The latest 5.2 version of Forti operating system for the FortiGate cyber security platform, Fortinet improves the detection of and protection against advanced persistent threats (APTs) and also improves the protection it offers for unknown zero-day vulnerabilities, says Fortinet major accounts manager Jonas Thulin.

These intrusion attempts and unknown vulnerabilities are difficult to detect, with detection relying on detailed analysis of traffic into and within a network to isolate and inter- rogate suspicious traffic. This, in turn, relies on the fast processing of traffic into the network and within the network.

“Fortinet has introduced accelerated hardware chips that can process data at wire speeds of up to 40 Gb/s. We plan to increase this to 100 Gb/s on our FortiGate network edge protection devices during this year.”

Further, many of the vulnerabilities in networks exist because of human error or oversight, such as ports in data centres being left open following a change of hardware or network architecture and it is these overlooked gaps that APT malware search for to be able to send stolen data back to the cyber criminals’ control centres.

Fortinet’s FortiView security policy control platform enables security personnel to inspect the entire network down to end point devices and individual ports and then to apply security policies from within the FortiView platform to close any gaps.

The new developments within Fortinet also meet the new zero-trust policy within companies.

“Corporate network architectures normally divide network traffic into trusted and untrusted traffic, but security breaches that exploited trusted traffic sources to access the entire network has led companies to change their policies to analyse and authenticate all network traffic,” says Thulin.

The current method of combating APTs is to subject all traffic to checks and balances, including authentication and access control for various devices and users according to corporate security policies. Companies are also increasingly segmenting their data centres to prevent cyber criminals gaining blanket access to the entire network through a single security breach.

“We are seeing the emergence of segmentation gateways within data centres and these are increasingly necessary, as there is more corpo- rate data flow between cloud services and outsourced software services, and enable the secure use of document storage services such as Dropbox. However, this increased complexity and network traffic require faster network components to analyse the veracity of traffic or to decrypt suspicious encrypted traffic,” says Thulin.

Meanwhile, Fortinet uses sandbox systems to run suspicious code to determine whether it is malicious. This entails decrypting the traffic and running all scripts, such as embedded Java scripts, within a contained environment to determine the effects of the code.

“These developments, and the ongoing research and development done by Fortinet, are part of the movement to change the core architectures of networks to improve the detec- tion of malicious code and Trojans and to improve the visibility of cybercrime attempts on companies’ networks.

“A key part of preventing the entry of malicious code into a corporate network is to make the detection and mitigation measures, as well as the corporate policies, visible to security and networking employees so that they can actively manage vulnerabilities and protect the data of the company,” concludes Thulin.