By : Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet

Organizations of all sizes are working to prioritize security initiatives as cyber threats become more targeted and sophisticated. Aware of the consequences a breach can have on business operations, organizations are seeking to deploy more security controls throughout the network and build out security teams. When implementing these initiatives, organizations should focus on attaining accurate, current threat intelligence. This is what will inform strategy, personnel, and security solutions. 

Why is threat intelligence so important? Your customers are facing an onslaught of threats. Cyber criminals are using automation to operate at machine speed, and have become more adept at evading security measures in their attacks, meaning a successful attack is inevitable. The focus now must turn to locating those attacks in complex network environments and addressing them in as little time as possible. Threat intelligence gives IT teams essential context on the types of threats and vulnerabilities that are trending among attackers to ensure fast response times across distributed environments.

The ability to provide cutting-edge threat intelligence on a regular basis allows Fortinet partners to consistently deliver value to customers through informed security strategy.

Fortinet Partner Threat Intelligence Capabilities 
Fortinet partners are enabled by the full force of FortiGuard Labs, Fortinet’s threat intelligence division. Security researchers and analysts at FortiGuard Labs evaluate security incidents and alerts detected by the millions of Fortinet threat sensors, honeypots, and collectors deployed around the globe to understand where networks are weakest at any given time. In the wake of the cybersecurity skills gap, which makes it nearly impossible for your customers to employ security researchers in house, access to this research makes partners a highly valuable resource. 

Fortinet supports partners with threat research in several ways, such as helping partners become expert advisors for customers, offering support to customer accounts, and enabling regular training for partners in emerging threats. The information partners provide via Fortinet cyber threat intelligence offer insights into cyber criminal capabilities, motives, goals and trending cyberattack infrastructure and resources.  Partners can access this information in several ways:

Weekly Threat Intelligence Briefs:  Partners can apply learnings from our weekly threat briefs to inform customer needs. Data is analyzed and delivered on a weekly basis to keep partners aware of the most pressing incidents and threats that could affect customers.
FortiGuard Threat Playbooks: Partners can use Threat Playbooks to better understand specific threats or criminal groups that have been particularly active, such as Silence Group and Goblin Panda. This research gives partners a clear view of threat activity across various periods of time, examining initial access, persistence, lateral movement, exfiltration, and more.
Threat Early Warnings: Unique to Fortinet’s core intelligence are our algorithms that produce proactive escalation alerts to help keep your customers a step ahead of cyber criminals.
Quarterly Threat Reports: Our quarterly Threat Landscape Report allows partners to get a big- picture understanding of what attack vectors are gaining traction among cyber criminals. The report looks at the biggest trends and criminal groups each quarter to assist in prioritizing security needs for customers throughout the year.
Fortinet is a founding member of the Cyber Threat Alliance, a non-profit organization made up of top cybersecurity organizations. Companies, such as Fortinet, Intel Security, Palo Alto Networks, Symantec, and more, share threat information with other member organizations to improve threat awareness and minimize the efficacy of attack campaigns. This means partners are not only getting information from Fortinet’s own team, but also threat research from other leaders in the industry. For example, organizations within the Cyber Threat Alliance engage in early threat shares, meaning Fortinet gets access to intelligence from Cyber Threat Alliance members before it is made public. This early information allows for a coordinated release to better protect Fortinet customers using the Security Fabric. To date, there have been 125 early threat shares among member organizations.

Additionally, Fortinet is leveraging MITRE ATT&CK a global knowledge base of the tactics being used by cyber criminals based on real-world encounters. This information allows security teams around the world to develop techniques and threat models to minimize the impact of these attacks. Fortinet is using the information available in the MITRE ATT&CK database to map adversaries and campaigns and develop playbooks for responding to specific threats.

What This Means for Your Customers
Access to this threat intelligence can offer immense benefits to your customers as they ramp up security efforts, addressing several key challenges:

Reduce Complexity and Increase Visibility
Your customers are working within increasingly complex networks as cloud environments, apps, and devices are introduced. Many are also working with an assortment of disparate security controls, the lack of integration of which can actually cause blind spots when it comes to threat detection and remediation. Centralized threat intelligence offered by partners can help break down information silos across network security teams and devices, ensuring all parties are acting on the same, most current data. This will also increase adaptive visibility giving customers insight into security events occurring locally and globally, enabling them to adapt strategy based on real-time threat intelligence when using the integrated Security Fabric.

Prioritize Speed
The goal of modern security teams must be to detect anomalous activity in the network and respond to it as quickly as possible. This is a departure from perimeter-based security strategies of the past.  Today’s cyber criminals work so fast that perimeter defenses are not enough. When informed about current attack vectors and vulnerabilities, customers can more quickly identify malicious activity in the network and act upon it.

Furthermore, based on this intelligence, partners can more knowledgeably help customers build and adapt their security strategies to ensure the necessary controls are in place, without compromising performance or speed of business operations. This is essential to effectively secure digital transformation.

Leverage Automation
Finally, partners can assist by outfitting their customers with security controls that are informed by this current threat data, and constantly share new discoveries and alerts across other controls. Fortinet’s Security Fabric incorporates controls that are integrated and regularly updated with the most recent threat intelligence. This allows customers to automate responses to threats. These tools can more readily detect the most recent attack vectors and evasion tactics, and issue automated responses to ensure minimal dwell time.

Final Thoughts
As your customers aim to increase their security capabilities, they should begin by obtaining access to current threat intelligence to inform broader strategy. Fortinet partners can be of value here, offering access to comprehensive threat intelligence to help customers stay a step ahead of adversaries.