Академический Документы
Профессиональный Документы
Культура Документы
Broad and Automated Security Coverage for your Expanding Attack Surface
INTRODUCTION
Advanced Threat
NOC/SOC
Intelligence
Client/ Cloud
IoT
Network
Access Application
Partner API
SOLUTION BRIEF
SOLUTION BRIEF: ESTABLISHING THE FORTINET SECURITY FABRIC FOR ADVANCED THREAT PROTECTION
This type of approach is absolutely critical to effective advanced BROAD COVERAGE ACROSS
threat protection. While there are always new, innovative THE ATTACK SURFACE
technologies to combat new, innovative cyber threats, none
Effectively protecting the enterprise
represents a “silver bullet” to protect organizations that don’t also
starts with ensuring coverage across
handle all of “the basics” of security best practices.
the entire attack surface—all physical
Instead, the most effective defense is founded on a cohesive and protection points and attack vectors.
extensible architecture that encompasses all the important basics, Specifically, both prevention and
along with the latest emerging technologies, as they demonstrate detection components must be able to inspect traffic, objects,
their effectiveness, working together to stop attacks at multiple and user activity from the endpoint (including IoT) and access
points of the organization and multiple phases of their life cycle. layer to the network edge and core, all the way out to the public
As such, the security components recommended as the basis for cloud. Further, it must cover the top attack vectors including the:
advanced threat protection span three primary phases: nnNetwork Layer—encompassing 3 of the top 5 vectors for cyber
nnPrevention—blocking, as much as possible, typically known crime as reported by Verizon
threats, often based on global intelligence nnApplication Layer—both email, which was the #1 and #3 vector
nnDetection—continuing inspection, usually for unknown threats for cyber crime as reported by Verizon, and web infrastructure,
based on local analysis and intelligence which was the top technique leading to compromise in many
nnMitigation—responding with new detection to minimize incidents industries
and their impact, primarily by sharing intelligence throughout the nnEndpoint Layer—the only place to protect against off-network
security architecture attacks
Further, this approach must incorporate current security
capabilities, emerging technologies, and customer-specific
learning mechanisms to create and distribute actionable security NETWORK LAYER
intelligence from newly detected threats in real time. And it must
coordinate among security components from multiple vendors,
such that the entire infrastructure can act as a single entity to
protect the organization.
APPLICATION LAYER
ENDPOINT LAYER
2
SOLUTION BRIEF: ESTABLISHING THE FORTINET SECURITY FABRIC FOR ADVANCED THREAT PROTECTION
And in many cases, it’s possible to “harden” the attack surface, Accordingly, an organization’s strongest defense will only be
forcing all users (including unauthorized ones) through fewer achieved when security can be automated across all of the
points of entry or potential threat vectors. Techniques including deployed components. This automation can include:
vulnerability management, virtual private networking, two-factor 1. prevention products sharing objects with detection products
authentication, and more to limit and control access are also for the deeper analysis
available with our full FortiClient stack.
2. detection products distributing threat intelligence based on
POWERFUL PROCESSING TO that analysis for updated prevention
ENABLE THE SECURITY YOU 3. response elements immediately accessing detection and
NEED prevention products for faster mitigation
Note that many of the security And this automation must occur across offerings from different
technologies required to prevent or vendors, as it is rare to find components for each protection point
detect advanced threats require deeper and attack vector that meet every organization’s requirements and
or more time-consuming analysis, budget.
yet they simply cannot be allowed to impede or even slow
That’s why Fortinet has developed six primary APIs, including two
the business. As a result, it is essential to accelerate, either in
specifically for local intelligence sharing from our FortiSandbox for
hardware, software, or cloud services, these functions so they can
a coordinated defense. These APIs are documented and open
be enabled (and not turned off) and improve the organization’s
for use by Fabric-ready partners with precertified integrations and
security posture. Examples of these more rigorous, yet potentially
indeed any third-party security product that will
hindering, security functions include anti-malware inspection on
leverage them.
network traffic, sandbox analysis on either the network or endpoint,
more advanced behavioral techniques on the endpoints, and
INDEPENDENTLY TESTED
similar technologies.
The ultimate measure of the security
Fortinet FortiGate appliances include our proprietary security
infrastructure that you have in place is its
processors for network traffic (our NP chips), content inspection
effectiveness in preventing, detecting, and
(CP chips), and a combined system on a chip (SoC) to ensure
quickly responding to mitigate attacks in real-
that all necessary FortiGate security features can be enabled on
world deployment. And while most security
properly sized appliances to stop threats seeking entry, from the
offerings will have dashboards showing
smallest remote office to the largest data center and all points in
what’s been detected, they are not going to show what’s been
between. These features include the full next-generation firewall
missed. That’s where independent, real-world testing can surely
stack of intrusion prevention, application control, web filtering,
help. There are a number of credible, independent test houses
anti-malware, SSL inspection, integrated sandboxing, and more.
that regularly test a range of security vendor offerings at various
Further, our FortiGate virtual appliances have been optimized for
protection points and attack vectors. These include NSS Labs,
cloud-scale performance in the world’s largest IaaS and PaaS
Virus Bulletin, ICSA Labs, and AV-Comparatives.
environments to extend advanced threat protection out to the
public cloud. Fortinet security products have undergone the most independent
testing, and earned the most top ratings, of any vendors’ offerings
AUTOMATED TO ACT AS A in the industry. Among them, Fortinet is the only vendor to earn:
SINGLE SYSTEM nnNSS Labs Recommendation for NGFW, DCIPS, WAF, AEP, and
Covering the breadth of the organization BDS;
with security components powerful nnICSA Labs ATD Certification (both standard and email) from the
enough to enable the necessary security inception; and
functions are simply the building blocks
nnVirus Bulletin VBSpam+ rating for the full year of 2016
to improve security. If these components
operate independently from each other, there will be gaps between As our co-founder and CTO Michael Xie asserted years ago and
them through which cyber criminals can slip through and silos that remains committed to today, “Fortinet is a strong believer in third-
will slow response and mitigation when that happens. Remember, party testing. We are always willing to put our products on the line
in the absence of ties between the products, it falls to the security against our colleagues and competitors in the security sphere...
team to manually bridge gaps and coordinate responses—an because to us, regardless of where we finish, we take the results
inherently time-consuming and less-effective exercise. and use them to create a better product.”
3
SOLUTION BRIEF: ESTABLISHING THE FORTINET SECURITY FABRIC FOR ADVANCED THREAT PROTECTION
STAYING AHEAD OF THE THREAT CURVE WITH Protection Ahead of the Threats: As a new threat emerges, certain
FORTINET FORTIGUARD LABS SYNERGY AND detection and prevention products communicate directly for
RESEARCH immediate, automated response. Additionally, FortiGuard Labs
One of the greatest Fortinet strengths is the synergy of its 24x7x365 global operations pushes up-to-date security intelligence
proprietary software, high-performance appliances, and FortiGuard in real time to Fortinet solutions, delivering instant protection against
Labs threat research teams. Most importantly, FortiGuard Labs new and emerging threats. And many of the same automated
research groups serve as the intelligence hub that ensures all three threat analysis tools and techniques have been packaged up within
elements work seamlessly. They study previously unknown threats, FortiSandbox to bring this same real-time detection and intelligence
develop comprehensive remediation strategies that are built from distribution to the individual customer environment.
the ground up with high performance and efficient protection in Collaboration in the Industry: In addition to its proactive research,
mind, and deliver security intelligence to continually strengthen global honeypot infrastructure, and 3,000,000+ network security
prevention and detection over time. As a result, organizations appliances also acting as sensors, FortiGuard Labs has established
benefit from: more than 200 threat information-sharing agreements with other
Comprehensive Security: FortiGuard Labs leverages real-time recognized vendor research groups, ISACs, and industry groups
intelligence across 12 distinct disciplines within the threat like the Cyber Threat Alliance, with a mature process for the
landscape to deliver comprehensive security updates across automated ingestion, deduplication, and validation to turn raw data
the full range of Fortinet solutions and core technologies for into high-value threat intelligence.
synergistic protection.
Application Antivirus
Control
Intrusion Antispam
Prevention Security
Web Web
Filtering Security
Vulnerability Database
Management Security
IP Reputation
For more information about Fortinet and the products that comprise the Advanced Threat Protection Solution, please visit
www.fortinet.com/atp.
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA HEADQUARTERS
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Sawgrass Lakes Center
899 Kifer Road 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
Sunnyvale, CA 94086 France Singapore 199555 Sunrise, FL 33323
United States Tel: +33.4.8987.0500 Tel: +65.6513.3730 Tel: +1.954.368.9990
Tel: +1.408.235.7700
www.fortinet.com/sales
Copyright © 2017 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. 68218-0-A-EN April 11, 2017