Embed Size (px)
© Copyright Fortinet Inc. All rights reserved.
FORTINET SECURITY FABRIC
Mindaugas KubiliusSystems Engineer, Baltics
2
1. Dynamic Attack Surface• IoT & apps
• Cloud
• Targeted Attacks
2. Human Errors• Limited Resources
• More “stuff” / complicated
• DevOps (automation)
HOT CHALLENGES
3
ACCIDENTAL ARCHITECTURE
• Network Complexity
» Network design evolves rapidly
» Attack surface along with it
• Organizational Complexity
• Multiple teams for different functions
• Network, OS, Security Team, …
• Solution Complexity
• Many products / vendors / contracts
• Training
• Log overlap & inconsistencies
4
Introducing the Fortinet Security FabricA New Cyber Security Philosophy
Advanced Threat
Intelligence
Access
Client Cloud
Partner API
NOC/SOC
Network
Application
5
1. Exchange of Dynamic Context
Information
» User login to session context
» Device profiling / posture context
» Security tagging
2. Exchange of IoCs
» Automatic intelligence sharing among
devices
» Updated on the fly
» Can be multivendor / independent 3rd party
Different “Security Fabrics” Approach
6
FORTINET SECURITY FABRIC
FortiWeb
Web Application
Firewall
FortiADC
Application
Delivery
Controller
Top-of-Rack
BRANCH
OFFICE
FortiExtender
LTE Extension
CAMPUS
FortiClientSecure Access
Point
IP Video
Security
FortiGate
NGFW
FortiGate
DCFW/
NGFW
FortiGate Internal
Segmentation FW
FortiGate Internal
Segmentation FW
FortiGate Internal
Segmentation FW
FortiGate VMX
SDN, Virtual
Firewall
FortiDDoS Protection
FortiGate Internal
Segmentation FW
DATA CENTER/PRIVATE CLOUD
Web Servers
SECURE ACCESS APPLICATION
SECURITY
ENTERPRISE
FIREWALL
FortiClient
FortiSandbox
FortiClient
FortiSandbox
FortiMail
Email Security
FortiSwitch
Switching
CLOUD SECURITYADVANCED THREAT
PROTECTION
FortiSwitch
Switching
Server
FortiDB
Database
Protection
OPERATIONS CENTER
FortiManager
FortiAnalyzer
FortiSIEM
Fortinet
Virtual Firewall
FortiCloud
PUBLIC CLOUD
FortiCloud Sandboxing
FortiCloud AP Management
FortiGate/FortiWiFi
Distributed Ent FW
7
VISIBILITYframework
AccidentalArchitecture
C-Suite dashboard
• KRI
• KPI
• Top 10
IT Dashboard
• Correlation
• Analytics
• Drill-down
The Security Fabric organizes configuration, real-time and historic data into focused
dashboards for specialized, efficient analysis.
8
AWARE | TOPOLOGYFabric View Endpoint View Historical View
Simple & Clear
• Topology
• Drill down
• REST API
• FortiView
Embedded
Simple & Clear
• Topology
• Access
• Hosts details
• Device types
(& anomalies)
• Link monitoring
& utilization
• Real-time and
historic data
Multi-Monitor
• FortiGate
• FortiAP
• FortiSwitch
• FortiAnalyzer
• FortiSandbox
• FortiClient
• Hosts
• NAT Devices
• Routers
• Servers
• HA Clusters
• Switch Rings
Elements
9
AWA R E | E N D P O I N T
• Without Client Software
• Device Detection
• Endpoint Tracking
• Usage monitoring
• Endpoint data
• Synchronized to fabric members &
FortiAnalyzer
• Endpoint Telemetry Data
• Avatars
• Social IDs
• Compliance
• Endpoint software & configuration
• Vulnerabilities
• Vulnerability Scan & Report
• Application Inventory
Fabric View Endpoint View Historical View
Minimal FortiClient Installer
Endpoint Telemetry
Vulnerability Scan
10
AWA R E | R E P O R T I N G
Enriched Data
• All reports & views benefit from the topology and
device awareness
• Reporting platforms have same components
Unified Logs
• Awareness of the topology enables intelligent logging
• Remove overlap & inconsistencies in the data
Time Dimension
• Historic Audit Reports
• Trending Reports
• API to FortiManager & FortiGate
Fabric View Endpoint View Historical View
11
Wrong WayLed by
IT Department
Timeline – audit periodDay 0Day 365
Audit begins
Right WayLed by CISO and
mid-level managers
Audit
Check Fail
Audit
Check Pass
Significant high risk
vulnerabilities
Many High Risk
vulnerabilities
Some High-Medium Risk
vulnerabilities
Some low risk
vulnerabilities
CONTROLframework
12
Fabric View Endpoint View Threat Intel Driven
Simple & Clear
• Part of
Topology
Framework
• Easily identify
alerts
• Click to Review
and manage
Simple & Clear
• Wizard Based
• Take
recommended
actions directly
• Re-run to
confirm &
identify new
alerts exposed
Take Action
A C T I O N A B L E | F R A M E W O R K
13
A C T I O N A B L E | E N D P O I N T
Fabric View Endpoint View Threat Intel Driven
Vulnerable Endpoints (FortiClient)
Threat Score (FortiGate)
14
A C T I O N A B L E | T H R E AT I N T E LFabric View Endpoint View Threat Intel Driven
15
EXPAND | ATTACK SURFACE COVERAGE
• FortiNet Native
• FortiWeb
• FortiMail
• FortiCache
• Partner Endpoint (ex: Carbon Black)
• Sandbox Integration
• Telemetry Integration
• Partner Vulnerability Scan (ex: Qualys)
• FortiWeb Integration
• Vulnerability assessment data in the fabric
Known BadBotnet C&C IPsMalware Domain
Malware URL
Infected
Ranked Suspicious
17
WHAT IOT PROBLEM?
• Your attack surface changes every time…• A new application is installed
• A new device enters your network
• A new VM service is connected
• A user signs up for a new social account
• ….
• Security Fabric…• Learns every change across the network
• Audits the changes for best practices & anomalies
• Analyzes the attack surface against the configuration, real-time data and business rules
Rogue
IOTManaged
IOT
Tolerated
IOT
Managed
Assets
Critical
Assets
18
DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED
Core / Criticalassets
Networkassets
ManagedIOT
HeadlessIOT
Corporate Unmanaged
IOT
BannedFrom
Network
IOT | WHERE DO I START?
BYOD
19
IOT | WHERE ARE THE UNKNOWNS?
DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED
Coreassets
Networkassets
ManagedIOT
HeadlessIOT
Corporate Unmanaged
IOT
BannedFrom
Network
BYOD
Automatic
Updates
User Selected
Apps
User Selected
OS
Unidentified
20
IOT | HOW TO MITIGATE THE RISKS?
1. Make the “Trusted” list bigger
2. Make the “Tolerated” list smaller
DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED
21
IOT | HOW?
1. Lock down
corporate devices
2. Clearly defined
BYOD Policy» Device ID
» Device Policy
DEFINED (“TRUSTED”) TOLERATED
ManagedIOT
Corporate Unmanaged
IOT
BYOD
22
Broad – The Fabric Allows Flexible, Open Integration of Other Security Partners
23
1. Security Fabric is a systematic view to security architecture and
operations.
2. Fortinet Security Fabric is industry unique due to width and
breadth of native solutions and partner integration options.
3. Fortinet Security Fabric is about Visibility and Control
4. It provides best security coverage in today’s world of Dynamic
Attack Surface and where Human Errors are prevalent.
Final Notes
24
25
![Fortinet Security Fabric. Unify your security technologies across … · 2018-11-22 · Fortinet - Confidential 2 [Digital Transformation] is the integration of digital technology](https://img.dokumen.tips/doc/110x75/5e95761afc10fd121921399b/fortinet-security-fabric-unify-your-security-technologies-across-2018-11-22-fortinet.jpg?t=1695502687)
