Balancing Flexible Network Access with Enterprise-Class Security
Technology and market trends are rapidly changing the way enterprises design local area networks, enable business
applications of every type and this has implications for how network access security is planned, deployed, and managed. As a result, IT administrators are starting to recognize network access and network security can no longer be viewed independently and in fact are now dependent on each other.
Growing Operational Complexity For IT
The growing sophistication of cyber attacks is exposing the vulnerabilities in traditional flat networks. The new strategy needed to protect against sophisticated attacks is to add multiple layers of defense, including explicit internal segmentation, to break or mitigate the chain of infection.
Secure Access Solutions
Securing business communications, personal information, financial Transactions, and mobile devices involves much more than network access control. It requires scanning for malware, preventing access to malicious websites, end-point integrity checking, controlling application usage, and
much more. But typical Wi-Fi solutions do not cater to these requirements. They only address connectivity and access security. Security above Layer 2 is typically provided as an overlay by a variety of security appliances, or as a cut-down security feature inside the product, which often conflicts with any existing UTM or firewall on-site. Modern network access solutions are different. They include comprehensive world-class network security at their core. To meet the diverse requirements of different use cases from large to small, on-premise versus cloud-based management, and organizational differences, different WLAN solutions and topologies have emerged. While other WLAN vendors focus on a single architecture and present identical solutions as the answer for every problem, Fortinet enables enterprises of any size, in any industry, to choose the topology and network management that’s best suited for their network, organizational structure, or management requirements without ever having to compromise on security protection. With security, connectivity, and access control, unified through a “single pane of glass,” enterprises can centrally administer consistent user, device, and application policies across wired and wireless with ease. FortiGate provides unprecedented visibility and control of applications, and enables effortless BYOD onboarding. Complete PCI-DSS and HIPAA compliance is assured, along with the industry’s most comprehensive protection for all manner of wireless and Internet threats. And like other Fortinet security products, FortiGate is Secured by FortiGuard Labs, an internal security intelligence and research agency, which delivers regular signature updates, ensuring immediate protection from merging cyberthreats. The combination of FortiGate security and FortiAPs gives enterprises of all sizes, in various industries, the scalability to deploy thousands of APs. It also enables secure access for tens of thousands of clients, without the complexity of additional point security products, in order to provide comprehensive, world-class threat protection.
Firewall Technology Must Evolve with the Borderless Enterprise
Today, we are in a new era for firewall technology. In the borderless enterprise, while business needs are changing, threat actors are targeting the weak points—usually where IT security has not invested. This is one of the main reasons why organizations are still being breached today. Today, we are in a new era for firewall technology. In the borderless enterprise, while business needs are changing, threat actors are targeting the weak points—usually where IT security has not invested. This is one of the main reasons why organizations are still being breached today. As the sophistication in attacks continues to evolve, the base capabilities of firewall technology can no longer be limited to applications and network traffic, but must be shifted to address the entire threat surface. This is what’s driving the evolution in firewall technology. Collapsing multiple security functions into a single firewall unit leads to misconfiguration, missed log incidents and increases the chance that breaches will go undetected. Complexity kills security. In addition to increasing security effectiveness, enterprise security professionals are looking for greater compatibility across form factors, consolidation of security areas, a high level of reliable network performance and simplified security management, ideally within a single pane of glass. As you can see the enemies’ tech is organized, responsive and sharing information, while most borderless networks are not. Enterprises need to fight fire with fire, or collaboration with collaboration, and connect and share security just like the bad guys connect and share malware.
The Three Key Functional Domains of Fortinet Enterprise Firewall Solution
Management: This domain pertains to all things related to the automated management, provisioning and controlling of the firewall solution from API orchestration to the creation of virtual domains to the structuring of logging mechanisms. Scalable central management overlays can be consolidated to reduce complexity or expanded to provide contextual visibility via one-click automation. This single pane of glass gives security managers a “true north” reference point for security-based logging, configuration and reporting. Sharing threat intelligence and data across the enterprise via APIs speeds up incident response times and mitigates risk by giving security managers the ability to unify security policy configuration across their infrastructure.
Security: The various deployment modes and security-level functions are applied in this domain. Considerations involve: Is this a data center firewall deployment or an internal segmentation firewall deployment? And, what security inspection technologies will need to be enabled? Is malware inspection needed? What about application control? A consolidated security environment helps reduce or prevent security incidents with layered security modules and maintains performance expectations while being able to apply deeper levels of inspection.
Fabric: In this domain, the firewall solution interfaces and networks with the communication and collaboration elements contained in the fabric to determine which network intelligence is shared across the enterprise. Fortinet refers to this as the Fortinet Security Fabric. This includes communicating threat intelligence to a policy created in one section of the Security Fabric, which is then contextually applied across the entire enterprise, thus reducing the need for multiple touch points and policies across the entire infrastructure. The Fortinet Security Fabric also can extend the security controls beyond the network layer to the access layer, where the end point resides, to the application layer, where data and information services are presented. The “Security Fabric” functions as a communication interface for today’s enterprise firewall technology and this strategy helps enterprises build a true end-to-end collaborative defense infrastructure. When the enterprise firewall technology communicates with the Fortinet Security Fabric, it determines what information will be shared across the enterprise. For example, when malware is detected in one area, the Security Fabric shares threat intelligence with the rest of the enterprise infrastructure. Another example is when a policy created in one section of the Security Fabric is contextually applied across the entire domain. This interconnectedness reduces the need for multiple touch points and policies across the enterprise. The Fortinet Enterprise Firewall Solution combines with the Fortinet Security Fabric to enable an immediate, responsive and intelligent defense against malware and emerging threats. They are the backbone of the enterprise network security infrastructure.
Enterprise Firewall Strategies and Deployment Modes
When strategizing on deployment, it is important to consider not only where the perimeter is (WAN /LAN points), but also how malware could get to the data and most sensitive systems. Despite their different locations, the data center and distributed enterprise are just as important as your enterprise perimeter and core placements and should be treated with the same security requirements. Attackers assume there will be weaker security
posture at these sites and that makes them prime targets. Instead of operating in silos, consider enterprise firewalls as part of the Fortinet Security Fabric. The more firewalls there are strategically placed and communicating with each other throughout your borderless network infrastructure, the faster your response and breach mitigation times will be. The location of the firewall in the network environment is the key to selecting the deployment mode. For example, will it be located at a data center, where servers need to be protected at very fast rates, or is this firewall meant to protect a few hundred users at a corporate office? Security managers will want to automate security infrastructure and response because machine responses are faster than human responses. However, automation requires pre-planning and selecting the right supportive technology to implement a Security Fabric. Make sure the network security solution is the cornerstone of this strategic planning phase.
The Fortinet Security Fabric for the Borderless Network
Fortinet’s Enterprise Firewall Solution increases security effectiveness and reduces complexity by consolidating network security technologies across the entire infrastructure, no matter the placement or location of the system in the extended enterprise. The solution delivers a high level of reliable network performance, and the Fortinet Security Fabric allows security managers to take a holistic approach to security with visibility and control managed through a single pane of glass.
Today, threat actors can strike anywhere at any time, at will. And that means enterprise security professionals must apply the same mentality to defense strategies and structure as that put into place during wartime scenarios. Organizations must shore up their defenses—understanding where their critical assets are—and respond quickly with continuous security and monitoring across the borderless network. By taking a more collaborative approach across the entire infrastructure, network security managers can enable a broad and dynamic defense strategy for the long term.