Application Security

Web Application Firewall

FortiWeb: Web Application Firewall (WAF)

FortiWeb Overview

Unprotected web applications are the easiest point of entry for hackers and vulnerable to a number of attack types. FortiWeb’s AI-enhanced and multi-layered approach protects your web apps from the OWASP Top 10 and more. When combined with our Web Application Security Service from FortiGuard Labs you’re protected from the latest application vulnerabilities, bots, and suspicious URLs, and with dual machine learning detection engines your applications are safe from sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, cookie poisoning, malicious sources, and DoS attacks.

FortiGuard Security Services for FortiWeb

FortiWeb employs multiple FortiGuard security services to protect web applications from attack. These annual subscriptions can be purchased a la carte or as part of a bundle with your FortiWeb solution.

  • FortiGuard Web Application Security uses information based on the latest application vulnerabilities, bots, suspicious URL patterns and data-type patterns, and specialized heuristic detection engines, to ensure your web applications remain safe from application-layer threats.
  • The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.
  • FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
  • FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.
  • Fortinet’s Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.

Application Delivery Controller

FortiADC: Application Delivery Controller

With bandwidth demand growing faster than budgets and cyber-attacks constantly on the rise, it can be challenging to securely and efficiently deliver applications at the speed your users expect. Fortinet Application Delivery Controller (ADC) appliances optimize the availability, user experience, and scalability of enterprise application delivery. They enable fast, secure, and intelligent acceleration and distribution of even the most demanding enterprise applications.

FortiADC Application Delivery Controllers (ADC) optimize the availability, user experience, performance and scalability of Enterprise Application Delivery. The FortiADC family of physical and virtual appliances delivers fast, secure and intelligent acceleration and distribution of demanding applications environments.

DDoS

DDoS

FortiDDoS: Advanced DDoS Protection for Enterprise Data Centers

Distributed Denial of Service (DDoS) attacks are ever-evolving and use a variety of technologies. To successfully combat these attacks, you need a dynamic, multi-layered security solution. FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.

FortiDDoS includes:

  • 100% security processor (SPU)-based layer 3, 4, and 7 DDoS protection application-aware traffic management
  • Behavior-based DDoS protection to eliminate need for signature files
  • Minimal false-positive detections through continuous threat evaluation
  • Ability to monitor hundreds of thousands of parameters simultaneously
  • Defense against every DDoS attack: bulk volumetric, layer 7 application, and SSL/HTTPS
  • Attack protection for DNS services via specialized tools

DDoS Attack Mitigation Technologies Demystified

Distributed Denial of Service (DDoS) attacks are some of the oldest of Internet threats. Despite that, due their simplicity and effectiveness, they continue to be a top risk for public services around the world. As protections have evolved, the technology used by hackers has adapted and become much more sophisticated. New attack types now target applications and services, and not only are bulk Layer 3 and 4 DDoS events becoming more sophisticated but many times they are masked in apparently legitimate traffic, or combined in unique new “zero day” attacks, making it very difficult to detect them.

This whitepaper discusses some of the technologies used traditionally to detect and mitigate DDoS attacks, how they evolved and why the state-of-the-art technology must rely on Application Specific Integrated Circuits (ASICs), inline symmetric or asymmetric deployments, a wide-spectrum of analysis methods covering from Layer 2 (Data-Link layer) to Layer 7 (Application layer) of the OSI model, and why this must be done with high-performance, hardware-based architectures.

As part of the discussion we will explain some features and benefits of the Fortinet FortiDDoS approach, the differences compared to conventional devices based solely on stateful or stateless inspection and the advantages of behavior-based methods of attack detection built on customized hardware vs. signature based methods built on standard CPU/RAM architectures.