What is the Fortinet SASE security solution?
FortiSASE is Fortinet’s cloud-delivered and multi-tenant SASE offering, which leverages the ability to be deployed from the cloud, but is also available as an extension of the Fortinet Security Fabric, enabling the SASE solution to be deployed as part of FortiOS, a common operating system that connects all of Fortinet’s security solutions. The solution includes:
- Sandboxing: Cloud-delivered sandboxing to detect security threats before they make an attack on the network.
- Data Loss Prevention (DLP): DLP stops end users from transferring key information outside the network, to ensure that network and data remain secure.
- Domain Name System (DNS): Fortinet DNS automatically identifies and prevents malicious domains from entering the core network in real-time.
- Intrusion Prevention System (IPS): Fortinet IPS is designed to monitor a client’s network to identify malicious activity - especially near areas known to be vulnerable.
- Secure Web Gateway (SWG): SWG offers protection from internal and external risks, with agent-less traffic redirection and explicit proxy which enables secure web access (see, What SWG (Secure Web Gateway) solution is supported by Fortinet?).
- Firewall as a Service (FWaaS): Leverages the FortiGate Next Generation Firewall (NGFW), offering advanced threat detection and SSL inspection deployed from the cloud via FortiSASE. The solution analyzes both in-bound and out-bound traffic to maintain secure connections for distributed users (see, What FWaaS (Firewall as a Service) solution is supported by Fortinet?).
- Zero Trust Network Access (ZTNA) and Virtual Private Network (VPN): FortiSASE allows users to integrate with pre-existing VPN solutions. This enables clients to extend ZTNA to secure remote users (see, What ZTNA (Zero Trust Network Access) solution is supported by Fortinet?).
- Fortinet Security-Driven Networking: A strategy designed to integrate a client’s security architecture and network infrastructure, in order to create scalability that does not compromise security.
What ZTNA (Zero Trust Network Access) solution is supported by Fortinet?
Fortinet ZTNA controls access to applications, verifying users and devices before they access an application - confirming that they meet a business’ policy. The solution is enabled on any device (including virtual machines, hardware, in the cloud and in the FortiSASE service) that runs FortiOS 7.0 or later. It leverages the FortiClient ZTNA agent, and integrates with FortiGate Next generation Firewall (NGFW) (see, What FWaaS (Firewall as a Service) solution is supported by Fortinet?).
What CASB (Cloud Access Security Broker) solution is supported by Fortinet?
FortiCASB is Fortinet’s Cloud Access Security Broker (CASB) offering, which creates visibility and control for SaaS applications. It is presented as a subscription service, and offers data security, visibility, threat protection and compliance for cloud-based services. The includes:
- API-based with direct access to data stored in the cloud providing remote and network protection.
- User insights and policies, assessment of entitlement, configuration and usage control for cloud applications; integrates with FortiGuard AV (antivirus) which scans stored data.
- Customizable predefined compliance reporting options and data loss prevention tools.
- Advanced analytics which help to identify policy violations and risks; and shadow IT discovery which includes reporting for FortiGate and FortiAnalyzer to detect on-network SaaS usage.
FortiCASB supports applications such as AWS, Dropbox, Office 365, SalesForce, ServiceNow, Cisco WebEx SAP, Google Drive, G Suite, Google Cloud, Azure, AWS and more.
What SWG (Secure Web Gateway) solution is supported by Fortinet?
FortiProxy is Fortinet’s Secure Web Gateway (SWG) solution, which is designed to protect against Advanced Web Content Caching and Internet-borne threats. The solution uses malware protection, DNS filtering, web filtering, URL filtering, advanced threat defense, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), advanced threat protection and antivirus to protect end-users. The high-performance proxy can be deployed as a physical or virtual appliance on-site and can cater for organizations of all sizes.
What FWaaS (Firewall as a Service) solution is supported by Fortinet?
FortiGate Next Generation Firewall (NGFW):
FortiGate Next Generation Firewall (NGFW) offers clients end-to-end security and real-time defense leveraging FortiGuard Services, Secure Sockets Layer (SSL) inspection which includes TLS 1.3, Intrusion Prevention System (IPS), web filtering, DNS security services, ultra-scalability and a centralized management console to build large-scale operations. Further, clients have the ability to share actionable threat intelligence across the whole attack surface, creating an end-to-end security posture. FortiClient can be added to bring security to hybrid workforces using ZTNA (see, What ZTNA (Zero Trust Network Access) solution is supported by Fortinet?). FortiGate NGFW has a number of use cases:
- Secure hybrid and multi-cloud environments.
- Segment and prevent lateral spread to manage internal threats and enforce network, endpoint, VXLAN-based and application security.
- Detect and remediate threats in HTTPS traffic.
- Integrate with Fortinet Security Fabric for dynamic trust and port-level segmentation.
- Use FortiGuard IPS to protect against zero-day attacks and offer virtual patching.
Uses FortiGate Rugged NGFWs to deliver enterprise level security for Operational Technology (OT) environments, with full threat protection and network visibility. Further, Fortigate-VM is a virtual firewall available for multi-cloud, service provider and hybrid cloud environments, offering scalable VPN and cloud-native security.
FortiWeb Web Application Firewall (WAF):
Fortinet also offer FortiWeb, which is their Web Application Firewall (WAF) offering. The solution is designed to protect business-critical web applications. FortiWeb does this by blocking known and zero-day threats to applications whilst avoiding accidentally blocking legitimate users. It also requires less management overhead than legacy applications, and can protect APIs which enable B2B communication and supports mobile applications, whilst blocking malicious bot activity without compromising legitimate bots required for business needs (search engines, health and performance monitoring tools). It also has the capability to defend against the OWASP Top-10 and DDoS attacks, whilst integrating with FortiGate firewalls and FortiSandbox for increased protection, uses ML to protect against zero-day attack and reduce false positives, with protected WAF throughputs and secure traffic encryption/decryption, visual reporting tools for analysis of attack types and false positive mitigation tools to minimize the everyday management of execution lists and policies, ensuring only unwanted traffic is blocked. The solution is also part of the Web Application Security Solutions product bundle (for more information see here).
FortiWeb can be deployed as a virtual machine, hardware appliance or as a container which is deployable in cloud environments, data centers or in Fortinet’s cloud-native SaaS solution FortiWeb Cloud WAF as a Service. This is designed to protect web applications that are public hosted from attacks such as zero-days and OWASP Top-10. The solution does not need hardware or software, but is instead delivered via WAF gateways hosted in Azure, Google Cloud and AWS regions where the application sits. Performance and regulatory concerns are addressed using scrubbing traffic in region, and the built-in setup wizard with predefined policies allows for quick and simple deployment. The solution also leverages the FortiGuard Labs which offers sandboxing, IP reputation and signatures.
What MDR (Managed Detection and Response) solution is supported by Fortinet?
Fortinet’s FortiResponder MDR Service is available as part of FortiEDR advanced endpoint security platform (see, Fortinet products and services: FortiEDR). The service includes constant threat monitoring, incident handling leveraging security analysts and alert triage. The security experts from Fortinet analyze all alerts and provide remediation advice for IT administrators and incident responders, enhancing SOC expertise.
After MDR, clients can deploy FortiResponder Forensics and Incident Response Service which is designed to help clients to analyze, respond, contain and remedy security incidents. This service is also available to clients who do not implement FortiEDR.
What NDR (Network Detection and Response) solution is supported by Fortinet?
Fortinet do not offer an NDR solution, however they do have XDR (see below), MDR (see above) and EDR (see, Fortinet products and services: FortiEDR) solutions.
What XDR (Extended Detection and Response) solution is supported by Fortinet?
FortiXDR, is Fortinet’s XDR offering, part of the Security Operations Center (SOC) platform. The solution is cloud-native, with cross-product detection and response whilst integrating with Fortinet Security Fabrics for visibility and control. FortiXDR is good for businesses with a small security team.
- Cross Product Incident Identification: Fortinet is able to develop analytics that match cyberattacks as they evolve. Correlated telemetry is collected across the Security Fabric and both are applied to identify any potential cybersecurity incidents.
- AI-Powered Investigation: Neural network-based decision engines are trained to replicate the investigation and classification of potential incidents that an SOC analyst would do, with the help of microservices.
- Automatable Response: Fortinet’s remediation framework can enable organizations to predefine steps that should be taken based on elements such as classification and individual/group.