If you are a network practitioner, you have likely implemented—or at least considered implementing—segmentation based on IP subnets, VLANs, or VXLANs in the network. While these techniques allow administrators to separate IT assets using network semantics, they do not inherently include security, meaning there are no in-built mechanisms in place to perform authentication, admission control, and trust assessment.
So while you may have separated one traffic stream from another, you have actually only tackled a tiny fraction of the larger problem of needing to combine the isolation of network and IT assets with granular access controls, and then integrating that with high-performance advanced security. Planning, designing, and maintaining such a strategy can quickly exhaust limited IT and security resources. Fortunately, Intent-based Segmenation is a solution to this multi-dimensional problem, which includes the following.
The First dimension of an effective segmentation strategy covers where the segmenation is applied and encompasses all prevailing micro, macro, application, and nano-segmentation techniques. Additionally, it also needs to extend to physical endpoints and devices that are unable to run any agents—for example, chromebooks and multi-functional printers. Because Intent-based Segmenation covers all of the network and infrastrcuture assets of a modern organization, it is far more comprehensive than traditional segmentation solutions.
The Second dimension covers how trust is established and monitored. Intent-based Segmentation not only employs existing network and identity based mechanisms, but it can also incorporate more agile and innovative mechanisms like business logic. Further, trust can be continuously monitored by a third party trust engine, and is communicated to FortiGate devices using Fabric Connectors for dynamically adjusting and enforcing security policies. FortiGates can also allow or disallow access to network resources after receiving changing risk and trust assessments derived from suspicous user behavior and actions.
The Third dimension covers what security inspections need to be applied to the traffic. This could be as simple as providing full visibility, or as in-depth as providing comprehensive security. Having the option to dynamically apply full security analysis and protection is necessitated by the fact that trusted users can unknowingly become infected with malware, and worse, provide a platform for hackers to penetrate, thereby defying the established boundaries of trust. This includes the ability to inspect encrypted traffic at network speeds. By some estimates, as much as 65% of global data traffic is now encrypted, and if you are not performing full inspection then you are not actually seeing or securing your traffic.
Powered by our patented Security Processing Units (SPUs), FortiGate devices provide the industry’s most cost effective and highest-performing full inspection against-mandated ciphers, combined with comprehensive threat protection to enable and secure Intent-based Segmentation that extends from endpoint devices to the branch and campus, and out to the distributed data center and multi-cloud environments.
To that end, Fortinet today announced, a new series of high-performance FortiGate Next-Generation Firewalls (NGFWs), comprised of the FortiGate 3600E, FortiGate 3400E, FortiGate 600E, and FortiGate 400E Series that enable organizations to implement Intent-based Segmentation deep into their security architecture.
Intent-based Segmentation allows organizations to achieve granular access control, continuous trust assessment, end-to-end visibility, and automated threat protection.
In addition to delivering Intent-based Segmentation, FortiGate 3600E offers 30Gbps of threat protection and 34Gbps of SSL inspection performance, while the FortiGate 3400E offers 23Gbps threat protection and 30Gbps SSL inspection performance.
Likewise, the FortiGate 600E offers Intent-based Segmentation with 7Gbps of threat protection and 8Gbps of SSL inspection performance. And the FortiGate 400E offers 5Gbps of threat protection and 4.8Gbps of SSL inspection performance along with Intent-based Segmentation functionality.
The SSL inspection performance of each of these solutions is the industry’s highest for their class. In addition, FortiGate has a longstanding history of earning NSS Labs Recommended ratings in the Next-Generation Firewalls group tests, with their high SSL inspection performance with minimal performance degradation cited as one of the reasons.
Pass Your Fortinet Certification Exams In First Attempt
Last year, the E-rate program received 35,000 applications for a total of $2.77 billion. Within 30 days of the window closing, USAC issued the first funding commitment wave, which included 15,000 applications (43% of the applications) and over $503 million in funding requests. By the beginning of June, the USAC had committed $1 billion on 18,000 applications.
Category 1 vs. Category 2 Funding
The E-rate program has strict qualifications for the types of services and products eligible for funding. Administrators must be careful to only apply for items approved by USAC. Category 1 funding covers data transmission and Internet access services. Category 2 requests apply to infrastructural costs, such as:
Internal connections. Hardware such as wireless access points, switching, caching, and firewalls. These products make it possible for students, teachers, and staff to have easy and consistent access to the web as they move from class to class. These tools also offer bandwidth controls to ensure that as more people and devices access the network, bandwidth is not misallocated.
Managed Internal Broadband Services (MIBS). This refers to Wi-Fi services provided by a third-party vendor in charge of design, configuration, and updates for the internal connection’s infrastructure. MIBS enables a school to outsource the management and monitoring of their network.
Basic maintenance of internal connections. This covers the upkeep of eligible products, such as hardware and wiring. Software upgrades and security patches are also funded under this basic maintenance clause given that internal connections would not otherwise operate reliably or as intended.
Use your 2015 Funds in 2019—or Lose Them
Category 2 funding was established in 2015 so that schools and libraries could obtain funding for these sorts of needs over a five-year period. The clock on the five-year term begins the first year any school in the district obtains E-rate Category 2 funds. For example, if one school in the district received funding in 2017, then that becomes year 1 for all schools in the district (with eligibility extending through year 5 in 2021). All allocated funds must be spent within the funding year. So, if any school in your district started receiving funds in 2015, you must request Category 2 funding in 2019 before your eligibility expires next year.
K-12 schools across the United States are currently applying for E-rate Funding Year (FY) 2019. Schools and libraries have recently been making requests for E-rate Category 2 projects at a record pace. Requests this fall were up 56% over last year—well above the high-mark set in 2015.
Fortinet Products that Qualify for Category 2
Cybersecurity is one of the main needs driving organizations to apply for E-rate funds. Fortinet’s E-rate eligible solutions support cybersecurity in each tier of Category 2 funding and include:
FortiGate: FortiGate Next-Generation Firewalls (NGFW) offer network protection from the sophisticated known and unknown threats schools now have to deal with. Each NGFW offers a range of integrated security functions combined with the latest threat intelligence from FortiGuard Labs, including secure internal segmentation. Internal segmentation ensures that at-risk student or faculty devices that connect to the network are isolated to prevent any associated malware from spreading and infecting the rest of the network.
FortiAP and FortiSwitch: Fortinet’s secure access points and switches offer secure internal connections for reliable, seamless Wi-Fi. FortiAP is integrated with NGFWs to provide defense in-depth as students and faculty connect various devices to the network, while FortiSwitch improves network efficiency and scalability.
FortiCache: FortiCache manages bandwidth allocation across the school. With greater numbers of connected devices coming to school with students and teachers, the extra traffic can be a strain on bandwidth. Content and video caching through FortiCache allows for regularly accessed content and video to be stored and served faster, thereby reducing costs and improving network performance. FortiCache also offers anti-malware protection and gives administrators the ability to block any content and websites that students should not be visiting.
FortiCare: FortiCare is eligible under the Basic Maintenance of Internal Connections section of Category 2 funding. With FortiCare in place, schools have 24x7 fast access to technical support. Additionally, FortiCare offers firmware upgrades, technical resources, incident reporting, and more.
Our experts say about Fortinet Certification Exams
Migration to cloud-based compute and services platforms has allowed organizations to quickly adapt to the global transition to a digital economy. The ability to quickly spin up resources, adopt new applications, and respond in real time to end user and consumer demands allows organizations to compete effectively in today’s new digital marketplace. The result has been astounding. In just a few years, over 80% of enterprises have adopted two or more public cloud infrastructure providers, and nearly two-thirds are using three or more.
Growing Cloud Challenges
While the business advantages are significant, this rapid migration is also introducing complexities and risks that few organizations have adequately prepared for—right at a time when the cybersecurity skills gap is dangerously wide, and cybercriminals are more capable of exploiting vulnerabilities than ever before. Here are a few of the challenges that unchecked cloud adoption has introduced:
New Cloud services are being adopted and used every day. However, it turns out that it is much easier to deploy a cloud application than to decommission it, so organizations are finding that cloud-based applications and services are piling up, making them increasingly difficult to manage and secure.
The adoption of cloud-based applications and services is remarkably easy. Literally anyone across the organization can source a new cloud service. The challenge is that service creation is often not funneled through the central IT department, resulting in the creation of shadow IT. As a result, the organization has little idea of what services are being used, where corporate information is being stored, who has access to it, or what security strategies are in place to protect it.
Complicating this further, adoption of these services is heterogeneous. Employees use different cloud services from different providers, and these different providers all offer different security tools, different native security controls, and different levels of security. This can make it extremely difficult to impose any sort of consistency to security policy distribution, orchestration, or enforcement.
What many organizations may not realize when moving to a cloud environment is to what extent they are responsible for securing their own cloud environment. Cloud providers secure the infrastructure, such as storage and compute resources shared by everyone, but securing data, content, and applications are all the responsibility of the cloud customer. And those security controls need to be built separately inside each cloud environment that has been adopted. If those security solutions aren’t fully integrated and interoperable across multiple environments, then the number and variety of security tools that need to be implemented can compound, quickly overwhelming the resources available to manage them.
Part of the challenge is that the cloud has become so large and so complex that the word itself has lost much of its meaning. Even the term multi-cloud isn’t much better. So, to build an effective, consistent, and manageable cloud strategy we need to start by clearly defining what we mean when we talk about the cloud.
Defining Cloud Options
Cloud solutions can be broken down into three categories: deployment models, delivery models, and service providers.
Deployment Models: While most people only think of private or public cloud environments, or even hybrid models, a new model is beginning to emerge—the community cloud.
Public: This is a publicly accessible cloud environment owned by a third-party cloud provider. In this deployment model, the cloud provider is responsible for the creation and on-going maintenance of the public cloud and its IT resources, while the consumer is responsible for the implementation and security of virtual devices, applications, and data.
Private: In a private cloud model, the same organization is both the cloud consumer and cloud provider. Private clouds enable an organization to use cloud computing technology to centralize access to IT resources, usually across a geographically distributed enterprise, and to do so they require a change in how organizational and trust boundaries are defined and applied.
Hybrid: This cloud model is built using two or more different cloud deployment models. For example, an organization may choose to process sensitive data is their private cloud while distributing other, less sensitive cloud services to a public cloud.
Community: A community cloud provides a cloud computing solution to a limited number of individuals or organizations that is governed, managed, and secured commonly by all the participating organizations or by a third party managed service provider. AWS GovCloud is a good example for this.
Delivery Models: Organizations have a variety of options for how much of their services they want to implement, from simply adopting specific applications or services to a full-blown infrastructure.
IaaS: Infrastructure-as-a-Service provides a self-contained IT environment that includes infrastructure resources that can be accessed and managed using cloud-based interfaces. It can include hardware, network devices, connectivity tools, operating systems, and other "raw" IT resources. These virtualized IT resources enable real-time scaling and infrastructure customization. However, they are not pre-configured, which makes your IT team responsible for their configuration, management, and security.
PaaS: The Platform-as-a-Service delivery model provides a "ready-to-use" environment generally comprised of pre-configured IT resources that developers can leverage to write code. This relieves IT of the responsibility to set up and maintain a bare infrastructure of IT resources, but the trade-off is that the customer has less control over those underlying IT resources.
SaaS: Software-as-a-Service makes applications and other services widely available to a range of cloud customers. The prime drivers for such services, such as Salesforce.com or DropBox, are ease of use and minimal need to develop anything but customizable interfaces that can be easily adapted to specific organizational and business needs. SaaS is typically combined with dynamic scalability and ubiquitous access. However, a cloud consumer is generally granted very limited administrative control over a SaaS implementation.
Service Providers: A variety of service providers are also available. Each include their own native controls and marketplaces for buying technologies and services—either their own or from a third-party vendor—and different environments provide distinct advantages to customers, such as compatibility with existing infrastructures or business objectives.
Major Providers: The primary cloud providers include Amazon AWS, Microsoft Azure, Google CloudPlatform, Oracle Cloud, IBM Cloud, and Alibaba Cloud. The challenge for many organizations using multiple providers is establishing consistent policies and controls across different environments. Finding security vendors that can operate natively across all major cloud platforms provides maximum flexibility in terms of adoption and control.
Minor Providers: In addition to the major providers, a growing number of smaller cloud shops, regional telecom companies, and even partners (for community cloud environments) are joining the marketplace. They typically provide more flexibility in pricing and more personalized attention.
Multi-Cloud Environments Introduce New Risks
Eventually, all organizations will end up having deployed some combination of the cloud solutions described above. However, adopting multi-cloud environments not only expands the attack surface and complicates the ability to deploy, manage, and orchestrate security with consistent visibility and control, but it also increases other cyber risks, including:
· Data breaches
· Insufficient identity, credentials and access management
· Insecure interfaces and APIs
· System vulnerabilities
· Account hijacking
· Increased opportunities for malicious insiders
· An increased footprint for Advanced Persistent Threats
· Data loss and insufficient due diligence due to an exponential increase in network complexity
· The hijacking and abuse of cloud services by cybercriminals.
Addressing these challenges, however, needs to be handled delicately. Performance cannot be sacrificed for security. Instead, organizations need to strike a balance between ubiquitous, on-demand cloud services and establishing consistent controls, policies, and processes. This requires looking for security solutions that help you move from a model where security inhibits business agility, to a model where security can be combined with cloud and automation to help business move faster and more securely.
Organizations not only need to deploy security solutions that can function consistently across cloud ecosystems. They also need to be able to push automation into templates so security can be consistently applied simultaneously across every cloud provider’s environment, especially when compensating for critical differences in native controls. This includes automating the entire data chain so security can dynamically adapt as workloads and information move within and between different cloud environments. The cloud enables these capabilities.
Rethinking Security for the Cloud
All of this requires a new approach to security. Legacy security solutions will need to be replaced with security tools that can function natively and consistent across any environment, whether physical or cloud. Solutions that operate natively in cloud environments need to also be aware of cloud based resources as well as leverage native cloud services in order to better support the scale and dynamic nature of cloud workloads. Ultimately, organizations should also strive to fully decouple security management from data classification in order to classify resources on any infrastructure in the most natural way possible, while consistently referring to these objects when defining the multi-cloud security policy.
The more security solutions natively integrate with cloud based services, the more secure the enterprise. By leveraging the threat feeds and native security capabilities of all clouds, and integrating these into the multi-cloud security framework, organizations can turn the risk multiplication effect into a security multiplication effect. Layering the ability to automate security operations on top of the native integration and threat intelligence integration aspects allows organizations to automatically coordinate a threat response that includes isolating infected devices, identifying and shutting down malware, and extending protections across the entire multi-cloud environment, thereby significantly mitigating risk and confidently deploying applications anywhere that makes the most business sense.
Our experts say about Fortinet Certification Exams
“Fortinet is committed to helping customers make their journey to the cloud even more secure by expanding our offerings on Amazon Web Services and supporting additional cloud security use cases. To further support resource-constrained teams, today’s announcement is helping our customers automate additional security processes and more seamlessly integrate into their application life cycle.”
News Summary
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the expansion of its Fortinet Security Fabric offerings and new automation capabilities for AWS to provide streamlined and consistent security management for hybrid infrastructures. New offerings are grouped into the following categories:
New Management and Automation Capabilities: Fortinet now facilitates a more streamlined and automated rollout of security services that are designed to be less prone to human error with new automation templates, FortiCASB configuration assessments and web application firewall (WAF) rulesets for Amazon API Gateway.
Containers, AWS Security Hub, and Broad Protection: On top of the existing broad set of Fortinet security offerings on AWS, Fortinet is announcing support for AWS Security Hub. Fortinet now also offers FortiWeb Web Application Firewall in AWS Container Marketplace, enhancing multi-layer security protection at the API level, the VM level and the container level for applications running on AWS.
Native Integration for DevOps Teams: New Fortinet WAF rules for API Gateway, Quick Start guides for initial deployment and support for AWS Transit Gateway help DevOps teams more easily integrate security into their automated application lifecycle routines.
Access to Cloud Offerings Via Partners: Fortinet has been named one of the few vendors selling solutions on the AWS Marketplace to participate in the AWS Consulting Partner Private Offer program. Participation in this program allows Fortinet partners to easily provide AWS customers with best-of-breed Fortinet security solutions for their cloud applications.
The rapid deployment of new applications and introduction of new services on AWS require DevOps and IT teams to integrate security into everything they do as quickly as possible so as not to stifle the pace of innovation. This is no small task that requires both time and resources. To help organizations keep up with this pace, Fortinet is introducing new solutions and more automation in its security offerings on AWS Marketplace.
With new automation templates, FortiCASB configuration assessments, and WAF rulesets on Amazon API Gateway, users who used to have to manually build automation scripts for integrating and configuring security for their applications on AWS can now leverage these automated pre-packaged best practice templates for quick and reliable security visibility.
Fortinet now leverages security intelligence from AWS Security Hub to help customers form a consistent on- and off-cloud security posture view. AWS Security Hub provides users with a comprehensive view of their high-priority security alerts and compliance status by aggregating, organizing, and prioritizing alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other APN security solutions. The findings are then visually summarized on integrated dashboards with actionable graphs and tables.
Fortinet is also announcing support for containers via the FortiWeb Web Application Firewall on the AWS Container Marketplace. Customers can now enhance their multi-layer security protection by leveraging FortiWeb to secure container-based web applications and integrating WAF into their container-based application PODs, providing consistent security onto rapidly provisioned services. With this announcement, Fortinet provides an additional layer of security for the cloud at the API level, the VM level and the container level.
DevOps teams can also now utilize native integration with AWS via new Fortinet WAF rulesets for API Gateway, quick start guides for initial deployment and integration with AWS Transit Gateway. With these new features, DevOps teams can save time and resources by quickly integrating security best practices into their automated application lifecycle routines.
Fortinet has also joined the AWS Consulting Partner Private Offer ecosystem. With this, Fortinet channel partners are now a part of AWS’ on-demand ecosystem and will be natively ingrained to the new AWS selling process, allowing them to more naturally facilitate their customers’ journey to the cloud.
The new offerings and capabilities announced today allow AWS users the ability to natively introduce best-of-breed multi-layer security into their application lifecycle routines and workflows, significantly mitigate risk and provide even more peace of mind when deploying applications on the cloud. The Fortinet Security Fabric provides a broad set of cloud security use cases. By implementing the Fortinet Security Fabric on AWS, customers can apply consistent security policies throughout their hybrid infrastructures and can realize multi-layer security protection and operational benefits for running applications on AWS.
AWS is a member of the Fortinet Fabric-Ready Partner program, a premium category of Fortinet's technology alliance collaborations and a vital part of the Fortinet Security Fabric. This program allows Fortinet and third-party products to better integrate their respective solutions in order to provide more consistent and effective end-to-end security.
Our experts say about Fortinet Certification Exams
In many organizations, traditional IT and critical Operational Technology (OT) networks are being merged to take advantage of the speed and efficiency of today’s digital marketplace. Typical OT networks are comprised of switches, monitors, sensors, valves, and manufacturing devices managed by an ICS system through remote terminal units (RTUs) and programmable logic controllers (PLCs) over a serial or IP connection. Since these systems manage sensitive and sometimes dangerous environments, they demand safe and continuous operation. To achieve that, they have traditionally tended to be air-gapped from the IT network to avoid the sorts of intermittent network or device crashes that IT systems can tolerate.
These systems are built upon high-value OT assets that can range into the billions of dollars. A system crash on a manufacturing floor can stall production for hours and potentially ruin millions of dollars in materials. Even worse, having to reset an open furnace or a 10,000-gallon boiler processing caustic chemicals can have far more devastating consequences than temporarily losing access to an online printer.
Since the primary goals of an OT environment are the safety of employees and local communities, while ensuring the constant availability and uptime of the network, its connected devices, applications, and operating systems are rarely updated. In fact, because these systems can operate for 30 to 40 years in their OT environments, they depend on dated configurations that remain unpatched. And because patching and updating devices can require shutting down entire systems, most OT managers follow the “if it isn’t broken, don’t fix it” rule. As a result, many older OT systems are notoriously vulnerable to malware and other threats that IT networks are naturally protected against. Complicating the problem further, many of the devices and systems installed in an OT network are also notoriously fragile. Even processes as benign as active device scanning can cause them to fail.
Digital transformation is impacting the security of OT environments
The challenge is that today’s digital marketplace requires organizations to respond faster to consumer demands than traditional OT processes can deliver. The addition of modern Industrial IoT (IIoT) devices to OT networks enables organizations to automate what were traditionally static, and mostly manual OT processes, as well as create smart physical environments such as office buildings, manufacturing floors, inventory warehouses, or physical plants. Effectively competing in the digital economy also requires integrating things like real-time data collection and analysis and remote management tools into OT networks to realize greater efficiency.
Beyond the need for an efficient and timely response, an additional challenge is surfacing as a result of digital transformation. System complexity brought about through the amalgamation of OT technology is raising the stakes, and the complexity of security integration, even higher. In smart buildings, for example, there exists a system of systems running simultaneously, including electrical grids, communications, security systems such as badge readers and access controls, fire protection, HVAC systems, and elevators. To manage these IIoT, OT, and IT systems centrally, they are increasingly being merged into a single control system. And in an environment where OT teams are managing multiple buildings simultaneously, this may also entail enabling remote management through a cloud-based platform.
Bolt-on security is not an option
Of course, given what we know about most OT environments, the implications of digital transformation and convergence from a security perspective are self-evident. As a result, a more systematic solutions approach is essential to solving modern OT security challenges. Attempts to address risk by simply deploying off-the-shelf firewalls, sandboxes, and IPS systems into OT environments present an unacceptable, disruptive, and uncertain outcome. Security tools need to be purpose-built to understand the sorts of protocols, communications, and services that have been deployed to preserve safety and availability while implementing OT security.
Instead, organizations need to start by designing security into the OT environment at the highest level to address the bigger picture that provides the absolutes of availability, safety, and security without having to bolt security onto the network as an afterthought. Lacking an architected and integrated strategy, security can quickly scale out of proportion if you try to secure and manage each of these systems separately. As an example, in building automation systems an integrated, segmented, and layered approach enables security to extend beyond merely locking down the HVAC system, to delivering real-time analytics and control that ensures integrity while safeguarding other systems such as fire suppression.
Visibility, control, and zero trust
This journey towards securing modern OT environments is begun by establishing continuous visibility. Network access control solutions can help with inventorying and managing IIoT devices, including keeping track of every connected device on your network, even as devices join or leave or move from one location to another. But control in the OT environment also entails baselining normal traffic and predefining approved functions that yield recognition and real-time response to any behavior that is out of scope. Fortunately, device behaviors within an OT environment tend to be static and predictable, so anomalous behaviors are more likely to be immediately apparent and identified.
In today's converged OT workplace, there’s also a deafening level of trust afforded to both the individual as well as an untrusted device. Such implicit trust is why in many OT networks it's entirely possible for an engineer to be able to control any PLC in the network from a single laptop. Likewise, when environment access is granted to accomplish maintenance through wired or wireless access, complete system access via an uncontrolled laptop is not uncommon. This is why securing your OT environment requires organizations to migrate away from implied trust towards a zero trust model.
Imagine one of your engineers, Ron, has been sitting at an HMI workstation managing the same line for 15 years. He's never given you any cause for concern, so you trust him implicitly. The advent of convergence, however, presents new severe OT risk, and what worked historically is now being replaced with systems that are suddenly interconnected and highly vulnerable devices that can be compromised remotely.
Part of the challenge is changing your paradigm. It often helps to start by assuming that your system has already been compromised. Visualizing the presence of malware, unmitigated access, and the ability of a threat actor to elevate privilege enables OT security teams to implement a more proactive approach to identifying and neutralizing access to critical and highly valued OT assets. This approach also enables establishing processes for at-speed recognition of actions that are beyond the scope of normal.
Finally, organizations need to shift from a reactive to a proactive security posture, allowing them to securely integrate their OT processes while extending protection far beyond those available with present day system defenses. Zero trust goes beyond merely changing policies and procedures, and requires engineering security directly into the environment to enable proactive security.
This requires implementing technical strategies such as segmentation and multi-factor authentication to mitigate the access control risk. For example, when a user or device is authorized into a specific subsection of the OT network at layer two of the Purdue model, they are limited to functioning properly within that restricted network zone. Likewise, all activity beyond the immediate authorized domain would require authenticated approval, thereby precluding an ability to impact the OT infrastructure both vertically and horizontally.
Our experts say about Fortinet Certification Exams
Providing Improved Posture with a Cyber Threat Assessment Program
Effective network architectures rely on their ability to remain agile despite constantly evolving advanced and persistent threats. In this effort, knowing where an existing security posture is effective—and where it’s not—can make all the difference. However, when it comes to understanding if a current security posture can stand up to the modern threat landscape, there are two paths that an IT team can follow: wait for a successful network breach to happen or run validation testing.
CTAPs give your customers deep visibility into the state of their security posture to help them shift their defense strategies away from reactive attack mitigation and toward active threat prevention—providing visibility across three key areas:
Security and Threat Prevention: Threat assessment programs not only help identify network vulnerabilities, but frame them in relation to the malware/botnets associated with your customers’ networks. From there, those devices particularly at risk to these kinds of cyberthreats can be identified and properly secured.
User Productivity: A CTAP provides customers with extensive visibility into peer-to-peer, messaging, and other application usage, providing cybersecurity teams with greater visibility into and control over their networks.
Network Utilization and Performance: The assessment program also provides insights into the throughput, session, and bandwidth usage requirements customers have during peak traffic—providing network utilization and monitoring to enable optimal performance.
What’s more, a cyber threat assessment program provides data on the threats and attacks your customers may currently be facing in their live production environment. An effective CTAP can identify sophisticated attacks designed to avoid detection by bypassing traditional security firewalls and other detection tools. For your customers – particularly those that have not implemented security strategies aimed at identifying advanced threats – a CTAP can be especially useful.
The Cyber Threat Assessment Program Process
For partners looking to provide their customers with Fortinet’s CTAP assessment, the process is simple. It involves logging into the CTAP portal, applying a provided FortiGate configuration file, connecting a FortiGate device to your customer’s network, and letting it collect data for three to seven days. That’s it.
Once completed, logs can be uploaded back to the CTAP portal or sent to a hosted FortiAnalyzer for analysis. Then you simply log back into the CTAP portal, generate your customer’s report, and set up a meeting to discuss their CTAP findings with them.
The Benefits of CTAP
Given that our Global Threat Landscape Report for Q3 reported that FortiGuard Labs detected more than 34 thousand unique malware variants for the quarter, it’s safe to say that organizations with limited visibility into their security posture across the network are at a significantly high risk of serious attacks. With this in mind, CTAP provides the fundamental knowledge your customers need in order to evaluate their current efforts and realign their strategies to better address the modern threat landscape. Diving deeper, running CTAPs provides several benefits for partners and their customers:
Benefits for Partners:
Assessment results help open a dialogue with customers regarding their unique vulnerabilities, the current threats they face, and the areas where organizations like Fortinet can actively help them address their cybersecurity needs.
The ability to run CTAPs provides partners with in-depth, granular knowledge of their customers’ unique network infrastructures, vulnerabilities, and security needs—allowing them to provide tailored services unique to the needs of the individual organization.
When customers have clear insights into their networks backed by real-time intelligence, their subsequent security needs are clearly defined. This translates to accelerated purchase decisions, shorter sales cycles, and higher close rates.
CTAPs also serve as a way to demonstrate the importance and necessity of a Security Fabric, highlighting crucial fabric elements across the network infrastructure.
Benefits for Customers:
Customers get to evaluate their security posture before an attack, enabling them to proactively address security vulnerabilities that have the potential to seriously impact their business.
CTAPs also provide insights into their network architecture’s performance capabilities, allowing them to understand their capabilities during periods of high-traffic, while illustrating their network’s needs and limitations.
The assessment program also allows customers to evaluate the effectiveness of solutions within their real-world environment without any disruption to their existing network. This provides an in-depth analysis of their security postures without impacting their organization’s mission
Success Secrets: How you can Pass Fortinet Certification Exams in first attempt
John Maddison, SVP of products and solutions at Fortinet
“As OT networks embrace digital transformation, and physical and cyber domains continue to converge, sensitive production environments and critical infrastructures are increasingly being exposed to cyber risks. Fortinet is committed to protecting crucial and sensitive OT environments through the integrated power of the Fortinet Security Fabric, which includes advanced and specialized protections provided by our growing number of Fabric-Ready Partners.”
News Summary
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the expansion of its Technology Alliances ecosystem to include four leading operational technology specialists.
The OT industry is being impacted by convergence and digital transformation. As physical and IT networks continue to integrate, including those in critical infrastructures and industrial automation companies, OT networks are leveraging well-integrated solutions based on strong segmentation and specialized analytics to ensure the safety and reliability of physical processes and things, addressing new security risks targeting multi-vector threat landscapes.
Fortinet, an established leader in OT security and safety, is building upon its success with existing Fabric-Ready Partner Nozomi Networks and is announcing its partnership with three additional OT specialist firms – RAD, Indegy and SecurityMatters. These partnerships extend the range of integrated security solutions now available to OT customers through the Fortinet Security Fabric.
Fortinet’s Security Fabric platform approach to cybersecurity leverages Fabric APIs, Fabric Connectors and DevOps scripts and tools to create an open ecosystem to accommodate leading technology solutions. This integrated approach seamlessly brings together a wide range of critical security solutions designed for the OT segment to enable comprehensive and centralized safety, reliability and security.
Operational Technology (OT) organizations are adopting digital transformation to unlock the advantages of the Internet and connected IIoT devices. But as cybercriminals begin to more aggressively target OT devices and systems, OT networks need to evolve to address increasing cyber risk. The challenge is that the nature of many OT networks requires specialized security technologies and solutions in order to provide protections without impacting the function of oftentimes sensitive equipment and systems. According to Gartner, “The converging of IT and OT systems, combined with increased use of IoT in industrial environments, is challenging many security practices in defining the best security architecture that aligns to transforming and modernizing environments.”1 As OT networks emerge as a new target for cybercriminals, they need a single, cohesive Security Fabric platform that enables them to seamlessly address security risk across multi-vector threat landscapes without overburdening security staff resources or impacting their networked environments.
To better address this challenge, Fortinet, a longtime leader in the growing space of OT cybersecurity, welcomes four OT specialist firms into its Technology Alliance and Fabric-Ready Partner ecosystem to expand the range of solutions available for OT customers. Three new OT security specialists – RAD, Indegy and SecurityMatters – join with longstanding partner Nozomi Networks to provide advanced visibility into the OT-specific commands and protocols to better inform the Fortinet Security Fabric to secure the emerging cyber-physical domain of OT networks. These partners enhance the OT-specific capabilities within Fortinet’s portfolio by adding deep packet inspection and contextual analysis capabilities to Fortinet’s OT vulnerability scanning and policy enforcement.
Fortinet is one of the few major security vendors to address the cybersecurity, safety and reliability challenges being faced by the OT industry. The Fortinet Security Fabric provides a unique centralized and integrated platform approach to security through purpose-built solutions designed for OT environments, combined with strategic partnerships with some of the industry’s leading OT security specialists. Unlike most security platforms, the Fortinet Security Fabric is flexible enough to easily accommodate and integrate with a large number of partners to provide truly comprehensive security coverage for this important segment.
Success Secrets: How you can Pass Fortinet NSE8 in first attempt
