SlideShare a Scribd company logo

SECURE ACCESS ARCHITECTURE GUIDE

Exclusive Networks ME
Exclusive Networks ME

Securing business communications, personal information, financial transactions, and mobile devices involves much more than network access control. It requires scanning for malware, preventing access to malicious websites, endpoint integrity checking, and controlling application usage. But typical Wi-Fi solutions do not satisfy these requirements. Fortinet has a unique approach that addresses the shortcomings of other Wi-Fi offerings. Our secure access portfolio provides the most flexible security platform with end-to-end enforcement. Read More: https://www.fortinet.com/secureaccess

Technology
1 of 8
Download to read offline
SOLUTION GUIDE Secure Access Architecture Complete Security for Network Access
SOLUTION GUIDE: Secure Access Architecture 2 Introduction Technology and market trends are rapidly changing the way enterprise organizations deploy local area networks, connect end devices, and enable business applications of every type. But the implication of these changes and the following trends impact how networks must be secured. Growth in Unsecure Connected Devices The number and types of network-connected wireless devices continue to grow exponentially. Enterprise networks have moved well beyond connecting laptops, smartphones, and tablets. Emerging IoT (Internet of Things) applications are bringing new device types into enterprise networks. Gartner Group predicts 33 billion endpoints will be connected by 2020. This exponential increase in connected devices presents new vulnerabilities and a growing attack surface for hackers to exploit. IoT devices in particular (such as wireless sensor nodes, location-based beacons, and other small devices) often are not capable of supporting a suite of security solutions. Wireless Brings Perceived Vulnerabilities Wi-Fi is becoming the primary access medium for many of these network devices. This in turn is driving the never ending ‘need-for- speed’. With the capability of delivering gigabit speeds, Infonetics forecasts that by 2019 90% of connected devices will be 802.11ac- capable. But as the device landscape shifts from corporate-owned to employee-owned, and as network usage shifts to an ever-greater reliance on wireless, the perceived vulnerabilities of devices and the wireless network is coming into question. Recent Fortinet surveys indicate strong concern from CIO and IT administrators about the vulnerabilities of their wireless access network. Application Proliferation Enlarges Attack Surface The growth of mobile applications goes hand-in-hand with the increased number of devices. Mobile application use shows growth of 76% year-on-year. This means enterprises are not only facing support challenges from more enterprise applications, but also new vulnerabilities that stem from applications never before seen on the network. Operational Complexity for IT On top of this unprecedented growth in application and device diversity, users expect a unified access experience—one that ensures consistent, secure application and device policies across both wired and wireless environments. This creates major challenges for IT organizations that are stressed to fill gaps in security if policies are inconsistently applied and not easy to manage. Secure Access Experience the industry’s most comprehensive network access security, regardless the size of your business, your network topology and choice of on-premise or cloud-based management.
SOLUTION GUIDE: Secure Access Architecture www.fortinet.com 3 FIGURE 2 Supports Enterprises of All Sizes FIGURE 1 Secure Access Architecture Fortinet Secure Access Architecture With these trends and challenges, the deployment and management of enterprise networks, applications and devices must be simplified. A network access layer that is not only secure but easy to manage, and continuously protected safeguards critical internal enterprise assets and users from cyberattacks. This is where Fortinet solutions lead the way. Fortinet networks are different. Fortinet’s network access solutions offer the best of next-generation firewall capabilities together with enterprise access. As opposed to traditional wireless solutions which only address connectivity, Fortinet’s secure access solutions have robust network security at their core in addition to connectivity. Fortinet secure access solutions are designed to provide the same award winning and 3rd party validated security in every type of deployment, from a stand-alone AP in an isolated office, to a handful of APs in a retail store to thousands of APs deployed across a large enterprise campus. Our three product offerings enable any business to choose the topology and network management that best suits them, without having to compromise on security protection. Securing business communications, personal information, financial transactions and mobile devices involves much more than network access control. It requires scanning for malware, preventing access to malicious websites, end-point integrity checking and controlling application usage. But typical Wi-Fi solutions do not cater to these requirements. Fortinet has a unique approach that addresses the shortcomings of other Wi-Fi offerings. Fortinet’s secure access portfolio provides the most flexible cyber security platform with end-to- end enforcement for enterprises of all sizes and verticals of any type.
4 SOLUTION GUIDE: Secure Access Architecture Same Security on all Platforms To provide the same levels of security as Fortinet, other vendors would need a variety of supplemental security support, depending on the product deployed. This adds to the operational complexity and TCO of their products. In contrast, the Fortinet secure portfolio offers the same comprehensive security across all our access platforms, whether controller-managed or cloud-managed. This makes it easy for businesses to mix-and-match deployment models for different use cases, without giving up critical security protection. Fortinet Secure Access Offerings With Infrastructure, Integrated, and Cloud solutions—Fortinet offers a comprehensive set of deployment options to meet the secure network needs of any size of organization in any vertical market. These three solution options are designed to extend or upgrade existing network systems. With on-site and cloud-managed solutions, Fortinet brings market-leading secure and flexible solutions. Infrastructure Wireless Offering – Mobility, Flexibility, and Choice The Fortinet Infrastructure offering combines on-premise controller-based management, open application appliances, and a range of high- performance indoor and outdoor APs. This offers an ideal solution when an organization needs to separate access infrastructure from the underlying network’s security infrastructure. With network-controlled roaming, users benefit from the best possible mobility experience. Our Infrastructure solution offers the most flexible channel configuration and layering to simplify deployment while increasing performance, traffic segmentation, and capacity. On top of this infrastructure is the wireless industry’s first open application platform to help IT build a more agile and open network. This product family scales for implementation in small, medium, and large enterprises of all types. FIGURE 3 Fortinet Infrastructure Wireless Offering
SOLUTION GUIDE: Secure Access Architecture www.fortinet.com 5 Integrated Wireless Offering—Integrated, Scalable, Unified Management The Fortinet Integrated offering is a family of controller-managed APs that function in cooperation with a FortiGate. In addition to consolidating all the functions of a network Firewall, IPS, antimalware, VPN, WAN Optimization, Web Filtering, and Application Control in a single platform, FortiGate also has an integrated Wi-Fi controller. Fortinet APs can then be connected directly to FortiGate, providing comprehensive wireless coverage. FortiGate is also available with an integrated AP known as FortiWiFi. Recognized in both Gartner Group’s Magic Quadrants for Unified Threat Management and Enterprise Firewalls, FortiGate consolidates security, connectivity, and access control in a single platform. Regardless of access method, FortiGate applies a common security policy to all users and enables effortless BYOD onboarding. Complete PCI-DSS and HIPAA compliance is assured, along with the industry’s most comprehensive protection for all manner of wireless and Internet threats. Enterprises can centrally administer security policies through a “single-pane-of-glass” management interface. Like other Fortinet security products, FortiGate is secured by FortiGuard—receiving regular signature updates to ensure continuous protection against attacks and zero-day cyber threats. The combination of FortiGate security and FortiAPs gives enterprises of all sizes, hospitals, and schools scalability for thousands of APs and tens of thousands of clients, providing complete threat protection without the complexity of additional point security products. Benefits include: nn Air Traffic Control and Airtime Fairness – The network determines optimal client roaming between access points for the best possible mobility experience in time-sensitive applications nn Multi-Channel - Maximizes spectrum reuse and performance nn Virtual Cell plus Single Channel - Simplifies deployment and seamless roaming nn Virtual Cell plus Channel Layers - Multiple channels segment application traffic and add capacity nn Mobile Center – An application platform that helps IT build a more agile and open network nn Mobile Center Applications – Centralizes management, automates client on-boarding, and integrates SDN applications such Skype for Business (formerly Microsoft Lync) FIGURE 4 Fortinet Integrated Deployment Diagramt
6 SOLUTION GUIDE: Secure Access Architecture Cloud Wireless – Secure, Cloud and Controller-less Fortinet’s Cloud-Managed WLAN solution is unlike any other Cloud Wi-Fi offering. Based on the FortiCloud Provisioning and Management Service plus a new class of access points, the FortiAP-S series combines the elements of advanced firewall protection at the network edge with the simplicity and convenience of cloud management. Equipped with extra memory and twice the processing power of typical thin APs, FortiAP-S series performs real-time security processing on the AP itself. Combining Wi-Fi access and network security into the compact footprint of a single AP provides an exceptionally elegant and affordable WLAN for SMBs and an additional wireless option for distributed enterprises. Configuration management and reporting is provided through the FortiCloud provisioning and management portal, providing comprehensive details on per-user and device application usage, bandwidth, and traffic analysis. It includes all the management tools needed for: adds, moves, and changes; user management, including BYOD onboarding; and guest access captive portal management. What’s more, FortiCloud is completely free. There is no recurring management license per AP. Complete Security at the Network Edge The FortiAP-S Series enables distributed enterprise sites to connect to the Internet safely, without sacrificing security. Corporate users can still be authenticated against RADIUS servers over the WAN if desired, or via FortiCloud. All traffic from employees or guests is protected by enterprise-class layer 7 security directly at the AP, without squandering WAN bandwidth. The FortiAP-S series allows distributed enterprises to benefit from superior security at all remote sites, without altering their existing security infrastructure at corporate or backhauling traffic through the corporate network. FIGURE 5 Fortinet Cloud Wireless Offering
www.fortinet.com 7 SOLUTION GUIDE: Secure Access Architecture FortiSwitch Ethernet Access and Data Center Switches are feature-rich yet cost effective—supporting the needs of enterprise campus and branch offices, as well as data center environments. The FortiSwitch product series integrates directly into the FortiGate with switch administration and access port security managed from the FortiGate interface. Regardless of how users and devices are connected to the network, users have complete visibility and control over network security and access—perfectly suited to threat-conscious organizations of any size. Virtualization and cloud computing have created dense, high- bandwidth Ethernet networking requirements in the data center, pushing the limits of existing data center switching. FortiSwitch Data Center switches meet these challenges by providing a high-performance switching platform with a low TCO. Ideal for top-of-rack server or firewall aggregation applications (as well as enterprise network core or distribution deployments), these switches are purpose-built to meet the needs of bandwidth- intensive environments. Fortinet Authentication – Secure, Scalable Ecosystem Network and Internet access is key for almost every role within the enterprise; however, this requirement must be balanced with the risk that it brings. The main objective of every enterprise is to provide secure but controlled network access—enabling the right person the right access at the right time, without compromising on security. Fortinet Authentication solutions include a broad range of flexible options. With support for up to millions of users, Fortinet provides authentication solutions for Infrastructure, Integrated, and Cloud offerings. Capabilities include single-sign-on and captive portal login options. Fortinet provides authentication solutions across wireless and wired networks with public and private systems. We enable integration with RADIUS, LDAP, and certification management. Fortinet Authentication solutions work as part of a complete ecosystem with third-party partners for applications such as social login, payment gateways, Property Management Systems (PMS), and Mobile Device Management (MDM). Most data breaches can be traced back to login credentials stolen via phishing attacks as the initial intrusion vector. Two-factor authentication goes a long way in closing that loophole, with standards-based secure authentication that works in conjunction with FortiTokens to secure the network. Additionally, Certificate Authority functionality simplifies CA management and delivers user certificate signing, FortiGate VPN, or server x.509 certificates for use in certificate-based two-factor authentication. FIGURE 6 FortiGate Switch Management FIGURE 7 FortiAuthenticator Single Sign-On User Identification Methods FortiSwitch – Secure Access Switching RADIUS Accounting Records Active Directory Poling SSO Mobility Agent Login Portal & Widgets User Identity Management Database Kerberos SYSLOG REST API
SOLUTION GUIDE: Secure Access ArchitectureSOLUTION GUIDE: Secure Access Architecture Fortinet Management – Policy Management, Analytics, Reporting Fortinet Management solutions support all network architecture options—including physical, virtual, and public/private cloud. These solutions deliver the versatility needed to effectively manage a Fortinet-based security infrastructure. Fortinet drastically reduces management costs, simplifies configuration, and accelerates deployment cycles. FortiManager provides crucial timesaving features like device auto-discovery, group management, global policies, auditing facilities, and the ability to manage complex VPN environments. Key capabilities of Fortinet Management solutions include, SSID and radio policy configuration, centralized AP firmware upgrades, real-time client monitoring, and deployment planning. In addition, Fortinet management includes a multi-tenant portal for delivering Wi-Fi as a service. Our analytics tools provide deep security, wireless analysis, and reporting—including usage, security logs/forensics, and PCI compliance. Fortinet centralized management provides the most flexible and scalable policy, analytics, and reporting system. FIGURE 8 FortiManager Centralized Device and Policy Management Copyright © 2015 Fortinet, Inc. All rights reserved. Fortinet® , FortiGate® , FortiCare® and FortiGuard® , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales EMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel: +33.4.8987.0510 APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6513.3730 LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16 Col. Juarez C.P. 06600 México D.F. Tel: 011-52-(55) 5524-8428 October 9, 2015 Complete Secure Access, No Compromises As a global leader in network security, Fortinet provides complete and comprehensive security for the entire access network. From campuses, to large offices, to branch offices, to the corner shop—Fortinet offers the industry’s most extensive network access security, regardless of business size, network topology, or choice of controller versus cloud-based management. Fortinet’s secure access portfolio delivers the same enterprise-class security in every scenario, without compromises. FortiGate (physical or virtual) FortiGate (physical or virtual) FortiGate (physical or virtual) Headquarters Data Center Branch Office Branch Office Policies Policies Policies FortiAnalyzer Centralized Logging and Reporting FortiManager Centralized Device and Policy Management

Recommended

Top firewall companies 2020 converted
Top firewall companies 2020 convertedTop firewall companies 2020 converted
Top firewall companies 2020 convertedemmaelice
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)Andris Soroka
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 

Recommended

Top firewall companies 2020 converted
Top firewall companies 2020 convertedTop firewall companies 2020 converted
Top firewall companies 2020 convertedemmaelice
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)Andris Soroka
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochureMaliha Ali
 
Byod+ +bring+your+own+device
Byod+ +bring+your+own+device Byod+ +bring+your+own+device
Byod+ +bring+your+own+device J
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data SecurityInternational Communications Corporation
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaSuministros Obras y Sistemas
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottwebinos project
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1Andris Soroka
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHBlock Armour
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...Block Armour
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Zoe Gilbert
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrustRoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrustTalea Consulting Srl
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuityBlock Armour
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAAharon Aharon
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlSylvain Maret
 
fortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurfortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurrezkellahhichem
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochurebakar kazmi
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureBaqar kazmi
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdfLolaHel
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel IoT
 

More Related Content

What's hot

CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochureMaliha Ali
 
Byod+ +bring+your+own+device
Byod+ +bring+your+own+device Byod+ +bring+your+own+device
Byod+ +bring+your+own+device J
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottwebinos project
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1Andris Soroka
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHBlock Armour
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...Block Armour
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Zoe Gilbert
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrustRoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrustTalea Consulting Srl
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuityBlock Armour
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 

What's hot (13)

CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochure
 
Byod+ +bring+your+own+device
Byod+ +bring+your+own+device Byod+ +bring+your+own+device
Byod+ +bring+your+own+device
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva Coporativa
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allott
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrustRoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere Workplace
 

Similar to SECURE ACCESS ARCHITECTURE GUIDE

WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAAharon Aharon
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlSylvain Maret
 
fortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurfortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurrezkellahhichem
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochurebakar kazmi
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureBaqar kazmi
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdfLolaHel
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel IoT
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Samir Kotarwar
 
Midokura for Industry 4.0
Midokura for Industry 4.0Midokura for Industry 4.0
Midokura for Industry 4.0Susan Wu
 
Visiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watchVisiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watchVisiongain
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Unisys Corporation
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 

Similar to SECURE ACCESS ARCHITECTURE GUIDE (20)

WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vl
 
fortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurfortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeur
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochure
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochure
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdf
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of Things
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
 
Value Journal - March 2021
Value Journal - March 2021Value Journal - March 2021
Value Journal - March 2021
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
 
Midokura for Industry 4.0
Midokura for Industry 4.0Midokura for Industry 4.0
Midokura for Industry 4.0
 
Visiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watchVisiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watch
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
 
Benefits of Fortigate Firewall Solutions for Remote Workforces.pptx
Benefits of Fortigate Firewall Solutions for Remote Workforces.pptxBenefits of Fortigate Firewall Solutions for Remote Workforces.pptx
Benefits of Fortigate Firewall Solutions for Remote Workforces.pptx
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Forti os ngfw
Forti os ngfwForti os ngfw
Forti os ngfw
 

Recently uploaded

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

SECURE ACCESS ARCHITECTURE GUIDE

  • 1. SOLUTION GUIDE Secure Access Architecture Complete Security for Network Access
  • 2. SOLUTION GUIDE: Secure Access Architecture 2 Introduction Technology and market trends are rapidly changing the way enterprise organizations deploy local area networks, connect end devices, and enable business applications of every type. But the implication of these changes and the following trends impact how networks must be secured. Growth in Unsecure Connected Devices The number and types of network-connected wireless devices continue to grow exponentially. Enterprise networks have moved well beyond connecting laptops, smartphones, and tablets. Emerging IoT (Internet of Things) applications are bringing new device types into enterprise networks. Gartner Group predicts 33 billion endpoints will be connected by 2020. This exponential increase in connected devices presents new vulnerabilities and a growing attack surface for hackers to exploit. IoT devices in particular (such as wireless sensor nodes, location-based beacons, and other small devices) often are not capable of supporting a suite of security solutions. Wireless Brings Perceived Vulnerabilities Wi-Fi is becoming the primary access medium for many of these network devices. This in turn is driving the never ending ‘need-for- speed’. With the capability of delivering gigabit speeds, Infonetics forecasts that by 2019 90% of connected devices will be 802.11ac- capable. But as the device landscape shifts from corporate-owned to employee-owned, and as network usage shifts to an ever-greater reliance on wireless, the perceived vulnerabilities of devices and the wireless network is coming into question. Recent Fortinet surveys indicate strong concern from CIO and IT administrators about the vulnerabilities of their wireless access network. Application Proliferation Enlarges Attack Surface The growth of mobile applications goes hand-in-hand with the increased number of devices. Mobile application use shows growth of 76% year-on-year. This means enterprises are not only facing support challenges from more enterprise applications, but also new vulnerabilities that stem from applications never before seen on the network. Operational Complexity for IT On top of this unprecedented growth in application and device diversity, users expect a unified access experience—one that ensures consistent, secure application and device policies across both wired and wireless environments. This creates major challenges for IT organizations that are stressed to fill gaps in security if policies are inconsistently applied and not easy to manage. Secure Access Experience the industry’s most comprehensive network access security, regardless the size of your business, your network topology and choice of on-premise or cloud-based management.
  • 3. SOLUTION GUIDE: Secure Access Architecture www.fortinet.com 3 FIGURE 2 Supports Enterprises of All Sizes FIGURE 1 Secure Access Architecture Fortinet Secure Access Architecture With these trends and challenges, the deployment and management of enterprise networks, applications and devices must be simplified. A network access layer that is not only secure but easy to manage, and continuously protected safeguards critical internal enterprise assets and users from cyberattacks. This is where Fortinet solutions lead the way. Fortinet networks are different. Fortinet’s network access solutions offer the best of next-generation firewall capabilities together with enterprise access. As opposed to traditional wireless solutions which only address connectivity, Fortinet’s secure access solutions have robust network security at their core in addition to connectivity. Fortinet secure access solutions are designed to provide the same award winning and 3rd party validated security in every type of deployment, from a stand-alone AP in an isolated office, to a handful of APs in a retail store to thousands of APs deployed across a large enterprise campus. Our three product offerings enable any business to choose the topology and network management that best suits them, without having to compromise on security protection. Securing business communications, personal information, financial transactions and mobile devices involves much more than network access control. It requires scanning for malware, preventing access to malicious websites, end-point integrity checking and controlling application usage. But typical Wi-Fi solutions do not cater to these requirements. Fortinet has a unique approach that addresses the shortcomings of other Wi-Fi offerings. Fortinet’s secure access portfolio provides the most flexible cyber security platform with end-to- end enforcement for enterprises of all sizes and verticals of any type.
  • 4. 4 SOLUTION GUIDE: Secure Access Architecture Same Security on all Platforms To provide the same levels of security as Fortinet, other vendors would need a variety of supplemental security support, depending on the product deployed. This adds to the operational complexity and TCO of their products. In contrast, the Fortinet secure portfolio offers the same comprehensive security across all our access platforms, whether controller-managed or cloud-managed. This makes it easy for businesses to mix-and-match deployment models for different use cases, without giving up critical security protection. Fortinet Secure Access Offerings With Infrastructure, Integrated, and Cloud solutions—Fortinet offers a comprehensive set of deployment options to meet the secure network needs of any size of organization in any vertical market. These three solution options are designed to extend or upgrade existing network systems. With on-site and cloud-managed solutions, Fortinet brings market-leading secure and flexible solutions. Infrastructure Wireless Offering – Mobility, Flexibility, and Choice The Fortinet Infrastructure offering combines on-premise controller-based management, open application appliances, and a range of high- performance indoor and outdoor APs. This offers an ideal solution when an organization needs to separate access infrastructure from the underlying network’s security infrastructure. With network-controlled roaming, users benefit from the best possible mobility experience. Our Infrastructure solution offers the most flexible channel configuration and layering to simplify deployment while increasing performance, traffic segmentation, and capacity. On top of this infrastructure is the wireless industry’s first open application platform to help IT build a more agile and open network. This product family scales for implementation in small, medium, and large enterprises of all types. FIGURE 3 Fortinet Infrastructure Wireless Offering
  • 5. SOLUTION GUIDE: Secure Access Architecture www.fortinet.com 5 Integrated Wireless Offering—Integrated, Scalable, Unified Management The Fortinet Integrated offering is a family of controller-managed APs that function in cooperation with a FortiGate. In addition to consolidating all the functions of a network Firewall, IPS, antimalware, VPN, WAN Optimization, Web Filtering, and Application Control in a single platform, FortiGate also has an integrated Wi-Fi controller. Fortinet APs can then be connected directly to FortiGate, providing comprehensive wireless coverage. FortiGate is also available with an integrated AP known as FortiWiFi. Recognized in both Gartner Group’s Magic Quadrants for Unified Threat Management and Enterprise Firewalls, FortiGate consolidates security, connectivity, and access control in a single platform. Regardless of access method, FortiGate applies a common security policy to all users and enables effortless BYOD onboarding. Complete PCI-DSS and HIPAA compliance is assured, along with the industry’s most comprehensive protection for all manner of wireless and Internet threats. Enterprises can centrally administer security policies through a “single-pane-of-glass” management interface. Like other Fortinet security products, FortiGate is secured by FortiGuard—receiving regular signature updates to ensure continuous protection against attacks and zero-day cyber threats. The combination of FortiGate security and FortiAPs gives enterprises of all sizes, hospitals, and schools scalability for thousands of APs and tens of thousands of clients, providing complete threat protection without the complexity of additional point security products. Benefits include: nn Air Traffic Control and Airtime Fairness – The network determines optimal client roaming between access points for the best possible mobility experience in time-sensitive applications nn Multi-Channel - Maximizes spectrum reuse and performance nn Virtual Cell plus Single Channel - Simplifies deployment and seamless roaming nn Virtual Cell plus Channel Layers - Multiple channels segment application traffic and add capacity nn Mobile Center – An application platform that helps IT build a more agile and open network nn Mobile Center Applications – Centralizes management, automates client on-boarding, and integrates SDN applications such Skype for Business (formerly Microsoft Lync) FIGURE 4 Fortinet Integrated Deployment Diagramt
  • 6. 6 SOLUTION GUIDE: Secure Access Architecture Cloud Wireless – Secure, Cloud and Controller-less Fortinet’s Cloud-Managed WLAN solution is unlike any other Cloud Wi-Fi offering. Based on the FortiCloud Provisioning and Management Service plus a new class of access points, the FortiAP-S series combines the elements of advanced firewall protection at the network edge with the simplicity and convenience of cloud management. Equipped with extra memory and twice the processing power of typical thin APs, FortiAP-S series performs real-time security processing on the AP itself. Combining Wi-Fi access and network security into the compact footprint of a single AP provides an exceptionally elegant and affordable WLAN for SMBs and an additional wireless option for distributed enterprises. Configuration management and reporting is provided through the FortiCloud provisioning and management portal, providing comprehensive details on per-user and device application usage, bandwidth, and traffic analysis. It includes all the management tools needed for: adds, moves, and changes; user management, including BYOD onboarding; and guest access captive portal management. What’s more, FortiCloud is completely free. There is no recurring management license per AP. Complete Security at the Network Edge The FortiAP-S Series enables distributed enterprise sites to connect to the Internet safely, without sacrificing security. Corporate users can still be authenticated against RADIUS servers over the WAN if desired, or via FortiCloud. All traffic from employees or guests is protected by enterprise-class layer 7 security directly at the AP, without squandering WAN bandwidth. The FortiAP-S series allows distributed enterprises to benefit from superior security at all remote sites, without altering their existing security infrastructure at corporate or backhauling traffic through the corporate network. FIGURE 5 Fortinet Cloud Wireless Offering
  • 7. www.fortinet.com 7 SOLUTION GUIDE: Secure Access Architecture FortiSwitch Ethernet Access and Data Center Switches are feature-rich yet cost effective—supporting the needs of enterprise campus and branch offices, as well as data center environments. The FortiSwitch product series integrates directly into the FortiGate with switch administration and access port security managed from the FortiGate interface. Regardless of how users and devices are connected to the network, users have complete visibility and control over network security and access—perfectly suited to threat-conscious organizations of any size. Virtualization and cloud computing have created dense, high- bandwidth Ethernet networking requirements in the data center, pushing the limits of existing data center switching. FortiSwitch Data Center switches meet these challenges by providing a high-performance switching platform with a low TCO. Ideal for top-of-rack server or firewall aggregation applications (as well as enterprise network core or distribution deployments), these switches are purpose-built to meet the needs of bandwidth- intensive environments. Fortinet Authentication – Secure, Scalable Ecosystem Network and Internet access is key for almost every role within the enterprise; however, this requirement must be balanced with the risk that it brings. The main objective of every enterprise is to provide secure but controlled network access—enabling the right person the right access at the right time, without compromising on security. Fortinet Authentication solutions include a broad range of flexible options. With support for up to millions of users, Fortinet provides authentication solutions for Infrastructure, Integrated, and Cloud offerings. Capabilities include single-sign-on and captive portal login options. Fortinet provides authentication solutions across wireless and wired networks with public and private systems. We enable integration with RADIUS, LDAP, and certification management. Fortinet Authentication solutions work as part of a complete ecosystem with third-party partners for applications such as social login, payment gateways, Property Management Systems (PMS), and Mobile Device Management (MDM). Most data breaches can be traced back to login credentials stolen via phishing attacks as the initial intrusion vector. Two-factor authentication goes a long way in closing that loophole, with standards-based secure authentication that works in conjunction with FortiTokens to secure the network. Additionally, Certificate Authority functionality simplifies CA management and delivers user certificate signing, FortiGate VPN, or server x.509 certificates for use in certificate-based two-factor authentication. FIGURE 6 FortiGate Switch Management FIGURE 7 FortiAuthenticator Single Sign-On User Identification Methods FortiSwitch – Secure Access Switching RADIUS Accounting Records Active Directory Poling SSO Mobility Agent Login Portal & Widgets User Identity Management Database Kerberos SYSLOG REST API
  • 8. SOLUTION GUIDE: Secure Access ArchitectureSOLUTION GUIDE: Secure Access Architecture Fortinet Management – Policy Management, Analytics, Reporting Fortinet Management solutions support all network architecture options—including physical, virtual, and public/private cloud. These solutions deliver the versatility needed to effectively manage a Fortinet-based security infrastructure. Fortinet drastically reduces management costs, simplifies configuration, and accelerates deployment cycles. FortiManager provides crucial timesaving features like device auto-discovery, group management, global policies, auditing facilities, and the ability to manage complex VPN environments. Key capabilities of Fortinet Management solutions include, SSID and radio policy configuration, centralized AP firmware upgrades, real-time client monitoring, and deployment planning. In addition, Fortinet management includes a multi-tenant portal for delivering Wi-Fi as a service. Our analytics tools provide deep security, wireless analysis, and reporting—including usage, security logs/forensics, and PCI compliance. Fortinet centralized management provides the most flexible and scalable policy, analytics, and reporting system. FIGURE 8 FortiManager Centralized Device and Policy Management Copyright © 2015 Fortinet, Inc. All rights reserved. Fortinet® , FortiGate® , FortiCare® and FortiGuard® , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales EMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel: +33.4.8987.0510 APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6513.3730 LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16 Col. Juarez C.P. 06600 México D.F. Tel: 011-52-(55) 5524-8428 October 9, 2015 Complete Secure Access, No Compromises As a global leader in network security, Fortinet provides complete and comprehensive security for the entire access network. From campuses, to large offices, to branch offices, to the corner shop—Fortinet offers the industry’s most extensive network access security, regardless of business size, network topology, or choice of controller versus cloud-based management. Fortinet’s secure access portfolio delivers the same enterprise-class security in every scenario, without compromises. FortiGate (physical or virtual) FortiGate (physical or virtual) FortiGate (physical or virtual) Headquarters Data Center Branch Office Branch Office Policies Policies Policies FortiAnalyzer Centralized Logging and Reporting FortiManager Centralized Device and Policy Management