Fortinet SASE Solution
Cloud Delivered Security for Distributed Networks
Delivering the Highest Performance Cloud-delivered Network Security
SASE is the future of converged security and networking. From ZTNA, SWG to cloud-delivered NGFW, the Fortinet platform provides complete readiness for embracing SASE.
Over the past few years, organizations have been engaged in constantly expanding their multi-edge networking strategies to not only enable new work-from-home realities but also support workers as they become increasingly dependent on cloud applications and environments to do their jobs. But as these networks expand to meet new business demands, the attack surface increases. And unfortunately, most legacy security solutions in place have been unable to keep pace with cloudbased networking innovations.
The result is a growing gap between network functionality and security coverage that not only inherently exposes organizations to more points of compromise but also degrades the user experience of those remote workers that still rely on conventional, virtual private network (VPN)-only solutions to access the network. This is usually because all of their application traffic still needs to be backhauled through the network to receive security protections and access controls.
Secure access service edge (SASE) has been developed to address these issues, enabling organizations to rapidly converge and scale-out their security and networking strategies. With SASE, they can securely deliver an expanding and dynamic set of new network edges as well as meet the new demands of a hybrid workforce distributed between on- and off-network users.
Because supporting this new distributed and performance-heavy strategy is now fundamental to succeeding in today’s digital marketplace, selecting the right SASE vendor to partner with can mean the difference between operational success and struggling to keep all of the essential elements working together. In theory, SASE provides secure access to the cloud for users anywhere. However, not all SASE solutions are equal in terms of scalability, security, and orchestration—which translates to increased overhead both in terms of the technologies that need to be implemented and the IT staff needed to get them to work as an integrated system.
What's in a SASE Solution?
With networks expanding beyond the WAN edge to thin branch networks and the cloud, traditional hub and spoke infrastructure models centered around the corporate data center begin to break down. A new networking and security strategy is required that combines network and security functions with WAN capabilities to support the dynamic, secure internet access for a “work from anywhere” workforce. That strategy is Secure Access Service Edge, or SASE.
SASE extends networking and security capabilities beyond where they have typically been available, allowing users, regardless of location, to take advantage of firewall-as-a-service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and a medley of other threat detection functions.
FortiSASE SIA – Introduction
Learn how FortiSASE brings together the best in visibility, security and orchestrated policy control for secure internet access to users anywhere, regardless of their location. With FortiSASE SIA, Fortinet provides seamless compatibility and integration with other Fortinet products and services, while leveraging FortiOS behind the scenes.
Fortinet Brings Networking and Security to the Cloud
Fortinet’s fully integrated SASE solution provides the broadest range of security-driven networking solutions on the market. Rather than an isolated, cloud-only approach, FortiSASE offers SASE services as an extension of the Fortinet Security Fabric to extend and leverage the power of FortiOS—the common operating system that ties the entire portfolio of Fortinet security solutions—everywhere. This unified, distributed model gives FortiSASE users a powerful suite of SASE services that are not only intuitive to deploy and manage, but that ensure consistent protections across dynamic and distributed networks.
With FortiSASE, Fortinet becomes the only vendor capable of providing consistent protection across every network edge. FortiSASE delivers advanced enterprise-grade security via cloud-based consumption, eliminating common security gaps with no impact to workflow operations for cloud and thin edge users.
What Problems Do Secure Access Service Edge (SASE) Solutions Solve?
As organizations adopt multi-cloud strategies and remote workforce policies, networks have grown more distributed and workers more dependent on cloud applications and environments to do their work. This expanding network also increases the attack surface. Most security solutions, however, have not kept pace with cloud-based networking innovations. This inherently exposes organizations to more points of compromise and degrades the user experience of remote workers dependent on conventional VPN-only solutions to gain network access.
For organizations struggling to adapt and secure a hybrid workforce comprised of a growing remote workforce, SASE offers a more scalable, centralized way of securing them. Since SASE is a cloud-delivered solution, it also allows organizations to shift away from purchasing numerous point-products to secure different parts of their networks and adopt a more operational cost service model as well.
In theory, SASE provides secure access to the cloud for users anywhere. With this said, not all SASE solutions are equal in scalability, orchestration, and security.
How Fortinet's SASE Service Can Transform Your Business
As a cloud-delivered multi-tenant solution with the common Fortinet operating system (FOS), ForitSASE allows security and infrastructure leaders a way to centrally provision, visualize, and manage all users within their networks on a per-device basis.
Additionally, FortiSASE is seamlessly orchestrated with the extensive Fortinet Security Fabric of over 30 solutions and an open ecosystem of over 300 partners. Organizations can take advantage of full access to the innovation, threat intelligence, and advanced, actionable services provided by FortiGuard Labs.
With FortiSASE, the following capabilities and tools are extended to the cloud:
- Firewall-as-a-Service (FWaaS): Leveraging the independently certified and acclaimed capabilities of Fortinet FortiGate Next-Generation Firewall combines high-performance SSL inspection and advanced threat detection techniques delivered via the cloud with FortiSASE. Establish and maintain secure connections for distributed users and analyze in-bound and out-bound traffic without impact on user experience.
- Domain Name System (DNS): With FortiSASE, automatically prevent malicious domains identified in real-time from threatening your core network.
- Intrusion Prevention (IPS): With FortiSASE you have access to the Fortinet Intrusion Prevention System, which monitors the network, looking for malicious activities attempting to exploit known vulnerabilities.
- Data Loss Prevention (DLP): FortiSASE provides DLP functionality to prevent end users from moving key information outside the network, making sure that both your network and data, are secure.
- Secure Web Gateway (SWG): Enjoy the power of Fortinet Secure Web Gateway to secure web access against both internal and external risks. Automatically block threats in encrypted traffic, including TLS 1.3 with the industry’s highest SSL inspection performance.
- ZTNA and VPN: With FortiSASE, you add enterprise-grade security on top of VPN and extend zero-trust network access to remote users. This allows FortiSASE to inherently integrate with pre-existing VPN solutions and extend zero-trust application access to remote off-network users.
- Sandboxing: Whether sandboxing is executed in the cloud or on an appliance, it provides crucial protection. FortiSASE delivers sandboxing via the cloud, ensuring that your organization stays ahead of bad actors wishing to access or compromise your system.
All of these capabilities combined make Fortinet the only networking and security vendor that can provide security at every network edge.
Firewall as a Service (FWaaS):
FWaaS is a firewall solution delivered as a cloud-based service that provides hyperscale, next-generation firewall (NGFW) capabilities that include web filtering, advanced threat protection (ATP), intrusion prevention system (IPS), and Domain Name System (DNS) security.
What Is Firewall as a Service (FWaaS)?
In many ways, FWaaS is much like a hardware firewall that you would have on-premises. However, it comes with distinct advantages, such as the ability to scale nearly instantaneously to suit an expanding network. You can also have new services provisioned that you previously did not need. All of this is possible, thanks to the fact that it is based in the cloud. Therefore, it can be molded according to the size, configuration, demand, and unique security needs of your network.
How FWaaS Works
Much like an NGFW solution, Firewall as a Service filters network traffic to safeguard organizations from both inside and outside threats. Along with stateful firewall features such as packet filtering, network monitoring, Internet Protocol security (IPsec), secure sockets layer virtual private network (SSL VPN) support, and Internet Protocol (IP) mapping features, FWaaS also has deeper content inspection capabilities that include the ability to identify malware attacks and other threats.
FWaaS is positioned between your network and the internet. As traffic attempts to enter your network, the FWaaS solution inspects it to detect and address threats. The inspection analyzes the information contained in the header of each data packet, garnering insight into where the packet came from and other behaviors that may signal it is malicious.
Further, FWaaS can look at the data within the packet. This kind of deep packet inspection (DPI) can alert the threat response team to dangers with innocent-looking information in their headers, allowing them to be mitigated. With some FWaaS offerings, you get an NGFW powering the solution. With an NGFW, you also can get machine-learning tools that can identify novel, zero-day threats that have never been encountered before. This is done by analyzing how the data packets behave and looking for anomalous and potentially dangerous behavior.
As more organizations see their networks growing more decentralized, the benefit of moving applications and data to the cloud has become more practical and common. This is true for the firewall as well. Now, offering firewall via the cloud and as a service, the enterprise can realize the benefits of NGFW embedded within their cloud infrastructure.
Why Do Companies Need FWaaS?
FWaaS allows customers to partially or fully move security inspection to a cloud infrastructure. With security in the cloud, your solution is managed by the cloud provider, who will maintain the hardware infrastructure that powers your solution. Your service agreement will include details outlining the types of features you will have access to, depending on the subscription you choose. Many companies need a service-based architecture because it gives them the freedom to expand on-demand without having to worry about provisioning new hardware.
Maintaining hardware firewalls does not fit into many companies’ budgets or operational workflow, making FWaaS an attractive option. The convenience that comes with all updates and adjustments to settings being handled by the provider allows organizations to free up critical resources, time, and energy for other, mission-critical pursuits.
With FWaaS, an organization's distributed sites and users are connected to a single, logical, global firewall with a unified application-aware security policy, allowing them to better scale security. The Firewall as a Service provider gives all employees access to resources that protect a wide range of devices, making FWaaS a one-solution-fits-all option, regardless of the size of the organization.
This makes FWaaS a foundational component of any secure access service edge (SASE) architecture because it provides the functionality of NGFW without the high capital expenditure (CapEx) costs associated with an on-premises wide-area network (WAN) infrastructure investment. In an on-premise setup, upgrading your system involves taking the time to source the best components and compare them with each other before committing to a purchase. Then, after parting with valuable funds to purchase the item, the organization has to ensure staff is familiar with how it operates, how to maintain it, and how to ensure it is properly updated. For many companies, this is a heavy load to lift. With FWaaS, this is all taken care of by the provider.
FWaaS takes advantage of advances in software and cloud technologies to deliver a wide range of network security and inspection capabilities, provided on-demand for users anywhere. With an in-house setup, your IT team has to keep abreast of the latest software and technological developments impacting the world of network security. Some companies need FWaaS simply to ensure they have the latest and greatest protection. When the provider protects your network, you are more likely to have cutting-edge technologies and methodologies than if you put that responsibility on your in-house staff.
Advantages of Firewall as a Service
For companies looking for an agile security solution, FWaaS presents several distinct advantages. To maintain flexibility, many organizations are shifting away from traditional in-house options and trusting an FWaaS provider with the protection of their network.
Unified Security Policy Deployed via the Cloud
Unified security involves combining multiple security initiatives under one umbrella. The overarching service is therefore able to shield the organization from a wider variety of threats. A unified security architecture may incorporate intentional redundancy that results from two or more security measures that are able to stop the same kind of threat.
Having this managed in the cloud streamlines your setup. Instead of having to find, purchase, configure, and manage each facet of your unified architecture, the service provider takes care of all that for you.
Flexible Deployment and Operating Expense (OpEx) Consumption Model
Deploying an in-house solution can be complex and time-consuming. There are a lot of moving parts, equipment-related and otherwise. With an FWaaS, on the other hand, deployment is handled by the provider. Often, this can be done quickly and with little to no work on the part of the company. In situations where custom configurations are needed, the organization only has to provide the necessary information to the provider, who can then customize the deployment.
Your OpEx consumption model needs to have flexibility as well. It is rare that an organization’s OpEx figures are static—they need to be able to adjust as needs arise. With FWaaS, you can find ways to get the most out of your budget and even ways to limit OpEx expenditures while still achieving the security you need. You can present your situation to your FWaaS provider, and they can help you choose the package that suits your needs. This can change as frequently as you want with very little onboarding time.
Simplified Deployment and Maintenance
Deploying a new on-premises security suite—or even a single security tool—can involve heavy time and resource investments. With FWaaS, all you have to do is tell your provider what you need. They have the resources on hand already, and all configuration details can be handled by their team.
Scaling your FWaaS solution is simple. You merely have to discuss your new needs with your provider. They can then advise you based on your business’s goals. Also, when you scale with an FWaaS, it is relatively easy to roll back to your old configuration if the new solution turns out to be unnecessary or excessive.
With an on-premises solution, you may not be able to get a refund of your money—and there is no way to get a “refund” on the time invested in deploying the scaled-up solution.
With an FWaaS, you can decide when and how you want to deploy protections based on the processes and assets you want to protect. You can also decide where in a cloud-based data chain you want to place your protections.
For example, if your DevOps team is using a cloud-native development architecture, you can deploy an FWaaS solution to protect their processes. You can also use FWaaS to protect a cloud-native database, application, or content management system. Further, you can tweak the configuration of each solution as you see fit.
FWaaS vs. NGFW
With a cloud-based architecture, you may have a challenging decision to make: FWaaS or NGFW? For many companies rooted in the cloud, there are some distinct advantages of opting for FWaaS over NGFW.
- FWaaS provides faster performance with cloud applications: Cloud applications like Microsoft 365 are made to be used on the internet. With an NGFW, traffic would have to be sent back to a corporate data center before going back to the internet. That could hurt performance.
- FWaaS makes it easier to duplicate security architectures: If you have several locations, setting up NGFWs at each one may be prohibitively expensive or time-consuming. With an FWaaS, deployment is straightforward and quick.
- Some NGFWs cannot adequately inspect SSL traffic: An NGFW may have to use software to process SSL inspections. This can negatively impact the experience of the user.
How Fortinet Can Help
The Fortinet SASE service provides FWaaS that has all the benefits of the FortiGate NGFW, including SSL inspection and the advanced detection of threats. Further, the Fortinet SASE gives you protection against DNS threats, an intrusion prevention system, data loss prevention (DLP), a secure web gateway, virtual private networking, zero-trust network access (ZTNA), and sandboxing. This provides you with a security solution that covers every edge of your network.
What is FWaaS?
FWaaS is a firewall solution delivered as a cloud-based service that provides hyperscale, next-generation firewall (NGFW) capabilities, including web filtering, advanced threat protection (ATP), intrusion prevention system (IPS), and Domain Name System (DNS) security.
How does Firewall as a Service work?
FWaaS is positioned between your network and the internet. As traffic attempts to enter your network, the FWaaS solution inspects it to detect and address threats. The inspection analyzes the information contained in each data packet, garnering insight into where the packet came from and other behaviors that may signal it is malicious.
What is firewall service?
Firewall service refers to an offering organizations can subscribe to that protects their network from threats using a firewall. This is sometimes preferable to setting up your own physical infrastructure to manage your security.
Domain Name System (DNS):
The Domain Name System (DNS) turns domain names into IP addresses, which browsers use to load internet pages. Every device connected to the internet has its own IP address, which is used by other devices to locate the device. DNS servers make it possible for people to input normal words into their browsers, such as Fortinet.com, without having to keep track of the IP address for every website.
What is a DNS Server?
A DNS server is a computer with a database containing the public IP addresses associated with the names of the websites an IP address brings a user to. DNS acts like a phonebook for the internet. Whenever people type domain names, like Fortinet.com or Yahoo.com, into the address bar of web browsers, the DNS finds the right IP address. The site’s IP address is what directs the device to go to the correct place to access the site’s data.
Once the DNS server finds the correct IP address, browsers take the address and use it to send data to content delivery network (CDN) edge servers or origin servers. Once this is done, the information on the website can be accessed by the user. The DNS server starts the process by finding the corresponding IP address for a website’s uniform resource locator (URL).
How Does DNS Work?
In a usual DNS query, the URL typed in by the user has to go through four servers for the IP address to be provided. The four servers work with each other to get the correct IP address to the client, and they include:
- DNS recursor: The DNS recursor, which is also referred to as a DNS resolver, receives the query from the DNS client. Then it communicates with other DNS servers to find the right IP address. After the resolver retrieves the request from the client, the resolver acts like a client itself. As it does this, it makes queries that get sent to the other three DNS servers: root nameservers, top-level domain (TLD) nameservers, and authoritative nameservers.
- Root nameservers: The root nameserver is designated for the internet's DNS root zone. Its job is to answer requests sent to it for records in the root zone. It answers requests by sending back a list of the authoritative nameservers that go with the correct TLD.
- TLD nameservers: A TLD nameserver keeps the IP address of the second-level domain contained within the TLD name. It then releases the website’s IP address and sends the query to the domain’s nameserver.
- Authoritative nameservers: An authoritative nameserver is what gives you the real answer to your DNS query. There are two types of authoritative nameservers: a master server or primary nameserver and a slave server or secondary nameserver. The master server keeps the original copies of the zone records, while the slave server is an exact copy of the master server. It shares the DNS server load and acts as a backup if the master server fails.
Authoritative DNS Servers vs. Recursive DNS Servers: What’s the Difference?
Authoritative nameservers keep information of the DNS records. A recursive server acts as a middleman, positioned between the authoritative server and the end-user. To reach the nameserver, the recursive server has to “recurse” through the DNS tree to access the domain’s records.
Authoritative DNS Server
To use the phone book analogy, think of the IP address as the phone number and the person’s name as the website’s URL. Authoritative DNS servers have a copy of the “phone book” that connects these IP addresses with their corresponding domain names. They provide answers to the queries sent by recursive DNS nameservers, providing information on where to find specific websites. The answers provided have the IP addresses of the domains involved in the query.
Authoritative DNS servers are responsible for specific regions, such as a country, an organization, or a local area. Regardless of which region is covered, an authoritative DNS server does two important jobs. First, the server keeps lists of domain names and the IP addresses that go with them. Next, the server responds to requests from the recursive DNS server regarding the IP address that corresponds with a domain name.
Once the recursive DNS server gets the answer, it sends that information back to the computer that requested it. The computer then uses that information to connect to the IP address, and the user gets to see the website.
Recursive DNS Server
After a user types in a URL in their web browser, that URL is given to the recursive DNS server. The recursive DNS server then examines its cache memory to see whether the IP address for the URL is already stored. If the IP address information already exists, the recursive DNS server will send the IP address to the browser. The user is then able to see the website for which they typed in the URL.
On the other hand, if the recursive DNS server does not find the IP address when it searches its memory, it will proceed through the process of getting the IP address for the user. The recursive DNS server's next step is to store the IP address for a specific amount of time. This period of time is defined by the person who owns the domain using a setting referred to as time to live (TTL).
DNS Servers and IP Addresses
Computers and various devices that use the internet depend on IP addresses to send a user's request to the website they are attempting to reach. Without DNS, you would have to keep track of the IP addresses of all the websites you visit, similar to carrying around a phone book of websites all the time. The DNS server allows you to type in the name of the website. It then goes out and gets the right IP address for you. Armed with the IP address, your computer (or browser) can bring you to the site.
For instance, if you input www.fortinet.com in your web browser, that URL, on its own, cannot bring you to the website. Those letters cannot be “read” by the servers that connect you with the site. However, the servers are able to read IP addresses. The DNS server figures out which IP address corresponds with www.fortinet.com and sends it to your browser. Then the website appears on your device’s screen because the browser now knows where to take your device.
Browser DNS Caching
The operating system (OS) used by your device stores DNS resource records through the use of caching. Caching prevents redundancy when someone tries to go to a site. This, in turn, reduces the amount of time it takes to get to the website. If the device you are using recently went to the page it is trying to access, the IP address can be supplied by the cache. In this way, the website request can be completed without involving the DNS server.
The DNS cache, therefore, helps streamline the DNS lookup process that would otherwise be necessary to link a domain name to an IP address. This makes the process of getting to the website much faster.
OS DNS Caching
The operating systems of many devices are capable of maintaining a local copy of DNS lookups. This makes it possible for the OS to quickly get the information it needs to resolve the URL to the correct IP address.
How to Perform a DNS Lookup
Each domain has DNS records, and these are pulled by nameservers. You can check the status of the DNS records associated with your domain. You can also examine the nameservers to ascertain which records are being pulled by the servers. On a Windows computer, for example, this is done using the NSLOOKUP command. Here’s how to do it:
- Access the Windows command prompt by going to Start >> command prompt. You can also get to it via Run >> CMD.
- Type NSLOOKUP and then hit Enter. The default server gets set to your local DNS, and the address will be your local IP address.
- You then set the type of DNS record you want to look up by typing "set type=##" where "##" is the record type, then hit Enter. You can also use A, AAAA, A+AAAA, ANY, CNAME, MX, NS, PTR, SOA, or SRV as the record type.
- Enter the domain name you want to query. Hit Enter.
- At this point, the NSLOOKUP returns the record entries for the domain you entered.
What is a DNS Revolver?
A DNS resolver is also referred to as a recursive resolver. It is designed to take DNS queries sent by web browsers and applications. The resolver receives the website URL, and it then retrieves the IP address that goes with that URL.
What are the Types of DNS Queries?
During the DNS lookup process, three different kinds of queries are performed. The queries are combined to optimize the resolution of the DNS, saving time.
- Recursive query
- Iterative query
- Non-recursive query
Free vs. Paid DNS Servers: What is the Difference?
In some cases, a regular user may not need a paid DNS server. However, there are significant benefits of paying for a premium DNS.
- Dynamic DNS (DDNS): A DDNS maps internet domains, matching them to IP addresses. This enables you to get into your home computer no matter where you are in the world. DDNS is different from a regular DNS because it works with changing or dynamic IP addresses, making them a good choice for home networks.
- Secondary DNS: A secondary DNS nameserver makes sure that your domain does not go offline. It provides you with a redundancy or backup that can be accessed in the event of a complication.
- Management interface: Many paid DNS servers offer users a dashboard they can use to manage their service and tweak it according to their needs.
- Two-factor authentication: You can provide protection for your domain with an extra level of authentication.
- More security: When you make use of a paid DNS server, you get another protective level of security. This helps shield your website from attackers.
- Better, faster performance: A paid DNS server comes with a service-level agreement (SLA). Each SLA guarantees a high rate of DNS resolution, often between 99% and 100%.
- Customer service: With a paid DNS server, you get the additional advantage of customer service that can answer questions and troubleshoot any issues.
What is DNS Cache Poisoning?
DNS cache poisoning, also called DNS spoofing, involves the introduction of corrupt DNS data into the resolving device’s cache. This results in the nameserver returning the wrong IP address.
The operating systems of many devices are capable of maintaining a local copy of DNS lookups. This makes it possible for the OS to quickly get the information it needs to resolve the URL to the correct IP address.
How Fortinet Can Help
FortiGate can be configured as a DNS server, giving users significant advantages. For instance, if an organization has a web server in their outward-facing services that employees and users from outside the company access, FortiGate can be used to cache queries. When users from within the company go to a website, their requests for the site get sent to a DNS server on the internet. This server then sends back either an IP address or a virtual IP address. Once the company configures an internal DNS server using FortiGate, that request gets resolved internally using the internal IP address of the web server. Therefore, both inbound and outbound traffic are reduced, which means it takes less time to get to the site.
FortiGate can also act as a secondary DNS server. To accomplish this, FortiGate communicates with an external source and uses it to get the URL and IP address information. If a large company with several satellite offices wants to optimize their network performance, they could use FortiGate in this way. The company’s primary server can be used to maintain a list of accessed sites. The satellite offices can use FortiGate as a secondary server to connect to the primary DNS server and get the IP addresses they need.
FortiGate also offers protection from DNS tunneling, a type of cyberattack where the data of other programs or protocol is encoded in DNS queries and responses. This gives criminals the opportunity to pass stolen information or insert malware into DNS queries. DNS tunneling can also be used to engage in covert communication and slip through firewalls. The FortiGate DNS solution protects an organization from cyber criminals seeking to use DNS tunneling to their advantage.
What is DNS?
A Domain Name System (DNS) turns domain names into IP addresses, which allow browsers to get to websites and other internet resources. Every device on the internet has an IP address, which other devices can use to locate the device. Instead of memorizing a long list of IP addresses, people can simply enter the name of the website, and the DNS gets the IP address for them.
What is an example of DNS?
An example of a DNS is that which is provided by Google. The address of Google’s primary DNS is 126.96.36.199.
How do I find my DNS?
On a Windows computer, you can find your DNS by going to the command prompt, typing “ipconfig/all”, and then hitting Enter.
What are the types of DNS?
There are four types of DNS: recursive resolvers, root nameservers, TLD nameservers, and authoritative nameservers.
Is changing DNS safe?
Yes, changing your DNS does not present any inherent dangers.
Should I use private DNS?
Yes, a private DNS can offer you enhanced security compared to other DNS options.
Intrusion Prevention (IPS):
An intrusion prevention system (IPS) is a critical component of every network’s core security capabilities. It protects against known threats and zero-day attacks including malware and underlying vulnerabilities. Deployed inline as a bump in the wire, many solutions perform deep packet inspection of traffic at wire speed, requiring high throughput and low latency.
Fortinet delivers this technology via the industry-validated and recognized FortiGate platform. FortiGate security processors provide unparalleled high performance, while FortiGuard Labs informs industry-leading threat intelligence, which creates a proven success in protecting from known and zero-day threats. As a key component of the Fortinet Security Fabric, FortiGate IPS secures the entire end-to-end infrastructure without compromising performance.
FortiGate IPS Models and Specifications
FortiGate IPS is available in different form factors and models to meet the needs of your environment. All models offer full FortiGate IPS functionality and can be managed across all form factors in a single FortiManager-FortiAnalyzer instance.
- FortiGate Mid-Range IPS
- FortiGate High-End IPS
- FortiGate Ultra High-End IPS
- FortiGate Chassis IPS
- FortiAnalyzer Series
- FortiManager Series
Features and Benefits
Leading Threat Intelligence
Comprehensive protection against known and zero-day threats, as well as targeted attacks
Protect the network against exploitable vulnerabilities
Independent third-party validation for performance and security effectiveness
Innovative security processor technology provides high-performance network throughput and deep security inspection
Advanced Threat Protection
Seamless integration – appliance or cloud service – with world-class sandboxing for advanced threats
Security Fabric Integration
Integration and automation with Fortinet’s broad product portfolio and partner ecosystem
Encrypted Traffic Blindspot
Supports the latest ciphers and standards with best-in-class performance
FortiGate IPS: Protect Against Known and Zero-day Threats | Intrusion Prevention System
Fortinet’s FortiGate offers a comprehensive security driven network platform that delivers an industry validated solution to the enterprises. Purpose built for enterprises and designed to deliver superior security efficacy and the industry’s best IPS performance. Powered by the AI/ML driven threat intelligence from FortiGuard Labs.
FortiGate IPS Product Details
The evolution in network infrastructure has led to the expansion of the attack surface for known, unknown, and zero-day threats. It delivers industry-validated, consistent, and sustained performance with high security efficacy. It includes multiple inspection engines, threat intelligence feeds, and advanced threat capabilities to defend against all types of attacks. It is available as part of the FortiGate platform across hybrid infrastructures with advanced analytics and policy workflows through FortiAnalyzer. Its best-of-breed performance offers unique architecture and superior threat intelligence capabilities through FortiGuard Labs.
Data Loss Prevention (DLP):
What Is DLP?
DLP, or Data Loss Prevention, is a cybersecurity solution that detects and prevents data breaches. Since it blocks extraction of sensitive data, organizations use it for internal security and regulatory compliance.
DLP enables businesses to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of sensitive or personally identifiable data (PII). It is also used to help organizations with data security and ensure they comply with regulations like the California Consumer Privacy Act (CCPA), EU General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability Act (HIPAA).The terms "data loss" and "data leakage prevention" are often used interchangeably, but DLP security enables organizations to defend themselves against both. DLP allows businesses to:
- Identify sensitive information across multiple on-premises and cloud-based systems
- Prevent the accidental sharing of data
- Monitor and protect data
- Educate users on how to stay compliant
Why You Need DLP
The threat of data breaches—incidents where protected is stolen, used, or viewed by an unauthorized individual—has rapidly increased as the world became more digital. There were more than 3,800 breaches in the first half of 2019 alone. DLP is a crucial tool in helping businesses protect their data.
Personally Identifiable Information (PII)
DLP, or Data Loss Prevention, is a cybersecurity solution that detects and prevents data breaches. Since it blocks extraction of sensitive data, organizations use it for internal security and regulatory compliance.
DLP enables businesses to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of sensitive or personally identifiable data (PII). It is also used to help organizations with data security and ensure they comply with regulations like the California Consumer Privacy Act (CCPA), EU General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability Act (HIPAA).
Intellectual Property (IP)
PII is data that could potentially identify an individual or distinguish them from another person. This includes end-users’ email addresses, mailing addresses, and Social Security numbers, as well as IP addresses, login IDs, social media posts, and biometric and geolocation information. There are stringent regulations in place to protect this, such as GDPR, that grant people more rights around how companies handle their data and impose heavy fines for noncompliance and breaches.
DLP security enables businesses to classify, identify, and tag data and monitor activities and events surrounding it. It also provides the reporting capabilities that let organizations complete compliance audits.
HIPAA places extensive data security requirements on all businesses that have access to, process, and store any protected health information. The organization defines guidelines, policies, and procedures for maintaining the privacy and security of individually identifiable health information. It also outlines offenses and civil and criminal penalties for failing to protect this data.
Like GDPR, DLP is vital for organizations that need to comply with HIPAA. It allows them to identify, classify, and tag data that is covered by regulations and ensure end-users are protected.
How DLP Works
DLP systems protect businesses’ data by identifying sensitive information, then using deep content analysis to detect and prevent potential data leaks. This content analysis uses methods like keyword matches, regular expressions, and internal functions to recognize content that matches a company’s DLP policy. As a result, businesses can identify, monitor, and automatically prevent the theft or exposure of protected data.
Define Sensitive Data
The first step in deploying DLP is for businesses to define the sensitive data they want to protect and build a DLP policy around. This could be credit card details, email addresses, and Social Security numbers, or simply a list of names in a spreadsheet.
A DLP policy contains:
- Locations and systems where data needs to be protected
- When and how to protect data
- Rules that define sensitive data and actions when a security risk is discovered
- Conditions that assign different actions to different risk levels
Take a Proactive Approach
Simply having a DLP solution in place is not enough to keep attackers at bay. Businesses need to monitor user activity and protect confidential data when it is at rest, in use, and in motion.
- Data in motion: Also referred to as data in transit, this is data that is actively moving from one location to another, either over the internet, between networks, from a local storage device to the cloud, or through a private network. Data can often be less secure while in motion, so it is vital to have effective data protection measures in place.
- Data in use: Data that is currently being accessed, erased, processed, updated, or read by a system is considered in use. This includes information that is stored or processed in databases, CPUs, or RAM, such as a user requesting access to transaction history in their online banking account.
- Data at rest: This is data that is not actively moving between devices or networks and is archived or stored on a device or hard drive. Data at rest is considered less vulnerable than data in motion, but it can be considered a more valuable target by hackers. It is therefore important to have security measures in place to prevent cybercriminals from gaining access to it.
Detect and Respond in Real-Time
DLP uses several methods to detect sensitive data, but the most common is regular expression pattern. This analyzes content for common patterns, such as 16-digit card numbers or nine-digit Social Security numbers, alongside indicators like the proximity of certain keywords.
For example, a Visa card has 16 digits, but not every 16-digit number will be a credit card number. So DLP performs a checksum calculation to confirm whether the numbers match the patterns of various brands. It also looks for the existence of keywords like "VISA" or "AMEX" in proximity to dates that could be an expiration date to decide whether sensitive information is at risk.
When a violation is discovered, DLP remediates it by sending alerts, encrypting data, and other actions that prevent users from accidentally or maliciously sharing sensitive information. It also provides reports that enables businesses to meet compliance and auditing requirements, as well as identify areas of weakness.
Solutions like security information and event management (SIEM) and intrusion prevention system (IPS) also offer similar functions that help businesses to identify suspicious movement and alert IT teams of a potential breach.
Types of Data Threats
Cybercriminals deploy a wide range of hacking methods that range in simplicity and sophistication. Common types of data threats include:
Extrusion is the act of cybercriminals targeting and attempting to steal sensitive data. They try to penetrate businesses’ security perimeters using techniques like code injection, malware, and phishing.
WannaCry was dubbed the biggest malware attack in history after it infected 230,000 computers in 150 countries in May 2017. Attackers targeted a vulnerability in older versions of Windows, then encrypted files and demanded a ransom fee in exchange for unlocking them.
An insider threat is a breach that comes from within an organization. The malicious insider could be a current or former employee, a contractor, or business associate that has information about the organization’s security practices and systems. The insider either abuses their own permissions or compromises the account of a user with higher privileges and attempts to move data outside the organization.
In 2016, UK technology firm Sage was the victim of an insider threat breach after an employee used an internal login to access the data of between 200 and 300 customers without permission. The breach was relatively small and it has not been revealed what data was affected, but the impact of the attack was proven by Sage’s shares falling by 4% in the aftermath.
The credit card data breach of Target in 2013 is a good example of the financial and reputational risk of insider threat attacks. The attack, which impacted 41 million consumers and cost Target $18.5 million, was caused by a third-party vendor taking critical systems credentials outside of a secure use case. This enabled hackers to exploit a vulnerability in Target’s payment systems, gain access to its customer database, install malware, and steal customers’ information.
DLP can prevent such risks by providing businesses with comprehensive visibility of file transactions and user activity across their IT environment. It enables businesses to keep files for as long as is required to protect data and compliance requirements, even when an employee has left the organization. Data loss prevention also allows file recovery capabilities that enable organizations to recover from malicious or accidental data loss.
Breaches can also be caused by unintended or negligent data exposure. This typically occurs as a result of inadequate employee data procedures, in which employees either lose sensitive information or provide open access to their account or data. It can also be caused by businesses not putting appropriate access restrictions in place on organizational policies.
A breach of cybersecurity firm RSA in 2011 compromised 40 million employee records after users clicked on emails sent from targeted phishing attacks. The attack came from two hacker groups within a foreign government pretending to be trusted colleagues. When employees clicked on the emails, the hackers gained access to systems and compromised SecurID authentication tokens.
DLP’s content analysis engine enables businesses to identify when sensitive information are potentially at risk of being shared externally. They can then take action by logging the event for auditing, displaying a warning to the employee that could unintentionally be sharing the information, or actively blocking the email or file from being shared.
A good data loss prevention product is vital for businesses, with data volumes exploding to exponential levels and cybercriminals deploying increasingly sophisticated attack methods. It is crucial to ensure that business-critical, sensitive data is secure at all times, no matter where it is located.
FortiGate is a comprehensive security product that provides DLP, as well as next-generation firewall (NGFW), SD-WAN, and more. It furnishes businesses with everything they need to keep their data and users secure and prevent costly data loss incidents. Discover how Fortinet can keep your business secure. Protect Your Data with FortiGate NGFWs.
Secure Web Gateway (SWG):
As Enterprises continue to rearchitect their WAN Edge with rapid migration of applications to the cloud, the attack surface at the remote sites/branch locations continues to increase. This risk is especially high for web-based traffic, as web-based threat continue to be one of the primary attack vectors. As attack techniques become more advanced and versatile, organizations need an integrated approach to secure against external and internal risks. Fortinet's secure web gateway provides flexible deployment options to protect against internet-based threats without compromising on end-user experience.
Features and Benefits
Feature-rich product that consolidates NGFW and SWG services
Powerful hardware that can perform SSL Deep Inspection
Anti-Malware techniques updated with the latest threat intelligence
Reduce security team's workload by providing a single pane of glass maagement for both NGFW and SWG
Effectiviely remove blind spots in encrypted traffic, without compromising on performance
Stay protected aganist the latest known and unknown internet-borne attacks
What is a Secure Web Gateway (SWG)?
Secure Web Gateway (SWG) solutions use web filtering to enforce company Internet access policies. They also filter unwanted software, especially malware, from user-initiated Internet connections.
SWGs are hugely important as enterprises have continued to evolve their WAN Edge. Applications are rapidly migrating to the cloud, and the attack surface at remote sites and branch locations continues to increase. Security risks are especially high for web-based traffic, and as attack techniques become more advanced, organizations need an integrated approach to secure against external and internal risks.
An SWG solution should include URL filtering, application control, deep HTTPS/SSL inspection, data loss prevention and remote browser isolation capabilities. SWGs are increasingly popular, and the overall web gateway market is expected to reach $4B by 2023.
Fortinet's SWG provides flexible deployment options, including explicit, transparent, and inline modes, to protect against internet-based threats without harming end-user experience.
Secure Web Gateway vs. Firewall
SWGs prevent malware infections, block access to malicious websites and applications, and enforce company compliance policies, especially at branch offices and for remote workers.
SWGs are similar to firewalls in that they both can discern malicious Internet traffic from benign traffic, and both provide advanced network security protections. Firewalls function at the packet level. The primary role of SWGs, however, is to identify and protect against advanced attacks by inspecting web traffic at the application level—without compromising on overall web experience.
A fully integrated enterprise security strategy requires both SWGs and next-generation firewalls (NGFW).
Secure Web Gateway vs. Proxy
Traditional web proxy tools manage how traffic passes between an organization’s internal endpoints and the Internet. Over time, organizations have embraced Secure Web Gateway solutions to offer a more advanced set of capabilities beyond what traditional proxy alone can offer.
Fortinet 6.4 Secure Web Gateway Deployment Use Cases
FortiGate SWG protects against web attacks with URL filtering, visibility and control of encrypted web traffic via SSL inspection, and application of granular web application policies. This demo walks through several key use cases: How to block malicious web pages using FortiGuard Web Filtering, How to enforce Acceptable Use policy, How to enforce DLP policy, and How to utilize Browser Isolation with SWG.
Fortinet Secure Web Gateway
Fortinet Secure Web Gateway defends users from internet-borne threats and helps enterprises enforce policy compliance for internet applications. With FortiGate SWG, you can deploy industry-leading Fortinet Next-Generation Firewalls as a proxy.
FortiGate SWG consolidates NGFW and SWG services, helping enterprises manage their network security solution with ease. It supports all proxy deployment modes and uses multiple detection techniques such as web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention, and advanced threat protection to protect employees from internet threats.
FortiGate SWG is best suited for enterprises looking to consolidate network security services and optimize the workload of security teams.
Enterprises can also adopt FortiProxy, a dedicated Secure Web Gateway solution. Among many benefits, FortiProxy offers integration with FortiGuard Threat Intelligence services—continuously updated threat intelligence used to enhance DNS and web filtering, intrusion prevention, dynamic analysis using sandboxing, antivirus and DLP, and content analysis.
The Importance of Secure Web Gateway
SWGs keep enterprise networks safe from malicious Internet traffic, preventing threats from entering the network and causing an infection or intrusion.
Critical SWG features such as SSL inspection are increasingly necessary to protect enterprises, especially with more than half of all attacks and malicious Internet traffic today using encryption.
Zero Trust Network Access (ZTNA) and VPN:
What is Zero Trust Network Access (ZTNA)?
Zero trust network access (ZTNA) is an element of zero trust access that focuses on controlling access to applications. ZTNA extends the principles of zero trust access (ZTA) to verify users and devices before every application session. This confirms that they meet the organization’s policy to access that application.
Fortinet Brings ZTNA to the Fortinet Security Fabric
Starting with the FortiOS 7.0 release, ZTNA capabilities are enabled on any device or service running FortiOS. This includes hardware appliances, virtual machines in clouds, or even the FortiSASE service.
A FortiGate next-generation firewall and the FortiClient ZTNA agent are all that’s needed for your organization to enable more secure access and a better experience for your remote users, whether on or off the network. These benefits are compelling many organizations to shift from VPN to ZTNA.
Scalable High-Speed Diverse Crypto VPNs Overview
Organizations are transforming the way they do business in a variety of ways, from creating new operating and cost efficiencies to service delivery methods. As they adopt multiple clouds to make the data and applications that enable these business innovations available wherever they are needed, this new infrastructure unintentionally results in an increased digital surface and exposes data in transit breaches.
Security has emerged as one of the primary roadblocks to multi-cloud adoption that requires movement of data, applications, and services from on-premises data centers to the cloud. Consequently, distributed environments must provide consumption from places such as campuses, branch offices and newly emerged smart mobile devices in a manner that is consistent with established corporate and regulatory compliance secure access policies.
Accelerating the on-ramp to the cloud requires a new, innovative approach. Security-driven networking allows enterprises to architect networks that deliver seamlessly integrated end-to-end security to connect with multiple clouds and implement a cloud-first strategy.
Maintaining a consistent security policy and appropriate access control for all corporate users, applications, and devices regardless of their location is essential in a multi-cloud environment. The sensitive corporate and customer data in motion must be protected at network speeds using mutual authentication and confidentiality over unprotected networks to achieve a defensible proof of privacy and compliance.
Features and Benefits
Hardware Assisted Encryption
Prevent breaches and secure data in transit at a very high speed.
Scalable security that is seamlessly integrated with routing.
Comprehensive Data Communications Security
Protects Application to Application, User to Users, User to Machine, Machine to Machine communication.
IPsec or SSL based diverse VPNs to offer flexible secure network choices.
Secuirty Fabric Integration
Share FortiTelemetry information across site-to-site tunnels with required confidentiality.
Simplified, easy-to-manage, single pane of glass to manage large scale crypto VPNs, Routing and NGFW.
Scalable High-Speed Diverse Crypto VPNs Videos
Autonomous Driving Lightboard
Fortinet enables Automakers to securely transport Autonomous car data to multiple clouds using high-speed interfaces and high-performance crypto VPN solutions. The Autonomous car data is stored and processed in multi-cloud environments to train the machine learning models and build the safest cars of the future.
Scalable High-Speed Diverse Crypto VPNs Product Details
Organizations select FortiGate scalable and high-performance Crypto VPNs to protect users from man-in-the-middle attacks and ultimately data from breaches that can occur while high-speed data is in motion. Fortinet VPN technology provides secure communications across the Internet between multiple networks and endpoints, through both IPsec and Secure Socket Layer (SSL) technologies, leveraging FortiASIC hardware acceleration to provide high-performance communications and data privacy.
What is a Malware Sandbox?
Unlike previous generation of viruses that were non-sophisticated and low in volume, antivirus tools were sufficient to provide reasonable protection with their database of signatures.
However, today’s modern malware entails new techniques such as use of exploits. Exploiting a vulnerability in a legitimate application can cause anomalous behavior and it’s this behavior that attackers take advantage of to compromise computer systems. The process of an attack by exploiting an unknown software vulnerability is what is known as a zero-day attack aka 0-day attack, and before sandboxing there was no effective means to stop it.
A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment and uncovers any malicious intent. So if something unexpected or wanton happens, it affects only the sandbox and not the other computers and devices on the network. In parallel, any malicious intent is captured, leading to an alert and relevant threat intelligence generated to stop this zero-day attack.
Typical characteristics found in a malware sandbox:
- Detection engine consisting of static and dynamic analysis to capture both malware attributes and techniques
- Emulation of various device OS including Windows, macOS, Linux, and SCADA/ICS, and associated applications and protocols
- Accepts a multitude of sources including network packets, file shares, on-demand submission and automated submissions by NGFW, SEG, EPP/EDR, and WAF, other integrated security controls
- Reporting and automated sharing of threat intelligence
- Flexible deployment modes such as appliance, VM, SaaS and Public Cloud to fit various on-prem and cloud environments
Fortinet Sandbox Videos
Fortinet's ATP Security Fabric Approach
Fortinet FortiSandbox Solution automates protection of your organization from 0-day attacks across various threat vectors.
Fortinet Malware Sandbox Solution
- First-in-the-industry patent-pending Machine Learning (ML)-based static analysis, and ML-based dynamic analysis
- MITRE ATT&CK standards-based reporting
- Automated 0-day breach protection with integration to both Fortinet and non-Fortinet solutions
Sandbox and AV: Which is better?
|Type of malware detection||Known, polymorphic, unknown||Known and polymorphic|
|Malware analysis||Static and Dynamic/Behavior||Signature-based and Static|
Features and Benefits
NSS Labs "Recommended" for sandbox-powered breach detection and breach prevention, and ICSA Labs certified for advanced threat defense
Improved Efficacy and Performance
Leverages two machine learning models that enhance static and dynamic malware analysis of zero-day threats
Accelerated Threat Investigation
Built-in MITRE ATT&CK matrix identifies a variety of malware techniques
Extends zero-day threat detection to a next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform
Automated Breach Protection
Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization
Unified IT-OT-Zero-Day Threat Protection
Protects across both IT and OT environments and assets from malware