Fortinet: Enhance and extend your SOC with visibility, control and automation
Cornelius Mare, Chief Information Security Officer at Fortinet A/NZ, offers insights on how to extend your security policies across all edges and clouds, add comprehensive controls to enforce those policies and build a fabric for automated responses.
You can’t defend against what you can’t see. And if you do detect something amiss, you need the right controls to isolate, analyse and mitigate the event. Further, since today’s networks operate at breakneck speed, these controls need to respond in nanoseconds and that requires automation. Visibility, control and automation. The three keys to network protection.
More and more network activity is taking place outside the core. Edge computing lets any number of users and devices access and process data and applications. And these data and applications can be hosted anywhere in the cloud. Your network is truly a global enterprise.
But this dispersed network topology broadens the attack surface. Adversaries have more opportunities, more tools and more targets, you included. Visibility, control and automated responses are more critical than ever.
Your challenge is to maintain granular-level visibility, implement comprehensive controls and create a security fabric for automated responses across your entire distributed network - inside the core, at all edges and into the cloud.
Visibility across workloads and clouds
Comprehensive protection is predicated by total visibility amongst all network components. All log-ons, users, traffic, applications and data processing. But it’s not enough just to observe. Your security fabric has to react, in near real time, to any anomalous activity.
But before you can identify ‘anomalous activity you need to define what is normal and expected. That is the role of your security policy. For maximum protection, your policy has to extend across the network to ensure consistent visibility, comprehensive controls and orchestrated responses.
The only feasible strategy to achieve this is to employ a network-wide security fabric that supports your policies across all devices and workloads, captures transactions and displays critical metrics via a centralised console. Further, it must be able to react, automatically, to anomalous events in near-real-time. This is the Fortinet advantage.
Security fabric solutions
Security fabric solutions can include Zero Trust Network Access (ZTNA) for strong authentication capabilities for users and devices and ‘least privilege’ access, Secure Access Service Edge (SASE) to protect cloud-based apps and data, Secure SD-WAN for branch office protection, real-time threat intelligence and many more specialised services.
All of these solutions work together to provide SIEM (security information and event management) and SOAR (security orchestration, automation and response) and, ultimately, extended detection and response (XDR).
Security fabric delivery
Delivering integrated, comprehensive and flexible security services to your network edges and into the cloud can take many forms. Security as a service (SaaS) is an effective way to add advanced tools, like sandboxing, to your repertoire. Fabric APIs allow you to add specific security services, such as application firewalls, to your DevOps initiatives. Fabric connectors allow you to extend your security policies to cloud-based platforms such as AWS, Google Cloud, Microsoft Azure and more.
Regardless of the service mechanism, a comprehensive security fabric, employing a multi-layer ‘defence-in-depth’ approach, is your best line of defence against malicious activity including ransomware. One that covers the core, edge and cloud. One that provides visibility, control and automation. And one that can scale to speed to secure all of your digital initiatives.
About the author
Cornelius Mare is Director, Chief Information Security Officer at Fortinet A/NZ. As such, it is his business to know what’s happening in the cybersecurity world and how to help enterprises secure their transitional networks without sacrificing speed, functionality or control. In particular, Corne is an expert with hybrid cloud environments and artificial intelligence. These tools, along with other Fortinet security services, help organisations manage their digital transformations with confidence.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider and government organisations around the world. Fortinet empowers customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud or edge environments.
Fortinet ranks #1 in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning organisation, the Fortinet Network Security Expert (NSE) Training Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.