© Copyright Fortinet Inc. All rights reserved.
FortiSIEM, nový komponent Fortinet Security Fabric
Zsolt Géczi, CEH
15.11.2016, ITAPA
2Fortinet - Confidential
The attack surface has increased dramatically, everywhere, inside and out.
PoS
IoT
UTM
NGFW
Campus
Mobile
Endpoint
Data Center
DCFWBranch
Office
Internal External
3Fortinet - Confidential
Continuous Monitoring and Analytics
PrepareSegmentation
Processes
Training
PreventHarden
Isolate
Network
Application
Endpoint
DetectATP
>>> SIEM <<<
TIS
RespondContain
Remediate
Clean
1
2
34
4Fortinet - Confidential
Fortinet Security Fabric
AccessEndpoint Application Cloud
NOC/SOCAdvanced
Threat Intelligence
Network
Fabric Ready
• Scalable
• Aware
• Secure
• Actionable
• Open
5Fortinet - Confidential
FortiSIEM
6Fortinet - Confidential
Typical NOC/SOC Environment
SOCTICKETING
SYSTEMSNOC
NOC Team SOC Team Help Desk Datacenter
Director
Systems,
Admin
7Fortinet - Confidential
Visibility Needs
Less Complexity» Consolidation/Integration of Tools
» Deeper Analytics
» More Context
Real-Time Awareness of the Threat Landscape» Devices
» Applications
» Users
» Networks
» Virtual & Physical
» Inter-relationships
» Performance
» Threat Data
Faster Detection
Scalability
8Fortinet - Confidential
SIEM vs. FortiSIEM
Threat Intelligence
Real-Time Monitoring
Log Management
Deployment/Support Simplicity
Data & User Monitoring
Behavior Profiling
Application Log Analysis
Analytics
Real-time Asset/Config. & Discovery
Rapid Scale Architecture (patented)
Only NOC & SOC Analytics
Real-Time Analytics (patented)
Multi-Tenant Architecture
Rapid & Flexible Integrations
Single Pane of Glass
Complexity
Skill
ed P
ers
onn
el
FortiSIEM
Gartner SIEM
Capabilities
9Fortinet - Confidential
Rapid Flexible IntegrationsContext from Hundreds of Sources
Remote Desktop
Routers/Switches
Servers» App Server
» Authentication Servers
» Blade Servers
» Terminal Servers
» VoIP Servers
» Web Server
Storage
Synthetic Transaction Monitoring
Unified Threat Management (UTM)
Virtualization
VPN Gateway
Vulnerability Scanners
WAN Accelerators
Wireless
Antivirus
Cloud Services
Databases
Directories
DNS/DHCP Servers
Environmentals - HVAC
External Monitoring
File Monitoring
Firewalls
Hardware Monitoring
Host OS
Internet Security Gateways
IPS/IDS
Load Balancers
Network Flow
10Fortinet - Confidential
Cross Correlated in Real-Time
Only Cross Correlated SOC & NOC Analytics
SOC Analytics
Log Ingestion, Parsing and Storage
File Integrity Monitoring
Patented Log Analytics
Incident Management, Ticketing and Response
Reporting and Compliance – Built in/Custom
External Threat Feed Intelligence Integration
Pre-built Reports for Compliance and Security
Rule and Statistical Anomaly Based Reporting
NOC Analytics
Real-Time Infrastructure Discovery CMDB
Network and Interface Utilization
CPU, Memory, Disk Performance Monitoring
Availability Monitoring
Storage Monitoring
Change monitoring – config., installed software
Infrastructure and User Application Monitoring
Synthetic Transaction Monitoring
11Fortinet - Confidential
Multi-Tenancy for Enterprises
FortiSIEM
Corporate Data Center
PCI Network
HIPAA
Network
West Coast HQ
East Coast HQ
HRAccounting
12Fortinet - Confidential
Compliance Reporting Built-in
Hundreds of Pre-Built Reports
Compliance Reports» PCI – HIPAA – FERPA
» SOX, NERC, COBIT, ITIL,
» ISO, GLBA, GPG13
» SANS Critical Controls
2,000+ Customizable Fields
13Fortinet - Confidential
FortiSIEM Technology Integrations
14Fortinet - Confidential
2. Asset/Config Discovery (CMDB)
3. Rapid Scale Out Architecture
1. Real-Time Analytics
7. Single Pane of Glass
Making Visibility & Control Easy – Today & Into the Future
6. SOC/NOC Analytics
5. Rapid Integrations
4. Multi-Tenant Architecture
NetworkSecure LAN
Access
Secure WLAN
Access
Secure Cloud
Secure Devices
SandboxingPolicy
SecurityWeb
Security
Security Fabric
FortiSIEM
Ďakujem!
Recommended
