Multi-Faceted Approach Accelerates Fortinet’s Global Commitment to Eliminate the Cybersecurity Skills Gap 

John Maddison, EVP of Products and CMO at Fortinet 

“Fortinet builds ML-driven automation into all of its SOC offerings to support short-staffed teams affected by the cybersecurity skills shortage. But technology alone won’t solve this issue, which is why we are dedicated to also delivering human-based SOC augmentation services to provide immediate support while investing in an industry-leading training institute to close the cybersecurity skills gap. This combination of technology, services, and training enables SOC professionals to better protect their organizations from detection to incident recovery.”News Summary

News Summary

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced new security operations center (SOC) augmentation services designed to help strengthen an organization’s cyber resiliency and support short-staffed teams strained by the talent shortage. In addition, as part of Fortinet’s leadership efforts to help close the cyber skills gap, the Fortinet Training Institute has added initiatives across its programs to further increase access to its industry-recognized training and certifications.

Cybersecurity Skills Shortage Prompts a New Approach

The prevailing talent shortage remains one of the top challenges facing SOC teams globally. Fortinet’s 2022 Cybersecurity Skills Gap report found that 50% of global leaders cite security operations as one of the most challenging roles to fill, and 42% are still in need of security operations analysts. Additionally, the same Fortinet survey found that worldwide, 80% of organizations suffered one or more breaches due to a lack of cybersecurity skills and awareness.

A lack of resources and personnel, combined with the sheer volume of security alerts SOC teams receive per day, often results in missed detections and slower responses that increase exposure to cyber risk. SOC teams require an immediate solution to mitigate these challenges through investment in automated and integrated SOC and cybersecurity technologies and experienced professionals to better protect against threats.

New and Enhanced SOC Augmentation Services Provide Immediate Support for Short-Staffed Security Operations Teams

Committed to helping organizations overcome these obstacles, Fortinet’s new and enhanced services help SOC teams reduce their organizations’ cyber risk while freeing up their time to focus on higher-priority projects. These updates include:

• SOC-as-a-Service (SOCaaS): Fortinet has expanded its SOCaaS offering, which blends FortiGuard cybersecurity experts with Fortinet advanced SOC technology by adding more artificial intelligence (AI) and machine learning (ML) capabilities to additional use cases. These updates enhance the offering’s ability to aggregate security alerts in one single cloud-based dashboard for customers to view actionable intelligence and accelerate resolution, and further enables security operations teams to offload monitoring and detection to Fortinet security experts. With this approach, Fortinet speeds up alert triage, rapidly escalates security incidents, and reduces false-positive alerts for customers.
• Outbreak Detection Service: A new outbreak detection service is available to customers that alerts subscribers through email as well as automatically within key product user interfaces to major breaking cybersecurity events that have the potential for widespread ramifications. These alerts include critical information about security incidents, such as an attack’s timeline of events and what specific technology has been affected. In addition, the alerts also provide organizations with custom threat hunting to run against logs and identify the potential impact of an attack, as well as recommendations to improve their security posture for better protection in the future.
• Incident Response and Readiness (IR&R) Services: Fortinet recently added cybersecurity readiness services as part of its Incident Response offering and shifted the purchasing model to prioritize prevention. By providing a suite of proactive prevention-oriented services, such as risk assessments, playbook development, and tabletop exercises as part of the Incident Response and Readiness Services retainer, organizations can strengthen their cyber preparedness, SOC effectiveness, and reduce cyber risk, while still having access to a team of FortiGuard experts to help with rapid containment and remediation in the event of a cyberattack. In response to an accelerated demand for these services around the globe, Fortinet is also expanding its headcount dedicated to IR&R and SOC automation capabilities to allow more enterprises to have access to the offering.

Expanding Cyber Skills Through the Fortinet Training Institute

While the new and enhanced SOC augmentation services provide immediate relief to strained teams, a long-term investment in continued learning and advancing cyber skills is just as critical to keep up with the ever-changing threat landscape. As part of Fortinet’s longstanding commitment to eliminate the skills gap, the Fortinet Training Institute offers award-winning, multi-level training and certifications to security professionals seeking to advance and upskill their knowledge in key cybersecurity areas. These programs also help untap new talent pools to help build the cyber workforce of the future, with a focus on providing training opportunities for women, veterans, students, and underserved populations. Some recent updates across programs include:

• Increasing Access to Advanced Technical Training: Fortinet has made the practical exam for NSE level 8 more accessible for IT and security professionals everywhere. Both the written and practical portions of the exam are now available in an online, proctored format, making the highest and most elite level of the Network Security Expert (NSE) Certification program more accessible to security professionals around the world.
• Supporting the Advancement of Women Professionals in Cybersecurity: The first women cohort of the Fortinet and Women in Cybersecurity (WiCyS) bootcamp completed the program, which offered 100 WiCyS members access to Fortinet’s NSE level 4 training and labs for free, technical mentors, exam vouchers, and more. Fortinet has also awarded five of the program participants with scholarships to attend the annual WiCyS Conference March 16–18, where they will have access to cyber leaders and employers.
• Developing Cybersecurity Skills in Youth: To further develop the cyber workforce of the future, Fortinet is sponsoring various cybersecurity-based competitions for students in varying academic levels, ranging from middle school to college. This includes being a platinum sponsor of MITRE Engenuity’s Embedded Capture the Flag (eCTF) 12-week competition and a category sponsor for the Carnegie Mellon Capture the Flag competition.

Through these initiatives, Fortinet is progressing toward the company’s pledge to train 1 million people in cybersecurity by 2026. Additionally, Fortinet’s new and enhanced SOC augmentation services build on its expansive services portfolio backed by FortiGuard Labs. With today’s announcement, Fortinet remains committed to alleviating the challenges associated with the cybersecurity talent shortage by helping organizations better manage cyber risks with ML-driven automation, services, and increased access to training.

Additional Resources

• Learn more about Fortinet’s FortiGuard Security Services portfolio.
• Read more about NSE level 8 practical exams becoming more accessible to security professionals globally in this blog.
• Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
• Read more about how security services can help SOC teams enhance and automate critical security functions.
• Read more about how the Fortinet Training Institute is increasing access to cybersecurity training.
• Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
• Read more about how Fortinet customers are securing their organizations.
• Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.

Advanced Persistent Cybercrime Enables New Wave of Destructive Attacks at Scale Fueled by Cybercrime-as-a-Service 

Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

“As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponize new technologies at scale to enable more disruption and destruction. They are not just targeting the traditional attack surface but also beneath it, meaning both outside and inside traditional network environments. At the same time, they are spending more time on reconnaissance to attempt to evade detection, intelligence, and controls. All of this means cyber risk continues to escalate, and that CISOs need to be just as nimble and methodical as the adversary. Organizations will be better positioned to protect against these attacks with a cybersecurity platform integrated across networks, endpoints, and clouds to enable automated and actionable threat intelligence, coupled with advanced behavioral-based detection and response capabilities.”

Daniel Kwong, Field Chief Information Security Officer (CISO), Fortinet South East Asia & Hong Kong 

“The Philippines is one of the fastest-growing digital economies in the region, and as digitalization accelerates, the country will face more cyber risks. As the country continues to strengthen its digital transformation initiatives, there is a strong focus on digitizing infrastructure, logistics, and the development of smart cities. As these sectors digitize, they will become highly desirable targets for attackers. This reality means that organizations need to protect themselves with the right IT and OT infrastructure security architecture and prepare for the digital world.”

News Summary

Fortinet^® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today unveiled predictions from the FortiGuard Labs global threat intelligence and research team about the cyberthreat landscape for the next 12 months and beyond. From quickly evolving Cybercrime-as-a-Service (CaaS)-fueled attacks to new exploits on nontraditional targets like edge devices or online worlds, the volume, variety, and scale of cyberthreats will keep security teams on high alert in 2023 and beyond. Highlights of the predictions can be found below, but for a more detailed view of the predictions and key takeaways for CISOs, read our blog.

1) Success of RaaS is a Preview of What Is to Come with CaaS

Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors will be made available as a service through the dark web to fuel a significant expansion of Cybercrime-as-a-Service. Beyond the sale of ransomware and other Malware-as-a-Service offerings, new a la carte services will emerge. CaaS presents an attractive business model for threat actors. With varying skill levels they can easily take advantage of turnkey offerings without investing the time and resources up front to craft their own unique attack plan. And for seasoned cybercriminals, creating and selling attack portfolios as-a-service offers a simple, quick, and repeatable payday. Going forward, subscription-based CaaS offerings could potentially provide additional revenue streams. In addition, threat actors will also begin to leverage emerging attack vectors such as deepfakes, offering these videos and audio recordings and related algorithms more broadly for purchase.

One of the most important methods to defend against these developments is cybersecurity awareness education and training. While many organizations offer basic security training programs for employees, organizations should consider adding new modules that provide education on spotting evolving methods such as AI-enabled threats.

2) Reconnaissance-as-a-Service Models Could Make Attacks More Effective

Another aspect of how the organized nature of cybercrime will enable more effective attack strategies involves the future of reconnaissance. As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching an attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organization’s security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack. Attacks fueled by CaaS models means stopping adversaries earlier during reconnaissance will be important.

Luring cybercriminals with deception technology will be a helpful way to not only counter RaaS but also CaaS at the reconnaissance phase. Cybersecurity deception coupled with a digital risk protection (DRP) service can help organizations know the enemy and gain advantage.

3) Money Laundering Gets a Boost from Automation to Create LaaS

To grow cybercriminal organizations, leaders and affiliate programs employ money mules who are knowingly or unknowingly used to help launder money. The money shuffling is typically done through anonymous wire transfer services or through crypto exchanges to avoid detection. Setting up money mule recruitment campaigns has historically been a time-consuming process, as cybercrime leaders go to great lengths to create websites for fake organizations and subsequent job listings to make their businesses seem legitimate. Cybercriminals will soon start using machine learning (ML) for recruitment targeting, helping them to better identify potential mules while reducing the time it takes to find these recruits. Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace. Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. And for the organizations or individuals that fall victim to this type of cybercrime, the move to automation means that money laundering will be harder to trace, decreasing the chances of recovering stolen funds.

Looking outside an organization for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and to help gain contextual insights on current and imminent threats before an attack takes place.

4) Virtual Cities and Online Worlds Are New Attack Surfaces to Fuel Cybercrime

The metaverse is giving rise to new, fully immersive experiences in the online world, and virtual cities are some of the first to foray into this new version of the internet driven by augmented reality technologies. Retailers are even launching digital goods available for purchase in these virtual worlds. While these new online destinations open a world of possibilities, they also open the door to an unprecedented increase in cybercrime in unchartered territory. For example, an individual’s avatar is essentially a gateway to personally identifiable information (PII), making them prime targets for attackers. Because individuals can purchase goods and services in virtual cities, digital wallets, crypto exchanges, NFTs, and any currencies used to transact offer threat actors yet another emerging attack surface. Biometric hacking could also become a real possibility because of the AR and VR-driven components of virtual cities, making it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans and then use them for malicious purposes. In addition, the applications, protocols, and transactions within these environments are all also possible targets for adversaries.

Regardless of work-from-anywhere, learning-from-anywhere, or immersive experiences-from-anywhere, real-time visibility, protection, and mitigation is essential with advanced endpoint detection and response (EDR) to enable real-time analysis, protection, and remediation.

5) Commoditization of Wiper Malware Will Enable More Destructive Attacks

Wiper malware has made a dramatic comeback in 2022, with attackers introducing new variants of this decade-old attack method. According to the 1H 2022 FortiGuard Labs Global Threat Landscape report, there was an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 additional countries, not just in Europe. Its growth in prevalence is alarming because this could be just the start of something more destructive. Beyond the existing reality of threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact, the concern going forward is the commoditization of wiper malware for cybercriminals. Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organized nature of cybercrime today. This makes time to detection and the speed at which security teams can remediate paramount.

Using AI-powered inline sandboxing is a good starting point to protect against sophisticated ransomware and wiper malware threats. It allows real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.

What These Attack Trends Mean for Cybersecurity Professionals

The world of cybercrime and the attack methods of cyber adversaries in general continue to scale at great speed. The good news is that many of the tactics they are using to execute these attacks are familiar, which better positions security teams to protect against them. Security solutions should be enhanced with machine learning (ML) and artificial intelligence (AI) so they can detect attack patterns and stop threats in real time. However, a collection of point security solutions is not effective in today’s landscape. A broad, integrated, and automated cybersecurity mesh platform is essential for reducing complexity and increasing security resiliency. It can enable tighter integration, improved visibility, and more rapid, coordinated, and effective response to threats across the network.

Fortinet Empowers Teams to Proactively Manage Cloud Risk with New Cloud-native Protection Offering, Available Now on AWS 

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced FortiCNP, a new built-in-the-cloud offering that correlates security findings from across an organization’s cloud footprint to facilitate friction-free cloud security operations. FortiCNP’s patented Resource Risk Insights (RRI)^TM technology produces context-rich, actionable insights that help teams prioritize the remediation and mitigation of risks with the highest potential impact on cloud workload security without slowing down the business.  

Also announced today, Fortinet is an Amazon Web Services (AWS) Launch Partner for Amazon GuardDuty Malware Protection, which provides agentless malware detection capabilities across AWS data stores, disk volumes, and workload images. FortiCNP supports Amazon GuardDuty Malware Protection, delivering near-real-time threat protection with zero-permission capabilities to actively scan running workloads with no impact or delays to operations.   

The rapid pace of cloud adoption as part of a hybrid IT architecture allows organizations to achieve faster time to market and increased responsiveness to customer needs. However, the cloud can increase overall security risk, which is often addressed by adding new security solutions to an organization’s existing infrastructure. Each of these solutions comes with a litany of alerts that often require manual analysis and can quickly compound across an organization’s cloud deployment.  

“Without the proper tools, security professionals must manually sift through hundreds, if not thousands, of security alerts on a daily basis,” said Doug Cahill, Vice President, Analyst Services and Senior Analyst at Enterprise Strategy Group (ESG). “Inundated with alerts, teams can face decreased productivity, inefficient workflows, and security risks accumulating faster than they can be addressed. FortiCNP helps cut through the noise, pointing teams to the security alerts that matter most.”  

Customers are already experiencing the benefits of FortiCNP’s approach to cloud-native risk management:  

“FortiCNP gives us comprehensive cloud visibility with an intuitive dashboard that allows us to easily track risk management over time,” said Caio Hyppolito, Chief Technology Officer (CTO) at BK Bank. “Most importantly, it enables our team to focus on securing high-priority resources instead of spending time working through long lists of security findings. Integrations with the products we already have allow us to get even more value out of our deployment and allow broader visibility and easier, more proactive cloud security management.” 

Partners are also leveraging FortiCNP to enhance their offerings:  

“As an AWS Level 1 MSSP Competency Partner, Observian is dedicated to ensuring our service offerings support customers in building scalable, secure cloud deployments. Observian is thrilled to deliver a new service featuring Fortinet’s new Cloud-Native Protection solution, FortiCNP, with Observian’s trusted and proven managed detection and response services,” said Scott Plamondon, Co-Founder and VP of Architecture at Observian. “FortiCNP allows customers to easily integrate, more quickly operationalize, and immediately benefit from AWS’s native-cloud security services with more targeted and actionable alerts tuned to their needs and less noise. Our customers that rely on Observian’s Security Operations team will benefit from our ability to even better triage and report on those alerts 24/7.” 

A defining feature of FortiCNP is integration with AWS security products and services, and the Fortinet Security Fabric, which helps organizations more effectively secure their cloud environments and maximize their cloud security investments.  

“At AWS, we provide our customers with smarter tools to easily take action and mitigate risk faster,” said Jon Ramsey, Vice President (VP) AWS Security. “Security Partners like Fortinet with their FortiCNP offering built on AWS and integrated with our security services like Amazon GuardDuty give customers a choice to simplify and accelerate their cloud journey with cloud-native security services.” 

 

FortiCNP delivers the following features that allow security teams to effectively manage risk in the cloud: 

• FortiCNP Resource Risk Insights (RRI)^TM leverages a patented risk score algorithm to contextualize security findings from Fortinet Cloud Security solutions and AWS products and services to provide teams with prioritized, context-rich, and actionable insights about resources that present the highest risk and need immediate attention.  
• By analyzing, correlating, and contextualizing security findings from AWS cloud security services with FortiCNP, customers maximize the value and benefit from easy deployment capabilities offered by Amazon GuardDuty Malware Protection, Amazon Inspector, AWS Security Hub, AWS CloudTrail, and AWS Organizations. 
• Integrations with Amazon GuardDuty Malware Protection leverage a zero-permission, agentless approach for detecting malware throughout the data supply chain by scanning cloud data stores, disk volumes, and workload images.  
• Integrations with digital workflow solutions turn FortiCNP RRIs into intuitively actionable workflow tasks as part of the cloud infrastructure lifecycle.  
• For customers utilizing Fortinet Cloud Security solutions such as FortiGate-VM and FortiWeb, RRIs will be able to trigger stop-gap remediations to block high-impact threats.   
• FortiCNP continuously scans and monitors changes to cloud data with industry-leading threat intelligence and content scanning powered by FortiGuard Labs.  

FortiCNP will be continually expanded to ingest more types of cloud security findings to provide broader context across more cloud workloads. Enabling consistent workflows that scale security across the public cloud helps teams improve security coverage, productivity, and risk mitigation—at the speed of the cloud. Cloud-native integrations facilitate reduced friction from deployment through operations. With consistent workflows utilizing cloud-native services across multiple clouds, security teams will no longer be required to master the intricacies of each cloud platform’s security service operational model. This will help security teams increase productivity by effectively working through cloud security backlog, mitigating risk, and quantifiably improving cloud security over time. 

“FortiCNP is the latest example of Fortinet’s commitment to delivering Fabric solutions that extend enterprise security with cloud-native integrations,” said John Maddison, EVP of Products and CMO at Fortinet. “We’re pleased to continue to deliver solutions that allow security professionals to transition from time-consuming triage and manual analysis processes to proactively securing their cloud workloads and easily understand their cloud security risk.” 

 

Today’s announcement builds on Fortinet and AWS’ relationship to support customers in accelerating their journey to AWS. Fortinet has also been named an AWS Security Competency Partner, with FortiCNP serving as the latest example of Fortinet’s commitment to delivering purpose-built cloud security solutions that integrate with AWS products and solutions. Fortinet delivers one of the broadest sets of use cases with comprehensive security for AWS workloads including firewall, security gateway, intrusion prevention, and web application security. With flexible procurement options in AWS Marketplace, including contract and consumption offerings, and a range of available form factors, including Software-as-a-Service (SaaS), virtual machine (VM), container, and application programming interface (API) based protection, customers can address a broad variety of AWS security and procurement requirements to protect their AWS workloads. 

Get a free trial of FortiCNP at AWS Marketplace: https://www.forticnp-aws.com