Automotive Company Selects Fortinet to Provide Robust Security and Connectivity

Customer Perspectives

Distributed enterprises are increasingly shifting data, applications, and workflows to the cloud to meet evolving business requirements and achieve digital innovation goals. However, this can become problematic for branch locations that still rely on traditional MPLS connections to backhaul traffic through the corporate network.

Fortinet recently worked with one organization struggling with this challenge and chose to leverage Fortinet’s robust Security Fabric platform and the Secure SD-WAN solution to address this.

New Requirements for a Distributed Infrastructure

With nearly 100 branch offices, this European automotive company sought a vendor that could secure their entire distributed infrastructure—from their data center to branch locations, to the Azure Cloud. This organization wanted more than just individual security tools that could protect each piece of their environment. They asked for an end-to-end solution that could provide robust security and connectivity across the entire network, and that could all be managed from a single console.

Various vendors presented their solutions to this organization, but they either lacked the security platform approach desired or the robust Secure SD-WAN functionality required. With key advanced networking features like centralized management and local inspection and control of network traffic at the branch, Fortinet’s broad, integrated, and automated Security Fabric was the only solution to check each box on this company’s list—meeting and even surpassing their expectations.

The result of almost 20 years of innovation, the Fortinet Security Fabric is engineered to enable Security-Driven NetworkingZero-trust Network AccessDynamic Cloud Security, and AI-driven Security Operations across the enterprise to help organizations achieve their digital innovation goals and protect the evolving attack surface. And with a robust Security Fabric ecosystem of hundreds of seamless third-party integrations, it can be readily extended throughout an organization’s security architecture while enlisting existing investments into an integrated security framework strategy. This comprehensive approach to cybersecurity helps minimize security gaps, while a single management console provides full visibility and control over the entire network. 

Fortinet Secure SD-WAN, a critical piece of the Security Fabric for this customer, combines security and SD-WAN functionality in a single device to provide enhanced cloud-based application performance, advanced routing capabilities, and enterprise-class security all working together as a single, integrated solution to improve user experience while protecting critical data and resources.

A Fabric Approach to Cybersecurity

With a platform approach to cybersecurity that was able to address all of the varied needs across its infrastructure, Fortinet quickly became the front runner for this organization. Fortinet cybersecurity solutions were able to address the following use cases for this customer:

  • SD-WAN Functionality: This organization was able to leverage Fortinet Secure SD-WAN on the FortiGate NGFW to decrease the amount of MPLS traffic and subsequently reduce costs while establishing a comprehensive security strategy that did not require building and deploying a separate security overlay. Moreover, its ability to provide local inspection and control of network traffic at the branch without requiring additional devices set Fortinet apart from the competition to this company that prefers the use of local breakout connections to access SaaS services.
  • Dynamic Security for Cloud-based Applications: Fortinet Secure SD-WAN not only provides application identification, multi-path control, and application steering to ensure that organizations can access all critical applications and resources in the cloud, but the entire connectivity process is protected with a full stack of security solutions designed to automatically adapt to highly dynamic connectivity environments.
  • Optimizing Connectivity with Azure: Fortinet’s Secure SD-WAN integration with Azure Virtual WAN offers a robust, secure and optimized Cloud On-Ramp to Azure Cloud workloads and services. This helps ensure ease of use, security, quality of experience, and visibility across distributed infrastructures spanning on-premises locations and Azure regional data centers. 
  • Branch Security: This company also leveraged Secure SD-WAN to provide better security across their branch offices. SD-Branch added such functionality as access control for both wired and wireless APs, and protections for onsite IoT and endpoint devices and local LAN infrastructure, thereby increasing visibility and control without requiring additional IT staff on-site. 
  • Time Saved: With Fortinet’s simple, single-pane-of-glass management console that can scale across their entire SD-WAN deployment, the security teams were able to save time deploying, managing, and orchestrating policies across all security devices.
  • Integration: Having recently invested in solutions with Sentinel One, this organization needed a security vendor that could seamlessly integrate with them. Fortunately, Sentinel One is part of Fortinet’s robust Security Fabric ecosystem, with over 360 technology integrations. 

The combination of all these capabilities set Fortinet apart from the competition, making us the obvious choice for an organization looking to protect its infrastructure from its data center out to remote branch locations and across their cloud environment.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how De Heus and Burger King Brazil implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Education Organization Delivers High Performance Security with FortiGate NGFWs

Customer Perspectives

Organizations are continuing to expand and are looking for ways to secure their multiple network locations. There are various challenges to overcome and consider to protect the entire attack surface from internal as well as external threats with advanced security. The digital attack surface is expanding at a rapid rate, making it increasingly difficult to defend against advanced threats. The search for and selection of the right solution that provides comprehensive security is imperative for these organizations aiming for a strong security posture. To achieve this, organizations require a strategy that brings security to the forefront of the network buildout and seamlessly integrates it with the networking stack. The goal is to enable network security practitioners to manage all security risks that are associated with applications and infrastructure in today’s hybrid data centers.

In particular, one specific organization – a cooperative of school boards in primary and secondary education – needed a network security platform that can provide comprehensive threat protection for thousands of primary and secondary schools in multiple network locations. This organization required a solution that could provide IPsec secure access from any school to their data centers and perform a content inspection as traffic leaves for, and enters back from, the Internet. Finally, they also wanted to take their security to a whole new level with advanced security detection and enforcement between all schools – within or across various school boards. 

Delivering High Performance and Advanced Network Security Across Multiple School Zones

In this instance, this large cooperative of school boards selected a security strategy and solution that would enable each education facility to have high-bandwidth internet access with advanced security protection across its numerous locations. This organization’s vision was to serve the needs of almost a million students by building a network that provides massive scale and performance for security and advanced networking capabilities that work together to provide a strong security posture. In addition to reliably securing the numerous school locations, the solution was selected by the group of school boards to lower IT expenditures by building a joint security solution that could benefit from economies of scale and offer a low total cost of ownership. The specific advanced security requirements include turning on application identification, web filtering, an intrusion prevention system, and anti-virus concurrently and having the data center capacity reach 715 Gbps of threat protection that consolidates all of the above-mentioned capabilities. Additionally, all of the existing and future schools that join this partnership will continue to connect using IPsec capabilities to the established data centers. 

Choosing the Right Security Solution to Address Several Complex Business Requirements

This education organization manages two large national data centers – a primary and a secondary data center working in an active-passive arrangement. The participating schools are spread across different school districts that connect to the primary data center using an IPsec tunnel that originates from a FortiGate CPE. The schools route all traffic via the primary data center and when that data center is inaccessible, they automatically fail over via the backup IPsec tunnel to the secondary data center, providing the required performance and reliability. In this scenario, these IPsec tunnels from each school are terminated on a FortiGate Next-generation Firewall that is placed in each data entry as a VPN concentrator. This allows all participating schools to securely backhaul traffic to the two data centers while preserving the confidentiality of the data. 

To ensure better access control, traffic between each school board is segmented using a FortiOS feature called VDOM (Virtual Domain). These virtual domains allow this organization to take a FortiGate and logically partition it, providing each school board the ability to create unique security and network policies that suit its needs while still participate in the knowledge sharing conglomerate of school boards.

The FortiGates seamlessly integrate advanced networking and security capabilities like application identification, web filtering, and intrusion prevention system capabilities for thousands of schools and enable a massively scalable network security platform offering the required performance of 715 Gbps.

This advanced security solution also provides traffic content inspection between any two schools that want to communicate with one another, including schools within the same district. This is paramount to building a strong cybersecurity posture for all schools that fall within this educational organization’s jurisdiction. Although performing SSL/TLS inspection (including TLS 1.3) on encrypted traffic for full visibility was not initially a requirement in the organization’s search for the right solution, Fortinet’s SSL/TLS inspection performance was seen by the organization as a key benefit of Fortinet’s security solution. Moreover, the organization had requirements for centralized management and reporting capabilities to reduce network complexity and risk, while increasing efficiency. By leveraging the Fortinet Fabric Management Center, which is composed of  FortiManager and FortiAnalyzer, this organization can benefit from single pane of glass management across their two data centers to reduce cost and complexity, and streamline operations. Additionally, the Fabric Management Center offers best practices for compliance and workflow automation to provide better protection against breaches.

Fortinet’s ability to build complex, massively scalable, and high-performance Layer 7 advanced security reduced the organization’s security complexity challenges, providing better visibility and heightened performance. True to its goals, the organization will be able to scale to 715 Gbps throughput for its sites within the next few years with the Fortinet solution. 

Furthermore, the organization will have the ability to leverage its existing investment in Fortinet solutions and can simply turn on built-in SD-WAN capabilities to employ additional broadband transports to their WAN infrastructure and preserve user experience while realizing the industry’s best investment protection.

Finding a Proven Partner in Fortinet

Networks are continually growing and evolving, and the adoption of new technologies or workflows can increase the attack surface and open the door to new threats. At the same time, cybercriminals are launching increasingly sophisticated attacks. For this cooperative of school boards, Fortinet provided the network security platform that could seamlessly integrate advanced networking and security capabilities, run multiple best-of-breed security services concurrently and deliver the required scale and performance with industry’s most optimized Total Cost of Ownership (TCO). With Fortinet, this organization will be able to protect up to one million students and has an effectively future-proofed investment that gives them the ability to turn on TLS inspection and Secure SD-WAN on their already deployed FortiGate infrastructure.

Find out how Fortinet’s FortiGate Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Fortinet Acquires Cloud Security and Networking Innovator OPAQ Networks

SASE (Secure Access Service Edge) has become a topic of increased industry discussion and interest for enterprises and partners alike. That’s because today’s organizations require immediate, uninterrupted, and secure access to network and cloud-based resources and data – especially business-critical applications – no matter where their users are located.

Digital innovation creates new challenges for organizations, including dynamically changing network configurations and the rapid expansion of the attack surface. This has resulted in new and incremental opportunities to provide additional levels of protection and access control that these organizations and users require. These are challenges that a SASE solution is designed to address.

However, there are two critical things to remember about the selection and implementation of any SASE solution. The first is that it must be easily integrated into your larger security strategy. If not, you are simply creating yet another set of stand-alone security solutions that require additional attention and resources. The second is that any SASE solution must not only meet current access and flexibility needs, but it must also support a Security-driven Networking strategy so it can quickly and automatically adapt to new network changes and evolving business requirements as they occur while providing robust, continuously-improved security and performance.

Fortinet Delivers the Most Complete SASE Platform on the Market

Because of the broad range of technologies it encompasses, and the variety of environments it needs to support, SASE is not a one-size-fits all secure access solution. Organizations have unique needs, and they need to be able to select and deploy those security offerings that are best-suited to their unique network environments and business requirements.

And yet, for SASE to work well, all of its components still need to interoperate as a single integrated system – connectivity, networking, and security elements alike. Part of the reason that sounds so familiar to us at Fortinet is that we have been delivering the core SASE requirements—plus much more—for years as part of our integrated Security Platform and Security Fabric architecture. A number of our customers looking to understand SASE have found that, with minor adjustments, they already had a SASE solution in place thanks to the power of the Security Fabric.

And now, to expand on the SASE flexibility and functionality already provided to customers and partners, Fortinet today announced the acquisition of OPAQ Networks, a SASE cloud provider. OPAQ’s Zero Trust Network Access (ZTNA) cloud solution protects organizations’ distributed networks – from data centers to branch offices, remote users, and Internet of Things (IoT) devices.

By combining Fortinet’s Security Fabric with OPAQ’s patented ZTNA solution, Fortinet further enhances its existing SASE offering to offer the best-in-class SASE cloud security platform with the industry’s only true Zero Trust access and security solution. It does this by integrating industry-leading next-generation firewall and SD-WAN capabilities, web security, sandboxing, advanced endpoint, identity / multi factor authentication, multi-cloud workload protection, cloud application security broker (CASB), browser isolation, and web application firewalling capabilities with a patented zero-trust cloud architecture to offer a flexible and dynamic SASE solution that can be managed and controlled through a single interface. 

And Fortinet has the R&D scale and focus to deliver continuous innovation, with the best and broadest security “under the hood.” Unlike other cloud providers, who are missing a strong security backbone or a scalable, high performance cloud architecture—or, in some cases, both—Fortinet delivers cloud security, with the security.

“The acquisition of OPAQ further enhances our existing SASE offering. Now, we will deliver the most complete SASE platform on the market with the broadest security offering, industry-leading SD-WAN, and advanced networking solutions to customers and partners through a flexible, cost efficient, and patented zero-trust cloud architecture,” shared Ken Xie, Founder, Chairman of the Board, and CEO of Fortinet.

Moreover, OPAQ’s platform is purpose-built to be partner friendly, empowering MSSPs, carriers, and high value-add partners to easily integrate its multi-tenant SASE platform into their own offering. This enables these service providers to add critical value to their business and government customers through their Network Operations Center and Security Operations Center expertise and advanced professional services.

Given remote workforce trends, with exponentially more users, devices, applications, services, and data now operating outside of the traditional enterprise edge than inside, the integration of Fortinet’s broad Security Fabric with OPAQ’s cloud platform offers customers and partners even more choices as to how they can consume best-of-breed security. And it is yet another unique and differentiated way that Fortinet is empowering customers with the best, and truly integrated security and networking innovation designed to respond to evolving business needs in real-time.

Fortinet Enhances SASE and ZTNA Offerings with Cloud Delivery Enhanced Capabilities

With the OPAQ acquisition, unlike other cloud security providers, Fortinet delivers:

  • The best of scalability, performance, and security compared to any cloud security vendor.
  • A broad and integrated suite of cloud security solutions providing true Zero-Trust security, unlike other ZTNA providers who leave many unprotected gaps in the attack surface.
  • A one-of-a-kind ZTNA solution that includes continuous security innovation at scale, leveraging Fortinet’s market-leading R&D talent to deliver security substance “under the hood.” 
  • The most partner-friendly ZTNA offering in the market that remains true to Fortinet’s ongoing commitment to its value-add services partners. 
  • Fully integrated security and networking, including Fortinet’s industry-leading SD-WAN, furthering the company’s Security-driven Networking approach.

To that last point, Xie added, “The recent SASE market momentum further validates our Security-driven Networking approach and underscores what we’ve been saying for years. In the current era of hyper connectivity and expanding networks, with the network edge stretching across the entire digital infrastructure, networking and security must converge.”

Today’s announcement of the integration of Fortinet’s broad and integrated security offerings with OPAQ’s SASE cloud platform delivers the most complete SASE platform on the market, enabling organizations to more rapidly and securely embrace digital innovation and compete more effectively in today’s digital marketplace.

Learn more about how Fortinet’s acquisiton of OPAQ Networks enhances its existing SASE offering, enabling Fortinet to deliver the most complete SASE platform on the market.

Sourced from Fortinet

Key Use Cases for the Fortinet Fabric Management Center

Customer Perspectives

IT organizations use manageability as a key criterion in selecting security infrastructure. That said, the larger an IT network is, the more critical management efficiency becomes. The Fortinet Fabric Management Center, which combines the FortiManager network management solution and the FortiAnalyzer analytics and log management solution, streamlines deployment and administration across even the largest security infrastructure.

Ensuring Operational Efficiency at Scale

The experience of GPS Hospitality is a case in point. The company owns nearly 500 quick-service restaurants across 11 U.S. states—a size it reached in just seven years by growing through acquisitions. To ensure operational efficiency as it scaled up, GPS Hospitality standardized the IT environment across all its restaurants and engaged IT service provider HonorBuilt for IT deployment and support. 

GPS Hospitality selected Fortinet solutions to secure its geographically dispersed restaurants, in large part because of the Fabric Management Center. Today, each of the company’s restaurants has two FortiSwitch devices, a FortiGate next-generation firewall (NGFW), two FortiAP access points, and a FortiMail secure email gateway. HonorBuilt manages all these solutions, across the entire restaurant footprint, through a single pane of glass.

“For us, as the service provider, global management is the number-one benefit of using the Fortinet solutions,” says Andy Patterson, senior technology consultant for HonorBuilt. “Before using the FortiManager solution, we had no way of pushing out global updates. Now we can do it in minutes, across all 486 GPS Hospitality locations.” HonorBuilt also uses FortiAnalyzer to gain insights into security events across the GPS Hospitality infrastructure.

Just as important as day-to-day management efficiency is the ease with which the Fortinet solutions can be deployed in new locations. Jim Barlow, director of IT for GPS Hospitality, says the Fabric Management Center makes opening a new restaurant “almost cookie-cutter.” This ease of deployment has enabled GPS Hospitality to grow more than 1,000% in its first seven years. 

“Our partnership with HonorBuilt and our use of Fortinet solutions makes it very easy to put our same footprint in every restaurant,” Barlow concludes. “When the technology platform is as standardized as ours, a company can grow very quickly.” 

Visibility and Scalability in Preparation for the Future

Batteries Plus Bulbs has a similar story to tell. Its managed security service provider (MSSP), Leeward Business Advisors, is responsible for the company’s security operations center and network operations center, as well as security, network connectivity, and wireless access in each of Batteries Plus Bulbs’ 740 stores. 

FortiGate NGFWs secure traffic in each store and provide secure software-defined wide-area network (SD-WAN) network connectivity. FortiAP wireless access points provide wireless access within each store, and the FortiGate Unified Threat Management (UTM) bundle gives Batteries Plus Bulbs access to advanced malware protection, web filtering, intrusion prevention system (IPS), and application control. All these solutions rely on threat intelligence from FortiGuard Labs and third-party providers within the Fortinet Security Fabric. 

LeewardBA and Batteries Plus Bulbs staff use the Fabric Management Center to oversee all these solutions. FortiManager VM and FortiAnalyzer “enable us to provide centralized management from a single pane of glass, detailed reporting, workflow automation, and trends analysis,” says Jason Klein, chief technology officer (CTO) for LeewardBA. “This enables the in-house team to get a complete picture of their security posture at a glance, at any time.”

This level of visibility is a major improvement over the company’s legacy security environment, provided by a different MSSP and solution vendor. “We were often in the dark with our prior solution,” says Michael Lehman, vice president and chief information officer (CIO) for Batteries Plus Bulbs. “Our prior MSSP did not provide us with actionable insights about what risks we faced or what we could do about them.”

Dan Dugan, vice president of IT for Batteries Plus Bulbs, sums up the benefits of the Fabric Management Center: “Now we have security information by glancing at a screen, and we can drill down to any level of detail we need. We can take a more proactive stance in managing security. This gives us confidence that we are equipped to manage security threats for the next five to seven years.”

Financial Services Audits Made Easy

The Illinois State Treasurer does not have as many disparate locations as GPS Hospitality or Batteries Plus Bulbs, but as the state’s banking agency, it manages $32 billion in assets. Effective security is imperative—and in order to provide effective security, the agency’s small IT staff requires operational efficiency. That is a primary reason the Treasurer’s office turned to Fortinet. 

The agency deployed FortiGate NGFWs and the FortiSandbox sandboxing solution to protect its infrastructure. The Fortinet Fabric Management Center consolidates information about threat detection and response networkwide, which is essential for securing sensitive data, such as account or routing numbers, and connections with external financial institutions. “Having that single-pane-of-glass visibility makes security management a lot easier,” says Joseph Daniels, CIO for the Illinois State Treasurer. 

To comply with a recent information security audit, Daniels pulled the agency’s weekly FortiGate Cloud security reports, which gave him sufficient information to capably meet the audit requirements. Since then, the agency has deployed FortiAnalyzer analytics, which Daniels says “provides a much deeper dive into our network. … I am looking forward to the next audit that we have. We will be much better prepared.”

The Bottom Line for Automated Network Operations

From state agencies to retail businesses, efficiency is a crucial component of the IT security infrastructure. Many businesses face a resource shortage. Even large organizations may not have large security teams, due to the scarcity of skills available in most job markets. 

Automation, centralization, and other drivers of efficiency in infrastructure management help ensure that network and security teams of all sizes can effectively secure critical resources, potentially across hundreds (or even thousands) of dispersed locations. FortiGate NGFWs reach this level of manageability because of the single-pane-of-glass visibility in the Fortinet Fabric Management Center.

Learn more about how Fortinet’s Fabric Management Center enables enterprise-class automation capabilities while helping network leaders realize industry-leading benefits like improved efficiency, reduced risk, and decreased TCO. 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

ATP 29 Targeting SSL VPN Flaws

United Kingdom’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) have published research into the activity of ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’ who have been targeting various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.

The initial attack vectors for this group has been unpatched vulnerabilities in SSL-VPN solutions including Fortinet. One of the vectors used included a vulnerability resolved by Fortinet in May 2019, allowed an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests as disclosed in FG-IR-18-384 / CVE-2018-13379. At the time of the disclosure Fortinet made available patches for all supported releases (5.4, 5.6, 6.0, 6.2).

Customers were notified at the time via the public PSIRT Advisory system of the need to upgrade immediately and highlighted the same in the release notes.  For those unable to upgrade, mitigations were provided.  For additional transparency, this was again highlighted in a blog in August 2019 after the vulnerabilities were disclosed by the researchers at Black Hat 2019.

For all customers Fortinet recommends the following actions are taken immediately.

  • Upgrade all FortiGate systems to the latest firmware releases. Using the latest security patches for your release is key to protect against attack.
  • Validate that all SSL-VPN local users are expected, with correct email addresses assigned and perform password reset on all users.  If there are any unrecognised local users, follow corporate policy remove them immediately.
  • Preferably migrate to using remote directory system (LDAP,RADIUS) for all user authentication
  • Use multi-factor authentication (two-factor authentication authentication) to reduce the impact of password compromises.

Additional steps can be taken to secure your network against attack including:

  • Prevent and detect lateral movement in your organisation’s networks using tools such as deceptor technology to identify threats early in the threat cycle.
  • Employ Endpoint detection and response to identify and block threats before the have a chance to take hold on the network.

Revision History:

2020-07-16 Initial version

Sourced from Fortinet

Fortinet Unveils Secure SD-WAN For Multi-Cloud

Networking and security teams are constantly trying to maintain a balance between security, complexity, and application experience. This situation has become much more challenging with organizations adopting multiple clouds and hybrid cloud environments for their business needs. Fortinet’s new “Secure SD-WAN for Multi-Cloud” solution addresses these challenges by enabling enterprise IT to build a seamless cloud-to-cloud network and security architecture that is consistent and robust across the different clouds.

Multi-Cloud Comes with Multiple Benefits…and Challenges

Cloud infrastructure spend is rapidly becoming a larger portion of the CIO’s budget, and as a result, enterprises are increasingly adopting a multi-cloud approach for their cloud deployments. A multi-cloud strategy enables these organizations to avoid vendor lock-in and to select the best cloud services to meet the requirements of a particular application or workload. Organizations are also able to choose cost-optimized services and leverage geographically dispersed clouds for disaster recovery, to meet data sovereignty requirements, and to improve overall user experience. And, a multi-cloud model also provides redundancy to reduce the risk of downtime. 

For these reasons and more, enterprises are building their new data infrastructure across multiple clouds. And at the same time, IT continues to constantly evolve their cloud network infrastructure to meet new performance, security, scaling, and cost goals that have a tangible impact on their business outcomes.

However, even with so many benefits and use cases, multi-cloud is not without its challenges.

Firstly, the diversity of cloud platforms is a key challenge for IT since it is difficult to find skilled personnel who are experts in every single cloud environment. This skills gap often results in an IT team’s inability to scale adequately to keep up with the different demands of the large number of cloud service providers being used. Due to fundamental differences between cloud providers, IT typically struggles to deploy a consistent network infrastructure for applications and workloads that are deployed in or that span across multiple clouds. This increased complexity can slow down operations.

Secondly, this same problem also increases security risks. A lack of a consistent security infrastructure that can seamlessly span multiple clouds, especially in terms of policy orchestration and enforcement, results in security gaps that prevent end-to-end visibility and uniform security control.

Previously, to overcome these challenges, enterprises have chosen to backhaul cloud traffic to on-prem data centers or network service/colocation provider points of presence. While the goal is for cloud workload traffic to be centrally inspected and routed between the different clouds, these dedicated backhaul connections are often expensive and can quickly become bottlenecks. And this problem can be exacerbated because backhauling traffic over cloud provider VPN gateways to on-prem data centers can add significant latency and degrade application performance.

All these challenges demand a new approach for establishing secure and high-performance connectivity between multiple clouds—especially without increasing cost and complexity.

Fortinet Secure SD-WAN for Multi-Cloud

Fortinet Secure SD-WAN for Multi-Cloud is a new use case built around a FortiGate-VM next generation virtual firewall combined with a FortiManager central management console.

This new offering enables a unified networking and security strategy with a programmable framework to ensure consistent policies for securing and transporting traffic across multi-cloud environments. This application-aware overlay network can be easily deployed, and operates seamlessly across multiple Public and Private cloud virtual networks. It leverages internet connections as well as collocation and leased line connections to each cloud—including public cloud transport services like direct connect, express route, and interconnect—to offer the option of select different links per application and workload. And to reduce complexity and increase agility, the solution also supports repeatable deployments using automation templates and broad support for public cloud and SDN/SDDC integrations.

Next, this solution—supported by Fortinet fabric connectors that enable full integration with and between cloud providers—automatically updates dynamic addresses of workloads as they are spun up and spun down. Appropriate security policies are then dynamically tied to workloads without the need for manual intervention. In addition, cloud-native integrations, such as tag-based segmentation, enables the application of policies to segment workloads. And with pipelined automation that uses Cloud provider serverless functions, IT can decrease response times to security events through automation applied across multiple FortiGate-VM Secure SD-WAN nodes. And finally, deep packet inspection and advanced security, such as IPS and AV, provide deep visibility into any security threats across the multi-cloud deployment.

This solution can work on either cloud provider direct connections or internet links based on predefined or custom application signatures—and it also utilizes encryption to securely transport application traffic using internet links. And its SD-WAN dynamic path selection capability chooses optimal link(s) to deliver the best application experience. FortiGate-VM also offers over 20Gbps of IPsec performance for fast encrypted connections over internet links to reduce operational costs.

Customer Benefits for Deploying Fortinet Secure SD-WAN

Here are a few of the customer benefits Fortinet Secure SD-WAN for Multi-Cloud provides:

  • Lowers cybersecurity risks and improves compliance by deploying security policies and advanced protection uniformly across multi-cloud deployments, as well as securing application traffic with high speed encryption and traffic inspection.
  • Accelerates time to revenue and improves business productivity by increasing the agility of application deployments across multi-cloud environments, eliminating current limitations while delivering the right application experience at a reduced cost.

Secure SD-WAN for Multi-Cloud Offerings

For those enterprises looking to reduce complexity, increase cost efficiency, and improve application experience when operating multi-cloud environments, Secure SD-WAN for Multi-Cloud offers:

  • An overlay transport that creates a single, seamless network that spans different cloud environments
  • Consistent security controls and visibility in spite of a dynamic application infrastructure
  • High-speed encrypted traffic performance over less expensive internet links and leased lines
  • A scalable and future-proof solution, that enables the implementation of business policies and ongoing management and orchestration of connectivity and security from a single, centralized console.

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Read these customer case studies to see how Hillsborough Community College and WeLab implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud. 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Leveraging Automation and Analytics to Protect Security Infrastructure in Government

Customer Perspectives

An IT security infrastructure built to protect a government is incredibly complex. Using the right tools is essential in enabling staff to effectively and efficiently develop and maintain that infrastructure. 

The government was in the midst of an initiative to consolidate IT services across its distributed data center infrastructure. The scale of the initiative was immense. The government employs hundreds of thousands of workers, who regularly use thousands of applications. 

Protecting systems on this scale required a revamp of the network’s security infrastructure. The government’s IT services organization launched a request for proposals (RFP) with hundreds of mandatory technical requirements, including advanced threat protection, sandboxing, intrusion detection and prevention system (IDPS), and secure web gateway capabilities. The new solution also needed to streamline management and provide visibility into security events throughout the government. 

Solutions that met these extensive technical requirements had to demonstrate they could perform at scale. Firewalls needed to support 100 Gigabit-per-second (Gbps) secure sockets layer (SSL) throughput, while maintaining millions of concurrent connections and hundreds of thousands of new sessions per second. They were also required to support up to 100 virtual domains (VDOMs) for segmentation.

FortiGate next-generation firewalls (NGFWs) and the other Fortinet products provided all the requisite security features, so Fortinet submitted a proposal and participated in a proof of concept (POC).

Impressive Performance in Super-Sized POC

The solution Fortinet developed for the POC consists of a stack of clusters, each with four FortiGate NGFWs. Load-balancing capabilities enable the infrastructure to support smaller deployments with 40 Gbps, but also to scale up to 100 Gbps when an agency requires that much bandwidth. A FortiWeb web application firewall (WAF) manages internet traffic, and the NGFWs route suspected threats to a FortiSandbox cluster. 

In the POC, Fortinet enabled every feature of the NGFWs, including sandboxing and full event logging. Fortinet also enabled a new IP reputation capability, through which the NGFW compares IP addresses for all traffic against the Fortinet IP Reputation database. The NGFW denies network access for any traffic from a low-scoring IP address, unless administrators have whitelisted the address. 

With all these features running, the Fortinet solution met the government’s rigorous performance requirements, distributing 100 Gbps of SSL traffic evenly across the stack while demonstrating exceptional security capabilities. The incumbent solution, from another vendor, also met the RFP’s technical requirements. However, it had difficulty matching the performance of the Fortinet solution with all the requisite security features enabled. These results, combined with a compelling TCO, led the government to opt for the Fortinet solution.

Fabric Management Center Streamlines Infrastructure Management

The government’s IT services organization has deployed the Fortinet solution across multiple data centers, and it continues to expand the scope of the installation. To manage its geographically dispersed security infrastructure, the organization uses the Fortinet Fabric Management Center, which consists of the FortiManager centralized management solution and the FortiAnalyzer analytics and log management solution.

The FortiManager solution—deployed in each data center—provides the level of automation necessary to configure and control the large-scale security infrastructure. A Fortinet services team used the powerful FortiManager scripting capabilities to develop more than 50 different scripts for the government’s infrastructure. One simple script builds out an entire data center tenant, including creating the VDOMs and mapping the interfaces in all the NGFWs. Doing this manually would be incredibly time-consuming.

A FortiAnalyzer cluster in each data center provides insights into threats and vulnerabilities throughout the security infrastructure. It also provides customized reporting—based on complex queries developed by the Fortinet services team—to meet the highly specific requirements of the government’s IT services group. 

Meanwhile, the FortiWeb WAF provides common vulnerabilities and exposures (CVE) and Open Web Application Security Project (OWASP) dashboards. If a new strain of malware emerges and the government wants to know whether it has appeared in agencies’ traffic, government IT staff can quickly find out via the CVE dashboard.

The IT organization’s security infrastructure project was successful in large part because of the concerted effort on the part of all team members. The government’s intensive POC process ensured that the Fortinet solution would meet its security and performance needs. During implementation, the Fortinet services team helped the IT organization leverage the automation capabilities within the Fabric Management Center, which is making it easier for staff to protect the huge government infrastructure. 

Learn more about how Fortinet’s Fabric Management Center enables enterprise-class automation capabilities while helping network leaders realize industry-leading benefits like improved efficiency, reduced risk, and decreased TCO. 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Report: OT Security Remains a Challenge for Leaders Across Industries

Industry Perspectives

The security of operational technology (OT) networks is a growing concern as it involves the world’s factories, utilities, healthcare, public transportation companies, energy facilities, and more—all of which have seen an enormous transformation in recent years. For example, manufacturing and plant operations have become much more efficient, primarily due to a projected $40 billion OT hardware and software market that provides solutions designed to make operations more agile. However, along with these efficiency gains—including supervisory control and data acquisition (SCADA) systems that are now connected to the Internet—comes a sharp rise in cyber risk. That’s because these previously “air-gapped” systems that were once fully isolated from the Internet are now connected to it, exposing its broad attack surface to new cyber risks. 

The challenges of securing industrial control systems (ICS) against cyber threats continue to dominate the everyday to-do lists of OT teams. In spite of almost daily attention from OT leaders, business operations are increasingly at risk, largely thanks to a growing number of intrusion strategies that get more sophisticated as time goes by. And now, in 2020, there is the added challenge of facing the risks presented by COVID-19, including more employees working from home and the adoption of new technologies designed to support a remote workforce. 

To shed light on these and other OT security challenges, Fortinet has released the 2020 State of Operational Technology and Cybersecurity Report

Providing Insight on OT Security

The increasing volume of cyber threats impacting ISC/SCADA systems has presented new challenges for OT leaders as they work to address their expanding attack surface and decide which cybersecurity strategies and solutions they should adopt. Understanding these challenges was the focus behind Fortinet’s latest study that exclusively targeted individuals responsible for some aspect of manufacturing or plant operations, and with job titles ranging from manager to vice president. All respondents also work at companies involved in one of four industries, including: 

  • Manufacturing 
  • Energy and Utilities
  • Healthcare
  • Transportation

Among the gathered responses, this study highlights four main trends that help illustrate the current state of OT security across organizations:

1. OT Leaders Have a Broad Set of Responsibilities, Including Cybersecurity

OT leaders typically report to higher-ranking individuals within the organization, such as a VP, COO, or the CEO. The overwhelming majority (80%) are also regularly involved in making cybersecurity decisions, with half having the final say in those decisions. 64% of OT leaders have also taken on the responsibility of embedding security within the operations process, and 71% are regularly involved in IT cybersecurity strategy. 

Because cybersecurity is a top priority for these individuals, trends show that matters related to OT security will soon become the responsibility of the CISO, if they are not already. The inevitability of this shift is highlighted by the fact that most (61%) respondents stated that they expect their CISO to take on all OT security responsibilities in the coming year. This is likely due to the increased risk of connected OT systems and their impact on business continuity. 

2. Core Cybersecurity Protection is Not Featured Within All OT Infrastructures

The report also revealed gaps in many OT infrastructures that include security. For roughly 40% – 50% of those organizations surveyed, the following protocols and security features were missing:

While more than half (58%) of organizations are seeing their budgets increase in 2020, it should also be noted that 15% are instead seeing a decrease in funding, which could be connected to COVID-19-related revenue losses.  

3. Security Measurements and Analysis Remain a Challenge for OT Leaders

The Fortinet survey found that between 36% and 57% of organizations lack consistency when it comes to measuring items on a list of standard metrics. Among the most commonly tracked and reported areas are vulnerabilities (64%), intrusions (57%), and cost reduction resulting from cybersecurity efforts (58%). Conversely, less than half of organizations (43%) are known to report on tangible risk management outcomes, and 39% to 50% do not routinely share basic cybersecurity data with senior executive leadership.

Respondents also cited security analysis, monitoring, and assessment tools as among the most essential features in security solutions, with the majority (58%) ranking these specific attributes in the top 3. Despite the prioritization of these features, however, 53% reported that security solutions hinder operational flexibility and half reported that they create more complexity.

4. Most OT Leaders Struggle to Prevent Intrusions

The majority of responding organizations also reported that they had been largely unsuccessful at preventing cyber criminals from exploiting their systems, with only 8% stating that they had had no intrusions over the past 12 months. Among those surveyed, it was also found that: 

  • 90% have experienced at least one intrusion in the past year 
  • 72% have experienced three or more intrusions in the past year
  • 26% have experienced six or more intrusions in the past year

The impact of these exploitations was also noted by respondents, with more than half (51%) documenting lost productivity, 37% seeing operational outages impacting revenue, and 39% having their physical safety put at risk—a significant concern considering the inherent dangers of industrial facilities.  

OT leaders also noted the commonality of specific attack methods, including malware (60%), phishing (43%), hackers (39%), ransomware (37%), denial-of-service (DDoS) attacks (27%), and insider breaches (18%). 

Security Best Practices in Operational Technology

This report also identified two subsets of respondents: those who had no intrusions during the past 12 months (top-tier) and those who experienced more than 10 intrusions during that same time (bottom-tier). Among those top-tier organizations, the following best practices were noted:

  1. Top-tier organizations are four times as likely to ensure that their OT activities are centrally visible to their security operations teams. 
  2. They are also 133% more likely to track and report on vulnerabilities that were found and blocked. 
  3. These organizations are twice as likely to have the CISO or CSO currently responsible for OT security.
  4. OT leaders within these organizations are 25% more likely to be directly responsible for embedding security into OT processes. 
  5. Top-tier organizations are 25% more likely to have a NOC to ensure centralized visibility and monitoring of network activity.
  6. Top-tier OT leaders are 25% more likely to be measured by response time to security vulnerabilities, placing it as either a first or second priority. 
  7. And these OT leaders are 25% more likely to report on compliance with industry regulations to executive leadership, suggesting automated compliance reporting that enables a real-time approach.

By following these seven best practices, OT leaders can expect benefits such as higher productivity levels, more robust cybersecurity defenses, and a better chance of keeping up with changes in the industry. 

Final Thoughts

Amidst growing vulnerabilities among ICS/SCADA systems and an increasing volume of significant intrusions, this latest report shows that OT leaders are largely falling behind when it comes to cybersecurity. Many find it challenging to deploy the right security tools and keep up with the increasingly sophisticated cyber threats that await their newly-connected systems. Some, however, are managing their OT cybersecurity with success, as demonstrated by the top-tier organizations referenced in this report. By learning and following their best practices, making a commitment to promoting centralized visibility, and taking a proactive approach to security, organizations can turn the tables on cybercriminals to protect their critical OT infrastructures.

Sourced from Fortinet

Large Distributed Enterprise Adopts Fortinet’s Comprehensive Secure SD-WAN Solution

Customer Perspectives

Digital innovation initiatives continue to help organizations improve productivity and customer service, but new technology can also introduce new cyber threats for bad actors to exploit by expanding the potential attack surface. And aging branch VPN infrastructures built around WAN edge routers only compound this problem, leaving companies exposed at the edge.

One Fortune 500 organization recently came to Fortinet with exactly that issue. They needed a VPN infrastructure that could scale across their datacenter and multicloud – something they could not achieve using their legacy networks. They were looking for a robust security solution that could support the evolving needs of their branch locations.

Seeking a new, Integrated Secure SD-WAN Solution

After experiencing numerous failures of the legacy routers and basic network firewalls they had deployed at their remote locations due to age, and realizing their contract on their current solution would expire in less than a year, this large distributed enterprise in the United States began seeking a replacement.

With its advanced networking capabilities that include dynamic routing such as BGP, Fortinet Secure SD-WAN — which integrates Next-Generation Firewall (NGFW) and Secure SD-WAN in a single offering — quickly became the front runner. This solution was able to provide advanced security to protect vulnerable branch locations with direct internet access, while also delivering all the benefits of an SD-WAN solution, including improved performance of business-critical applications, better user experience, and better protection at the WAN Edge.

These advantages impressed this company enough to begin an initial pilot at six locations, during which Fortinet was able to highlight its Zero-Touch Provisioning capabilities for simple and fast deployment and management. For a company like this, this was a huge advantage as they manage their environment internally and are always looking to reallocate their security team’s time and attention to other critical security tasks.

This initial pilot also demonstrated Fortinet’s simple deployment and robust combination of networking and security features, prompting this company to extend the pilot to over 150 more locations, all which proved successful. During this time, Fortinet was further set apart from the competition because they were able to provide an enterprise agreement that added additional value and resources to support the organization’s various needs. These included augmenting MPLS with broadband + LTE and the ability to replace MPLS in future, reducing CAPEX through product consolidation, and reducing OPEX with its centralized management. 

LAN requirements were another need. Their SD-Branch requirements included the need for access points, switches, and 3G/4G connectivity. They also needed advanced support for cloud and other business critical enterprise applications combined with an effective cloud on-ramp strategy.

Choosing Fortinet Secure SD-WAN to Future-Proof Branch Offices

The company’s existing security solution required centralized inspection and filtering, which meant backhauling all traffic to datacenters to ensure security. What they needed was advanced NGFW capabilities at the branch office/WAN edge to make local breakouts for multi-cloud access possible. At the same time, they wanted to avoid all the bandwidth demands required to send traffic to the data center for inspection. After demonstrating the ability to meet, and even exceed, all of the organization’s security and networking requirements, Fortinet was determined to be the right fit.

While Fortinet was not the least expensive solution presented to this price-sensitive organization, they found that Fortinet provided the most value to their company long-term. Fortinet’s integrated platform approach, including Secure SD-WAN, provided their organization with the following benefits:

  • Reduced Complexity: In their proof of concept trial, the primary competitive solution under consideration was missing advanced routing features and VPN capabilities. A lack of advanced routing BGP capabilities for faster convergence and route-based path selection, and not being able to build overlay VPN tunnels to same destination address were show stoppers. With Fortinet’s fully integrated Next-Generation Firewall and Secure SD-WAN solution, however, the company was able to reduce the number of devices needed at each location.
  • Simple Deployment: With a large installed base of 10,000 branch offices, speed was a priority when it came to deployment and configuration. Fortinet’s Zero-Touch Provisioning reduced deployement time to minutes, saving IT staff resources and eliminating the need deploying additional IT personnel to each site. Additionally, centralized management using FortiManager for network and security needs and analytics provided by FortiAnalyzer enabled easy integration with their NOC and SOC teams for easy problem resolution and troubleshooting. 
  • Reduced Bandwidth Requirements: This company was able to establish split tunneling for their traffic at the branch level, enabling web traffic filtering locally while allowing access to corporate applications through VPN to reduce bandwidth requirements.

In addition to the above benefits, the company also valued the opportunity to take full advantage of the ability to extend Secure SD-WAN capabilities into the branch LAN by adding secure switches, wireless APs, and LTE support via Fortinet Secure SD-Branch, effectively future-proofing their solution while continuing to consolidate devices and reduce management overhead.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how De Heus and Burger King Brazil implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Sourced from Fortinet

Filling the Cybersecurity Skills Gap With FortiVets

Skills Gap Perspectives

CISOs are challenged with filling critical cybersecurity roles in their organizations due to the shortage of talent and cybersecurity expertise. One untapped resource that organizations looking to fill security roles should pay more attention to in their recruitment efforts is veterans. Veterans have many complementary skills that with the right training can be relevant to a career in cybersecurity. Fortinet’s Veterans Program, part of its Network Security Expert (NSE) Training Institute, focuses on helping veterans transition into a role in cybersecurity. 

Q&A with a Veterans Program Graduate

Michael Beckham is a 21-year veteran of the U.S. Navy who benefited from Fortinet’s Veterans Program, FortiVet. Through the program’s cybersecurity training and other resources, he was successful in securing a career in the field. Below, he shares his experience being part of the program in an interview we recently had with him.   

Can you give us a summary of your background in the military?

I served in the U.S. Navy as a Cryptologic Technician Communications Operator (CTO) for 21 years. My daily routine consisted of ensuring the successful delivery and security of critical messages and traffic, while also maintaining the highly classified equipment that delivered this information highly secure. During that time, I was fortunate to serve with some of the smartest people on the planet. We were able to witness the progression of technology from teletype and tape with blazing speeds of 1200 baud to minicomputers to routers, firewalls and common transport speeds of 100 gigabits and higher. 

How did you get into the Fortinet Veterans program?

I was unemployed at the time for nearly 11 months and I was told about the Fortinet Veterans Program from a fellow veteran. I reached out to Fortinet and went through an interview process and was then accepted into the program. As a result, I had access to mentoring and to the NSE Training Institute resources. 

What do you do now? 

The Fortinet Veteran Program connected me to Walker and Associates, as they’re part of Fortinet’s partner ecosystem, and this is where I now work. I currently work as a Federal Field Systems Engineer responsible for advancing sales of technical products. I focus on advancing a number of technical solutions for the Federal Marketplace, to include Optical, Cybersecurity (primarily Fortinet), Network Infrastructure, Virtual and Hyper Converged Infrastructure, and TDM migration solutions.  

Why do you think the program is important to help fill the talent gap in cybersecurity?

This program helps equip veterans from all branches of the services with the opportunity to fill the skills gap in the cybersecurity industry. It enables veterans like me to leverage their skill sets that are relevant to a career in cybersecurity. Employers benefit from knowing they’re hiring experienced professionals with security clearances. Veterans can also expand their cybersecurity knowledge through training and Fortinet’s Network Security Expert (NSE) Certification Program. 

What would you say are the benefits to a company for hiring someone from the FortiVet program?

Companies benefit from this program by having an array of experienced, proven cybersecurity professionals who can fill the talent gap with disciplined lifelong learners willing to expand their knowledge. 

Closing the Cybersecurity Skills Gap

Veterans trained in the latest cybersecurity techniques can play a key role in filling the talent shortage while adding the valuable attributes that are unique to those who have served in the armed forces. Many veterans possess the mindset, skills, and security clearances that positions in cybersecurity require. This is why training veterans and assisting them in entering a career in cybersecurity can really move the needle in narrowing the cybersecurity skills gap. 

Find out more about Fortinet’s NSE Training Institute programs, including the Network Security Expert programNetwork Security Academy program and FortiVet program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

Sourced from Fortinet