Home » Internet » security

Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers

fortinet Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud based Service Providers

Fortinet on early this month has announced the expansion of the web application firewall family with new appliances designed for enterprises, application service and cloud-based service providers, among the key highlights are:

  • Fortinet announced two new appliances for its FortiWeb family of web application firewalls – the FortiWeb-1000C, designed for mid-to-large enterprises, and FortiWeb-3000C, the flagship system for high-end enterprises, application service and cloud-based service providers.
  • Each appliance is equipped with the new FortiWeb 4.0 MR1 firmware that is designed to provide maximum protection for web applications containing sensitive data subject to Payment Card Industry (PCI) guidelines.
  • The FortiWeb-1000C and 3000C appliances are integrated web application and XML firewalls that protect against attacks targeted at web applications and web services infrastructure.

Press Release

Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers

FortiWeb-1000C and FortiWeb-3000C Leverage Major New Firmware to Provide Greater

Deployment Flexibility and Significant Security Enhancements

MALAYSIA, 10 August 2010 – Fortinet, a leading network security provider and a worldwide leader of unified threat management (UTM) solutions – today announced two new appliances for its FortiWeb family of web application firewalls – the FortiWeb-1000C, designed for mid-to-large enterprises, and FortiWeb-3000C, the flagship system for high-end enterprises, application service and cloud-based service providers.  Each appliance is equipped with the new FortiWeb 4.0 MR1 firmware that is designed to provide maximum protection for web applications containing sensitive data subject to Payment Card Industry (PCI) guidelines.  The new web application firewalls will also blunt potentially crippling attacks such as SQL injection and cross-site scripting, and help prevent security breaches from exposing highly sensitive data loss such as credit card numbers and personally identifiable information.

With the addition of the FortiWeb-1000C and FortiWeb-3000C, Fortinet now offers four web application firewall appliances to provide retail and payment, financial services and healthcare customers with a full range of deployment options.  In the case of retail and payment customers, the new FortiWeb products greatly minimize the complexity of complying with PCI Data Security Standard (DSS) section 6.5 and 6.6 as well as California Senate Bill 1386 that address the rampant problems of identity theft and financial fraud.  The FortiWeb-1000C and FortiWeb-3000C also provide robust patient data protection as part of HIPAA compliance for healthcare organizations.

“The need to protect web applications that contain sensitive credit, financial or personal information from increasingly sophisticated attacks and data loss has never been greater,” said Paula Musich, senior analyst, Current Analysis. “The simple fact of the matter is that organizations are deploying web applications and regulated Internet-facing data more broadly than ever.  For hackers and cyber-criminals, that’s like painting a giant bulls-eye on those applications, which gather credit card data and personally identifiable information with minimal protection in place. That’s why putting in place sophisticated web protection and threat management solutions with powerful policy enforcement capabilities should be a standard practice for any organization doing business on the web.”

The FortiWeb-1000C and 3000C appliances are integrated web application and XML firewalls that protect against attacks targeted at web applications and web services infrastructure. Because they provide detailed visibility into an organization’s threat landscape, the FortiWeb application firewalls eliminate the need to manage separate web and threat management tools and consoles. Not only does this streamline security efforts and reduce infrastructure complexity, it drastically reduces the time required to protect regulated data and achieve regulatory compliance.

To preserve optimal web application performance, the FortiWeb application firewalls leverage an intelligent, application-aware load-balancing engine to distribute traffic and route content across multiple web servers. This load balancing increases application performance, improves resource utilization and application stability while reducing service response times.

What’s New in FortiWeb Application Firewalls

The release of FortiWeb 4.0 MR1 provides a series of major enhancements to the new FortiWeb-1000C and FortiWeb-3000C application firewalls, including:

•           Policy wizard and pre-defined policies – allows for one click deployments and eases the process of rules creation greatly

•           Advanced alert tool – makes it easy to sift through hundreds of alerts, identify repetitive attackers using various aggregation fields and quickly understand the nature of attacks.

•           Enhanced Protocol Constraints – enforces policies that ensure any access to the web application is done in accordance with the HTTP RFC standard.

•           Extended signatures and DLP – allows customers to create their own granular signatures and data loss prevention patterns from a FortiWeb graphical user interface for any type of event, in addition to the pre-defined application signatures and data loss prevention rules.

“Customer demand for more powerful web application infrastructure security is soaring due to a combination of evolving attacks, security breaches, regulatory compliance and web defacement incidents,” said Michael Xie, founder, CTO and vice president of engineering at Fortinet.  “At the same time, more content is being delivered via the web, and both cloud providers and large enterprises need robust security solutions that can protect web application infrastructures without affecting application performance. The addition of the FortiWeb-1000C and FortiWeb-3000C appliances to the FortiWeb product family directly addresses this demand. These new platforms can play a pivotal role in helping preserve the security and uninterrupted operation of our customers’ web application infrastructures.”

Availability

The FortiWeb-1000C and FortiWeb-3000C are available now.

Admin 23 August 2010 security , No Comments

Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying

fortinet Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying

Fortinet has just released July 2010 Threat Landscape report  which showed that 8  Sasfis botnet variants have landed in the company’s top 10 malware listing this period. Among the key highlight in the report are as follow. For complete report, please find the press release at the bottom of this post.

  • Eight Sasfis botnet variants have landed in Fortinet’s top 10 malware listing this period.
  • Earlier this year, the Sasfis botnet was dedicated to downloading and executing software (primarily fake antivirus) on infected systems. This period, Sasfis was observed downloading updated spamming modules
  • This month’s Stuxnet attack, reiterates the importance of quickly patching security holes as fixes become available and having a broad intrusion prevention system (IPS) in place.

Press Release

Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying and Focusing on Spam Delivery

Stuxnet Attack Still Under Investigation While Awaiting Microsoft Patch

MALAYSIA, 4 August, 2010 – Fortinet – a leading network security provider and a worldwide leader of unified threat management (UTM) solutions – today announced its July 2010 Threat Landscape report, which showed that eight Sasfis botnet variants have landed in the company’s top 10 malware listing this period. This is an increasingly common occurrence, as developers continue to roll out updated copies of their creations. Earlier this year, the Sasfis botnet was dedicated to downloading and executing software (primarily fake antivirus) on infected systems. This period, Sasfis was observed downloading updated spamming modules. Typical Sasfis spam examples include fake UPS invoices and Facebook photo links.

Spam bots continue to diversify, sending a variety of spam themes on a frequent basis,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “This month we observed various socially engineered emails that came with HTML attachments. These attachments further contained obfuscated javascript which would redirect users to malicious sites. The diversity of these spam campaigns and their targets shows how botnets continue to evolve to serve the needs of their underground customers.”

Stuxnet Attack

This month’s Stuxnet attack (read our FAQ here), reiterates the importance of quickly patching security holes as fixes become available and having a broad intrusion prevention system (IPS) in place. Even with proper patch management, all it takes is one zero-day vulnerability to be exploited (even in low volume) to potentially cause a significant impact. While the Stuxnet attack is still under investigation, the fact that a trojan associated with the exploit was seemingly developed to target industrial control systems underscores this point. This is also a good example of how little interaction is required by the end user to become infected. The Stuxnet exploit attacked a Windows Shell vulnerability (CVE-2010-2568). To launch its attack, a user simply opened a folder.

“We saw a similar attack method with PDF files through JBIG2 image streams and Windows shell extensions back in February 2009 (CVE-2009-0658),where simply browsing a folder could trigger an infection,” Manky continued. “Fortinet detects the vulnerability associated with the Stuxnet attack as ‘MS.Windows.Shell.LNK.Code.Execution,’ and generically detects the exploited ‘.LNK’ payload with antivirus as ‘W32/ShellLink.a!exploit.CVE20102568′. As of writing, there are workarounds but no official patch has been released from Microsoft.”

Windows Help Center Vulnerability Exploited

On June 5, vulnerability within the Windows Help and Support Center that could allow remote code execution was publicly disclosed. Like Stuxnet, this is yet another example of a zero-day vulnerability successfully attacked before a patch is made available. We witnessed attacks on the vulnerability as early as June 11th before Microsoft issued a patch for CVE-2010-1855 on July 13th. The attacks that occurred through Websites were made more potent because they were launched through the HCP protocol handler, which is used by all browsers. In many cases Websites that serve exploits will try to fingerprint browsers and launch attack code tailored to those browsers.

FortiGuard Labs compiled threat statistics and trends for July based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full July Threat Landscape report which includes the top threat rankings in each category, please visit: http://www.fortiguard.com/report/roundup_july_2010.html. For ongoing threat research, bookmark the FortiGuard Center or add it to your RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

Admin 4 August 2010 security No Comments

Fake Antivirus Threatening Windows 7 Computers

Fake Antivirus Threatening Windows 7 Computers

The ‘honeymoon’ period for Windows 7 is almost over with the rising number of virus/malware that targeting that OS. The latest is, Sophos has just issued warning about malware that targeting Windows 7 computers to download fake antivirus software.

The malware will try to fool you with pop up dialog box stating that your computer has many serious threats. Clicking on the ‘Remove all Threats immediately’ message will pop out another dialog box asking you to download the file called win_protection_update.exe. If you proceed, the malware that downloaded together with the exe file will asking for money to ‘disinfect’ the computer.

This unwanted incident can be simply avoided by ignoring such messages and avoiding visiting high risk websites such as porn, torrent and etc.

via

Admin 23 March 2010 security , , , No Comments

Security Fixes for IE7, Visio, Microsoft Exchange & SQL Server

February Microsoft patch released on 10th December, fixes critical flaw on the following applications. If your automatic update turned off, make sure you check for update and install this patch immediately.

  • Internet Explorer 7 – Fix flaw that allow a malicious Web site to install malware on a vulnerable PC.
  • Visio – Fix flaw where attacker can run any command if you open a hacked Visio file.
  • Microsoft ExchangeFix flaw where Microsoft Exchange could be taken over by a specially crafted TNEF message sent to it by an attacker.
  • SQL server – Fixing flaw for possibly another attack after successful SQL injection attack.

The patches run on one of my notebook for IE7 and SQL server flaw.

hotfix Security Fixes for IE7, Visio, Microsoft Exchange & SQL Server

Admin 14 February 2009 security , , No Comments

Paypal introduces security key texted to your mobile (SMS)

paypal logo Paypal introduces security key texted to your mobile (SMS)

Paypal has taken a security measure to the next level, maybe on par with financial institution’s internet banking with a new security feature.

Familiar with Maybank‘s TAC (transaction authorization code)?? If you’re a Maybank’s internet banking user, sure you’ll be. So, this one has almost similar concept with that.

The new feature is the extension of the Paypal Security Key token introduced earlier. Besides the key being generated from the token, there is another option where the key is now sent to your registered mobile phone.

But wait, this security feature is at present not available in most countries including Malaysia. The lucky ones are United States, Australia, Austria, Canada and Germany. Paypal account holders from these countries can register via registration page.

No second security layer to us just yet, so make sure you secured your account sufficiently.

via

Admin 26 November 2008 security , , , 4 Comments
Page 1 of 212