Concerns over a critical authentication bypass vulnerability in certain Fortinet appliances heightened this week with the release of proof-of-concept (PoC) exploit code and a big uptick in vulnerability scans for the flaw.

The bug (CVE-2022-40684) is present in multiple versions of Fortinet's FortiOS, FortiProxy and FortiSwitchManager technologies. It allows an unauthenticated attacker to gain administrative access to affected products via specially crafted HTTPS and HTTP requests, and potentially use that as entry point to the rest of the network.

Bharat Jogi, director of vulnerability threat research at Qualys says researchers at the company have observed mass scans being carried out by various threat actors to identify Internet facing vulnerable systems for compromise.

"They are compromising these systems to create a super_admin user which provides them with complete access and control," Jogi says. "Once this level of access is achieved, they have the ability to delete any trace of their successful exploitation attempt, making it difficult for organizations to track compromised assets in their environment."

If this flaw is successfully exploited, an attacker would have complete access to the organization's internal systems that were previously protected by Fortinet's firewalls, he says. "Having a compromised firewall is like laying out a red carpet for threat actors to stroll right into your organization's environment," Jogi notes.

Added to CISA's Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) earlier this week added the vulnerability to its Known Exploited Vulnerabilities catalog. Federal executive branch agencies—which are required to remediate vulnerabilities in the catalog within specific deadlines—have until Nov. 1 to address it. Though the deadline applies only to federal agencies, security experts have previously noted how it is a good idea for all organizations to monitor the vulnerabilities in the catalog and follow CISA's deadline for implementing fixes.

Fortinet privately notified customers of the affected products about the vulnerability last Friday, along with instructions to immediately update to patched versions of the technology the company had just released. It advised companies that could not update for any reason to immediately disable Internet-facing HTTPS administration until they could upgrade to the patched versions. 

"Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," Fortinet said in its private notification, a copy of which was posted on Twitter the same day.

Fortinet followed up with a public vulnerability advisory on Monday describing the flaw and warning customers of potential exploit activity. The company said it was aware of instances where attackers had exploited the vulnerability to obtain the configuration file from affected systems and to add a malicious super_admin account called "fortigate-tech-support".

Since then, penetration testing from Horizon3.ai has released proof-of-concept code for exploiting the vulnerability along with a technical deep dive of the flaw. A template for scanning for the vulnerability has also become available on GitHub.

Exacerbating the concerns is the relatively low bar for exploiting the flaw. "This vulnerability is extremely easy for an attacker to exploit. All that is required is access to the management interface on a vulnerable system," Zach Hanley, chief attack engineer at Horizon3.ai, tells Dark Reading

Increase in Scanning Activity for the Flaw

Qualys isn't the only company observing increased vulnerability scanning for the flaw. James Horseman, exploit developer at Horizon3.ai says public data from GreyNoise—which tracks Internet scanning activity hitting security tools—shows the number of unique IPs using the exploit has grown from the single digits a few days ago, to over forty as of Oct. 14.

"We expect the number of unique IPs using this exploit to rapidly increase in the coming days," Horseman says. It is not hard for attackers to find vulnerable systems, he adds: A Shodan search for instance shows more than 100,000 Fortinet systems worldwide. 

"Not all of these will be vulnerable, but a large percentage will be," Horseman says.

Johannes Ullrich, dean of research at the SANS Institute, says he has observed scans associated with an older FortiGate vulnerability (CVE-2018-13379,) hitting SANS' honeypots in the days following disclosure of the new bug. He says there are two theories why that might be happening.

One of them is that an attacker may have tried to catch as many devices as possible that had not yet been patched for the old vulnerability. Given the attention the new vulnerability has gotten it is likely the old vulnerability will get patched as well now, he says.

"Or the attacker was trying to find Fortinet devices to exploit using the new vulnerability once it is available," he theorizes. "The old vulnerability scanner they had sitting on the shelf may still work to identify Fortinet devices."

A Popular Attacker Target

Concerns over vulnerabilities in Fortinet products are not new. The company's technologies—and those of others selling similar appliance—have been frequently targeted by attackers trying to gain an initial foothold on target network. 

Last November. The FBI, CISA and others issued an advisory warning of Iranian advanced persistent threat actors exploiting vulnerabilities in Fortinet and Microsoft products. A similar alert in April 2021 warned of attackers exploiting flaws in FortiOS to break into multiple government, commercial, and technology services.

"These vulnerable devices are often edge devices, so an attacker could potentially use this vulnerability to gain access to an organization's internal networks to launch further attacks," Hanley says.

Fortinet itself has recommended that organizations that are able to, must update to the newly patched versions of FortiOS, FortiProxy and FortiSwitch Manager. For organizations that cannot immediately update, Fortinet has provided guidance on how to disable the HTTP/HTTPS interface or limit IP addresses that can reach the administrate interface of the affected products.

Hanley says organizations sometimes may not be able to patch due to the potential downtime associated with updating a device. "However, an organization should be able to apply [the] workaround to prevent this vulnerability from being exploited on unpatched machines by following Fortinet’s guidance."

Qualys' Jogi adds, "It is also crucial to review any attempts of exploit to identify systems that may have already been compromised. If an organization is unable to patch their systems, then they must disable the system admin interface immediately."

Fortinet (NASDAQ:FTNT) is a cybersecurity powerhouse that is a leader in firewalls. According to Check Point Research, global cybersecurity attacks have increased by 32% year over year, with over 1,200 attacks per week globally. The rise of remote working, the cloud and Internet of Things (IoT) devices have widened the attack surface which has made networks more vulnerable to attack. Thus it's no surprise the global cybersecurity market was worth $139 billion in 2021 and is expected to grow at a rapid 13.4% compounded annual growth rate reaching $376 billion by 2029. Fortinet is poised to ride this trend as one of the largest cybersecurity companies in the industry, with best-in-class technology. The company's stock price has slid down by 29% from its all-time highs in December 2021, and the stock now looks to be fairly valued, while being profitable. In this post, I'm going to break down the company's business model, financials, and valuation, let's dive in.

Secure Business Model

The company's FortiGate Firewall solution makes up over one-third of firewall shipments globally, leaving competitors in the dust.

Fortinet's firewall is also rated as the number one market leader by Gartner and the platform has even won the customer choice award for 2022.

Its firewall solution offers a network security framework that offers threat prevention while also not limiting performance. Customer reviews also indicate the solution is "simple to use" and easier to set up which can be a real selling point for any digital transformation product. From the graphic below you can see the core hardware and software products are complimented by a series of security services that are sold on a subscription, which thus offers recurring revenue.

Fortinet's technological success is driven by its proprietary ASIC (Application Specific Integrated Circuit) technology. This is a custom semiconductor design that enables higher performance to be achieved at a much lower cost than an off-the-shelf non-custom piece of hardware.

According to a recent survey of Chief Information Security Officers (CISOs) by Gartner, 75% of them are overwhelmed by the number of vendors and would like to consolidate with a small number of security providers. This is a large increase from 29% of CISOs in 2020. The cybersecurity industry is extremely fragmented with no one company making up over 10% market share. This offers an opportunity for Fortinet as they already have the second largest revenue, just behind Palo Alto Networks (PANW). Therefore as the industry consolidates Fortinet can offer customers its MESH platform that offers security from endpoint devices to the data center and hybrid cloud.

Fortinet is also a Gartner Magic Quadrant leader in the software-defined WAN Edge Infrastructure. WAN stands for "Wide Area Network" and is basically the network that connects together a corporation's branch offices. The "software" part makes it much easier to scale, manage and extend this network.

Growing Financials

Fortinet generated solid financial results for the second quarter of 2022. Revenue was $1.03 billion which popped by 28.6% year over year and beat analyst estimates by $2.43 million. This growth was driven by strong product revenue of $400.7 million, which grew by a rapid 34.3% year over year, while its core platform grew revenue by 35% and extension products by 33%, which was a positive sign that its "land and expand" model is working.

Total service revenue was $629 million, which increased by a rapid 25.2% year over year. This was driven mainly by security subscription service revenue which increased by 25% year over year to $340 million. Support service revenue also increased by a rapid 26% year over year to $289 million. Overall these revenue trends were pretty strong with diverse growth generated across the board.

If we take a step back, Billings which is the amount actually invoiced to customers and is the true "top line" for SaaS companies, also showed solid growth. Billings were $1.3 billion which increased by 36% year over year. This was driven by a strong 50% YoY increase in the number of larger customers, which transact over $1 million. This strategy of "growing upmarket" makes a lot of sense as larger customers tend to be more "sticky", have larger budgets, and more upsell opportunities. Fortinet's focus on vendor consolidation has been a key selling point that has made the platform popular with CISOs (Chief Information Security Officers). Service billings also accelerated with a 36% increase year over year. This was driven by pricing actions that offset headwinds from Russian services that had been halted.

Another great indicator to analyze with SaaS companies is "Bookings", this is a forward-looking metric that indicates the value of contracts signed by a customer. In this case, Bookings were $1.376 billion in the second quarter of 2022, which increased by 42% year over year. This was driven by strong Secure SD-WAN bookings which increased by 60% year over year, as the IT industry begins to converge networking and security together. The company also scored a larger number of global 2000 companies, which increased by 65% year over year.

Total Backlog which is the "unbilled" portion of the contract value was $350 million, which increased by $72 million and represented strong product demand. This was mainly driven by networking equipment, which made up ~50%, while FortiGates made up 40%. The track record shows this backlog is extremely strong and "sticky". Fortinet's, current customers make up over 95% of Backlog, and it is well diversified across customers. Management believes its Backlog will continue to increase in 2022, despite supply chain constraints which are making product shipping a challenge.

Fortinet is extremely diversified across various customer categories. For instance, larger enterprises make up 40% of its customer base which is the "safest" and most lucrative customer type, due to the aforementioned reasons. By geography, over 100 countries make up 47% of revenue, followed by 28% for the US. This is especially important given the increasing geopolitical uncertainty, driven by the Russia-Ukraine war. Its Industry diversification is also strong with its service being most popular by worldwide governments at 16% and "other industries" at 39%.

Moving onto profitability, Fortinet is solidly profitable with a GAAP operating margin of 19% and income of $147.5 million in Q2,22, which is fantastic. This is in sharp contrast to many other cybersecurity companies out there such as SentinelOne (S) which is unprofitable. Fortinet generated solid earnings per share of $0.21 in the second quarter, which beat analyst estimates by $0.05.

Fortinet also generated strong free cash flow of $283.5 million in Q2,22, although it was down from the $394.7 million generated in the prior year. This was driven by an increase in Days Sales Outstanding (DSO) to 14 days, this indicates the company is experiencing delays on its payments. This can be attributed to the timing of inventory deliveries from various contract manufacturers. The new R&D capitalization rules have impacted many businesses across the board and have caused a tax increase of between $85 million and $110 million for Fortinet.

The good news is Fortinet has a robust balance sheet with $1.755 billion in cash and short-term investments. In addition, the business has long-term debt of $984.9 million. In the six months ending on June 30th, 2022, Fortinet bought back over 25.8 million shares of stock at an average price of ~$57.82 per share, for approximately $1.49 billion. Management has also authorized a $1 billion increase in its share repurchase program.

Advanced Valuation

In order to value Fortinet, I have plugged the latest financials into my advanced valuation model which uses the discounted cash flow method of valuation. I have forecasted a 24% compounded annual growth rate on its revenue over the next 5 years, based on analyst estimates.

I have forecasted the business's margin to increase to 27% over the next 8 years, as the company continues to upsell products and offer its high-margin security software solution. It should be noted that this margin includes an adjustment for R&D expenses which I have capitalized. Thus the reported base margin is actually 19% as mentioned prior and I expect this to increase to ~23%.

Given these factors I get a fair value of $48.81 per share, the stock is trading at $51 per share and thus is "fairly valued" in my eyes, given the strong profitability of the business.

As an extra data point, Fortinet trades at a Price to Earnings ratio = 48, which is fairly high but this is ~1% cheaper than its 5-year average.

Relative to other cybersecurity companies, Fortinet trades at a mid-range price-to-sales ratio = 9.2. For example, Palo Alto Networks is slightly cheaper with a PS ratio = 7.4.

Risks

Recession/Longer deal cycles

The high inflation and rising interest rate environment have caused many analysts to forecast a recession. Therefore I expect purchasing deals to take longer to close, as IT security teams delay new spending. The good news is Fortinet has increasingly focused on the Return on Investment (ROI) of its service and they even have an ROI calculator on its website. Thus longer term, the value proposition is still strong for businesses.

Competition

There are many competitors in the Cybersecurity industry. Top competitors according to Gartner include; Palo Alto Networks, Juniper (JNPR), Cisco (CSCO), Forcepoint, F5 (FFIV) and more. However, Fortinet has the highest-rated network firewall platform as mentioned prior.

Final Thoughts

Fortinet is a leading cybersecurity company that dominates the firewall industry. The company has expanded its product range and is now poised to benefit from trends such as industry growth and vendor consolidation. The stock is fairly valued, profitable, and growing steadily, thus this looks to be a great investment for the long term.

Fortinet has privately informed some customers about a critical and remotely exploitable vulnerability that poses a significant risk.

The cybersecurity firm does not appear to have released a public advisory, but in emails sent to customers the company revealed that its FortiOS and FortiProxy products are affected by a critical authentication bypass vulnerability on the admin interface. The issue is tracked as CVE-2022-40684.

The email has only been distributed to ‘select customers’ and it’s marked as ‘strictly confidential’, with recipients instructed not to share it outside their organization. However, copies of the email have been shared on social media and even on Fortinet forums by customers.

“Fortinet is providing an advanced notification of a critical severity authentication bypass using an alternate path or channel [CWE-88] in specific versions of FortiOS and FortiProxy that may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” Fortinet said.

The company has instructed customers to immediately update their products due to attackers being able to remotely exploit the vulnerability.

FortiOS versions between 7.0.0 and 7.0.6, and between 7.2.0 and 7.2.1 are affected, as well as FortiProxy 7.0.0 through 7.0.6 and 7.2.0. FortiOS patches are included in versions 7.0.7 and 7.2.2, and fixes for FortiProxy are included in 7.0.7 and 7.2.1. There have also been some unconfirmed reports that versions 6.x.x could also be impacted.

Users can also prevent attacks by ensuring that only trusted IP addresses can reach the affected products’ administrative interface.

Threat intelligence company GreyNoise says it will be keeping an eye out for exploitation attempts, but for the time being there is not enough information for them to be able to identify attacks.

Threat intelligence firm Cyberthint reported seeing more than 150,000 potentially vulnerable Fortinet product instances that are exposed to the internet.

While it’s unclear if attacks exploiting CVE-2022-40684 have already begun, it’s not uncommon for threat actors to target vulnerabilities in Fortinet products.

UPDATE: Fortinet has made its advisory public. The company has also informed customers about CVE-2022-33873, which allows an unauthenticated remote attacker to execute arbitrary commands in the underlying shell.

UPDATE 2: Fortinet has confirmed that CVE-2022-40684 is zero-day that has been exploited in at least one attack. 

Related: Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks

Related: CISA Expands 'Must-Patch' List With Log4j, FortiOS, Other Vulnerabilities

Related: Fortinet Patches High-Severity Vulnerabilities in Several Products

Related: Tens of Thousands of Unpatched Fortinet VPNs Hacked via Old Security Flaw

Fortinet has issued emergency patches for various versions of its FortiOS and FortiProxy software.

News of the bug, CVE-2022-40684, emerged late last week on social media.

While the company’s security advisories don’t yet list the bug, its existence emerged when Twitter user @Gi7w0rm posted a confidential e-mail received by “selected” Fortinet customers.

“Fortinet is providing an advanced notification of a critical severity authentication bypass using an alternate path or channel ... in specific versions of FortiOS and FortiProxy that may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests”, the email states.

Vulnerable versions are FortiOS 7.0.0 to 7.0.6, FortiOS 7.2.0 to 7.2.1, and FortiProxy 7.0.0 to 7.0.6 and 7.2.0.

The company has acknowledged and patched the bug in FortiOS 7.2.1 and 7.2.2, while FortiProxy 7.2.1 replaces vulnerable versions.

Tenable Security wrote: “At this time, there is no information on whether this vulnerability has been exploited in attacks. But, given threat actors’ penchant for targeting FortiOS vulnerabilities, Fortinet’s recommendation to remediate this vulnerability ‘with the utmost urgency’ is appropriate.”

While the vulnerability’s CVE details haven’t yet been published, Tenable said it received a CVSS score of 9.8.

If you are looking for a stock that has a solid history of beating earnings estimates and is in a good position to maintain the trend in its next quarterly report, you should consider Fortinet (FTNT). This company, which is in the Zacks Security industry, shows potential for another earnings beat.

This network security company has an established record of topping earnings estimates, especially when looking at the previous two reports. The company boasts an average surprise for the past two quarters of 13.92%.

For the most recent quarter, Fortinet was expected to post earnings of $0.22 per share, but it reported $0.24 per share instead, representing a surprise of 9.09%. For the previous quarter, the consensus estimate was $0.16 per share, while it actually produced $0.19 per share, a surprise of 18.75%.

Price and EPS Surprise

For Fortinet, estimates have been trending higher, thanks in part to this earnings surprise history. And when you look at the stock's positive Zacks Earnings ESP (Expected Surprise Prediction), it's a great indicator of a future earnings beat, especially when combined with its solid Zacks Rank.

Our research shows that stocks with the combination of a positive Earnings ESP and a Zacks Rank #3 (Hold) or better produce a positive surprise nearly 70% of the time. In other words, if you have 10 stocks with this combination, the number of stocks that beat the consensus estimate could be as high as seven.

The Zacks Earnings ESP compares the Most Accurate Estimate to the Zacks Consensus Estimate for the quarter; the Most Accurate Estimate is a version of the Zacks Consensus whose definition is related to change. The idea here is that analysts revising their estimates right before an earnings release have the latest information, which could potentially be more accurate than what they and others contributing to the consensus had predicted earlier.

Fortinet currently has an Earnings ESP of +0.31%, which suggests that analysts have recently become bullish on the company's earnings prospects. This positive Earnings ESP when combined with the stock's Zacks Rank #1 (Strong Buy) indicates that another beat is possibly around the corner. We expect the company's next earnings report to be released on November 2, 2022.

When the Earnings ESP comes up negative, investors should note that this will reduce the predictive power of the metric. But, a negative value is not indicative of a stock's earnings miss.

Many companies end up beating the consensus EPS estimate, but that may not be the sole basis for their stocks moving higher. On the other hand, some stocks may hold their ground even if they end up missing the consensus estimate.

Because of this, it's really important to check a company's Earnings ESP ahead of its quarterly release to increase the odds of success. Make sure to utilize our Earnings ESP Filter to uncover the best stocks to buy or sell before they've reported.

Want the latest recommendations from Zacks Investment Research? Today, you can obtain 7 Best Stocks for the Next 30 Days. Click to get this free report
 
Fortinet, Inc. (FTNT) : Free Stock Analysis Report
 
To read this article on Zacks.com click here.
 
Zacks Investment Research

Fortinet Inc. today issued emergency patches for a number of its products after a severe vulnerability was discovered and exposed last week.

The vulnerability, designated CVE-2022-40684, is described by Fortinet as an authentication bypass. The bypass uses an alternate path or channel vulnerability in FortiOS, FortiProxy and FortiSwitchManager that may allow an unauthenticated attacker to perform operations on the administrative interface via a specifically crafted HTTP or HTPPS request. Fortinet noted that it’s aware of an instance where the vulnerability has been exploited.

Fortinet first let “select customers” know of the vulnerability via email last week. According to Security Week, copies of the email were shared on social media and Fortinet forums in the following days.

Versions of Fortinet software that are exposed to the vulnerability are FortiOS 7.0.0 to 7.06, 7.2.0 and 7.2.1; FortiProxy 7.0.0 to 7.0.6 and 7.2.0; and FortiSwitchManager 7.0.0 and 7.2.0. FortiOS has released patched versions for FortiOS 7.0.7 and 7.2.2 and above, FortiProxy 7.0.7 and 7.2.1 and above and FortiSwitchManager 7.2.1 or above.

Along with installing patches or newer versions of the affected software, Fortinet recommends users validate their systems against the user=”Local_Process_Access” in device logs. For those unable to install a patch, at least immediately, there are other options to address the vulnerability.

The workaround options for FortiOS and FortProxy include disabling the HTTP/HTTPS administrative access or limiting IP addresses that can reach the administrative interface. For FortiSwitchManager, the only option is to disable the HTTP/HTTPS administrative access. With all options, customers can also contact Fortinet customer support for assistance.

Although Fortinet has released patches and workarounds, the risk of the vulnerability being exploited continues to grow. The Horizon3 Attack Team posted on Twitter Inc. that it’s working on a proof-of-concept exploit that it plans to release later this week.

Fortinet did not disclose how many customers may be affected. However, cyberthreat intelligence platform company Cyberthint estimates that there are more than 150,000 Fortinet devices exposed.

Image: Fortinet

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices.

Tracked as CVE-2022-40684 (CVSS score: 9.6), the critical flaw relates to an authentication bypass vulnerability that may permit an unauthenticated adversary to carry out arbitrary operations on the administrative interface via a specially crafted HTTP(S) request.

The issue impacts the following versions, and has been addressed in FortiOS versions 7.0.7 and 7.2.2, and FortiProxy versions 7.0.7 and 7.2.1 released this week:

• FortiOS - From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
• FortiProxy - From 7.0.0 to 7.0.6 and 7.2.0

"Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company cautioned in an alert shared by a security researcher who goes by the alias Gitworm on Twitter.

As temporary workarounds, the company is recommending users to disable internet-facing HTTPS Administration until the upgrades can be put in place, or alternatively, enforce a firewall policy to "local-in traffic."

When reached for a comment, Fortinet acknowledged the advisory and noted that it's delaying public notice until its customers have applied the fixes.

"Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization," the company said in a statement shared with The Hacker News. "Customer communications often detail the most up-to-date guidance and recommended next steps to best protect and secure their organization."

"There are instances where confidential advance customer communications can include early warning on advisories to enable customers to further strengthen their security posture, which then will be publicly released in the coming days to a broader audience. The security of our customers is our first priority."

Second Largest Arizona School District to Provide its Faculty and Staff Cyber Awareness Training and Boost Security Posture with Fortinet’s Free Service for K-12 Schools in the U.S.

SUNNYVALE, Calif., Oct. 06, 2022 (GLOBE NEWSWIRE) --

News Summary
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced that Chandler Unified School District is providing its more than 5,200 faculty and staff with Fortinet’s information Security Awareness and Training service to build cyber awareness and to further strengthen the district’s security posture.

Tied with the White House National Cyber Workforce and Education Summit in July, Fortinet announced the expansion of its existing Security Awareness and Training service to K-12 school districts across the United States free of cost. Chandler Unified School District joins other districts across the U.S. reaping the benefits of Fortinet’s free service offering, enabling them to build a cyber-aware workforce and Boost their skillsets to avoid breaches at educational institutions.

Chandler Unified School District Selects Fortinet’s Cyber Awareness Training
Chandler Unified School District has seen the value of Fortinet’s service and is deploying it across the district to provide its faculty and staff with skill sets and knowledge that could prevent them from falling victim to popular cyber adversary methods, such as social engineering attempts, helping to reduce their cyber risk.

Colleen Flannery, Chief Technology Officer for Chandler Unified School District shared, “With more than 5200 staff and faculty logging in from both school and personal devices, it’s important everyone has the skills to recognize social engineering and other popular attacks. Cyber criminals don’t discriminate against the education sector, which presents a real need to ensure all our faculty and staff are cyber informed and know best practices. There’s no reason why a public school district should pass up this opportunity Fortinet is providing free of cost to use their award-winning training curriculum to instill must-have cyber skill sets. More than ever, cybersecurity is everyone’s job, and we want all our school members to practice this in their day-to-day online activities.”

Story continues

Building Cyber Awareness in K-12 School Districts
Many K-12 school districts are rapidly transforming their networks to implement e-learning and other digital programs to enhance student learning across distributed campuses. As part of school districts’ digital transformation, it is critical that schools implement the right security solutions with integrated and comprehensive protection to keep the large amounts of personally identifiable information (PII) they store secure. At the same time, as the first line of defense, it is also essential for all school district employees to have a fundamental cyber awareness knowledge in order to spot any threats or cyberattacks.

To address this need, Fortinet offers its Security Awareness and Training service at no cost to all K-12 school districts in the U.S., and has updated the training for this offering to be education-focused, aligned with NIST 800-50 and NIST 800-16 guidelines. This initiative will help more than 8 million staff and faculty members across the country.

Validation as a Certified Cybersecurity Training Program
Providing further validation, local governments are recognizing Fortinet’s Security Awareness and Training service customized for school districts as a certified program, including the Texas Department of Information Resources, who added the service to its list of approved and certified cyber training options as part of the statewide employee requirement for cyber awareness training.

Rob Rashotte, VP of Global Training and Field Enablement at Fortinet said, “As the first line of defense, it is critical that school faculty and staff are able to identify and report threats to keep sensitive data and information secure. Fortinet’s Security Awareness and Training service, with customized learning content for school districts, will help develop cyber-aware culture to prevent these institutions from falling victim to cyberattacks. Making this service free to K-12 school districts in the U.S. is part of the Fortinet Training Institute’s initiative to make training more accessible to help close the cyber skills gap. We are excited to see additional validation from local governments that are making this service a certified program as part of their approved list of cyber training programs for employees.”

Additional Resources

About Fortinet
Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 595,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

FTNT-O

Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently Verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.