fortinet security fabric - blue bridge · • training • log overlap & inconsistencies. 4...

© Copyright Fortinet Inc. All rights reserved.

FORTINET SECURITY FABRIC

Mindaugas KubiliusSystems Engineer, Baltics

2

1. Dynamic Attack Surface• IoT & apps

• Cloud

• Targeted Attacks

2. Human Errors• Limited Resources

• More “stuff” / complicated

• DevOps (automation)

HOT CHALLENGES

3

ACCIDENTAL ARCHITECTURE

• Network Complexity

» Network design evolves rapidly

» Attack surface along with it

• Organizational Complexity

• Multiple teams for different functions

• Network, OS, Security Team, …

• Solution Complexity

• Many products / vendors / contracts

• Training

• Log overlap & inconsistencies

4

Introducing the Fortinet Security FabricA New Cyber Security Philosophy

Advanced Threat

Intelligence

Access

Client Cloud

Partner API

NOC/SOC

Network

Application

5

1. Exchange of Dynamic Context

Information

» User login to session context

» Device profiling / posture context

» Security tagging

2. Exchange of IoCs

» Automatic intelligence sharing among

devices

» Updated on the fly

» Can be multivendor / independent 3rd party

Different “Security Fabrics” Approach

6

FORTINET SECURITY FABRIC

FortiWeb

Web Application

Firewall

FortiADC

Application

Delivery

Controller

Top-of-Rack

BRANCH

OFFICE

FortiExtender

LTE Extension

CAMPUS

FortiClientSecure Access

Point

IP Video

Security

FortiGate

NGFW

FortiGate

DCFW/

NGFW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate VMX

SDN, Virtual

Firewall

FortiDDoS Protection

FortiGate Internal

Segmentation FW

DATA CENTER/PRIVATE CLOUD

Web Servers

SECURE ACCESS APPLICATION

SECURITY

ENTERPRISE

FIREWALL

FortiClient

FortiSandbox

FortiClient

FortiSandbox

FortiMail

Email Security

FortiSwitch

Switching

CLOUD SECURITYADVANCED THREAT

PROTECTION

FortiSwitch

Switching

Email

Server

FortiDB

Database

Protection

OPERATIONS CENTER

FortiManager

FortiAnalyzer

FortiSIEM

Fortinet

Virtual Firewall

FortiCloud

PUBLIC CLOUD

FortiCloud Sandboxing

FortiCloud AP Management

FortiGate/FortiWiFi

Distributed Ent FW

7

VISIBILITYframework

AccidentalArchitecture

C-Suite dashboard

• KRI

• KPI

• Top 10

IT Dashboard

• Correlation

• Analytics

• Drill-down

The Security Fabric organizes configuration, real-time and historic data into focused

dashboards for specialized, efficient analysis.

8

AWARE | TOPOLOGYFabric View Endpoint View Historical View

Simple & Clear

• Topology

• Drill down

• REST API

• FortiView

Embedded

Simple & Clear

• Topology

• Access

• Hosts details

• Device types

(& anomalies)

• Link monitoring

& utilization

• Real-time and

historic data

Multi-Monitor

• FortiGate

• FortiAP

• FortiSwitch

• FortiAnalyzer

• FortiSandbox

• FortiClient

• Hosts

• NAT Devices

• Routers

• Servers

• HA Clusters

• Switch Rings

Elements

9

AWA R E | E N D P O I N T

• Without Client Software

• Device Detection

• Endpoint Tracking

• Usage monitoring

• Endpoint data

• Synchronized to fabric members &

FortiAnalyzer

• Endpoint Telemetry Data

• Avatars

• Social IDs

• Compliance

• Endpoint software & configuration

• Vulnerabilities

• Vulnerability Scan & Report

• Application Inventory

Fabric View Endpoint View Historical View

Minimal FortiClient Installer

Endpoint Telemetry

Vulnerability Scan

10

AWA R E | R E P O R T I N G

Enriched Data

• All reports & views benefit from the topology and

device awareness

• Reporting platforms have same components

Unified Logs

• Awareness of the topology enables intelligent logging

• Remove overlap & inconsistencies in the data

Time Dimension

• Historic Audit Reports

• Trending Reports

• API to FortiManager & FortiGate

Fabric View Endpoint View Historical View

11

Wrong WayLed by

IT Department

Timeline – audit periodDay 0Day 365

Audit begins

Right WayLed by CISO and

mid-level managers

Audit

Check Fail

Audit

Check Pass

Significant high risk

vulnerabilities

Many High Risk

vulnerabilities

Some High-Medium Risk

vulnerabilities

Some low risk

vulnerabilities

CONTROLframework

12

Fabric View Endpoint View Threat Intel Driven

Simple & Clear

• Part of

Topology

Framework

• Easily identify

alerts

• Click to Review

and manage

Simple & Clear

• Wizard Based

• Take

recommended

actions directly

• Re-run to

confirm &

identify new

alerts exposed

Take Action

A C T I O N A B L E | F R A M E W O R K

13

A C T I O N A B L E | E N D P O I N T

Fabric View Endpoint View Threat Intel Driven

Vulnerable Endpoints (FortiClient)

Threat Score (FortiGate)

14

A C T I O N A B L E | T H R E AT I N T E LFabric View Endpoint View Threat Intel Driven

15

EXPAND | ATTACK SURFACE COVERAGE

• FortiNet Native

• FortiWeb

• FortiMail

• FortiCache

• Partner Endpoint (ex: Carbon Black)

• Sandbox Integration

• Telemetry Integration

• Partner Vulnerability Scan (ex: Qualys)

• FortiWeb Integration

• Vulnerability assessment data in the fabric

Known BadBotnet C&C IPsMalware Domain

Malware URL

Infected

Ranked Suspicious

17

WHAT IOT PROBLEM?

• Your attack surface changes every time…• A new application is installed

• A new device enters your network

• A new VM service is connected

• A user signs up for a new social account

• ….

• Security Fabric…• Learns every change across the network

• Audits the changes for best practices & anomalies

• Analyzes the attack surface against the configuration, real-time data and business rules

Rogue

IOTManaged

IOT

Tolerated

IOT

Managed

Assets

Critical

Assets

18

DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED

Core / Criticalassets

Networkassets

ManagedIOT

HeadlessIOT

Corporate Unmanaged

IOT

BannedFrom

Network

IOT | WHERE DO I START?

BYOD

19

IOT | WHERE ARE THE UNKNOWNS?

DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED

Coreassets

Networkassets

ManagedIOT

HeadlessIOT

Corporate Unmanaged

IOT

BannedFrom

Network

BYOD

Automatic

Updates

User Selected

Apps

User Selected

OS

Unidentified

20

IOT | HOW TO MITIGATE THE RISKS?

1. Make the “Trusted” list bigger

2. Make the “Tolerated” list smaller

DEFINED (“TRUSTED”) TOLERATED ROGUE / UNWANTED

21

IOT | HOW?

1. Lock down

corporate devices

2. Clearly defined

BYOD Policy» Device ID

» Device Policy

DEFINED (“TRUSTED”) TOLERATED

ManagedIOT

Corporate Unmanaged

IOT

BYOD

22

Broad – The Fabric Allows Flexible, Open Integration of Other Security Partners

23

1. Security Fabric is a systematic view to security architecture and

operations.

2. Fortinet Security Fabric is industry unique due to width and

breadth of native solutions and partner integration options.

3. Fortinet Security Fabric is about Visibility and Control

4. It provides best security coverage in today’s world of Dynamic

Attack Surface and where Human Errors are prevalent.

Final Notes

24

25