FortiSIEM Overview - Exclusive Networks

FortiSIEM Overview

La soluzione Fortinet alla gestione degli eventi e delle informazioni sulla sicurezza

Piero ProvenzaSystem Engineer – Exclusive Networks

FortiSIEM Overview Architecture Configuration Management DB (CMDB) Dashboard, Analytics & Reporting Vulnerabilities and Risks Customizing to Your Environment Incident Investigation & Remediation

Agenda

FortiSIEM Overview

What is SIEM

The Goal To detect threats and breaches sooner Provide deep context for root causes Supply information for remediation and prevention

Primary data analysis tasks Indexing, searching, correlating, user ID/location, baseline

Logs Syslog, SNMP Traps, WMI, Netflow

Other Agent-less, Agents, Windows Agents

How SIEM Works

FortiSIEM Key Features Overview

Unified NOC & SOC – Single Pane of Glass

Architecture

Main Components

Architecture

FortiSIEM – Physical and Virtual

FortiSIEM - Scenarios

Configuration ManangementData Base (CMDB)

FortiSIEM Discovery

FortiSIEM Logs Collection

FortiSIEM CMDB Summary

After Discovery

After Discovery – Collection Templates Applied

CMDB Performance and Availability Monitoring

CMDB Business Services

Dashboard, Analytics & Reporting

Dashboards

FortiSIEM Analytics

Reporting

Vulnerabilities and Risks

Vulnerability Scanner Integration

FortiSIEM Risk Dashboard and Host Risk Score

Customizing to Your Environment

Extensible and Customizable

Incident Investigation & Remediation

FortiSIEM Incident Investigation and Response

FortiSIEM Incident Remediation

Summary – Benefits to Your Environment

PowerLAB & Prossimi EventiExclusive Networks

PowerLAB Torino – Network Layout

Thank you!

Piero Provenzapprovenza@exclusive-networks.com