpose.
Fortinet Once Again Recognized as a Leader in this Magic Quadrant
Gartner’s Magic Quadrant for Enterprise Network Firewalls
5
FortiGuard Labs – Threat Intelligence
8 dedicated labs
Sunnyvale Vancouver Ottawa France Singapore Taiwan TokyoKuala Lumpur
250+researchers & analysts
480,000research hours
per year
31countries
Research
Development
Innovation100 Billionsecurity events a day
Presence inResponse
Outreach
Education
6
FortiGuard Labs – Numbers
7
FortiGuard Threat Intelligence Partnerships
CISCP & NCCIC
8
Threat Landscape Index
Closed out Q2 with highest peak in 1-year
4%
9
Q2 Threat Landscape 2019 – by the numbers§ Exploits § 184 billion exploit detections § 1.8 billion average daily volume § 6,298 unique exploit detections § 69% of firms saw severe exploits
§ Malware § 62 million malware detections § 677,000 average daily volume § 16,582 variants in 2,534 families § 18% of firms saw mobile malware
§ Botnets § 2.9 billion botnet detections § 32 million average daily volume § 243 unique botnets detected § 993 daily communications per firm
§ Phishing§ Email remains the #1 attack vector§ 92.4% of malware are delivered via email§ 49% of malware was installed via email § 16,582 Unique malware variants in Q2
10
The Rise Of BlueKeep
§ Allows an unauthenticated user to connect.
§ BlueKeep is “wormable” and allows malware to spread. - in the same manner as the notorious WannaCry ransomware in 2017!
§ The end of Q2 2019, internet scans showed there were more than 800,000 unpatched systems with RDP services exposed to the internet.
11
Probing The Grid
§ We have seen scans of dozens of U.S. power grids and the oil and gas industry. Schneider Electric SCADA controllers as target.
§ 1% of organizations increase, is much higher than we typically see for Schneider’s (and othermanufacturers’) ICS or SCADA products.
§ From industrial controllers to Smart home systems.
12
Upping Threat-Detection MeasuresRogue macro in the Japanese spam campaign
Designed to look for certain Excel-specificvariables at multiple points during execution. Ensuring it was running within an Office Excel environment and not in an emulator
§ Only run on Japanese systems§ xlDate variable?§ Disabling security tools§ Executing commands§ Causing memory problems
One Excel property that it looked for in particular—xlDate variable—was something that we haven’t observed before in other malware!
13
Ransomware In Overall Decline
§ Declining in Overall Volume but More Targeted
§ Cybercriminals focusing on organizations that can pay
» Network breached then considerable reconnaissance before deploying ransomware
§ To pay or not to pay?
14
CryptoJacking
§ In a decline since CoinHive shutdown§ 59% had detected attacks at some point1
§ 80% occurred in the last 6 months1
§ 38% believe they have never been subjected to such an attack1
Notes/Sources:1. 2018 OnePoll & Citrix
15
Fortinet protects Fortnite
§ Malware disguised as aimbot hack§ Game malware and ransomware
combined§ Up to 250 million Fortnite players§ IPS Signature:
16
Key Q2 2019 Findings
MORE ENCYPTED RECORDS
EDUCATION HIGH RISK
OLDIES BUTGOODIES
WEEKENDWARRIORS
SLOW PATCHING FUELS
RANSOMWARE
THAT’S SUCHA DOWNER
NOTHING BUTBOTNETS
WHEN SHARINGISN’T CARING
90% 3 years
or older! 44%57% HTTPS
3% had more than 10 unique botnets
7-9 times as
many botnets
17
Fortinet Security Fabric
Open Ecosystem
NetworkSecurity
Network Security
Device, Access, and Application Security
Multi-Cloud Security
NetworkOperations
Security Operations
Multi-CloudSecurity
Endpoint/DeviceProtection
SecureAccess
ApplicationSecurity
FabricAPIs
FabricConnectors
SecurityOperations
INTEGRATEDAI-driven breach prevention across devices, networks, and applications
AUTOMATEDOperations, orchestration, and response
BROADVisibility of the entire digital attack surface
18
FortiGate
FortiManager
FortiGuard Labs
Manage External Risks
Powerful security
Prevent sophisticated Cyber attacks
Remove Blind Spots
Full visibilityGartner estimates that by
2019 80% of enterprise trafficwill be encrypted
Internal SegmentationProtect your network - enable
L7 security between segments
Reduce Complexity
Consolidate point products
Improving security posture
12
3
Fortinet Security Fabric - Fortigate
Security Operations
FortiManager
19
FortiManager
FortiGuard Labs
Breach protection
External and Internal threats
Early WarningRedirect attacks, analyze and
respond
Ease Of Use
Wizard-based provisioningand deployment
Fabric IntegrationActionable visibility
Automation
12
Fortinet Security Fabric - FortiDeceptor
FortDeceptor
20
FortiManager
FortiGuard Labs
FortiClient
Managed Endpoint SecurityFabric Integration
Integrated VPN ClientCloud/On-prem sandbox
FortiNAC
Multivendor”Easier NAC”
Scalability
If you can´t see it, you can´t control it
1
2
Fortinet Security Fabric - NAC & Client
FortiClient
FortiNAC
21
FABRIC READY (API) FABRIC ORCHESTRATION
NetworkOperations
NetworkSecurity
OpenAPI
FabricConnectors
Open Ecosystem
And many more….
22
Key Takeaways
STOP KNOWN THREATS
DETECT NEW THREATS
ACTIONABLE INTELLIGENCE
DESIGN FOR THE UNEXPECTED
PATCH AND UPDATE
BACK UP SYSTEMS AND DATA
https://threatmap.fortiguard.com/
FortiGuard Weekly NewsletterCustomer sign up link: http://demand.fortinet.com/FortiGuard
Weekly deliveredTargeted to technical security operations/CISO/IT manager Free of charge
Tak for jeres tidSpørgsmål?