4.2.3 Enable Outbreak Prevention Database

Information

Ensure FortiGate AV inspection uses outbreak prevention database as an added layer of protection on top of antivirus' signature-based detection.

Antivirus mainly uses signature for malware blocking. By enabling "FortiGuard outbreak prevention database", FortiGate can leverage on 3rd party malware hash signatures curated by the FortiGuard as an additional protection layer.

The hash signatures are obtained from FortiGuard's Global Threat Intelligence database. The antivirus database queries FortiGuard with the hash of a scanned file. If FortiGuard returns a match, the scanned file is deemed to be malicious.

Solution

Review Antivirus Security Profiles and validate that "Use FortiGuard outbreak prevention database" is enabled.

See Also

https://workbench.cisecurity.org/benchmarks/15284

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.1, CSCv7|8.2, CSCv7|8.3, CSCv7|8.6

Plugin: FortiGate

Control ID: 84efc29e54d16d4b56bb432034f27372042f4d6a3e50f3816739db6237a5b627