Home » Tag: fortinet

Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown

Fortinet November Threat Landscape Report highlights a 12 percent reduction in global spam after Dutch authorities dismantled a large Bredolab network by taking more than 140 servers offline.

Koobface, a botnet well known for spamming popular social media sites, was taken offline on November 14 when UK ISP provider Coreix took three MotherShip servers offline.

FortiGuard labs disclosed zero-day vulnerabilities in Adobe Shockwave, Adobe Flash, Microsoft Office PowerPoint, and Apple QuickTime.

More info available on the press release below

Press Release

Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown

Koobface Servers Taken Down on November 14 Reconfigured to New Control Servers Five Days Later

MALAYSIA, 6 December, 2010 Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions – today announced its November 2010 Threat Landscape report, which highlights a 12 percent reduction in global spam after Dutch authorities dismantled a large Bredolab network by taking more than 140 servers offline.

“Bredolab was often used to load spam engines, which are typically used to sell fraudulent pharmaceuticals,” said Derek Manky project manager, cyber security and threat research at Fortinet. “The scale of this Bredolab botnet had a huge impact on spam levels, dropping as much as 26 percent one week after it was dismantled.”

Koobface Takedown

Koobface, a botnet well known for spamming popular social media sites, was taken offline on November 14 when UK ISP provider Coreix took three MotherShip servers offline. Koobface used intermediary servers (proxies) to communicate with these MotherShip servers through HTTP port 80.

“We confirmed that on November 14, when the primary servers were taken offline, the intermediary servers failed to proxy content, which effectively crippled the botnet,” Manky continued. “Unfortunately, we saw communication restored five days later on November 19th. This is likely due to the fact that Koobface contains an FTP harvesting module.”

Operators may use stolen FTP credentials to hijack Web servers for intermediary/proxy use. By reconfiguring their intermediary servers to new MotherShip servers, the operators seemingly regained control of their botnet.

Adobe, Microsoft, Apple Zero-Day Vulnerabilities

In November, FortiGuard labs also disclosed zero-day vulnerabilities in Adobe Shockwave (FGA-2010-54), Adobe Flash (FGA-2010-56), Microsoft Office PowerPoint (FGA-2010-58), and Apple QuickTime (FGA-2010-61). In addition to the four zero days, 146 additional new vulnerabilities were covered by FortiGuard IPS; 40 percent of which were actively exploited in the wild. As of this writing, a zero-day vulnerability is still being exploited in the wild for Microsoft Internet Explorer (FGA-2010-55). All five vulnerabilities were critical, and had the potential to allow attackers to execute arbitrary code from a remote location.

New and old vulnerabilities will continue to be exploited, so it’s important to keep all application patches up to date. Additionally, a valid intrusion prevention system (IPS) can help mitigate attacks against both known vulnerabilities and zero-days. With the use of communication through common protocols, application control is becoming more important to identify malicious activity on the application level.

FortiGuard Labs compiled threat statistics and trends for November based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Services should be protected against this vulnerability with the appropriate configuration parameters in place.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

The full November Threat Landscape report, which includes the top threat rankings in several categories, is available now. Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs’ RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog.

Admin 7 December 2010 security No Comments

Fortinet Introduces World’s Fastest Unified Threat Management Security and Switching Blades

Fortinet has introduced world’s fastest unified threat management mecurity and switching blades with following key highlights.

  • The latest FortiGate-5000 series appliance family delivers essential network defenses for dynamic, multi-tenant large enterprise and service provider networks, including security-as-a-service and infrastructure-as-a-service environments.
  • The new FortiGate-5001B is a high performance security blade that integrates a wide range of critical security services and native 10-Gigabit Ethernet (GbE) support for FortiGate-5000 chassis-based platforms which delivers up to blazing 40 Gbps of firewall throughput and up to 17Gbps of virtual private network (VPN) throughput.
  • FortiSwitch-5003B switching blade delivers 10-GbE switching to the backplane fabric of the FortiGate-5000 series chassis and operates with exceptionally low latency to maximize multi-threat security performance required by increasingly bandwidth-hungry data centers.

Press Release

Fortinet Introduces World’s Fastest Unified Threat Management Security and Switching Blades

New Blades Coupled with FortiGate Chassis Will Provide up to 500 Gbps Firewall Throughput Performance

MALAYSIA, December 1, 2010 – Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions – today announced the newest flagship model in the FortiGate-5000 series appliance family along with a new high-performance switching option. These products combine to deliver essential network defenses for dynamic, multi-tenant large enterprise and service provider networks, including security-as-a-service and infrastructure-as-a-service environments.

The new FortiGate-5001B is a high-performance security blade that integrates a wide range of critical security services and native 10-Gigabit Ethernet (GbE) support for FortiGate-5000 chassis-based platforms. Delivering up to a blazing 40 Gbps of firewall throughput and up to 17 Gbps of virtual private network (VPN) throughput, the FortiGate-5001B integrates essential security functions in a compact Advanced Telecom Computing Architecture (ATCA)-compliant blade form factor. This includes enterprise firewall, virtual private network, application control, intrusion prevention, anti-virus/anti-malware, anti-spam and Web filtering. To optimize the performance of these security services, the FortiGate-5001B security blade integrates the latest Intel 4-core CPU and two Fortinet FortiASIC NP4 network processor chips. This is Fortinet’s fourth generation of ATCA-compliant solutions, having shipped the first generation of its ATCA chassis-based FortiGate-5001SX and FortiSwitch-5003 in 2004. Fortinet brought its second generation of ATCA-compliant appliances in 2006 with the FortiGate-5005FA2 and FortiController-5208 and the third generation in 2008 with the FortiGate-5001A and FortiSwitch-5003A. Adding onto Fortinet’s pioneering innovation in the telecom industry is the FortiGate’s achievement of NEBS Level 3 compliance – a requirement for operation of carrier-class equipment in the central offices of major telecommunications companies.

Delivering 10-GbE switching to the backplane fabric of the FortiGate-5000 series chassis, the new FortiSwitch-5003B switching blade operates with exceptionally low latency to maximize multi-threat security performance required by increasingly bandwidth-hungry data centers.  Fortinet’s new products, designed for very large enterprises, carriers and managed service providers, provide consolidated security services and simplified network infrastructures that deliver substantially increased performance, dramatically improved multi-threat protection and significantly lower operating costs.

When coupling the FortiGate-5001B with the FortiGate-5140 chassis, telecommunications and managed security service providers will have up to 500 Gbps firewall throughput performance, making the chassis the fastest blade system firewall in the industry. By combining a FortiGate-5000 series chassis with the new FortiGate-5001B security blade and optional FortiSwitch-5003B switching blade, customers have access to a modular, multi-threat security solution with carrier-grade reliability and scalability required by 10-GigE network environments.  As a highly modular platform, the FortiGate-5000 series is designed to be the cornerstone of high-performance security infrastructures.  Ideal for high-speed multi-threat security gateways, managed security services, and complex security zoning applications, the FortiGate-5000 series, equipped with the new FortiGate-5001B and FortiSwitch-5003B blades, can be integrated with Fortinet’s centralized management and reporting solutions to provide broad control of large-scale deployments.

The FortiGate-5000 Series also offers the following benefits:

• Redundant, hot swappable power supplies and fans to minimize single-points of failure.

• Use of active/active and active/passive high availability modes for uninterrupted service.

• Integration with Fortinet’s FortiManager centralized management and FortiAnalyzer centralized reporting appliances to simplify security management, reporting and analysis while reducing operating expenses.

• Availability of FortiGuard™ Subscription Services to deliver automated, real-time and up-to-date protection against security threats and exploits.

• Deployment flexibility that includes network segmentation by customer, business unit or any other logical partition to maximize control through the use of virtual domains.  The platform is also ideal for virtualized environments.

• Complements or upgrades existing security infrastructure by enabling only the services needed in integrated, all-in-one security blades.

• Design the exact mix of multi-threat security, load-balancing, and high-speed networking required to support organizational security requirements.

“You can’t take a ‘cookie-cutter’ approach to network security, especially in large-scale, business-critical environments supporting hundreds of thousands or millions of end customers and clients,” said Michael Xie, founder, CTO and vice president of engineering at Fortinet.  “That’s why we continue to innovate with agile and modular approaches to network defense because each customer environment has a unique threat profile and corresponding security and performance requirements.  In recognition of this, we are once again pushing the envelope of high-performance network security with the introduction of the FortiGate-5001B and FortiSwitch-5003B blades.”

Availability

The FortiGate-5001B and FortiSwitch-5003B will be available this quarter.

Admin 1 December 2010 security , No Comments

Fortinet Introduces New Messaging Security Appliance for High-Performance Corporate Email Routing

Fortinet yesterday announced the highly versatile FortiMail-3000C messaging security appliance, which delivers secure email processing breakthroughs designed to satisfy the most demanding corporate messaging environments – supporting up to 50,000 users with a single system.

  • The FortiMail-3000C which features a 20-percent performance improvement over its predecessors, is ideally suited for large enterprises and application service and software-as-a-service (SaaS) providers.
  • The FortiMail-3000C features important server mode enhancements made possible by the new FortiMail 4.0 MR2 operating software, which enables the appliance to function as full-featured SMTP mail server supporting secure POP3, IMAP and Web mail clients.

More on that available on the press release below.

Press Release

Fortinet Introduces New Messaging Security Appliance for High-Performance Corporate Email Routing

Top-of-the-Line FortiMail-3000C E-Mail Security Solution Delivers Intelligent Message Protection, Secure Content Delivery and Data Loss Prevention for Enterprises and Service Providers

MALAYSIA, 18 November, 2010 – Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions – today announced the highly versatile FortiMail-3000C messaging security appliance, which delivers secure email processing breakthroughs designed to satisfy the most demanding corporate messaging environments – supporting up to 50,000 users with a single system.  Featuring a 20-percent performance improvement over its predecessors, the FortiMail-3000C is ideally suited for large enterprises and application service and software-as-a-service (SaaS) providers, especially those subject to PCI/DSS or HIPAA regulations in retail, payment, financial and healthcare industries.

The FortiMail-3000C features important server mode enhancements made possible by the new FortiMail 4.0 MR2 operating software, which enables the appliance to function as a full-featured SMTP mail server supporting secure POP3, IMAP and Web mail clients.  This capability is ideal for companies that want to replace aging mail servers, combine email functions into a single device and for offering secure email services to remote offices.

To help ensure the secure delivery of confidential or regulated content to customers, partners or employees, the FortiMail-3000C offers Identity-Based Encryption (IBE) that enables encrypted messages to be sent without the need for any user provisioning or additional hardware. FortiMail IBE is unique in providing “push” or “pull” delivery options.  This allows encrypted emails to be delivered directly to users and/or stored on the FortiMail appliance for retrieval, making the system extremely easy to deploy and use.  In addition, the system features customizable and predefined dictionaries that detect the accidental or intentional loss of confidential or regulated data.  This enables administrators to block messages containing data matching a range of patterns including credit card, social security, insurance and bank routing numbers.  Alternatively, policies can be created to require the encryption of messages containing this data to help organizations achieve HIPAA and PCI/DSS compliance.

Using the same form factor and antispam, antivirus and anti-spyware protection afforded by other FortiMail devices, the FortiMail-3000C features an extra CPU, 16 gigabytes of RAM and a fiber interface, all of which are designed to deliver high performance.  The system is designed to route up to 1.2 million emails per hour and 1.1 million emails per hour with FortiGuard Antispam and Antivirus. The FortiMail-3000C supports up to a total of six terabytes of RAID 1/5/10/50 storage capacity with hot-swap hard drives.
In addition to the new FortiMail-3000C platform, Fortinet is also announcing the upcoming availability of FortiMail 4.0 MR2 operating system. The enhancements to FortiMail 4.0 MR2 include improvements to productivity and security.

Security enhancements include increased access control and expanded dictionary-based policy enforcement:
•     Address Groups – Create access control rules for groups of user email or IP addresses.
•     Dictionary Triggered Archive – Allows dictionary contents to be used to trigger email archiving in addition to sender/recipient and keyword values.

There are several improvements to the Server mode functionality designed to boost productivity, including:
•     Calendar Function – Provides a calendar for scheduling events and sending invites via the webmail interface.
•     Address Book – Supports extended search information, user group creation and LDAP server synchronization.

“In these budget-tightening times, total-cost-of-ownership is a crucial selection criteria for messaging security solutions,” said Michael Xie, founder, CTO and vice president of engineering at Fortinet.  “We’ve paid close attention to this market dynamic which is why we don’t use expensive and complex per-seat licensing models.  And, unlike competing offerings that frequently cobble together third-party antivirus or other protection schemes, we offer customers real-time updates directly from our FortiGuard threat prevention services.”

Availability
The FortiMail-3000C appliance is available now. FortiMail 4.0 MR2 will be available in Q1 2011.
Admin 19 November 2010 security , No Comments

Fortinet Leverages Spirent Solutions To Validate Best-In-Class Performance Of FortiGate-3040B

Fortinet today announced the results of performance tests conducted on the FortiGate-3040B, the newest Fortinet multi-threat security appliance purpose-built for large enterprise and data center environments. Some key highlights are:

· Spirent Communications plc. announced the results of performance tests conducted on the FortiGate-3040B, the newest Fortinet multi-threat security appliance purpose-built for large enterprise and data center environments.

· Testing with Spirent solutions showed that the FortiGate-3040B delivers a steady 40Gbps of performance in both UDP and TCP traffic through four 10 Gbps Ethernet ports and supports full line-rate application traffic with zero packet loss.

· The appliance also achieves latency as low as 3.94 microseconds under 100 percent load. Other test results unveils that the ForitGate-3040B supports up to 5,600,000 concurrent sessions and 160,000 transactions per second.

Press Release

Fortinet Leverages Spirent Solutions To Validate Best-In-Class Performance Of FortiGate-3040B

Spirent TestCenter Used for Performance Evaluation of New High-End Security Appliance; FortiGate-3040B Delivers Extremely Low Latency with 40 Gbps Firewall Throughput

MALAYSIA, 8 November, 2010 – Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions, and Spirent Communications plc., the leading provider of testing solutions for networks, devices and services, today announced the results of performance tests conducted on the FortiGate-3040B, the newest Fortinet multi-threat security appliance purpose-built for large enterprise and data center environments. Testing with Spirent solutions showed that the FortiGate-3040B delivers a steady 40Gbps of performance in both UDP and TCP traffic through four 10 Gbps Ethernet ports and supports full line-rate application traffic with zero packet loss. The appliance also achieves latency as low as 3.94 microseconds under 100 percent load. Other test results unveil that the FortiGate-3040B supports up to 5,600,000 concurrent sessions and 160,000 transactions per second.

FortiGate-3040B comes standard with eight 10-Gigabit Ethernet ports, all in a single, compact 2-RU appliance form factor. The appliance also includes both of Fortinet’s innovative FortiASIC processors — content processor (CP4) and network processor (NP4).

The UDP traffic throughput test was performed with Spirent TestCenter, which was used as a UDP traffic injector through a total of four 10 Gbps Ethernet ports. The test was conducted with a mix of packets, including 66, 594 and 1518 byte packets, and showed performance of 130 million packets per second. The amount of latency introduced by the FortiGate-3040B was minimal, with an average of 7.14 microseconds and getting as low as 3.94 µs at 64 bytes and zero packet loss.

The TCP traffic throughput test was performed with the Spirent Avalanche, used as a HTTP application traffic generator through a total of four 10 Gbps Ethernet ports. The test was conducted under the following parameters: three-way TCP handshakes; TCP Window Size at 64kB; and 10 HTTP transactions in 1 TCP connection. It showed application data performance of 37,65 Gbps throughput, which is equivalent to 40 Gbps of line-rate Ethernet.

“The Spirent TestCenter platform has become the standard for testing high-end security products in complex networks,” said Jeff Schmitz, vice president, Networks & Applications at Spirent Communications. “Large enterprise and data center environments must protect their most critical assets while, at the same time, keeping up with the increased bandwidth requirements of their network. The test of FortiGate-3040B validates the robustness, performance, and stability Fortinet’s customers can expect from this high-end network security system.”

The Spirent test results highlight the best-in-class firewall price-performance of the FortiGate-3040B. This 10-GbE network security appliance provides the highest 10-GbE port density in
its class and includes the latest FortiASIC network processors (NP4), which work inline with the flow of traffic and accelerate firewall and VPN functions.

“For several years now, we’ve been able to prove to our customers that our high-end UTM appliances can compare with point solutions in terms of performance and robustness. The addition of the FortiGate-3040B to our network security product line is no exception,” said Michael Xie, founder, CTO and vice president of engineering for Fortinet. “By leveraging Spirent’s test methodology and services, we enhance our customers’ confidence in our new products. With this test in particular, we are able to objectively demonstrate the outstanding performance and quality of the FortiGate-3040B, which delivers an unmatched mix of performance, flexibility, and security for its price class.”

Fortinet’s FortiGate-3040B appliance is the latest to join the FortiGate-3000 series product family, and integrates high-performance firewall capabilities with advanced unified threat management protection in a single system to help protect organizations’ vital assets. It adds to the FortiGate-3950B series, which was introduced earlier this year and delivers up to 120 Gbps of low-latency firewall inspection performance to help secure the most demanding enterprise environments, including high-speed data centers and network perimeters.

Fortinet’s FortiGate-3040B provides high bandwidth connectivity to the security gateway and delivers up to 17 Gigabits-per-second of virtual private network (VPN) performance. The appliance provides exceptional deployment versatility by providing the industry’s greatest port-density in its price class. A total of 20 ports are included on the system comprised of modular SFP+, SFP and traditional RJ-45 ports.

Like other enterprise-class multi-threat security appliances from Fortinet, the FortiGate-3040B is equipped with the FortiOS 4.0 MR2 operating system to effectively neutralize a wide range of security threats facing networks today.

Admin 8 November 2010 security No Comments

October Threat Landscape Report Highlights Increased Zeus/Money Mule Risk

October Fortinet Threat Landscape Report highlights few key points on the increased of Zeus/Money Mule risks as follows

  1. Fortinet today announced its October 2010 Threat Landscape Report which warns of increased Zeus activity and the related risks money mules take when signing up for questionable job opportunities.
  2. Money mules have been aggressively recruited this year to help cyber criminals launder money.
  3. Fortinet’s Money Mule warning signs and key guidelines on how to prevent someone from inadvertently becoming a money mule.

Further reading could be found on the press release

Fortinet October Threat Landscape Report Highlights Increased Zeus/Money Mule Risks

Report Offers Money Mule Recruitment Warning Signs

MALAYSIA, 29 October, 2010 Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions – today announced its October 2010 Threat Landscape report, which warns of increased Zeus activity and the related risks money mules take when signing up for questionable job opportunities.

“As outlined in our ‘2010 Threat Predictions Realized’ report, money mules have been aggressively recruited this year to help cyber criminals launder money,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “A recent example of this is the worldwide prosecutions of a Zeus criminal operation, which included 37 charges brought against alleged money mules.”

Recent Zeus stories illustrate how prevalent money mules have become and how they are being used to filter, disguise and spread money transfers. Mules today are typically recruited into criminal organizations through legitimate-looking advertisements. A suspect ad may suggest a client is looking for a “payment processing agent,” “money transfer agent,” or something as general and vague as an “administrative representative.” These recruitment ads can be found anywhere from print and online job sites to direct points of contact. While many mules likely enter into the business relationship knowing the full criminal implications of what they’re doing, there are a surprising number that do not.

Preying on the Desperation of Job Seekers

One of the most recent money mule recruitment emails FortiGuard flagged this month began the subject line with, “Re: CV.” The body of the email offered the recipient an “administrative representative” position for a proposed salary of 5,000 per month plus commission. One of the listed job duties was to “administer day-to-day financial responsibilities for clients,” as well as prepare weekly financial reports.

“The majority of opportunities we’re seeing today offer prospects roughly 10 percent commission for any transfers they make,” Manky continued. “With a few simple clicks, a $10,000 transfer could net the mule roughly $1,000.”

Money Mule Warning Signs

The following guidelines can be used to help prevent someone from inadvertently becoming a money mule:

· If the job offer sounds too good to be true, then it probably is. Be wary of any job opportunities that promise great rewards for little or no work or work experience.

· If the job description is vague, unclear and/or doesn’t stipulate who you would be reporting to in the new position, then do deeper research into the company to get those questions answered.

· Be especially scrupulous with regards to money transfer job offers that are coming from overseas, as they can be very difficult to research and verify. If the company in question doesn’t have verifiable contact information (phone, email contact and address) on their web site, think twice about working with them.

· Be cognizant of any company that asks for a personal bank account number as the means through which money is expected to flow. Recruiters will typically mandate that their mules use anonymous money transferring services for outbound funds; as with any scam, be cautious of a request such as this.

· Security services such as antispam and web content filtering can also help to minimize money mule recruitment attempts, as they could help flag the recruitment emails, or potentially warn or block specific illegitimate job recruitment domains.

· Anyone suspecting they may have been a victim of this type of crime should contact their bank immediately.

FortiGuard Labs compiled threat statistics and trends for October based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Services should already be protected against the threats outlined in this report.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

The full October Threat Landscape report, which includes the top threat rankings in several categories, is available now. Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs’ RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog.

Admin 3 November 2010 security No Comments
Page 1 of 212