Downloaded 38 times
More Related Content
Similar to Introduction to Security Fabric
Introduction to Security Fabric
- 1. An introduction to FortinetSecurity Fabric Full-spectrum security services by Infosec Partners October 2016 | Fortinet UK. Gainsborough House www.InfosecPartners.comInfosec Partners were named Fortinet’s first ever UK Partner of Excellence
- 2. 2 IPICSFTv2.1 Infrastructure = ConstantChange Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 3. 3 IPICSFTv2.1 The Attack Surfacehas increased Dramatically Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 4. 4 IPICSFTv2.1 End to EndSegmentation is Critical Each segment is connected by an Internal Segmentation Firewall » Appliance, Virtual or Cloud » If one segment breached then it’s contained These act as a single Fabric » Provides best end-to-end protection Old technologies e.g. vlans, access lists » replaced by next generation firewalls Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 5. 5 IPICSFTv2.1 Full-spectrum security servicesby Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 6. 6 IPICSFTv2.1 Fortinet Security Fabricprotects from IoT to Cloud Scalability » Protect at scale in any location and at any desired performance level Awareness » Communication between all security devices on network Security » Global and local perspectives, protects from advanced threats Actionable » Threat Intelligence so that we act more quickly Open » Connects other systems/vendors, helps preserve current investments Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 7. 7 IPICSFTv2.1 Scalable from IoTto Cloud Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 8. 8 IPICSFTv2.1 Scalable for Access By 2020 » >25% of enterprise attacks will involve IoT » IoT will be <10% of Security Budgets » Network segmentation and isolation solutions will account for 33% of all IoT security spend. The network boundaries will be key locations for detection, response, access and other policy enforcement needs (e.g. WLANS). Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 9. 9 IPICSFTv2.1 Scalable for theNetwork Fortinet’s PPP processes different types of traffic with different types of security with the following benefits: SLOW = BROKEN Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 10. 10 IPICSFTv2.1 Scalable for theCloud Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 11. 11 IPICSFTv2.1 Global and LocalSecurity Global updates occur inside the fabric Intelligence Feeds 12 different security services available Local, targeted & unknown attacks Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 12. 12 IPICSFTv2.1 Fabric Awareness Critical Networks are ever more complex, making it difficult to manage and secure, especially if you want to implement a segmented network strategy. Fortinet Security Fabric will form an end-to-end topology and data flow view identifying: » Where the firewalls are located » What they’re connected to » What Policies exist » What applications are flowing Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 13. 13 IPICSFTv2.1 Actionable Threat Intelligence Information overload Means that it can be very ard to work out what to do with a new threat in a timely manner. Actionable Threat Intelligence Will allow customers to compare indications of compromise within the local network and the global network. Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 14. 14 IPICSFTv2.1 OPEN Multiplelayers of Fabric APIs for Partner Integration SDN Orchestration API support Virtualisation and cloud platform support at the hypervisor level Detailed logs for SIEM systems Endpoints can connect to the system via the sandbox. Detailed APIs allow upper Management solutions to connect to Fabric Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 15. 15 IPICSFTv2.1 OPEN FabricReady Partners, Ecosystem Integration Extension of the Fabric into the alliance Ecosystem is very important because customers have invested in different security products that are essential to their security capability. Full-spectrum security services by Infosec Partners, the first ever Fortinet Partner of Excellence UK Fabric Ready Partners List of Fabric Ready Partners as of 26 September 2016
- 16. 16 IPICSFTv2.1 Full-spectrum security servicesby Infosec Partners, the first ever Fortinet Partner of Excellence UK
- 17. 17 IPICSFTv2.1 Full-spectrum security servicesby Infosec Partners, the first ever Fortinet Partner of Excellence UK Summary of Introduction to Fabric Networks are becoming ever more complex, making it difficult to manage and secure, especially if you want to implement a segmented network strategy, which we recommend. The answer is to simplify. Fortinet’s Security Fabric includes all of the key capabilities your organization needs for a truly complete solution: » Scalable: Protects the enterprise from IoT to the cloud » Secure: Global and local threat intelligence and mitigation information is shared between products for faster protection » Aware: The fabric behaves as a single entity regarding policy and logging, enabling end-to-end segmentation for better protection against advanced threats » Actionable: Big data cloud systems correlate threat and network data to deliver real-time, actionable threat intelligence » Open: Well-defined, open APIs allow leading technology partners to become part of the fabric Infosec Partners (Fortinet’s first ever Partner of Excellence UK) can help you tailor the Fortinet Security Fabric for your organisation with a range of professional services, full and part managed security to meet your needs.
- 18. Thank you For moreinformation about the Fortinet Security Fabric and full-spectrum security services by Infosec Partners please contact: 0845 256 5903 | +44 1256 893662 | fabric@infosecpartners.com www.InfosecPartners.comInfosec Partners were named Fortinet’s first ever UK Partner of Excellence
Editor's Notes
- #3 Organisations have to ensure that they have the necessary bandwidth to support and secure all these technology advancements
- #4 All the tech advancements have increased the attack surface dramatically. Today’s Security is Borderless. Long gone is the well defined attack surface at a single internet connection. Interconnectivity means the attack surface is far greater throughout the network. Local & Cloud apps, Multi Directional Data Flows, and People BYOD and IoT means that the endpoint is dramatically more open for threats of attack
- #5 Given an increased attack surface, Fortinet fundamental security strategy is to provide: A Zero Trust, End-to-end segmented network from IoT to the Cloud. Segmentation can be defined by networks, applications, users, devices, geographies, or a mix of these. Each segment is connected by an Internal Segmentation Firewall (virtual, appliance or cloud) So if one segment is breached, the breach is contained to that one segment. Universal security policy engine determines the trust between each segment and corresponding levels of security. The engine then distributes appropriately orchestrated security policies to the various security devices. These security devices act as A SINGLE FABRIC to provide the best protection from end-to-end, even those in the cloud. Old technologies e.g. vlans, access lists and routers will be replaced by next generation firewalls to provide secure interconnected segments which will enable organisations to contain any attack in the event of a breach.
- #7 Security Fabric: 5 Critical Attributes Scale. Ability to protect the endpoint, access layer and core network both in data centre and in the cloud at any desired performance level Awareness Allows peer to peer communication between all the security devices on the network Security Global and local perspective to secure from advance threats such as Zero Day attacks Actionable Actionable threat intelligence to filter data that is important and act upon it more quickly Open Use different APIs to allow other systems and vendors to connect with the Fabric to preserve current investments.
- #8 To defend the entire attack surface, different technologies need to scale across all areas of the network. Endpoint Devices and Users Client Access Layers Embedded Distributed and Core networks System on a Chip (for price/performance), Packet and Content Processor ASIC, Flow-Based ASIC Data Centers and the Cloud Hardware dependent virtual machines and virtual firewalls Across all of these, Fabric provides Single Pane of Glass management Single Point for security updates Single Network Operating System Single Point of Authentication and SSO
- #9 Currently the common access layer has very little security. Whether switches or access points, security hasn’t been the focus here. Fabric will be extending the security to be as close as possible to the end devices. Long term, Fortinet security will be embedded: As an additional controller, Inside the Switch or Inside the Access Point with different types of security management. Vision = Universal Access points and Switches with embedded security connected by our Fabric to traditional controller appliances, integrated controllers in the firewall, or cloud controllers all with the traditional authentication and single sign on for everything. Longer there will be a full application portfolio, SSO, SLAs, presense, app visibility and network performance allowing customers to apply even more security to the access layer. The access layer will become extremely important for to provide security for security deficient IoT devices.
- #10 Competitors that use CPU only can be overloaded when managing policies, processing packets and doing deep inspection all on the same processor! Parallel Path Processors (PPP) ensures optimal performance: CPUs, Network Path Processors and Content Processors work in tandem to process different types of traffic with different types of security. Some Fortinet devices only have one CPU, but the performance is optimized by using a System on a Chip (SoC).
- #11 3 important elements Virtualisation Hypervisors supported: Vmware, Microsoft, Zen and KMV with 12 different security products Private Cloud (SDN Orchestration Integration) East West Connectors e.g. Cisco ACI, Openstack APIs e.g. Fortinet VMX for VMWare NSX North South Data Centre consolidation menas very high speed firewalls and IPS are required Future will see more efficient operation through flow-based integration Public Cloud IaaS Support of Azure and AWS and Telco and service product platforms for NGFW, WAF, Management & Reporting SaaS Support for Proxy or Broker APIs. Most customers will use a hybrid mode i.e. Data Centre Security and Public Cloud security, with both managed through a single pain of glass.
- #12 LocalSandbox. Threat emulation, behavioural montoring, peer to per communication This is very different to a platform approach where information is just fed into the cloud or a central mamagement system. In a fabric, each endpoint can communicate peer to peer with the Sandbox and with eachother. E.g. If FortiGate finds something suspicious it can send to the sandbox. If the sandbox detects malware or other threats then it can respond to the FortiGate to tell it to trace where it was sent and quarantine.
- #13 Todays networks are complex with different types of security solution at different points of the network whether IoT, endpoint, data centre or cloud. It is difficult to troubleshoot with various log files in different formats. It can be extremely complex to work out a true segmentation strategy end to end. Going forwards, Fabric will be able to form an end-to-end topology and data flow view. This will be done by firewalls and other security products talking to each other using peer to peer communication called the FortiHeartbeat. Identifies Where the firewalls are located What they’re connected to What policies exist What applications are flowing Longer term this allows the administrator to apply policies to single fabric entities rather than individual systems. Great for logging and management, but critical for building truly segmented networks.
- #14 Because organisations have a lot of information and analystics being discovered from SIEM systems, to individual reporting and threat intel feeds, it can be very hard to work out what to do with a new threat in a timely manner Actionable Threat Intelligence will allow customers to compare indications of compromise within the local network and within he global network.