Downloaded 13 times
![Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]](https://cdn.slidesharecdn.com/ss_thumbnails/hetecosysteemalscompletebeschermingtegencybercriminaliteitpvh-160621130244-thumbnail.jpg?width=640&height=640&fit=bounds)
![5G Explained! A High Level Overview [Introduction]](https://cdn.slidesharecdn.com/ss_thumbnails/5gexplainedahighleveloverview-260119165306-cc137a3e-thumbnail.jpg?width=640&height=640&fit=bounds)
Nozomi integration Operational Technology .pptx
- 1. Bringing OT ThreatDetection and Response to the Next Level
- 2.
- 3. 3 © Fortinet Inc.All Rights Reserved. Access Control • Restricts mobility of lateral movement • Complicates access to vulnerable assets • Reduces attack surface and area of effect • First line of defense against network threats But . . . • Lacks ability to adapt to changing conditions • Informs of attempts to breach segmented network • Identifies successful circumvention of segmentation • Contextualizes attacks and engages incident response • Monitors the network beyond choke points and boundaries But . . . • Lacks ability to enforce new policies as threats are detected Continuous Monitoring NIST 800-82 Controls for ICS
- 4. 4 © Fortinet Inc.All Rights Reserved. Automatically learns ICS behavior and detects suspicious activities Security Policy Enforcement Flexibility to enforce security policies with different degree of granularity Deep understanding of all key SCADA protocols, open and proprietary Deep Flow Control / Vulnerability Shielding Proactive filtering of malicious and unauthorized network traffic Real-time monitoring guarantees no performance impact and permits visibility at different layers of the Control and Process Networks Segmentation In-line separation between IT and OT environments Behavioral Analysis Deep SCADA Understanding Non-intrusive Monitoring ICS IDS Enforcement Zone Security Fabric The Fortinet / Nozomi Networks Integrated Capabilities Turn–key Internal and Perimeter Visibility Fine Tuning, Control and Monitoring of the Firewall Ruleset Proactive SCADA Security
- 5.
- 6. 6 © Fortinet Inc.All Rights Reserved. Simplifying management and reducing complexity Fortinet’s Security Fabric Protects OT & IT Information Technology (IT) Operational Technology (OT) Radius + VPN Server INTRANET REMOTE SITE Radius + VPN Server Internet Jumpbox Historian DMZ NETWORK PROCESS NETWORK CONTROL NETWORK FIELD NETWORK HMI Operator SCADA Server PLC PLC PLC Pump Fan Valve
- 7. 7 © Fortinet Inc.All Rights Reserved. Addressing Critical Use Cases Integrating OT and IT Deep OT Visibility Role-based Access Control Centralize Security Management Secure Remote Connectivity Securing Critical End Point Zones and Conduits Advanced Persistent Threat Information Technology (IT) Operational Technology (OT) Radius + VPN Server INTRANET REMOTE SITE Radius + VPN Server Internet Jumpbox Historian DMZ NETWORK PROCESS NETWORK CONTROL NETWORK FIELD NETWORK HMI Operator SCADA Server Pump Fan Valve PLC PLC PLC
- 8. 8 © Fortinet Inc.All Rights Reserved. Fortinet Cybersecurity Platform Enterprise Security Fabric Endpoint Protection Network Firewall NAC Identity SD-WAN Secure WLAN Applications Platform Network Protect Detect Respond Security-Driven Networking Zero Trust Access Adaptive Cloud Security ∂ AI-Driven SOC ∂ Fabric Management MFA Secure LAN
- 9. 9 © Fortinet Inc.All Rights Reserved. IEC 62443 Compliant Solution Architecture Level 1 & Level 0 Control Network Bus Network Level 2 Supervisory Zone Level 3 Operational DC DMZ Management Zone Level 4 External Enterprise LAN Corporate Environment Level 5 Internet DMZ Enteprise Corporate Environment Level External Internet Internet ISP A Internet ISP B Zones of Control Zones and Conduits Micro Segmentation Physical and Virtual Segmentation Historian Server Zone Application Server Zone Engineering Server Zone Engineering WorkStation Zone Operator WorkStation Zone FortiAuthenticator FortiClient EMS DC/FSSO Operational Technology (OT) Authentication Boundary FSS0 Web Servers Email Servers Remote User FortMail FortiGuard Global Intelligence FortiGuard Threat Intelligence Service Remote Vendor EXTERNAL INTERNET Authentication Services & Domain Controllers Business Servers Enterprise Desktops FortiGate FortiGate FortiGate FortiSwitch FortiSwitch FortiProxy FortiProxy FortiAnalyzer FortiManager FortiSandbox FortiSIEM Fortinet Security Fabric
- 10. Fortinet FortiGate ISFW& Nozomi Guardian Integration
- 11. 11 © Fortinet Inc.All Rights Reserved. • Triggers an event/incident when • a new host is discovered on the network • a new communication is done between two trusted nodes • a new « function code » is observed within a trusted communication • Integration with FortiGate • selective session kill • deny policy insertion • virtual domains support • Integration with FortiSIEM • send CEF to FortiSIEM • Integration with FortiNAC • allows FNC to import hosts from the Nozomi Guardian • FNC to profile the devices based on the information retrieved Use Cases for Pure Player in Industrial Network Visibility
- 12. 12 © Fortinet Inc.All Rights Reserved. Fortinet Integration with Nozomi
- 13. 13 © Fortinet Inc.All Rights Reserved. Fortinet Integration with Nozomi • Sharp per Zones “Learning” or “Protecting” mode. • According to your settings, policies from concerned Zones will be pushed. • If in Learning mode on given Zone, no enforcing policies will be sent to FGT.
- 14. 14 © Fortinet Inc.All Rights Reserved. Fortinet API Integration with Nozomi config system api-user edit "guardian-api" set accprofile "super_admin" set vdom "TARGET vDOM" config trusthost edit 1 set ipv4-trusthost x.x.x.x/32 next end next end exec api-user generate-key guardian-api
- 15. 15 © Fortinet Inc.All Rights Reserved. Fortinet API Integration with Nozomi – Attack Detection
- 16. 16 © Fortinet Inc.All Rights Reserved. Fortinet API Integration with Nozomi – FGT Policy Injection • Note that Guardian injected policies are placed below access granting policies per default. • v20.x of Guardian provides an option to place Guardian injected policies top most, hence enforcing traffic denials
- 17. 17 © Fortinet Inc.All Rights Reserved. Fortinet API Integration with Nozomi – Guardian Audit Logs
- 18. 18 © Fortinet Inc.All Rights Reserved. Fortinet Key Strengths Securing OT Identify and secure OT communications and protocols through FortiOS and the FortiGuard Industrial Services. Industry Leading OT Application Control. Intrusion Detection & Prevention World’s most powerful IPS/IDS/Virtual Patching engine. More than 250 Threat Researchers in house. Network Segmentation Zones and Conduits of control provided throughout the Security Fabric by FortiOS. FortiOS managed FortiSwitches enabling Micro Segmentation at the NGFW core. Fabric Ready Partners The Fortinet Security Fabric embrace hundreds of 3rd parties integrations. Shared intelligence for assured real time effective Security Automation and Reduced Risks.
Editor's Notes
- #1 Welcome to the Bringing OT Threat Detection and Response to the Next Level webinar from Fortinet and Nozomi Networks We are so glad you joined us today.
- #6 OT industries we target: power generation, load dispatch centers, Transmission and Distribution, wind power, solar, hydropower, gas turbines, steam turbines, etc. Oil and gas, upstream exploration, production, refining, chemicals, petrochemicals Manufacturing: food and beverage, pharma, discrete and process industries; water/wastewater Logistics, ports, etc. Other critical infrastructure On the screen here you see a high-level enterprise view of an industrial plant. It could be a water treatment facility, a wind farm, an oil drilling rig, a food and beverage plant or a maritime port. Or it could be a “smart truck” for that matter. Fundamentally all of these kinds of operational networks tend to have similar technologies and structures. OT is all the hardware, software and network technology we find south of the dotted red line. North of the red line is the IT world or business zone with your corporate network, CRM, ERP, email, etc. South of the red line is what OT people call the secure perimeter. This is where you'll find actuators and sensors that are connected to assets such as pumps valves and motors. These are connected to controllers that are supervised by HMI, Engineering Workstations and Supervisory Control OR SCADA systems. Here you will find event collectors, Alarm Systems and Data Historians. While OT used to be almost synonymous with Industrial Control System there is also a newcomer disrupting this space which is IIOT - industrial internet of things. These devices are IOT devices within the OT secure perimeter. These IIOT devices such as smart sensors are growing very fast alongside the emergence of 5G. These two worlds used to be separated or "air gapped" but due to digitization trends driven by plant optimization, asset utilization and condition-based maintenance they are now converging. Convergence with IT and the emergence of IIOT and 5G are two major trends that bring major security challenges.
- #7 Le’ts look at the most typical use cases we deploy - First, segmentation and secure remote connectivity. We do this with our next generation firewalls, switches and access points. - Second is deep OT visibility for asset inventory and breach detection. We can set policies on over 1800 signatures, provide virtual patching against 400 known OT vulnerabilities and even more capabilities we can provide with our tech alliance and fabric integrations. - Third is role-based access control for users, devices and applications done inside the secure perimeter. We enable this with FortiAuthenticator, FortiNAC, and FortiToken. - Fourth we can secure critical endpoints like engineering workstations, HMIs, or even controllers with FortiEDR. - Then OT SOC environment and sometimes enterprise SOC with both IT and OT can be enabled with solutions such as FortiSIEM and FortiSOAR. - Finally, we can cover Advanced Persistent Threats with our Sandbox and Deception technologies. The key is that OT, just like IT, is networked. We end up selling the same products there. There are specifics like industrial protocols and sometimes special environmental conditions that require ruggedized hardware. and to read industrial protocols such as Modbus and OPC UA. But at the end of the day it is defense and depth adding layers of security to secure the critical perimeter.
- #8 Let's break down the fortinet security fabric into its constituent pillars. For effective security, organizations have to shift from protecting security perimeters to protecting data spread across the billion of edges, users, systems, devices and critical applications. A platform provides comprehensive visibility and protection across devices, users, endpoint, cloud, SaaS, and infrastructure, covering the entire attack surface. The Fortinet platform consists of four key components: At the core of the platform is the network which remains a critical piece. Our security-driven networking provides secure high-performance connectivity between users, applications and devices into the cloud. Manage internal and external risk with internal segmentation, threat detection and automated threat protection and policy enforcement. Our zero trust access network enables identification of all users, applications and devices on and off the network. Our adaptive cloud security provides protection across all cloud environments including hybrid, public and private cloud Our cloud security solutions, including virtual appliances and hosted solutions, extend the core capabilities of the Fortinet Security Fabric platform to provide businesses with the same level of cybersecurity and threat intelligence in and across cloud environments that they receive on their physical networks. AI-driven security operations provides faster response and remediation including actionable, customized threat intelligence and insights. The Fabric Management Center provides a single pane of glass, simplifying operations and enabling automation of workflows.
- #12 Blue lines represent normal network communication Solid red lines are the attacker attempting to gain access to SIEMENS PLC Dotted red line is logs sent to FortiSIEM Green line is FortiSIEM API call to FortiGate blocking the Attacker IP address
- #13 Blue lines represent normal network communication Solid red lines are the attacker attempting to gain access to SIEMENS PLC Dotted red line is logs sent to FortiSIEM Green line is FortiSIEM API call to FortiGate blocking the Attacker IP address
- #18 For effective security, organizations have to shift from protecting security perimeters to protecting data spread across the billion of edges, users, systems, devices and critical applications. A platform provides comprehensive visibility and protection across devices, users, endpoint, cloud, SaaS, and infrastructure, covering the entire attack surface. The Fortinet platform consists of four key components: At the core of the platform is the network which remains a critical piece. Our security-driven networking provides secure high-performance connectivity between users, applications and devices into the cloud. Manage internal and external risk with internal segmentation, threat detection and automated threat protection and policy enforcement. Our zero trust access network enables identification of all users, applications and devices on and off the network. Our dynamic cloud security provides protection across all cloud environments including hybrid, public and private cloud Our cloud security solutions, including virtual appliances and hosted solutions, extend the core capabilities of the Fortinet Security Fabric platform to provide businesses with the same level of cybersecurity and threat intelligence in and across cloud environments that they receive on their physical networks. AI-driven security operations provides faster response and remediation including actionable, customized threat intelligence and insights.