1

Threat Landscape Report Q2

Dennis Ladefoged – SE

DennisLadefoged

Company OverviewWho are we and what is FortiGuard?

Q2 2019 Key FindingsBy the numbers, Bluekeep, IOT, Ransomware & Fortnite

Key TakeawaysWhat to keep on the lookout for

Fortinet Security FabricBroad, Integrated & Automated

Wrapping upQuestions

Agenda

5,800+

EMPLOYEES WORLDWIDE

110+OFFICESACROSSTHE GLOBE

467PATENTS291 INPROCESS

ISSUED

4.6mSHIPPEDSECURITYDEVICES

340KCUSTOMERS

$1.8bnREVENUE

IN EXCESS OF

$1.5bnIN CASH

19%YEAR ON YEARGROWTH

2000BY KEN XIE

FOUNDED IN

HEADQUARTERED INSUNNYVALECALIFORNIA

Company Overview

4

Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, 4, October 2018

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability orfitness for a particular purpose.

Fortinet Once Again Recognized as a Leader in this Magic Quadrant

Gartner’s Magic Quadrant for Enterprise Network Firewalls

5

FortiGuard Labs – Threat Intelligence

8 dedicated labs

Sunnyvale Vancouver Ottawa France Singapore Taiwan TokyoKuala Lumpur

250+researchers & analysts

480,000research hours

per year

31countries

Research

Development

Innovation100 Billionsecurity events a day

Presence inResponse

Outreach

Education

6

FortiGuard Labs – Numbers

7

FortiGuard Threat Intelligence Partnerships

CISCP & NCCIC

8

Threat Landscape Index

Closed out Q2 with highest peak in 1-year

4%

9

Q2 Threat Landscape 2019 – by the numbers§ Exploits § 184 billion exploit detections § 1.8 billion average daily volume § 6,298 unique exploit detections § 69% of firms saw severe exploits

§ Malware § 62 million malware detections § 677,000 average daily volume § 16,582 variants in 2,534 families § 18% of firms saw mobile malware

§ Botnets § 2.9 billion botnet detections § 32 million average daily volume § 243 unique botnets detected § 993 daily communications per firm

§ Phishing§ Email remains the #1 attack vector§ 92.4% of malware are delivered via email§ 49% of malware was installed via email § 16,582 Unique malware variants in Q2

10

The Rise Of BlueKeep

§ Allows an unauthenticated user to connect.

§ BlueKeep is “wormable” and allows malware to spread. - in the same manner as the notorious WannaCry ransomware in 2017!

§ The end of Q2 2019, internet scans showed there were more than 800,000 unpatched systems with RDP services exposed to the internet.

11

Probing The Grid

§ We have seen scans of dozens of U.S. power grids and the oil and gas industry. Schneider Electric SCADA controllers as target.

§ 1% of organizations increase, is much higher than we typically see for Schneider’s (and othermanufacturers’) ICS or SCADA products.

§ From industrial controllers to Smart home systems.

12

Upping Threat-Detection MeasuresRogue macro in the Japanese spam campaign

Designed to look for certain Excel-specificvariables at multiple points during execution. Ensuring it was running within an Office Excel environment and not in an emulator

§ Only run on Japanese systems§ xlDate variable?§ Disabling security tools§ Executing commands§ Causing memory problems

One Excel property that it looked for in particular—xlDate variable—was something that we haven’t observed before in other malware!

13

Ransomware In Overall Decline

§ Declining in Overall Volume but More Targeted

§ Cybercriminals focusing on organizations that can pay

» Network breached then considerable reconnaissance before deploying ransomware

§ To pay or not to pay?

14

CryptoJacking

§ In a decline since CoinHive shutdown§ 59% had detected attacks at some point1

§ 80% occurred in the last 6 months1

§ 38% believe they have never been subjected to such an attack1

Notes/Sources:1. 2018 OnePoll & Citrix

15

Fortinet protects Fortnite

§ Malware disguised as aimbot hack§ Game malware and ransomware

combined§ Up to 250 million Fortnite players§ IPS Signature:

16

Key Q2 2019 Findings

MORE ENCYPTED RECORDS

EDUCATION HIGH RISK

OLDIES BUTGOODIES

WEEKENDWARRIORS

SLOW PATCHING FUELS

RANSOMWARE

THAT’S SUCHA DOWNER

NOTHING BUTBOTNETS

WHEN SHARINGISN’T CARING

90% 3 years

or older! 44%57% HTTPS

3% had more than 10 unique botnets

7-9 times as

many botnets

17

Fortinet Security Fabric

Open Ecosystem

NetworkSecurity

Network Security

Device, Access, and Application Security

Multi-Cloud Security

NetworkOperations

Security Operations

Multi-CloudSecurity

Endpoint/DeviceProtection

SecureAccess

ApplicationSecurity

FabricAPIs

FabricConnectors

SecurityOperations

INTEGRATEDAI-driven breach prevention across devices, networks, and applications

AUTOMATEDOperations, orchestration, and response

BROADVisibility of the entire digital attack surface

18

FortiGate

FortiManager

FortiGuard Labs

Manage External Risks

Powerful security

Prevent sophisticated Cyber attacks

Remove Blind Spots

Full visibilityGartner estimates that by

2019 80% of enterprise trafficwill be encrypted

Internal SegmentationProtect your network - enable

L7 security between segments

Reduce Complexity

Consolidate point products

Improving security posture

12

3

Fortinet Security Fabric - Fortigate

Security Operations

FortiManager

19

FortiManager

FortiGuard Labs

Breach protection

External and Internal threats

Early WarningRedirect attacks, analyze and

respond

Ease Of Use

Wizard-based provisioningand deployment

Fabric IntegrationActionable visibility

Automation

12

Fortinet Security Fabric - FortiDeceptor

FortDeceptor

20

FortiManager

FortiGuard Labs

FortiClient

Managed Endpoint SecurityFabric Integration

Integrated VPN ClientCloud/On-prem sandbox

FortiNAC

Multivendor”Easier NAC”

Scalability

If you can´t see it, you can´t control it

1

2

Fortinet Security Fabric - NAC & Client

FortiClient

FortiNAC

21

FABRIC READY (API) FABRIC ORCHESTRATION

NetworkOperations

NetworkSecurity

OpenAPI

FabricConnectors

Open Ecosystem

And many more….

22

Key Takeaways

STOP KNOWN THREATS

DETECT NEW THREATS

ACTIONABLE INTELLIGENCE

DESIGN FOR THE UNEXPECTED

PATCH AND UPDATE

BACK UP SYSTEMS AND DATA

https://threatmap.fortiguard.com/

FortiGuard Weekly NewsletterCustomer sign up link: http://demand.fortinet.com/FortiGuard

Weekly deliveredTargeted to technical security operations/CISO/IT manager Free of charge

Tak for jeres tidSpørgsmål?