Threat Landscape Report Q2

Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, RajpreetKaur, 4, October 2018 This graphic was published by Gart...

0 downloads 45 Views 5MB Size
Threat Landscape Report Q2 Dennis Ladefoged – SE DennisLadefoged

1

Agenda Company Overview Who are we and what is FortiGuard?

Q2 2019 Key Findings By the numbers, Bluekeep, IOT, Ransomware & Fortnite

Fortinet Security Fabric Broad, Integrated & Automated

Key Takeaways What to keep on the lookout for

Wrapping up Questions

Company Overview FOUNDED IN

2000 BY KEN XIE

110+ OFFICES ACROSS THE GLOBE

IN EXCESS OF

$1.8bn REVENUE

$1.5bn

5,800+ SUNNYVALE CALIFORNIA

340K

CUSTOMERS

467 19% YEAR ON YEAR

EMPLOYEES WORLDWIDE

SHIPPED SECURITY DEVICES

IN CASH

GROWTH

HEADQUARTERED IN

4.6m PATENTS

ISSUED 291 IN PROCESS

Gartner’s Magic Quadrant for Enterprise Network Firewalls

Fortinet Once Again Recognized as a Leader in this Magic Quadrant

Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, 4, October 2018 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

4

FortiGuard Labs – Threat Intelligence Sunnyvale Vancouver Ottawa

250+

researchers & analysts Presence in

31

countries

France

480,000

research hours per year

Singapore

8 dedicated labs

Research

Response

Development

Outreach

Innovation

Education

Taiwan Tokyo Kuala Lumpur

100 Billion security events a day 5

FortiGuard Labs – Numbers

6

FortiGuard Threat Intelligence Partnerships CISCP & NCCIC

7

Threat Landscape Index

Closed out Q2 with highest peak in 1-year

4%

8

Q2 Threat Landscape 2019 – by the numbers § § § § §

Exploits 184 billion exploit detections 1.8 billion average daily volume 6,298 unique exploit detections 69% of firms saw severe exploits § § § § §

§ § § § §

Phishing Email remains the #1 attack vector 92.4% of malware are delivered via email 49% of malware was installed via email 16,582 Unique malware variants in Q2

Malware 62 million malware detections 677,000 average daily volume 16,582 variants in 2,534 families 18% of firms saw mobile malware § § § § §

Botnets 2.9 billion botnet detections 32 million average daily volume 243 unique botnets detected 993 daily communications per firm 9

The Rise Of BlueKeep § Allows an unauthenticated user to connect. § BlueKeep is “wormable” and allows malware to spread. - in the same manner as the notorious WannaCry ransomware in 2017! § The end of Q2 2019, internet scans showed there were more than 800,000 unpatched systems with RDP services exposed to the internet.

10

Probing The Grid § We have seen scans of dozens of U.S. power grids and the oil and gas industry. Schneider Electric SCADA controllers as target. § 1% of organizations increase, is much higher than we typically see for Schneider’s (and other manufacturers’) ICS or SCADA products. § From industrial controllers to Smart home systems.

11

Upping Threat-Detection Measures Rogue macro in the Japanese spam campaign Designed to look for certain Excel-specific variables at multiple points during execution. Ensuring it was running within an Office Excel environment and not in an emulator § § § § §

Only run on Japanese systems xlDate variable? Disabling security tools Executing commands Causing memory problems

One Excel property that it looked for in particular—xlDate variable—was something that we haven’t observed before in other malware!

12

Ransomware In Overall Decline § Declining in Overall Volume but More Targeted § Cybercriminals focusing on organizations that can pay » Network breached then considerable reconnaissance before deploying ransomware

§ To pay or not to pay?

13

CryptoJacking § In a decline since CoinHive shutdown § 59% had detected attacks at some point1 § 80% occurred in the last 6 months1 § 38% believe they have never been subjected to such an attack1

Notes/Sources: 1. 2018 OnePoll & Citrix

14

Fortinet protects Fortnite § Malware disguised as aimbot hack § Game malware and ransomware combined § Up to 250 million Fortnite players § IPS Signature:

15

Key Q2 2019 Findings 90% 3 years or older!

57% HTTPS

MORE ENCYPTED RECORDS

EDUCATION HIGH RISK

OLDIES BUT GOODIES

3% had more than 10 unique botnets

SLOW PATCHING FUELS RANSOMWARE

THAT’S SUCH A DOWNER

NOTHING BUT BOTNETS

44%

WEEKEND WARRIORS

7-9 times as many botnets

WHEN SHARING ISN’T CARING

16

Network Security

Fortinet Security Fabric

Multi-Cloud Security Device, Access, and Application Security

Network Operations

Open Ecosystem Security Operations Fabric APIs

BROAD

Fabric Connectors

Visibility of the entire digital attack surface

INTEGRATED AI-driven breach prevention across devices, networks, and applications

AUTOMATED Operations, orchestration, and response

Endpoint/Device Protection

Multi-Cloud Security Network Security

Secure Access

Application Security

Security Operations

17

Fortinet Security Fabric - Fortigate 2 1

Manage External Risks

FortiManager FortiManager

Remove Blind Spots Full visibility Gartner estimates that by 2019 80% of enterprise traffic will be encrypted

Powerful security

Internal Segmentation Protect your network - enable L7 security between segments

Prevent sophisticated Cyber attacks 3 FortiGate

Reduce Complexity Consolidate point products

Improving security posture Security FortiGuard Operations Labs

18

Fortinet Security Fabric - FortiDeceptor 2 1

FortiManager

Breach protection

Ease Of Use Wizard-based provisioning and deployment

External and Internal threats

Fabric Integration Actionable visibility Automation

Early Warning Redirect attacks, analyze and respond

FortDeceptor

FortiGuard Labs

19

Fortinet Security Fabric - NAC & Client 1 FortiManager

FortiClient Managed Endpoint Security Fabric Integration Integrated VPN Client Cloud/On-prem sandbox

FortiClient

2

FortiNAC Multivendor ”Easier NAC” Scalability

FortiNAC

If you can´t see it, you can´t control it FortiGuard Labs

20

Open Ecosystem Network Operations Open API

Fabric Connectors

FABRIC READY (API)

FABRIC ORCHESTRATION

Network Security

And many more…. 21

Key Takeaways

STOP KNOWN THREATS

DETECT NEW THREATS

ACTIONABLE INTELLIGENCE

DESIGN FOR THE UNEXPECTED

PATCH AND UPDATE

BACK UP SYSTEMS AND DATA 22

FortiGuard Weekly Newsletter Customer sign up link:

http://demand.fortinet.com/FortiGuard

Weekly delivered Targeted to technical security operations/CISO/IT manager Free of charge

https://threatmap.fortiguard.com/

Tak for jeres tid Spørgsmål?