IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Fortinet leads industry in Zero-Day discoveries
Wed, 23rd Apr 2014
FYI, this story is more than a year old

Fortinet has announced that FortiGuard Labs, the global threat research arm of Fortinet, discovered 18 critical zero-day vulnerabilities in 2013 – more than any other network security vendor in the industry.

This adds to the 140+ zero-day vulnerabilities identified since 2006. Of these, 128 vulnerabilities have been fixed by the appropriate vendors.

“FortiGuard Labs has been quietly doing great threat research work behind the scenes for Fortinet for more than a decade," says Derek Manky, global security strategist for Fortinet’s FortiGuard Labs.

"It’s time to acknowledge the more than 200 unsung heroes who toil behind the scenes around the world.

"FortiGuard Labs is the collaborative team that uncovers new threats, liaises with enforcement and emergency response and discovers evasion techniques while developing cutting edge mitigation technology.

"We have a tactical security research team tasked with breaking the applications most of us take for granted on a daily basis, who then forward their findings to vendors so they can update their software to better protect their customers.

"Every hole they find is one less vulnerability for the hackers to exploit. In the end, affected products are hardened and clients are protected before and after holes are closed.”

A zero-day vulnerability is a previously unknown threat that does not yet have a patch or update available from the vendor to close a security hole, thus leaving it open to attack.

Once a zero-day vulnerability is identified, FortiGuard Labs analyses and verifies it before vendors are notified.

Upon verification, FortiGuard Labs develops an advanced zero-day IPS signature(s) that is pushed out to Fortinet customers in advance of a vendor’s patch release, which helps protect against the open security hole(s).

“Zero-day vulnerabilities can be developed into dangerous weapons by cyber criminals or nation states and can be used to effectively subvert targeted systems," Manky adds.

"Our mission is to take the fuel out of their fire, protecting targets before they are under attack.

“Zero-day protection is a tough task, and our approach offers unique and effective protection against APTs.”