FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4...
Transcript of FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4...
![Page 1: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/1.jpg)
© Copyright Fortinet Inc. All rights reserved.
FORTINET SECURITY FABRIC
Mindaugas KubiliusSystems Engineer, Baltics
![Page 2: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/2.jpg)
2
1. Dynamic Attack Surface• IoT & apps
• Cloud
• Targeted Attacks
2. Human Errors• Limited Resources
• More “stuff” / complicated
• DevOps (automation)
HOT CHALLENGES
![Page 3: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/3.jpg)
3
ACCIDENTAL ARCHITECTURE
• Network Complexity
» Network design evolves rapidly
» Attack surface along with it
• Organizational Complexity
• Multiple teams for different functions
• Network, OS, Security Team, …
• Solution Complexity
• Many products / vendors / contracts
• Training
• Log overlap & inconsistencies
![Page 4: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/4.jpg)
4
Introducing the Fortinet Security FabricA New Cyber Security Philosophy
Advanced Threat
Intelligence
Access
Client Cloud
Partner API
NOC/SOC
Network
Application
![Page 5: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/5.jpg)
5
1. Exchange of Dynamic Context
Information
» User login to session context
» Device profiling / posture context
» Security tagging
2. Exchange of IoCs
» Automatic intelligence sharing among
devices
» Updated on the fly
» Can be multivendor / independent 3rd party
Different “Security Fabrics” Approach
![Page 6: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/6.jpg)
6
FORTINET SECURITY FABRIC
FortiWeb
Web Application
Firewall
FortiADC
Application
Delivery
Controller
Top-of-Rack
BRANCH
OFFICE
FortiExtender
LTE Extension
CAMPUS
FortiClientSecure Access
Point
IP Video
Security
FortiGate
NGFW
FortiGate
DCFW/
NGFW
FortiGate Internal
Segmentation FW
FortiGate Internal
Segmentation FW
FortiGate Internal
Segmentation FW
FortiGate VMX
SDN, Virtual
Firewall
FortiDDoS Protection
FortiGate Internal
Segmentation FW
DATA CENTER/PRIVATE CLOUD
Web Servers
SECURE ACCESS APPLICATION
SECURITY
ENTERPRISE
FIREWALL
FortiClient
FortiSandbox
FortiClient
FortiSandbox
FortiMail
Email Security
FortiSwitch
Switching
CLOUD SECURITYADVANCED THREAT
PROTECTION
FortiSwitch
Switching
Server
FortiDB
Database
Protection
OPERATIONS CENTER
FortiManager
FortiAnalyzer
FortiSIEM
Fortinet
Virtual Firewall
FortiCloud
PUBLIC CLOUD
FortiCloud Sandboxing
FortiCloud AP Management
FortiGate/FortiWiFi
Distributed Ent FW
![Page 7: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/7.jpg)
7
VISIBILITYframework
AccidentalArchitecture
C-Suite dashboard
• KRI
• KPI
• Top 10
IT Dashboard
• Correlation
• Analytics
• Drill-down
The Security Fabric organizes configuration, real-time and historic data into focused
dashboards for specialized, efficient analysis.
![Page 8: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/8.jpg)
8
AWARE | TOPOLOGYFabric View Endpoint View Historical View
Simple & Clear
• Topology
• Drill down
• REST API
• FortiView
Embedded
Simple & Clear
• Topology
• Access
• Hosts details
• Device types
(& anomalies)
• Link monitoring
& utilization
• Real-time and
historic data
Multi-Monitor
• FortiGate
• FortiAP
• FortiSwitch
• FortiAnalyzer
• FortiSandbox
• FortiClient
• Hosts
• NAT Devices
• Routers
• Servers
• HA Clusters
• Switch Rings
Elements
![Page 9: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/9.jpg)
9
AWA R E | E N D P O I N T
• Without Client Software
• Device Detection
• Endpoint Tracking
• Usage monitoring
• Endpoint data
• Synchronized to fabric members &
FortiAnalyzer
• Endpoint Telemetry Data
• Avatars
• Social IDs
• Compliance
• Endpoint software & configuration
• Vulnerabilities
• Vulnerability Scan & Report
• Application Inventory
Fabric View Endpoint View Historical View
Minimal FortiClient Installer
Endpoint Telemetry
Vulnerability Scan
![Page 10: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/10.jpg)
10
AWA R E | R E P O R T I N G
Enriched Data
• All reports & views benefit from the topology and
device awareness
• Reporting platforms have same components
Unified Logs
• Awareness of the topology enables intelligent logging
• Remove overlap & inconsistencies in the data
Time Dimension
• Historic Audit Reports
• Trending Reports
• API to FortiManager & FortiGate
Fabric View Endpoint View Historical View
![Page 11: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/11.jpg)
11
Wrong WayLed by
IT Department
Timeline – audit periodDay 0Day 365
Audit begins
Right WayLed by CISO and
mid-level managers
Audit
Check Fail
Audit
Check Pass
Significant high risk
vulnerabilities
Many High Risk
vulnerabilities
Some High-Medium Risk
vulnerabilities
Some low risk
vulnerabilities
CONTROLframework
![Page 12: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/12.jpg)
12
Fabric View Endpoint View Threat Intel Driven
Simple & Clear
• Part of
Topology
Framework
• Easily identify
alerts
• Click to Review
and manage
Simple & Clear
• Wizard Based
• Take
recommended
actions directly
• Re-run to
confirm &
identify new
alerts exposed
Take Action
A C T I O N A B L E | F R A M E W O R K
![Page 13: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/13.jpg)
13
A C T I O N A B L E | E N D P O I N T
Fabric View Endpoint View Threat Intel Driven
Vulnerable Endpoints (FortiClient)
Threat Score (FortiGate)
![Page 14: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/14.jpg)
14
A C T I O N A B L E | T H R E AT I N T E LFabric View Endpoint View Threat Intel Driven
![Page 15: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/15.jpg)
15
EXPAND | ATTACK SURFACE COVERAGE
• FortiNet Native
• FortiWeb
• FortiMail
• FortiCache
• Partner Endpoint (ex: Carbon Black)
• Sandbox Integration
• Telemetry Integration
• Partner Vulnerability Scan (ex: Qualys)
• FortiWeb Integration
• Vulnerability assessment data in the fabric
![Page 16: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/16.jpg)
Known BadBotnet C&C IPsMalware Domain
Malware URL
Infected
Ranked Suspicious
![Page 17: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/17.jpg)
17
WHAT IOT PROBLEM?
• Your attack surface changes every time…• A new application is installed
• A new device enters your network
• A new VM service is connected
• A user signs up for a new social account
• ….
• Security Fabric…• Learns every change across the network
• Audits the changes for best practices & anomalies
• Analyzes the attack surface against the configuration, real-time data and business rules
Rogue
IOTManaged
IOT
Tolerated
IOT
Managed
Assets
Critical
Assets
![Page 18: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/18.jpg)
18
DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED
Core / Criticalassets
Networkassets
ManagedIOT
HeadlessIOT
Corporate Unmanaged
IOT
BannedFrom
Network
IOT | WHERE DO I START?
BYOD
![Page 19: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/19.jpg)
19
IOT | WHERE ARE THE UNKNOWNS?
DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED
Coreassets
Networkassets
ManagedIOT
HeadlessIOT
Corporate Unmanaged
IOT
BannedFrom
Network
BYOD
Automatic
Updates
User Selected
Apps
User Selected
OS
Unidentified
![Page 20: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/20.jpg)
20
IOT | HOW TO MITIGATE THE RISKS?
1. Make the “Trusted” list bigger
2. Make the “Tolerated” list smaller
DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED
![Page 21: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/21.jpg)
21
IOT | HOW?
1. Lock down
corporate devices
2. Clearly defined
BYOD Policy» Device ID
» Device Policy
DEFINED (“TRUSTED”) TOLERATED
ManagedIOT
Corporate Unmanaged
IOT
BYOD
![Page 22: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/22.jpg)
22
Broad – The Fabric Allows Flexible, Open Integration of Other Security Partners
![Page 23: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/23.jpg)
23
1. Security Fabric is a systematic view to security architecture and
operations.
2. Fortinet Security Fabric is industry unique due to width and
breadth of native solutions and partner integration options.
3. Fortinet Security Fabric is about Visibility and Control
4. It provides best security coverage in today’s world of Dynamic
Attack Surface and where Human Errors are prevalent.
Final Notes
![Page 24: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/24.jpg)
24
![Page 25: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/25.jpg)
25
![Page 26: FORTINET SECURITY FABRIC - Blue Bridge · • Training • Log overlap & inconsistencies. 4 Introducing the Fortinet Security Fabric A New Cyber Security Philosophy Advanced Threat](https://reader033.fdocuments.in/reader033/viewer/2022042305/5ed163de17948f09cb405e40/html5/thumbnails/26.jpg)