本網站使用瀏覽器紀錄 (Cookies) 來提供您最好的使用體驗,我們使用的 Cookie 也包括了第三方 Cookie。相關資訊請訪問我們的隱私權與 Cookie 政策。如果您選擇繼續瀏覽或關閉這個提示,便表示您已接受我們的網站使用條款。 關閉
全方位整合與自動化網路資安領導廠商 Fortinet®(NASDAQ:FTNT)昨(7)日舉辦年度資安盛會「Fortinet資安嘉年華」。本次活動特別邀請KPMG安侯建業、台灣微軟、彰化基督教醫院、台灣科技大學、微智安聯等產學夥伴攜手Fortinet 資安專家,針對企業資安風險分析、雲端資安趨勢、醫療與製造業資安升級、資安人才培育與關鍵資安解決方案等五大關鍵主題,分享台灣各產業如何提升整體資安防禦思維,邁向數位轉型新契機。 Fortinet 台灣區總經理吳章銘表示:「根據Fortinet《2023全球資安威脅預測》顯示,駭客不僅持續破壞外部攻擊面,更將發動直闖內網的資安攻擊,使得企業布局數位力提升競爭優勢的同時,面臨巨大營運挑戰。Fortinet持續深化台灣市場耕耘,從早期的Fortinet Security 361° 資安論壇轉型至近年的資安嘉年華,讓台灣各產業資安專業人員得以輕鬆掌握最新資安趨勢,並清楚認識Fortinet最先進且全面的資安解決方案,共創更完善的資安聯防生態系。」 後疫時代成資安浩劫?專家深度解析最新資安趨勢,跨域協力驅動安全防護再升級 疫情時代加速企業組織數位轉型伴隨而來的資安升級與韌性強化挑戰,躍升決策者不可忽視的核心議題。隨著近年來駭客攻擊數量急遽增加、規模迅速擴張,如何守護端點設備及雲端安全,提升內部整體資安防禦思維,成為各大企業所面對的重大考驗,也促使政府推動「資安即國安2.0」戰略,對關鍵產業的資安能力提出更高標準的要求。 為主題講座揭開序幕的KPMG安侯建業副總經理林大馗,分享「2022 年台灣企業資安曝險調查報告」,指出國內各產業不僅資安人員能量均嚴重不足,更有超過5成的供應鏈核心產業位居末段班。KPMG安侯建業建議企業導入及驗證資安國際標準,採用縱深防禦策略防範日益升溫的社群媒體風險。台灣微軟客戶成功事業群副總經理張書源則介紹微軟的三階段零信任成熟度等級以及部屬零信任架構守護雲端資安的關鍵作用與優勢。 此外,本次資安嘉年華討論也橫跨醫療及製造領域,邀請豐富實戰經驗的專家學者,獨家解密各產業的資安佈局。彰化基督教醫院資安主任粘良祁分享在「資源有限」及「資安人才難尋」的環境裡,如何從策略、管理與技術三個面向應對資安治理困境。國立台灣科技大學機械系教授李維楨介紹國際電工委員會 IEC 62443 資訊安全標準及其相關認證,以及Fortinet 產品如何導入台科大工業4.0中心,共同打造符合IEC 62443資安要求的示範場域。而微智安聯執行長蔡一郎則分享與Fortinet一同打造的虛實整合「次世代資安人才試鍊場」Fortinet Cyber Range,可評量人員實務技術能力,提升資訊人員職能。 大秀資安實力!Fortinet展現全方位解決方案,助企業提升主動防禦量能、鞏固資安防護網 Fortinet 資安嘉年華除了邀請台灣各產業資安專業人員共同剖析台灣資安產業全局,Fortinet資安專家亦於會中分享Fortinet如何協助企業組織資料安全上雲,並透過端點防護、零信任存取、託管式偵測與回應服務等關鍵資安解決方案,為台灣企業強化資安韌性,迎戰後疫情時代日新月異的資安威脅與攻擊危害。 身為擁有業界最為符合Gartner 重點戰略技術趨勢「網路安全網格架構(CSMA)」的資安領導廠商,Fortinet安全織網(Fortinet Security Fabric)不僅透過「資安鐵三角」FortiGate、FortiAP、FortiSwitch無縫整合防火牆、交換器及無線基地台,協助企業打造安全無虞的定點和行動辦公環境,更在2022年推出「網路安全 3+3」的全新資安架構,結合廣域網路邊緣基礎架構(SD-WAN)、零信任網路存取(ZTNA)與FortiToken增強式身份驗證解決方案,讓企業得以將安全政策延伸至分點、居家和行動用戶,輕鬆實現資安納管無邊界。 Fortinet亦持續耕耘技術創新,提供最廣泛的產品及安全解決方案組合。Fortinet零信任存取解決方案融合FortiSASE全面性的安全防護功能,並藉由SD-WAN優化FortiGate內建功能及FortiClient,使企業能夠運用內部原有的新世代防火牆(NGFW),更快速地存取本地資料中心內的服務與資源。強調換位思考的FortiRecon則由攻擊方角度強化企業資安,藉由外部攻擊面管理(EASM)、品牌保護(BP)、以對手為中心的情報 (ACI)等功能,監控組織的外部攻擊面並對安全問題發出警報,同時自動檢測對組織安全和品牌聲譽的威脅,幫助組織主動評估風險,提高員工的安全意識。 技術服務方面,Fortinet全新推出的FortiMDR全中文化服務,除了整合以人工智慧驅動的新世代端點防護解決方案 FortiEDR,更與台灣在地專業技術團隊通力合作,提供全天候且不限次數的威脅偵測和警報,為企業打造全方位的資安防護網。由全球300多位資深高級技術人員組成的Fortinet Advanced Support 服務亦持續發揮影響力,透過FortiGate配置強化與性能健康檢查、知識轉移及生命週期審查報告,提供企業更進階的支援與安全防護,補足遭遺漏的資安死角。 資安威脅風險日益加劇,Fortinet致力強化台灣資安韌性、奠定數位轉型根基 面對逐漸白熱化的資安威脅與駭客攻擊,Fortinet 2023年將持續深耕台灣市場,針對企業組織的潛在資安風險,推出更多完善且專業的全方位資安解決方案。Fortinet將持續攜手國內產官學業者,共同探討資安聯防的最佳實踐以及資安人才的培育,在全球數位轉型浪潮下,力助台灣企業奠定數位韌性、立足資安根基。
為混合工作提供安全無縫的網絡環境香港 - Media OutReach - 2022年10月27日 - 大中華區領先的電訊中立網絡服務供應商第一線DYXnet(互聯科技NEOLINK成員)宣佈與領先的網絡安全解决方案供應商Zscaler合作,推出全新的第一線SASE (安全存取服務邊緣)解決方案,以響應對混合工作和高度安全的網絡環境日益增長的需求, 並為現有第一線SD-WAN客戶以及其他希望從傳統網絡安全方案轉向SASE的企業帶來優質的選擇。 第一線DYXnet產品及服務管理集團總監施純烽(左)及香港區銷售總經理林曉東(右),聯同Zscaler大中華區總經理袁蔚豪(中)宣佈兩家公司成為合作夥伴,推出DYXnet SASE方案 遙距工作趨勢、SaaS (Software as a Service) 的快速發展以及過時的網絡安全系統,均大大增加企業受網絡攻擊的風險,而SASE正正提供一種嶄新的網絡安全架構以支持企業多樣化的安全需求。Gartner預測,到2025年,最少60%的企業將制定明確的SASE採用計劃和時間表,並覆蓋用戶、辦公室和邊緣存取等範疇。 為協助客戶打造定安全的營運基礎,強化網絡保安配套,第一線與Zscaler合作推出第一線SASE方案,融合SD-WAN和雲交付,簡化網絡與安全基礎架構。透過結合客戶現有的 SD-WAN,方案最大化提高業務敏捷性和響應能力,同時減少網路安全框架中的漏洞。第一線SASE主要採取零信任網絡存取(ZTNA)、防火牆即服務(FWaaS)、雲端存取安全代理(CASB)及安全網關(SWG),為客戶數碼轉型過程中所須的靈活、安全而高效的網絡防禦及營運模式提供最佳支持。 第一線香港區銷售總經理林曉東表示:「與Zscaler的合作標誌著第一線致力為客戶提供全面優質的產品組合,讓他們能夠安心在瞬息萬變的市場進行數碼轉型。第一線SASE能夠協助企業建立靈活安全的網絡環境,保持業務競爭力。」 Zscaler大中華區總經理袁蔚豪表示:「疫情持續加速數碼轉型步伐,同時亦帶出各種網絡安全隱憂,企業的首要考慮是採用合適的方案加強網絡安全架構。我們很高興與第一線合作推出SASE方案, 簡化及保障客戶在雲端上的業務操作,提供無縫的用戶體驗,抵禦層出不窮的網絡攻擊。」 第一線產品及服務管理集團總監施純烽指出:「彈性靈活的網絡安全方案可讓企業的IT團隊在應對業務發展上更得心應手。第一線SASE以用戶和應用程式為中心的模式,可確保只有授權用戶才能連接到特定的應用程式,而無需提供對網絡的連接權限,進一步精簡操作流程、提高效益及增強網絡安全性。」 如需了解更多有關第一線SASE方案,請瀏覽 https://www.dyxnet.com/hk/zh/secure-access-service-edge-sase/ 。 Hashtag: #第一線DYXnet關於第一線:作為世紀互聯 (NASDAQ: VNET) 旗下的全資子公司,第一線是大中華區領先的中立電訊網絡服務供應商,具超過二十年的行業經驗。世紀互聯於美國納斯達克上市,為中國領先的第三方中立數據中心及混合雲服務商之一。 集團於2021年4月進一步成立全新子品牌"互聯科技"(NEOLINK),整合第一線與集團內數據中心、網絡產品、混合雲、裸金屬和運維管理服務等五大產品線,為客戶提供更多元化的解決方案及服務以實現全面的數碼轉型。持續發展創新的解決方案以滿足客戶不斷增長的市場需求是我們集團的共同目標。 第一線深信科技是帶領企業邁向數碼化未來的成功關鍵。我們為客戶以 ICT 創新推動業務增長,探索更多發展潛力及機遇,並透過優秀技術和服務為客戶制定合適的解決方案,包括 MPLS 和 SD-WAN 等企業網絡解決方案、雲端應用方案和數據中心服務等。 第一線致力成為香港及亞太區的領先 ICT 服務供應商。除了作為大中華區首批獲得 ISO /IEC 27001、ISO/IEC 20000 及 ISO 9001 資訊安全、國際 IT 服務管理以及國際品質管制認證的 ICT 服務供應商外,我們亦是中國跨境資料通信產業聯盟的首批正式會員及 SD-WAN服務標準起草單位。 如需更多有關第一線的資訊,請瀏覽官方網站 www.dyxnet.com。
FortiSASE is the only offering to integrate cloud-delivered SD-WAN connectivity with cloud-delivered security (SSE) to enable the industry’s most flexible secure private access SUNNYVALE, Calif., Oct. 18, 2022 (GLOBE NEWSWIRE) -- John Maddison, EVP of Products and CMO “Fortinet delivers the most integrated single-vendor SASE solution available, uniquely converging best-of-breed networking and best-of-breed security that are unified by a single operating system. The latest cloud-delivered enhancements to FortiSASE further strengthen our ability to enable consistent security and user experience no matter where users and applications are distributed.” News Summary Fortinet® (NASDAQ: FTNT), the driving force in the evolution of cybersecurity and the convergence of networking and security, today announced significant cloud-delivered enhancements to FortiSASE, the most integrated single-vendor SASE solution on the market. According to Gartner®, “Single-vendor SASE delivers converged network and security capabilities to connect and secure distributed users, devices, and locations to resources in the cloud, edge, and on-premises.”1 It has emerged as a key architecture to secure remote users, ensure consistent user experience, and shift from a CAPEX to an OPEX business model. In fact, Gartner predicts that “by 2025, one-third of new SASE deployments will be based on a single-vendor SASE offering, up from 10% in 2022.” 1 Fortinet was recognized by Gartner as a Representative Vendor in the inaugural “Market Guide for Single-Vendor SASE.” FortiSASE consolidates point products by seamlessly converging cloud-delivered networking (SD-WAN) and cloud-delivered security (SSE composed of secure web gateway, Universal ZTNA [zero trust network access], cloud access security broker [CASB], and Firewall-as-a-Service) via a single operating system (FortiOS) and single agent (FortiClient), with AI and ML layered across to drive additional operational efficiency. What’s new? In addition to enabling Secure Internet Access that is not only fast but ensures consistent security for all user traffic to and from the internet, FortiSASE now includes new updates that add enhanced support for Secure Private Access and Secure SaaS Access use cases: Secure Private Access Leveraging its success of delivering networking and security convergence at the edge to over 20,000 customers via Fortinet Secure SD-WAN, Fortinet is now extending this convergence to remote users via cloud-delivered SD-WAN connectivity in FortiSASE. This extends Fortinet’s existing ability to deliver granular application access with Fortinet Universal ZTNA by adding broader application access with SD-WAN to support the most comprehensive set of private applications running at the data center or public cloud, while also ensuring superior user experience. This enhancement makes FortiSASE the industry’s most flexible architecture for secure and reliable access to privately hosted applications by leveraging both ZTNA and SD-WAN. With today’s news, organizations that have already deployed Fortinet Secure SD-WAN and/or FortiGate Next-Generation Firewalls in the branch or data center can seamlessly connect their remote users to FortiSASE for private access without needing an additional license. Secure SaaS Access FortiSASE delivers comprehensive visibility and control for SaaS applications, now enhanced with next-generation dual-mode CASB. By leveraging both inline and API-based support, FortiSASE enables full visibility into sanctioned and unsanctioned applications to address shadow IT and data exfiltration challenges. Analyst Validation: “Modern IT and employee environments are highly distributed and require secure connectivity and access, regardless of where users or applications are located. To provide these services, organizations must have comprehensive, tightly integrated, network and security solutions. Fortinet understands this and has implemented a single OS and agent across its entire Cloud-based SASE portfolio, plus it has layered in AI/ML technologies to drive greater operational efficiencies and deliver enhanced user experiences.” -- Bob Laliberte, Principal Analyst, ESG Additional Resources Read the blog and watch the video to learn more about FortiSASE and Fortinet’s ability to deliver single-vendor SASE. Download the Gartner® Market Guide for Single-Vendor SASE. Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks. Learn more about Fortinet’s FortiGuard Security Services portfolio. Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs. Read more about how Fortinet customers are securing their organizations. Engage in the Fortinet User Community (Fuse). Share ideas and feedback, learn more about our products and technology, and connect with peers. Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube. 1 Gartner, Market Guide for Single-Vendor SASE, 28 September 2022, Neil MacDonald, John Watts, Jonathan Forest, Andrew Lerner. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. About Fortinet Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 595,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs. FTNT-O Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. Media Contact: Investor Contact: Analyst Contact: Michelle Zimmermann Peter Salkowski Brian Greenberg Fortinet, Inc. Fortinet, Inc. Fortinet, Inc. 408-235-7700 408-331-4595 650-554-0941 pr@fortinet.com psalkowski@fortinet.com analystrelations@fortinet.com
全方位整合與自動化網路資安領導廠商 Fortinet 今(22)日公布其在2022年廣域網路邊緣基礎架構(SD-WAN)魔力象限領導者中處於領先地位。這代表著 Fortinet 因 Fortinet Secure SD-WAN 連續第三年被公認為領導者,也是 Fortinet 連續第二年在象限中擁有最佳執行能力,並持續被認可其願景的完整性。 Fortinet 台灣區總經理吳章銘表示:「Fortinet 是第一家將 SD-WAN 和安全性融合在一個產品中的供應商,這已成為我們 SASE 解決方案的基本要素,該解決方案由單一作業系統 FortiOS 驅動,讓工作能夠隨時隨地進行。透過與全球零信任網路存取的整合,實現安全與最佳化的應用服務連線,確保優質的用戶體驗,進一步使 Fortinet Secure SD-WAN 在競爭者中脫穎而出。」 隨著 SD-WAN 客戶群的快速成長,世界各地的組織都將 Fortinet Secure SD-WAN 作為轉換和保護廣域網路的重要策略。Fortinet 持續調整該解決方案,使組織能夠為使用者提供優良的體驗品質,透過加速本地和雲交付環境的安全性和網路融合簡化架構,並在所有廣域網路和雲端邊緣實現營運效率。該解決方案具有以下優點: 支援單一且連貫的FortiOS作業系統,實現 SD-WAN 和安全驅動型網路的無縫融合。Fortinet 基於 ASIC 的加速型 SD-WAN、零信任網路存取(ZTNA)和安全存取服務邊緣 (SASE),為使用者和網路提供統一的安全和管理框架,以支援高效能的自動化防護。 零信任網路存取與SD-WAN整合支援隨地辦公。Fortinet產品可將用於連接的 SD-WAN、安全存取的零信任網路存取,以及流量檢查和保護的企業級安全性都整合於同一個控制台進行配置、編排和管理。 實現安全、高效能的混合雲和多雲連線,加速組織的數位優先之旅並與SASE無縫接軌。 整合網路(廣域網路、區域網路、無線區域網路、無線廣域網路)和安全 (新世代防火牆)元件,在具有統一管理的彈性平台中實現向 SD-Branch 的安全轉移,進而加速部署並簡化網路架構。 提供可靠和安全的無線廣域網路,促進轉向使用 5G 網路。 增加 AIOps 和數位體驗監控 (DEM)進階功能,提升 IT 和用戶體驗。 今年稍早,Fortinet 連續第三年被評為2022年Gartner Peer Insights™廣域網路邊緣基礎設施的「客戶最佳選擇」。Gartner Peer Insights「客戶觀點」由受認證的專業人員進行回饋和評分,同時考量了評論數量和整體用戶評分。
Exploit Trends Demonstrate the Endpoint Remains a Target as Work-From-Anywhere Continues Graph of weekly ransomware volume over the last 12 months Graph of weekly ransomware volume over the last 12 months Graph of top malware tactics and techniques (endpoint) Graph of top malware tactics and techniques (endpoint) SUNNYVALE, Calif., Aug. 17, 2022 (GLOBE NEWSWIRE) -- Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs “Cyber adversaries are advancing their playbooks to thwart defense and scale their criminal affiliate networks. They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment. To combat advanced and sophisticated attacks, organizations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.” News Summary: Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced the latest semiannual FortiGuard Labs Global Threat Landscape Report. For a detailed view of the report, as well as some important takeaways, read the blog. Highlights of the 1H 2022 report follow: The ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS). Work-from-anywhere (WFA) endpoints remain targets for cyber adversaries to gain access to corporate networks. Operational technology (OT) and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence. Destructive threat trends continue to evolve, as evidenced by the spread of wiper malware as part of adversary toolkits. Cyber adversaries are embracing more reconnaissance and defense evasion techniques to increase precision and destructive weaponization across the cyber-attack chain. Ransomware Variant Growth Shows Evolution of Crime Ecosystems: Ransomware remains a top threat and cyber adversaries continue to invest significant resources into new attack techniques. In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous six-month period. That is nearly 100% growth in ransomware variants in half a year. RaaS, with its popularity on the dark web, continues to fuel an industry of criminals forcing organizations to consider ransomware settlements. To protect against ransomware, organizations, regardless of industry or size, need a proactive approach. Real-time visibility, protection, and remediation coupled with zero-trust network access (ZTNA) and advanced endpoint detection and response (EDR) are critical. Graph of weekly ransomware volume over the last 12 months https://www.globenewswire.com/NewsRoom/AttachmentNg/f90c8d79-5679-40e4-a08f-bb3660ee4afd Exploit Trends Show OT and the Endpoint Are Still Irresistible Targets: The digital convergence of IT and OT and the endpoints enabling WFA remain key vectors of attack as adversaries continue to target the growing attack surface. Many exploits of vulnerabilities at the endpoint involve unauthorized users gaining access to a system with a goal of lateral movement to get deeper into corporate networks. For example, a spoofing vulnerability (CVE 2022-26925) placed high in volume, as well as a remote code execution (RCE) vulnerability (CVE 2022-26937). Also, analyzing endpoint vulnerabilities by volume and detections reveals the relentless path of cyber adversaries attempting to gain access by maximizing both old and new vulnerabilities. In addition, when looking specifically at OT vulnerability trends, the sector was not spared. A wide range of devices and platforms experienced in-the-wild exploits, demonstrating the cybersecurity reality of increased IT and OT convergence and the disruptive goals of adversaries. Advanced endpoint technology can help mitigate and effectively remediate infected devices at an early stage of an attack. In addition, services such as a digital risk protection service (DRPS) can be used to do external surface threat assessments, find and remediate security issues, and help gain contextual insights on current and imminent threats. Destructive Threat Trends Continue With Wipers Widening: Wiper malware trends reveal a disturbing evolution of more destructive and sophisticated attack techniques continuing with malicious software that destroys data by wiping it clean. The war in Ukraine fueled a substantial increase in disk wiping malware among threat actors primarily targeting critical infrastructure. FortiGuard Labs identified at least seven major new wiper variants in the first six months of 2022 that were used in various campaigns against government, military, and private organizations. This number is significant because it is close to the number of wiper variants that have been publicly detected since 2012. Additionally, the wipers did not stay in one geographical location but were detected in 24 countries besides Ukraine. To minimize the impact of wiper attacks, network detection and response (NDR) with self-learning artificial intelligence (AI) is helpful to better detect intrusions. Also backups must be stored off-site and offline. Defense Evasion Remains Top Attack Tactic Globally: Examining adversarial strategies reveals takeaways about how attack techniques and tactics are evolving. FortiGuard Labs analyzed the functionality of detected malware to track the most prevalent approaches over the last six months. Among the top eight tactics and techniques focused on the endpoint, defense evasion was the most employed tactic by malware developers. They are often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important things for adversaries. Therefore, they are attempting to evade defenses by masking them and attempting to hide commands using a legitimate certificate to execute a trusted process and carry out malicious intent. In addition, the second most popular technique was process injection, where criminals work to inject code into the address space of another process to evade defenses and improve stealth. Organizations will be better positioned to secure against the broad toolkits of adversaries armed with this actionable intelligence. Integrated, AI and ML-driven cybersecurity platforms with advanced detection and response capabilities powered by actionable threat intelligence are important to protect across all edges of hybrid networks. Graph of top malware tactics and techniques (endpoint) https://www.globenewswire.com/NewsRoom/AttachmentNg/b4801331-9308-4dfc-bf88-98a3a181c7ad AI-powered Security Across the Extended Attack Surface When organizations gain a deeper understanding of the goals and tactics used by adversaries through actionable threat intelligence, they can better align defenses to adapt and react to quickly changing attack techniques proactively. Threat insights are critical to help prioritize patching strategies to better secure environments. Cybersecurity awareness and training are also important as the threat landscape changes to keep employees and security teams up-to-date. Organizations need security operations that can function at machine speed to keep up with the volume, sophistication, and rate of today’s cyber threats. AI and ML-powered prevention, detection, and response strategies based on a cybersecurity mesh architecture allow for much tighter integration, increased automation, as well as a more rapid, coordinated, and effective response to threats across the extended network. Report Overview This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2022. Similar to how the MITRE ATT&CK framework classifies adversary tactics and techniques, with the first three groupings spanning reconnaissance, resource development, and initial access, the FortiGuard Labs Global Threat Landscape Report leverages this model to describe how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets. The report also covers global and regional perspectives as well as threat trends affecting IT and OT. Additional Resources Subscribe to our blog for valuable takeaways from this research as the FortiGuard Labs team examines topics from the report in upcoming weeks. Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks. Learn more about Fortinet’s FortiGuard Security Services portfolio. Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs. Read about how Fortinet customers are securing their organizations. Engage in the Fortinet User Community (Fuse). Share ideas and feedback, learn more about our products and technology, and connect with peers. Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube. About FortiGuard Labs FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence designed to protect them from malicious activity and sophisticated cyberattacks. It is composed of some of the industry’s most knowledgeable threat hunters, researchers, analysts, engineers, and data scientists in the industry, working in dedicated threat research labs all around the world. FortiGuard Labs continuously monitors the worldwide attack surface using millions of network sensors and hundreds of intelligence-sharing partners. It analyzes and processes this information using AI and other innovative technology to mine that data for new threats. These efforts result in timely, actionable threat intelligence in the form of Fortinet security product updates, proactive threat research to help our customers better understand the threats and actors they face, and threat intelligence to help our customers better understand and defend their threat landscape. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs. About Fortinet Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 595,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs. FTNT-O Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. Media Contact: Investor Contact: Analyst Contact: John Welton Peter Salkowski Brian Greenberg Fortinet, Inc. Fortinet, Inc. Fortinet, Inc. 408-235-7700 408-331-4595 408-235-7700 pr@fortinet.com psalkowski@fortinet.com analystrelations@fortinet.com
2022年5月31日 臺北訊 —對金融服務業而言,網路安全的重要性前所未見。不斷演變的威脅加上越發精進的攻擊者,使得金融機構必須時時警惕,同時又要支援遠端工作以及利用公有雲推動技術創新的需求。而根據Palo Alto Networks 2021台灣資安現況報告指出,金融業是台灣最積極加速數位轉型的行業之一,由此可知,網路安全將為當前的台灣金融機構帶來相當顯著的挑戰或影響。 傳統安全解決方案的挑戰 網安攻擊是跨領域的惡夢,而在銀行和其他金融機構的現實環境更是處處可見,根據Forrester的2021企業資料外洩現況報告,企業找出並從資料外洩事件中恢復正常運作的平均成本為240萬美元,而對金融業來說,情況更為嚴峻。 IBM 的「資料外洩成本報告」(Cost of a Data Breach Report),2021 年全球金融業因資料外洩而產生的平均成本為 572 萬美元,僅次於平均成本最高的醫療保健。壞消息是,出現轉機之前,情況可能會先更加惡劣: SearchSecurity 指出,由於高獲利能力、雲端基礎設施漏洞以及遠端工作的快速發展,勒索軟體的出現頻率在 2021 年增加一倍。 俄烏衝突更使西方金融機構淪為掌握高度技術、由國家資助的網路攻擊者的目標。 稽核員和金融主管機關目前加強自身網路安全執法與監督工作,重點關注資料隱私權、營運韌性以及第三方風險。 另一方面,金融機構已採用公有雲推動數位轉型,支援創新的產品及服務,提供卓越客戶體驗,以期在競爭中保持領先。混合雲架構已成為許多組織的常態,工作負載和資料經常在雲端基礎系統和公司本身的系統之間移動。同時,出現另一種形式的混合環境,無論使用者是從遠端、透過行動裝置或從分支機構連線,員工與第三方夥伴皆需取得安全性權限才能存取應用程式及業務資料。 金融業 CISO 及其他網路安全領導者的任務,是要在不犧牲敏捷、創新或使用者生產力的前提下,保護這類混合型環境。多數時候,他們嘗試適應傳統的安全系統與架構,以期滿足這些不斷變化的需求,但卻面臨以下重大挑戰: 可擴展性難題 – 現今,混合工作與雲端環境需要能夠快速擴展的安全解決方案,如此才能跟得上不斷變化的工作負載、分散式勞動力以及快速擴展的資料管理需求,而使用大雜燴式的網路與安全堆疊建構的傳統架構,根本無法提供這種可擴展性。 安全落差 – 惡意行為者敏銳地察覺現今日益普及的混合與行動工作模式,並瞄準居家辦公及遠端工作環境。相較於在公司連線的使用者,遠端存取資源的使用者通常基於保護資料的考量被授予不同的存取權限,進而導致攻擊者可以利用此安全落差,滲透金融機構。 生產力問題 – 傳統安全政策的執行通常要求機構將其網路流量回傳到資料中心,無論端點位於何處或流量最終目的地為何,這代表會出現更多延遲,公共、雲端應用程式與資料尤其如此,這也加深更多員工的不耐,反而因此意圖規避安全控管措施,敞開漏洞的大門。 零信任加 SASE效果加乘 零信任模式不斷證明其在保護混合雲端環境中重要應用程式和資料的價值,尤其是對逐漸接受混合工作模式的金融組織而言。SASE 解決方案鎖定四個重大領域,為零信任安全狀況: 確保正常運作時間:無縫利用 MPLS、網路和 4G/5G 網路連線能力,為零售銀行分支機構和遠端據點的客戶及員工,提供最大化的系統可用性以及正常運作時間。即便在混合工作模式下,分支機構依然是全通路互動模式的關鍵要素,客戶可在這些通路進行複雜的交易、解決問題和取得財務諮詢。 控管成本:以寬頻網路服務取代昂貴的傳統 WAN 技術,能以更低廉的價格取得更高的頻寬層級。Forrester 指出,在採用 Prisma SASE 後,IT 安全人員得以整合安全工具及提升效率,這也是降低成本的主要因素。 縮小安全落差:為無論其何時何地存取應用程式和資料的員工、承包商和供應商制定一致的安全控管機制與政策。有鑑於金融機構的遠端勞動力和第三方夥伴日益拓展,金融主管機關期望機構制定適當的控管措施,妥善管理此類風險。 提供更卓越的使用者體驗:確保安全且直接地透過 Internet 存取雲端基礎資源,此關鍵能力能夠減少延遲,並為客戶和員工提供一致、可靠且無虞的使用者體驗。最終,這有助於進一步與客戶互動,而消費者現在也期望金融機構能夠做到這一點。 SASE:成效十足的安全性 採用安全存取服務邊緣(SASE),其結合了安全性、零信任網路存取 (ZTNA) 以及網路連線,可實現高效能的混合工作模式;它最顯著的一項優勢就是其有利於金融機構的盈虧。根據 Forrester 的 SASE 投資報酬率計算工具,採用 Prisma SASE 的機構有機會締造高達 241% 的投資報酬率。藉由保障高度有效且一致的使用者體驗,Prisma SASE 成為金融機構的重要工具,可最大化員工生產力、提高客戶忠誠度,同時支援現代零信任安全狀況。 關於Palo Alto Networks Palo Alto Networks是全球網路安全領導者,致力於透過能夠轉變人們與組織運作方式的科技,塑造以雲端為本的未來。我們的目標是成為最佳的網路安全夥伴,保護數位時代的生活方式。我們藉由持續創新,掌握在人工智慧、分析、自動化及協作等各方面的最新突破,來面對當今最大的安全挑戰。Palo Alto Networks站在最前線,透過提供整合平台並成就持續成長的合作夥伴生態系統,為無數企業提供在雲端、網路及行動裝置的保護。我們的願景是創造一個今天比昨天更安全的世界。如欲瞭解更多資訊,請造訪www.paloaltonetworks.com Palo Alto Networks、Prisma以及Palo Alto Networks標誌為Palo Alto Networks公司在美國及全球其他地區的註冊商標。所有本文中出現的其他商標、企業名稱或服務,亦為各公司所擁有。 媒體聯繫: Palo Alto Networks 龍麗菲 ftierney@paloaltonetworks.com 盛思公關 周雅玲 電話:(02)7713-6610 分機702 E-mail: ruby.chou@shangs.com.tw
A12 藝術空間
ZTNA
請先登入後才能發佈新聞。
還不是會員嗎?立即 加入台灣產經新聞網會員 ,使用免費新聞發佈服務。 (服務項目) (投稿規範)
