October 29, 2020 By BlueAlly
Customer Perspectives
State and local governments and educational (SLED) institutions face many of the same security challenges as other organizations, but often with less man power and budget, and more regulations that must be closely followed. For example, a local government may have a small seven-person team maintaining and managing network security and access to critical resources for thousands of users across an entire county. Or a public college in a hurricane-prone region must ensure business continuity for 11 campuses with limited resources.
Unlike their commercial counterparts, security leaders in SLED organizations do not have the latitude to break down departmental silos or move operations to more favorable locations. They must secure whatever data, applications, and user groups exist in their organization, while adhering to budget and regulatory constraints.
Operational efficiency is key for the continued success of SLED organizations. Here, we will outline three ways in which the Fabric Management Center enhances the value of the Fortinet Security Fabric for SLED customers.
Fortinet Fabric Management Center
Centralized Management
While organizations and networks can scale rapidly, network and security operations teams often struggle to keep up. This is especially true in SLED organizations. For example, when the local government in Salt Lake County, Utah scaled its FortiGate footprint from twelve firewalls to 55 individual FortiGate NGFWs, security leaders realized the need for greater visibility and centralized control. FortiManager, the automation-driven centralized management component of the Fabric Management Center, was the perfect way to simplify network operations across all 55 firewalls.
As Salt Lake County’s information security analyst explains, “It definitely is a huge advantage being able to centrally manage the devices—it saves time to where you have redundancies. You only have to manage it once instead of 55 times. If I had to go change a policy stack on ten firewalls, that is an hour and a half, [but with FortiManager] that’s five minutes.”
Central Log Management and Analytics
Logs are an important source of truth for root-cause analysis, for operational issues, threat analysis, and for compliance reporting and audits. Small security teams can quickly become overloaded with data from various logs gathered from security devices and third party sources. The FortiAnalyzer component of the Fabric Management Center aggregates these logs and readily scales to support long-term or large-volume log retention requirements.
Log storage was an important factor for St. Petersburg College, which serves more than 30,000 students at 11 locations along the central Florida coast. Its FortiGate-VM firewalls, deployed in the Oracle Cloud Infrastructure, are configured to block any suspicious content requests. FortiGate automatically blocks the content at the network edge and sends the associated logs to FortiAnalyzer. Then, analysts will review the security logs and flag false positives as exceptions to the default-deny policy. To support this process and enable forensic investigation and external audit responses, the college has chosen to retain logs for five years.
According to St. Petersburg CTO David Creamer, consolidating log collection into a single tool and interface has been a huge asset. “My team simply would not be able to gather and analyze log data in the same way without the FortiAnalyzer user interface,” he notes.
Now, St. Petersburg’s team is able to rapidly inspect alerts on a daily basis, manage exceptions to their security policies, and quickly generate reports based upon collected data. These capabilities reduce the log analysis time and allow the team to generate reports more quickly than their previous solution.
Analysis speed is another important benefit of the Fabric Management Center. For example, at Westminster School in Marion, Australia, a student had been accused of posting inappropriate comments on a website. Former Westminster Director of ICT Services Keith Rutherford remembers: “Within two minutes, we got into [FortiAnalyzer], we found out exactly what he was doing at the time the post was made, and we proved without any doubt that it was not him.”
Fabric Automation
Due to a shortage of security analysts and administrators, SLED organizations are looking for ways to automate and orchestrate workflows and enforce security policies consistently. Reaching across on-premises and multi-cloud environments, the Fabric Management Center provides automation and orchestration capabilities via connectors, automation hooks, and real-time alerts.
St. Petersburg College is leveraging the automation capabilities in the Fabric Management Center to feed security logs from the content access requests to FortiAnalyzer. On the other hand, Westminster School has set up an automated process that enables teachers to control access to certain websites during their classes, without having to log an ICT help desk call. They also leveraged the automated functionality and industry-leading continuous risk assessment features to achieve a more intelligent system that is constantly updating upon, and evaluating, the School’s network practices.
Tailoring the Fabric Management Center to the Organizations Needs
By delivering enhanced visibility and insights across the entire architecture, the Fabric Management Center can help you uncover numerous opportunities to simplify your operations and improve efficiencies. Whether you need to economically deploy security at scale, expertly manage your architecture with minimal staff, or be ready to respond quickly to regulatory or internal audits, Fortinet can help you tailor the Fabric Management Center to your organization’s needs.