FortiSIEM, nov£½ komponent Fortinet Security Fabric nov£½komponent Fortinet Security Fabric Zsolt G£©czi,

  • View
    0

  • Download
    0

Embed Size (px)

Text of FortiSIEM, nov£½ komponent Fortinet Security Fabric nov£½komponent...

  • © Copyright Fortinet Inc. All rights reserved.

    FortiSIEM, nový komponent Fortinet Security Fabric

    Zsolt Géczi, CEH

    15.11.2016, ITAPA

  • 2Fortinet - Confidential

    The attack surface has increased dramatically, everywhere, inside and out.

    PoS

    IoT

    UTM

    NGFW

    Campus

    Mobile

    Endpoint

    Data Center

    DCFW Branch

    Office

    Internal External

  • 3Fortinet - Confidential

    Continuous Monitoring and Analytics

    Prepare Segmentation

    Processes

    Training

    Prevent Harden

    Isolate

    Network

    Application

    Endpoint

    Detect ATP

    >>> SIEM

  • 4Fortinet - Confidential

    Fortinet Security Fabric

    AccessEndpoint Application Cloud

    NOC/SOC Advanced

    Threat Intelligence

    Network

    Fabric Ready

    • Scalable

    • Aware

    • Secure

    • Actionable

    • Open

  • 5Fortinet - Confidential

    FortiSIEM

  • 6Fortinet - Confidential

    Typical NOC/SOC Environment

    SOC TICKETING

    SYSTEMSNOC

    NOC Team SOC Team Help Desk Datacenter

    Director

    Systems,

    Admin

  • 7Fortinet - Confidential

    Visibility Needs

     Less Complexity » Consolidation/Integration of Tools

    » Deeper Analytics

    » More Context

     Real-Time Awareness of the Threat Landscape » Devices

    » Applications

    » Users

    » Networks

    » Virtual & Physical

    » Inter-relationships

    » Performance

    » Threat Data

     Faster Detection

     Scalability

  • 8Fortinet - Confidential

    SIEM vs. FortiSIEM

    Threat Intelligence

    Real-Time Monitoring

    Log Management

    Deployment/Support Simplicity

    Data & User Monitoring

    Behavior Profiling

    Application Log Analysis

    Analytics

    Real-time Asset/Config. & Discovery

    Rapid Scale Architecture (patented)

    Only NOC & SOC Analytics

    Real-Time Analytics (patented)

    Multi-Tenant Architecture

    Rapid & Flexible Integrations

    Single Pane of Glass

    Complexity

    S k ill

    e d P

    e rs

    o n n

    e l

    FortiSIEM

    Gartner SIEM

    Capabilities

  • 9Fortinet - Confidential

    Rapid Flexible Integrations Context from Hundreds of Sources

     Remote Desktop

     Routers/Switches

     Servers » App Server

    » Authentication Servers

    » Blade Servers

    » Terminal Servers

    » VoIP Servers

    » Web Server

     Storage

     Synthetic Transaction Monitoring

     Unified Threat Management (UTM)

     Virtualization

     VPN Gateway

     Vulnerability Scanners

     WAN Accelerators

     Wireless

     Antivirus

     Cloud Services

     Databases

     Directories

     DNS/DHCP Servers

     Email

     Environmentals - HVAC

     External Monitoring

     File Monitoring

     Firewalls

     Hardware Monitoring

     Host OS

     Internet Security Gateways

     IPS/IDS

     Load Balancers

     Network Flow

  • 10Fortinet - Confidential

    Cross Correlated in Real-Time

    Only Cross Correlated SOC & NOC Analytics

    SOC Analytics

    Log Ingestion, Parsing and Storage

    File Integrity Monitoring

    Patented Log Analytics

    Incident Management, Ticketing and Response

    Reporting and Compliance – Built in/Custom

    External Threat Feed Intelligence Integration

    Pre-built Reports for Compliance and Security

    Rule and Statistical Anomaly Based Reporting

    NOC Analytics

    Real-Time Infrastructure Discovery CMDB

    Network and Interface Utilization

    CPU, Memory, Disk Performance Monitoring

    Availability Monitoring

    Storage Monitoring

    Change monitoring – config., installed software

    Infrastructure and User Application Monitoring

    Synthetic Transaction Monitoring

  • 11Fortinet - Confidential

    Multi-Tenancy for Enterprises

    FortiSIEM

    Corporate Data Center

    PCI Network

    HIPAA

    Network

    West Coast HQ

    East Coast HQ

    HRAccounting

  • 12Fortinet - Confidential

    Compliance Reporting Built-in

     Hundreds of Pre-Built Reports

     Compliance Reports » PCI – HIPAA – FERPA

    » SOX, NERC, COBIT, ITIL,

    » ISO, GLBA, GPG13

    » SANS Critical Controls

     2,000+ Customizable Fields

  • 13Fortinet - Confidential

    FortiSIEM Technology Integrations

  • 14Fortinet - Confidential

    2. Asset/Config Discovery (CMDB)

    3. Rapid Scale Out Architecture

    1. Real-Time Analytics

    7. Single Pane of Glass

    Making Visibility & Control Easy – Today & Into the Future

    6. SOC/NOC Analytics

    5. Rapid Integrations

    4. Multi-Tenant Architecture

    Network Secure LAN

    Access

    Secure WLAN

    Access

    Secure Cloud

    Secure Devices

    Sandboxing Policy

    Email

    Security Web

    Security

    Security Fabric

    FortiSIEM

  • Ďakujem!