Embed Size (px)
Citation preview
SOLUTION BRIEF
FORTINET AND PULSE SECURE INTEGRATED SECURITY SOLUTIONSecurity without compromise for a comprehensive protection with context-driven network access control
CHALLENGES
The digital economy is impacting how companies do business and how employees and consumers interact within organizations. The growing digital business value accompanies security risk from the many technologies in use, including BYOD, applications, IoT, SDN, Public/Private/Hybrid Cloud, Big Data, interconnected network ecosystems (network of networks), and employees blending work and personal data on multiple devices to connect users, devices, data, goods, and services.
From a security perspective, the primary challenge becomes ensuring that endpoints, IoT, and other edge devices don’t become a conduit for malware injection into the network, and establishing and maintaining consistent security policy and enforcement as data is exchanged between local networks and third-party environments.
Network devices generate unprecedented amounts of traffic and data, taxing already saturated access points, networks, and data centers, not to mention overburdened IT staff. As a result, security for today’s borderless networks demands a comprehensive solution that can provide the combined benefits of access control, secure access points, network device visibility, dynamic network segmentation, constant monitoring, unified management, and automated response to threats.
SOLUTION DESCRIPTION
The Fortinet Security Fabric is designed around a series of open Application Programming Interfaces (APIs), Open Authentication Technology, and standardized telemetry data to address these challenges. It enables organizations to integrate existing security technologies via open interfaces to provide end-to-end security without compromise.
Pulse Secure Policy Secure, deployed with Fortinet FortiAuthenticator and Fortinet FortiGate, provides an identity-based integration at the intelligent Layer 3 network access control environment. This integration of Pulse Policy Secure and Fortinet firewalls through the Fabric-Ready Program delivers a seamless and single solution that provides powerful pre- and post-admission access control management, along with Host Checker compliance for verification and enforcement, to protect sensitive corporate data from unauthenticated access, attacks, and breaches. The alert-based admission control integration enables enterprises to reduce their threat response time from days to seconds with automated enforcement actions based on threat severity.
BENEFITS
nn Rich host-checking information
nn Comprehensive authentication services
nn Role-base, application-level enforcement
nn Dynamic endpoint assessment and enforcement
nn Seamless end-user experience
nn Reduced threat response time
nn Increased visibility into end-users, device health, and resource access
2
SOLUTION BRIEF: FORTINET AND PULSE SECURE INTEGRATED SECURITY SOLUTION
IDENTITY-BASED INTEGRATION
Pulse Policy Secure leverages its syslog functionality by reporting the end-user access events to FortiAuthenticator. Once users are authenticated on Pulse Policy Secure, it then validates Host Checker policy and syslog sessions exported to FortiAuthenticator. FortiAuthenticator further utilizes syslog messages by parsing the identity information from the syslog message. This information can be used to create an IP to username mapping within FortiAuthenticator and creates (FSSO-Fortinet Single Sign-On) sessions. These generated sessions are shared with FortiGate firewalls to either allow or block traffic based on the configured policy on the FortiGate firewalls.
ALERT-BASED ADMISSION CONTROL INTEGRATION
Pulse Policy Secure admission control framework allows network security devices such as Fortinet to send threat alerts, via syslog, and provide user access control to reduce threat response time. FortiGate firewall and FortiAnalyzer continuously monitor user traffic at the perimeter level. When Fortinet detects compromised devices, it sends alert messages to Pulse Policy Secure to take enforcement action by applying granular policies based on threat severity.
3
SOLUTION BRIEF: FORTINET AND PULSE SECURE INTEGRATED SECURITY SOLUTION
USE CASES
nn Extend BYOD-NAC to perimeter defense.
nl A stronger security posture with unified access policies that extend from BYOD-NAC systems to firewall perimeter defenses offers end-to-end enforcement across the network.
nn Optimize secure access from remote connections to local protected resources.
nl The end-user seamlessly connects through remote connection (VPN) and accesses protected resources behind the firewall.
nn Reduce threat response time by performing user and device access control based on threats identified by Fortinet next-generation firewall and analyzer.
nl Fortinet products continuously monitor traffic and send alerts on compromised device with severity level, then Pulse Policy Secure takes enforcement action at the endpoint level.
PULSE POLICY SECURE
Pulse Policy Secure is a standards-based, scalable network access control (NAC) solution that reduces network threat exposure and mitigates risks. It protects your network by guarding mission-critical applications and sensitive data with a comprehensive NAC management that offers context-aware network security with visibility and monitoring. More importantly, granular enforcement and role-based access control is available from the branch to the corporate data center to address today’s network access control challenges, including insider threats, guest access control, and regulatory compliance.
FORTINET FORTIAUTHENTICATOR
FortiAuthenticator user identity management appliances strengthen enterprise security by simplifying and centralizing the management and storage of user identity information. FortiAuthenticator builds on the foundations of Fortinet Single Sign-on, adding a greater range of user identification methods and greater scalability. FortiAuthenticator is the gatekeeper of authorization into the Fortinet secured enterprise network, identifying users, querying access permissions from third-party systems, and communicating this information to FortiGate devices for use in Identity-Based Policies.
FORTIGATE ENTERPRISE FIREWALL
The Fortinet FortiGate network security platform provides high performance, layered security services, and granular visibility for end-to-end protection across the entire enterprise network. Innovative security processor (SPU) technology delivers high-performance application layer security services (NGFW, SSL inspection, and threat protection), coupled with the industry’s fastest SSL inspection engine to help protect against malware hiding in SSL/TLS encrypted traffic. The platform also leverages global threat intelligence to protect individual customers by using Fortinet’s FortiGuard Security Subscription Services to enable visibility and control for next-generation protection against advanced threats, including zero-day attacks.
SUMMARY
To remain competitive, networks need to balance the twin challenges of exponentially increasing data volumes and the speed at which decisions need to be made. Security cannot afford to get in the way of business demands. By combining best-of-breed security solutions and extending the Fortinet Security Fabric, Fortinet and Pulse Secure provide an integrated security framework of collaborative devices that are bound together through a single, unified management and analysis solution to simplify policy creation, distribution, and enforcement, identify complex threats, and synchronize automated responses to those threats.
ABOUT PULSE SECURE
Pulse Secure, LLC is a leading provider of secure access solutions to both enterprises and service providers. Enterprises from every vertical and of all sizes utilize the company’s Pulse virtual private network (VPN), network access control (NAC), virtual application delivery controller (vADC) and mobile security products to enable end-user mobility securely and seamlessly in their organizations. Pulse Secure’s mission is to deliver secure access solutions for people, devices, things, and services. For more information on Pulse Policy Secure, please go to http://www.pulsesecure.net/products/policy-secure/.
147954-A-0-EN
SOLUTION BRIEF: FORTINET AND PULSE SECURE INTEGRATED SECURITY SOLUTION
Copyright © 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales
EMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: +33.4.8987.0500
APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730
LATIN AMERICA HEADQUARTERSSawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323Tel: +1.954.368.9990
January 12, 2018 10:48 AM
Mac:Users:susiehwang:Desktop:Egnyte:Egnyte:Shared:Creative Services:Team:Susie-Hwang:SB-Pulse-Secure:sb-fortinet-pulse-secure
