An Approach for Securing Advanced Threats for Your Customers - Fortinet Certifications

Threat Trends Capitalize on Poor Visibility and Control

Based on threat data taken from millions of Fortinet devices across the world, the latest Global Threat Landscape Report for Q3 indicates that cyberthreats not only continue to target network vulnerabilities, but also seek to exploit the poor visibility and control resulting from the expansion of networks into the cloud and the rapid adoption of mobility and IoT. This quarterly report serves as an analysis of the current threat landscape facing organizations and their network security, while aiming to help network security teams identify key trends and shifts across the threat landscape.

With this in mind, one of the predominant themes we documented in Q3 is the evolving threats and strategies cybercriminals are using to capitalize on current network vulnerabilities. Most notably, many of these vulnerabilities are being introduced as organizations of all sizes continue their digital transformation initiatives.

As customers continue to widen the scope of their network infrastructures with a range of IoT, mobile and cloud-based solutions, the resulting decrease in visibility and control of those solutions opens threat vectors for cybercriminals to leverage.

There are several important threat trends partners need to remain aware of:

• Evolution of cryptojacking: Cryptojacking, or the process of leaching CPU resources from machines and devices, has long been recognized as a threat to organizations thanks to its ability to drastically slow system efficiency and leach processing power. And now, with new platforms available to advanced attackers, as well as “as-a-service” cryptojacking malware available for purchase on the dark web, the ability to launch large-scale, complex attacks is no longer limited to skilled cybercriminals. What’s more, these new crypto attacks have the potential to disable existing security solutions as well as open additional communications ports on existing firewalls. This means that not only is cryptojacking a serious problem on its own, but it can serve as a gateway through which bad actors are able to install new malware. Considering that the frequency of cryptojacking attacks jumped 38 percent in 2018, underestimating the impact of this cyberthreat can prove especially detrimental to organizations.
• Mobile Malware: Mobile devices are posing a significantly larger threat to network security than ever before. Mobile malware variants attacked more than 25 percent of organizations in Q3 as a result of BYOD policies and unsegmented guest networks. What’s even more surprising, however, is that mobile made up 14 percent of all malware attacks this quarter. Considering the speed at which a mobile device can enter and connect to a network, organizations that cannot properly identify and control these devices are at a substantially high risk.
• IoT Botnets: During Q3 IoT botnet infections rose a steady but anemic 2 percent. However, the period of time these bots were able to stay connected to the network increased by a staggering 34 percent from Q2, averaging 10.2 infection days per firm in Q3. This indicates that the sophistication of botnets is on the rise, that cyber hygiene within organizations is on the decline, or both In either case, if left unchecked these devices have the potential to spread malware laterally across networks and between devices, becoming a threat vector that can be leveraged to gain access to networks. What’s more, the ability for these devices to lie dormant, only returning when business operations resume, means that to effectively mitigate IoT botnets the source device needs to be found and removed.
• Shift Toward Swarm-as-a-Service: A notable shift in the evolution of cyberthreats is that of swarm-based intelligence technology. With emerging capabilities like the AutoSploit toolkit, which provides cybercriminals with the means to automate remote host exploitation, the threat landscape is shifting that much closer toward the possibility of swarm-based botnets. With à la carte IoT botnets like Hajime and Reaper already making headlines for their intelligent, automated attack capabilities, the market for as-a-service attack options using advanced attack capabilities is growing. We’re seeing the attack needle shift toward collaborative, intelligent botnets that cybercriminals can “set and forget.”

A Learn, Segment, Protect Approach to Advanced Threats

As the attack capabilities of cybercriminals continue to evolve, customers need to rearchitect their network infrastructures into a fabric-based strategy that can unify and integrate threat analysis and security processes. From there, customers must then adopt a learn, segment and protect approach to their security efforts that identify and  inventory devices gaining access to their networks, and automate the controls and security solutions that track devices and enforce policy across the network.

• Learn: To secure their networks, customers need to not only see every device connected to the network, but also understand their capabilities, limitations and network access. Moreover, they need to also understand the relationship between these devices and the network ecosystem. To this end, it’s crucial that customers leverage automated threat analysis across an integrated security fabric – allowing them to automatically discover and classify devices found within their networks.
• Segment: Once customers are able to see the devices within their networks, they can effectively begin to control them, including limiting the extent and impact of their vulnerabilities. The most effective approach is to dynamically separate them from other resources through network segmentation. Dynamic segmentation allows IT professionals to authenticate devices that belong within the network and then restrict their access to specific segments of the network infrastructure. Moreover, such segmentation also helps them contain and mitigate the damage caused by modern, automated threats.
• Protect: Armed with a comprehensive view into the network ecosystem, your customers then need the ability to monitor, inspect, and enforce access policies based on activity across their network infrastructure. To do this, each network segment must be woven into an integrated security fabric that can centralize threat analysis and deploy security functions across the network ecosystem.

As customers continue to further their digital transformations, cybercriminals have been quick to shift their capabilities and strategies to take advantage of emerging gaps in device visibility and control. This past quarter we documented advanced attack capabilities and trends designed to capitalize on poor device security. Knowing this, customers must update their network architectures to adopt a learn, segment and protect approach to their device security.

Our experts say about Fortinet Certification Exams

Taking a Layered Approach to Cybersecurity - Fortinet Certifications

Cybercrime is an ever-present threat facing organizations of all sizes. In order to safeguard themselves against a successful data breach, IT teams must stay a step ahead of cybercriminals by defending against a barrage of increasingly-sophisticated attacks at high volumes. In Q3 of 2018 alone, FortiGuard Labs detected 1,114 exploits per firm, each representing an opportunity for a cybercriminal to infiltrate a network and exfiltrate or compromise valuable data.

What complicates this challenge further is that the strategies and attack vectors that cybercriminals rely on are always evolving. It’s the classic problem of security teams having to cover every contingency, while cybercriminals only need to slip past defenses once. Because of this, IT teams must continuously update their defenses based on current threat trends. Today, IoT, mobile malware, cryptojacking, and botnets are top focuses for cybercriminals, but they may have moved on to new threats by Q4.

With this in mind, IT security teams have a lot of ground to cover. Unfortunately, there is no silver bullet to guarantee effective security posture, nor a single defensive mechanism that can ensure security across modern distributed networks. In order to defend against today’s threats, IT teams must take a layered approach to their cybersecurity.

A Layered Approach to Cybersecurity

Many think of a layered approach to cybersecurity in terms of technology and tools. This means having various security controls in place to protect separate entryways. For example, deploying a web application firewall, endpoint protections, and secure email gateways, rather than relying only on traditional perimeter defenses. While these solutions are all part of a layered security approach, it actually goes well beyond deploying layers of different security tools. For cybersecurity to be effective, organizations must also consider how they leverage people and processes.

When combined into a single, integrated framework, an overlapping strategy based on security tools, people, and processes will yield the most effective defenses.

Security Tactics for People, Processes, and Technology

As IT teams seek to create a layered security environment, there are several tactics they should consider:

People

Employees can create some of the greatest risks to cybersecurity. However, when they are well informed they can also be an asset and a first line of defense. Oftentimes, cybercriminals will specifically target employees as an attack vector based on their lack of knowledge for security best practices. For example, cybercriminals might target employees with phishing emails designed to get them to click on a malicious link or divulge credentials. With this in mind, it’s imperative that organizations conduct regular training sessions throughout the year to keep employees aware of potential scams and the ways they can make their organization vulnerable.

Training programs like these will create a strong culture of cybersecurity that can go a long way toward minimizing threats. A few of the cyber hygiene points IT teams will want to inform employees of include:

Creating strong passwords that are unique to each account and not reused, ensuring personal and work passwords are separate.

Not opening or clicking links in suspicious emails or those from unfamiliar senders.

Ensuring applications and operating systems are updated regularly as soon as patches are released and not installing any unknown outside software, as they can open security vulnerabilities in the network.

Immediately reporting any unusual behavior or something strange happening on their computers.

Another way IT teams can improve cybersecurity at the employee level is with access management policies such as the principle of least privilege, which provides a person with access to data only if it is necessary to do their job – thereby reducing the exposure and consequences of a breach.

Processes

This layer of cybersecurity ensures that IT teams have strategies in place to proactively prevent and to respond quickly and effectively in the event of a cybersecurity incident.

First, IT security teams should have a cyber incident response plan in place. A good incident response plan will provide an organization with repeatable procedures and an operational approach to addressing cybersecurity incidents to recover business processes as quickly and efficiently as possible. In addition, ensuring proper backups are in place and regularly testing these backups is imperative to minimizing downtime and increasing the chances of data recovery from a cyber event.

Next is the collection and analysis of threat research. Every security strategy and tool must be informed by current threat intelligence in order to effectively detect and respond to threats. For example, threat research might reveal that cybercriminals have been carrying out attacks through a specific vulnerability, or targeting endpoints with a specific malware. Armed with this information, IT teams can then take proactive measures by making any necessary system updates, and increasing monitoring to detect behavior indicative of one of these attacks. It is also important that IT teams consult both local and global threat data for the most comprehensive understanding of the threat landscape.

Another important process on the road to effective cybersecurity is the prioritization of assets. While IT teams remain strained due to the cybersecurity skills gap, networks have become increasingly sophisticated, making it impossible to manually monitor each area of the network at all times. Therefore, IT teams must know where all their assets are and prioritize these assets based on which are most business critical and would have the greatest impact on the business if breached. From there, security teams can develop policies and deploy strategies to keep this data more secure and minimize consequences. This might mean using network segmentation to add an extra level of security or creating access control policies based on who needs access to this specific sets of data.

Technology

As discussed previously, there are a host of technologies that security teams can implement in order to layer their defenses. That being said, it’s important that IT teams do not implement isolated point solutions as they layer their defenses, but rather, select those tools based on their ability to be integrated and automated to create a Security Fabric that can facilitate the rapid detection and mitigation of threats.

Another tactic IT teams should leverage is deception technology. Network complexity is an Achilles heel for adversaries. Deception technologies level the playing field by automating the creation of dynamic decoys that are dispersed throughout the IT environment, making it harder for the adversary to determine which assets are fake and which are real. When an adversary can’t make this distinction, cybercriminals are forced to waste time on fake assets and exercise caution as they look for tripwires embedded in these fake environments. This may require them to alter their tactics, thereby increasing their chances of being detected by security teams.

Finally, IT teams should leverage segmentation. Adversaries target networks to gain access to and exploit organizations’ business-critical data, whether that is their customer and personnel information, intellectual property, financial records, etc. Segmenting corporate networks enables IT teams to separate their applications and sensitive data into different segments of subnetworks with varying degrees of security. This allows for greater access control on critical systems, thereby limiting exposure if there is a breach.

Success Secrets: How you can Pass Fortinet Certification Exams in first attempt 

100% Free Fortinet Certification Exam Dumps PDF - VCE Exams Files

Fortinet Practice Exam Questions Answers - 100% Free Demo

Question 1

Which statement is correct regarding virus scanning on a FortiGate unit?

A: Virus scanning is enabled by default.
B: Fortinet Customer Support enables virus scanning remotely for you.
C: Virus scanning must be enabled in a UTM security profile and the UTM security profile must be assigned to a firewall policy.
D: Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.

Correct Answer: C

Question 2

Which of the following statements are correct regarding URL filtering on the FortiGate unit? (Select all that apply.)

A: The allowed actions for URL Filtering include Allow, Block and Exempt.
B: The allowed actions for URL Filtering are Allow and Block.
C: The FortiGate unit can filter URLs based on patterns using text and regular expressions.
D: Any URL accessible by a web browser can be blocked using URL Filtering.
E: Multiple URL Filter lists can be added to a single protection profile.

Correct Answer: AC

Question 3

Which of the following regular expression patterns will make the terms "confidential data" case insensitive?

A: \[confidential data]
B: /confidential data/i
C: i/confidential data/
D: "confidential data"
E: /confidential data/c

Correct Answer: B

Question 4

Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.)

A: IP Address Check
B: Open Relay Database List (ORDBL)
C: Black/White List
D: Return Email DNS Check
E: Email Checksum Check

Correct Answer: ABCDE

Question 5

Which of the following email spam filtering features is NOT supported on a FortiGate unit?

A: Multipurpose Internet Mail Extensions (MIME) Header Check
B: HELO DNS Lookup
C: Greylisting
D: Banned Word

Correct Answer: C

Question 6

Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

A: They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network.
B: They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network.
C: They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
D: They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network.

Correct Answer: A

Question 7

A FortiGate unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received.
Which of the following statements are possible reasons for this? (Select all that apply.)

A: The external facing interface of the FortiGate unit is configured to use DHCP.
B: The FortiGate unit has not been registered.
C: There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured.
D: The FortiGate unit is in Transparent mode which does not support push updates.

Correct Answer: ABC

Question 8

Which of the following statements best describes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?

A: The proxy will not allow a file to be transmitted in multiple streams simultaneously.
B: The proxy sends the file to the server while simultaneously buffering it.
C: If the file being scanned is determined to be infected, the proxy deletes it from the server by sending a delete command on behalf of the client.
D: If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.

Correct Answer: A

Question 9

What is the correct behavior when the email attachment is detected as a virus by the FortiGate antivirus engine?

A: The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected.
B: The FortiGate unit will reject the infected email and the sender will receive a failed delivery message.
C: The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed.
D: The FortiGate unit will reject the infected email and notify the sender.

Correct Answer: B

Question 10

What are the valid sub-types for a Firewall type policy? (Select all that apply)

A: Device Identity
B: Address
C: User Identity
D: Schedule
E: SSL VPN

Correct Answer: ABC

Success Secrets: How you can Pass Fortinet Certification Exam in first attempt