Fortinet ZTNA - Um contexto de sua Implementação
mjssbahia
110 views
37 slides
Oct 16, 2024
Slide 1 of 37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
About This Presentation
Visão ztna , uma contexto da arquitetura ztna d sua segurança. Abordagem do aspecto dos produtos que podem ajudar a implementação e como iniciar sua implementação.
Slide Content
Zero Trust Network
Access (ZTNA)
The Building Blocks of Zero Trust - Evolution of Access to
Applications
Andrea Adams – Regional Account Manager
Access (ZTNA)
The Building Blocks of Zero Trust - Evolution of Access to
Applications
Andrea Adams – Regional Account Manager
2 © Fortinet Inc. All Rights Reserved.
$4.18B
FY2021 Billing
Top 3
ASIC
Security Processing Unit (SPU)
High Performance
BBB+ Baa1
Security Investment Grade Rating
Financially Stable
50+
Integrated Fabric Products
Broadest Attack Surface Coverage
For over 20 years, Fortinet’s mission has
been to secure people, devices, and data
everywhere.
We have been a driving force in the
evolution of cybersecurity and the
convergence of networking and security.
Our network security solutions are the
most deployed, most patented, and
among the most validated in the industry.
Who is Fortinet?
S&P 500
Nasdaq: FTNT
GAAP Profitable
Nasdaq 100
Nasdaq: FTNT
Publicly Traded
$4.18B
FY2021 Billing
Top 3
ASIC
Security Processing Unit (SPU)
High Performance
BBB+ Baa1
Security Investment Grade Rating
Financially Stable
50+
Integrated Fabric Products
Broadest Attack Surface Coverage
For over 20 years, Fortinet’s mission has
been to secure people, devices, and data
everywhere.
We have been a driving force in the
evolution of cybersecurity and the
convergence of networking and security.
Our network security solutions are the
most deployed, most patented, and
among the most validated in the industry.
Who is Fortinet?
S&P 500
Nasdaq: FTNT
GAAP Profitable
Nasdaq 100
Nasdaq: FTNT
Publicly Traded
3 © Fortinet Inc. All Rights Reserved.
Support Centers
Centers of Excellence
FortiCare
Headquarters
Dev Centers
Fortinet
Sunnyvale
US
Burnaby
Canada
Ottawa
Canada
Concord
US
Bangalore
India
Uberlandia
Brazil
Herzliya
Israel
1,269
Patents Globally
Top Innovator
580,000+
Customers Worldwide
10,800+
Employees
Global Leader Massive Customer Input
8.4M+
Global Firewall Shipments
Huge Scale
Sophia
France
Hardware
One Third
Software
Two-Thirds
Chicago
US
Majority of our R&D is in North America
Support Centers
Centers of Excellence
FortiCare
Headquarters
Dev Centers
Fortinet
Sunnyvale
US
Burnaby
Canada
Ottawa
Canada
Concord
US
Bangalore
India
Uberlandia
Brazil
Herzliya
Israel
1,269
Patents Globally
Top Innovator
580,000+
Customers Worldwide
10,800+
Employees
Global Leader Massive Customer Input
8.4M+
Global Firewall Shipments
Huge Scale
Sophia
France
Hardware
One Third
Software
Two-Thirds
Chicago
US
Majority of our R&D is in North America
4 © Fortinet Inc. All Rights Reserved.
IT Trends and Customer Challenges
Work From
Anywhere
Application
Journey
Network Edge
Explosion
The shift to remote work is
expected to persist even after
the pandemic. 52% of CIOs
expect work from home to
increase in 2021.
Gartner – Top Priorities for IT
Leadership 2021
36% of organizations state
the growing sophistication of
the threat landscape is the
top challenge in preventing
ransomware attacks.
Fortinet – Ransomware survey 2021
Sophisticated
Attacks
Operational
Technology
Connectivity
42% indicate that their
control systems had direct
connectivity to the internet
up from 12% in 2019.
SANS 2021 Survey: OT/ICS
Cybersecurity, published August 2021
By year-end 2023, 50% of
large enterprises will have a
documented edge computing
strategy, compared to less
than 5% in 2020.
Building an Edge Computing Strategy
Gartner, published 3, September 2021
By 2025, 70% of digital
business initiatives will require
I&O leaders to report on the
business metrics from digital
experience, up from less than
15% today.
Gartner Market Guide for Digital
Experience Monitoring, August 2020
ID G00724605
IT Trends and Customer Challenges
Work From
Anywhere
Application
Journey
Network Edge
Explosion
The shift to remote work is
expected to persist even after
the pandemic. 52% of CIOs
expect work from home to
increase in 2021.
Gartner – Top Priorities for IT
Leadership 2021
36% of organizations state
the growing sophistication of
the threat landscape is the
top challenge in preventing
ransomware attacks.
Fortinet – Ransomware survey 2021
Sophisticated
Attacks
Operational
Technology
Connectivity
42% indicate that their
control systems had direct
connectivity to the internet
up from 12% in 2019.
SANS 2021 Survey: OT/ICS
Cybersecurity, published August 2021
By year-end 2023, 50% of
large enterprises will have a
documented edge computing
strategy, compared to less
than 5% in 2020.
Building an Edge Computing Strategy
Gartner, published 3, September 2021
By 2025, 70% of digital
business initiatives will require
I&O leaders to report on the
business metrics from digital
experience, up from less than
15% today.
Gartner Market Guide for Digital
Experience Monitoring, August 2020
ID G00724605
5 © Fortinet Inc. All Rights Reserved.
Data
Center
SaaS
HQ
Branch
Public
Cloud
Private
Cloud
Remote
Architectures Change
Remote
DMZ
Campus
Data
Center
Data
Center
SaaS
HQ
Branch
Public
Cloud
Private
Cloud
Remote
Data
Center
SaaS
HQ
Branch
Public
Cloud
Private
Cloud
Remote
Architectures Change
Remote
DMZ
Campus
Data
Center
Data
Center
SaaS
HQ
Branch
Public
Cloud
Private
Cloud
Remote
Trust
What is Trust?
What is Trust?
7 © Fortinet Inc. All Rights Reserved.
Can You Really Trust Your Computers, Network & Self
•Will it always do the same
thing every single day?
•Will it get updated?
•Will it get infected by a
virus?
•Will you always do the
same steps every single
day?
•Will you never make a
mistake?
•Will you network never
slow or go down?
•Will virus never reach
your network?
Can You Really Trust Your Computers, Network & Self
•Will it always do the same
thing every single day?
•Will it get updated?
•Will it get infected by a
virus?
•Will you always do the
same steps every single
day?
•Will you never make a
mistake?
•Will you network never
slow or go down?
•Will virus never reach
your network?
8 © Fortinet Inc. All Rights Reserved.
Trust, Users, Networks and Computers
Trust, Users, Networks and Computers
Zero Trust Network
Access (ZTNA)
Access (ZTNA)
10 © Fortinet Inc. All Rights Reserved.
As defined by National Institute of Standards and Technology (NIST)
Zero Trust Mindset
Zero trust is a cybersecurity paradigm focused
on resource protection and the premise that
trust is never granted implicitly but must be
continually evaluated.
As defined by National Institute of Standards and Technology (NIST)
Zero Trust Mindset
Zero trust is a cybersecurity paradigm focused
on resource protection and the premise that
trust is never granted implicitly but must be
continually evaluated.
11 © Fortinet Inc. All Rights Reserved.
Zero Trust Concepts
A philosophy for only trusting a user or device after explicitly
confirming their identity and status. It focuses on users, devices,
and the specific resources being accessed, utilizing segmentation
and zones of control.
Zero Trust Mindset:
Systematic Approach to replace implicit trust for network edges
and remote users with consistent convergence of networking
and security across the organization.
Zero Trust
Strategy
Architecture:
•Zero Trust Network Access (ZTNA)
•Network Segmentation
•Micro-Segmentation
•Identity/Authentication
Zero Trust
Initiatives
Specific
Projects:
Zero Trust Concepts
A philosophy for only trusting a user or device after explicitly
confirming their identity and status. It focuses on users, devices,
and the specific resources being accessed, utilizing segmentation
and zones of control.
Zero Trust Mindset:
Systematic Approach to replace implicit trust for network edges
and remote users with consistent convergence of networking
and security across the organization.
Zero Trust
Strategy
Architecture:
•Zero Trust Network Access (ZTNA)
•Network Segmentation
•Micro-Segmentation
•Identity/Authentication
Zero Trust
Initiatives
Specific
Projects:
12 © Fortinet Inc. All Rights Reserved.
ZTNA Business Drivers
Work From Anywhere (WFA) Cloud Journey
Improved User Experience
Ransomware Attacks
Flexible AdministrationReduced Attack Surface
Users Access unaffected
by Location
Applications unaffected
by Location
Granular Application
Access
ZTNA Business Drivers
Work From Anywhere (WFA) Cloud Journey
Improved User Experience
Ransomware Attacks
Flexible AdministrationReduced Attack Surface
Users Access unaffected
by Location
Applications unaffected
by Location
Granular Application
Access
13 © Fortinet Inc. All Rights Reserved.
User-based Security
Consistent Experience in
all locations
Automatic, Secure Tunnels
Single Sign-on (SSO) Support
Supporting Work From Anywhere
User-based Security
Consistent Experience in
all locations
Automatic, Secure Tunnels
Single Sign-on (SSO) Support
Supporting Work From Anywhere
14 © Fortinet Inc. All Rights Reserved.
Encrypted
Communication
Application
Access
Posture
Check
User
Identity
Device
Trust
1
2
3 4
5
Granular Control to Applications
Reducing the Attack Surface
VISIBILITY
& CONTROL
Zero Trust
CONTINUOUS
ASSESSMENT
▪Identify & Authenticate device
▪Authorized device or BYOD?
▪Approved for access? revoked?
1
▪User identity should be verified
▪Strong MFA
▪Role-based access controls
2
▪Adaptive and conditional access
▪Security Compliance
▪Device Vulnerabilities
3
▪Verify Application Access
▪Application Specific Access
▪Application not available to internet
4
▪End-to-end encryption
▪Data protection
▪All communication is logged
5
Encrypted
Communication
Application
Access
Posture
Check
User
Identity
Device
Trust
1
2
3 4
5
Granular Control to Applications
Reducing the Attack Surface
VISIBILITY
& CONTROL
Zero Trust
CONTINUOUS
ASSESSMENT
▪Identify & Authenticate device
▪Authorized device or BYOD?
▪Approved for access? revoked?
1
▪User identity should be verified
▪Strong MFA
▪Role-based access controls
2
▪Adaptive and conditional access
▪Security Compliance
▪Device Vulnerabilities
3
▪Verify Application Access
▪Application Specific Access
▪Application not available to internet
4
▪End-to-end encryption
▪Data protection
▪All communication is logged
5
15 © Fortinet Inc. All Rights Reserved.
Supporting the Cloud Journey
Controlling access to hybrid cloud architecture
•Applications located anywhere
•Centrally managed across on-prem or remote
enforcement points
•User groups enable bulk configuration
•Granular modifications available
Private
Cloud
Public
Cloud
Data
Center
Supporting the Cloud Journey
Controlling access to hybrid cloud architecture
•Applications located anywhere
•Centrally managed across on-prem or remote
enforcement points
•User groups enable bulk configuration
•Granular modifications available
Private
Cloud
Public
Cloud
Data
Center
16 © Fortinet Inc. All Rights Reserved.
Public
Cloud
Universal ZTNA for Flexible Architecture
Data Center
Policy
Campus
Branch Remote
Verified user identity and
device posture prior to
access
Wherever the user is
Wherever the application is
ZTNA
Application
Gateway
SaaS
Public
Cloud
Universal ZTNA for Flexible Architecture
Data Center
Policy
Campus
Branch Remote
Verified user identity and
device posture prior to
access
Wherever the user is
Wherever the application is
ZTNA
Application
Gateway
SaaS
17 © Fortinet Inc. All Rights Reserved.
ZTNA Automatic Secure Connections
Central
Management
Use Case 1
Leveraging Existing
FortiGates
Campus Branch Remote
FortiClient/FortiEDR
Data Center Public
Cloud
Saas
Use Case 2
Deploy Application
Gateways in
hosting locations
(Cloud & on-prem)
FortiClient/FortiEDR
FortiClient/FortiEDR
ZTNA Automatic Secure Connections
Central
Management
Use Case 1
Leveraging Existing
FortiGates
Campus Branch Remote
FortiClient/FortiEDR
Data Center Public
Cloud
Saas
Use Case 2
Deploy Application
Gateways in
hosting locations
(Cloud & on-prem)
FortiClient/FortiEDR
FortiClient/FortiEDR
18 © Fortinet Inc. All Rights Reserved.
ZTNA Process
Campus Branch Remote
FortiClientFortiClientFortiClient
Data Center Public
Cloud
SaaS
ZTNA Telemetry
Fabric Sync
Tunnel & Posture
Check
Access
FortiClient
Central
Management
ZTNA Process
Campus Branch Remote
FortiClientFortiClientFortiClient
Data Center Public
Cloud
SaaS
ZTNA Telemetry
Fabric Sync
Tunnel & Posture
Check
Access
FortiClient
Central
Management
19 © Fortinet Inc. All Rights Reserved.
What’s it made of? Existing Fortinet security fabric products that many customers already have.
Fortinet ZTNA
CORE ELEMENTS
FortiOS performs access checks,
maintains user group/application
access table, proxies application
(FOS 7.0+)
FortiClient Central Management
configures the ZTNA agent;
FortiClient for the encrypted tunnel,
posture assessment
(FortiClient 7.0+)
Authentication Solution
FortiOS
FortiClient/Central
Management
FortiAuthenticator
FortiToken
any 3
rd
party ID providers supported
by the Security Fabric
ZTNA Application Gateway
ZTNA Agent &
Policy Orchestration
FortiTrust Identity
What’s it made of? Existing Fortinet security fabric products that many customers already have.
Fortinet ZTNA
CORE ELEMENTS
FortiOS performs access checks,
maintains user group/application
access table, proxies application
(FOS 7.0+)
FortiClient Central Management
configures the ZTNA agent;
FortiClient for the encrypted tunnel,
posture assessment
(FortiClient 7.0+)
Authentication Solution
FortiOS
FortiClient/Central
Management
FortiAuthenticator
FortiToken
any 3
rd
party ID providers supported
by the Security Fabric
ZTNA Application Gateway
ZTNA Agent &
Policy Orchestration
FortiTrust Identity
20 © Fortinet Inc. All Rights Reserved.
Enforcement
Allow /
block
access
Context
Aware
Enforcemen
t
Require
MFA
Secure
Traffic
Flow
Device
Ownership
Enforcement
SASE Cloud
Enforcement
Cloud SaaS Apps
On-Prem Apps
Identity
Device
Location
Security
SAML SSO (Okta)
AD / AzureAD
FortiAuthenticator
Google ID
Android
iOS
MacOS
Windows
Linux
Certificate
Firewall
Anti-Virus
Vulnerability
Geo-location
On-net / Off-net
Users, Groups
and Roles
Trusted &
Compliant
Devices
Device
Security
Location
Posture
Continuous
Real-Time
Evaluation
Machine
Learning
Policies
Real Time
Posture
Enforcement
3
Microsoft
Defender
Third Party Integrations
Third Party
Connectors
Zero Trust Overview
Enforcement
Allow /
block
access
Context
Aware
Enforcemen
t
Require
MFA
Secure
Traffic
Flow
Device
Ownership
Enforcement
SASE Cloud
Enforcement
Cloud SaaS Apps
On-Prem Apps
Identity
Device
Location
Security
SAML SSO (Okta)
AD / AzureAD
FortiAuthenticator
Google ID
Android
iOS
MacOS
Windows
Linux
Certificate
Firewall
Anti-Virus
Vulnerability
Geo-location
On-net / Off-net
Users, Groups
and Roles
Trusted &
Compliant
Devices
Device
Security
Location
Posture
Continuous
Real-Time
Evaluation
Machine
Learning
Policies
Real Time
Posture
Enforcement
3
Microsoft
Defender
Third Party Integrations
Third Party
Connectors
Zero Trust Overview
How Do We Implement A
Zero-Trust Network?
3 Steps to a Zero-Trust Network
Zero-Trust Network?
3 Steps to a Zero-Trust Network
22 © Fortinet Inc. All Rights Reserved.
Identify the Users
Implementing a Zero Trust Network
Identify the Devices
Control Endpoints
Regardless of Location
1
2
Public Cloud
3
SaaS
Private
Cloud
There are 3 main steps
Identify the Users
Implementing a Zero Trust Network
Identify the Devices
Control Endpoints
Regardless of Location
1
2
Public Cloud
3
SaaS
Private
Cloud
There are 3 main steps
23 © Fortinet Inc. All Rights Reserved.
FortiAuthenticator & FortiToken – User Identity
Knowing who is on the network
Authentication
Establish identity though
user log-in, certificate,
and/or multifactor input
Single Sign On
Reduce end user fatigue
while maintaining security
Role-based Access
Provide information from
authentication source for
use in privileged access
FortiAuthenticator
SAML 2.0
FortiToken
Two-Factor
SaaS
FSSO
REST API
RSSO
RADIUS Accounting
Syslog
Generic
Source
Certificate Server
Guest Portal
Fortinet Single Sign On
Internet
Zero Trust Network
Access
FortiAuthenticator & FortiToken – User Identity
Knowing who is on the network
Authentication
Establish identity though
user log-in, certificate,
and/or multifactor input
Single Sign On
Reduce end user fatigue
while maintaining security
Role-based Access
Provide information from
authentication source for
use in privileged access
FortiAuthenticator
SAML 2.0
FortiToken
Two-Factor
SaaS
FSSO
REST API
RSSO
RADIUS Accounting
Syslog
Generic
Source
Certificate Server
Guest Portal
Fortinet Single Sign On
Internet
Zero Trust Network
Access
24 © Fortinet Inc. All Rights Reserved.
Identify and Control All Devices
Identify the Devices
2
Identify All Devices
Profile and Assess
Segmentation
Automated Response
Printer, Camera,
Laptop?
Corporate-Issued,
Patched?
Guest, VLAN
Detect Changes,
Contain Threats
Knowing what is on the network
Identify and Control All Devices
Identify the Devices
2
Identify All Devices
Profile and Assess
Segmentation
Automated Response
Printer, Camera,
Laptop?
Corporate-Issued,
Patched?
Guest, VLAN
Detect Changes,
Contain Threats
Knowing what is on the network
25 © Fortinet Inc. All Rights Reserved.
FortiNAC – Network Access Control
Knowing what is on the network
FortiNAC
Visibility
Device identification, profiling,
and vulnerability scanning
Continuous Response
Automated response and
network orchestration
Extends Security Fabric
Dynamic Control
Dynamic micro-segmentation
Supports intent-based
segmentation
Switch Router Access
Point
Firewall SIEM IDS/IPS
FortiNAC
Data Collection
SNMPCLIRadiusSyslogAPIDHCP
FortiNAC
Remote Location
Remote Location
Remote Location
Security
Devices
Corporate
Headquarters
FortiNAC – Network Access Control
Knowing what is on the network
FortiNAC
Visibility
Device identification, profiling,
and vulnerability scanning
Continuous Response
Automated response and
network orchestration
Extends Security Fabric
Dynamic Control
Dynamic micro-segmentation
Supports intent-based
segmentation
Switch Router Access
Point
Firewall SIEM IDS/IPS
FortiNAC
Data Collection
SNMPCLIRadiusSyslogAPIDHCP
FortiNAC
Remote Location
Remote Location
Remote Location
Security
Devices
Corporate
Headquarters
26 © Fortinet Inc. All Rights Reserved.
Visibility
Endpoint Identification
Device Classification
▪Automatic or Manual
>Sponsor Notification
▪Device Type
▪Confirm on Connect
▪Disable if Confirmation Fails
20 Profiling Methods
▪More Methods = Higher Trust
Visibility
Endpoint Identification
Device Classification
▪Automatic or Manual
>Sponsor Notification
▪Device Type
▪Confirm on Connect
▪Disable if Confirmation Fails
20 Profiling Methods
▪More Methods = Higher Trust
27 © Fortinet Inc. All Rights Reserved.
Continuous Device Profiling
1. Printer connected
to network
2. MAC notification trap
triggers FortiNAC
1.Printer starts acting
suspicious
3. FortiNAC Profiles
device as printer
2. FGT sends event to
FortiNAC
3. FortiNAC
quarantines the
printer at access layer
4. Breach is now
contained
4. FortiNAC Informs
Fabric to allow
Printer-type access
to network
Containment of Lateral Threats at Edge
Continuous Device Profiling
1. Printer connected
to network
2. MAC notification trap
triggers FortiNAC
1.Printer starts acting
suspicious
3. FortiNAC Profiles
device as printer
2. FGT sends event to
FortiNAC
3. FortiNAC
quarantines the
printer at access layer
4. Breach is now
contained
4. FortiNAC Informs
Fabric to allow
Printer-type access
to network
Containment of Lateral Threats at Edge
28 © Fortinet Inc. All Rights Reserved.
Ensure Granular Control Regardless of Location
Control Endpoints
Regardless of Location
Public Cloud
3
SaaS
Private
Cloud
Endpoint Visibility, Control &
Risk Assessment
Endpoint Protection
Security & Remote
Access
Zero Trust Network
Access
OS, Software Inventory,
Vulnerability, Audit
NGAV, Quarantine,
Patching, Web Filtering
VPN, Dynamic Access
Control
Granular Application
Access Policies
Users and Devices accessing Networks and Applications
Ensure Granular Control Regardless of Location
Control Endpoints
Regardless of Location
Public Cloud
3
SaaS
Private
Cloud
Endpoint Visibility, Control &
Risk Assessment
Endpoint Protection
Security & Remote
Access
Zero Trust Network
Access
OS, Software Inventory,
Vulnerability, Audit
NGAV, Quarantine,
Patching, Web Filtering
VPN, Dynamic Access
Control
Granular Application
Access Policies
Users and Devices accessing Networks and Applications
29 © Fortinet Inc. All Rights Reserved.
FortiClient – EPP, Visibility & Control
User and Endpoint Security, Visibility & Control
Branch
HQ/Campus
Remote Workers
FortiClient
Fabric Agent
Endpoint Visibility
Security posture Assessment
Endpoint Telemetry
Applications
Secure Remote Access
Dynamic Access control
VPN
Single Sign On (SSO)
Hygiene Control
Vulnerability scanning
Web Filtering
Patching Policy
Dynamic grouping
FortiClient – EPP, Visibility & Control
User and Endpoint Security, Visibility & Control
Branch
HQ/Campus
Remote Workers
FortiClient
Fabric Agent
Endpoint Visibility
Security posture Assessment
Endpoint Telemetry
Applications
Secure Remote Access
Dynamic Access control
VPN
Single Sign On (SSO)
Hygiene Control
Vulnerability scanning
Web Filtering
Patching Policy
Dynamic grouping
30 © Fortinet Inc. All Rights Reserved.
FortiClient – Zero Trust Network Access
Next-Generation Application Access Solution
Safe, Granular Control
Match Users to Applications
Role-Based Application Access
Hide Applications from Internet
Location Independent
On-prem, branch, remote
Cloud, Public Cloud, On-prem
Replacing VPN
Transparent Tunnels
MFA as necessary
On-prem or cloud-based
Device posture check
Data Center
Policy
FOS
Control
Campus Branch Remote
Public Cloud SaaS
ZTNA
FortiClient – Zero Trust Network Access
Next-Generation Application Access Solution
Safe, Granular Control
Match Users to Applications
Role-Based Application Access
Hide Applications from Internet
Location Independent
On-prem, branch, remote
Cloud, Public Cloud, On-prem
Replacing VPN
Transparent Tunnels
MFA as necessary
On-prem or cloud-based
Device posture check
Data Center
Policy
FOS
Control
Campus Branch Remote
Public Cloud SaaS
ZTNA
Why Fortinet?
32 © Fortinet Inc. All Rights Reserved.
Fortinet
Security
Fabric
Broad
visibility and protection of the entire
digital attack surface to better
manage risk
Integrated
solution that reduces management
complexity and shares threat
intelligence
Automated
self-healing networks with AI-driven
security for fast and efficient
operations
Security-Driven
Networking
Zero Trust
Access
Adaptive Cloud
Security
FORTIOS
FortiGuard Threat
Intelligence
Open
Ecosystem
Fabric Management
Center
NOC SOC
02012021
Fortinet
Security
Fabric
Broad
visibility and protection of the entire
digital attack surface to better
manage risk
Integrated
solution that reduces management
complexity and shares threat
intelligence
Automated
self-healing networks with AI-driven
security for fast and efficient
operations
Security-Driven
Networking
Zero Trust
Access
Adaptive Cloud
Security
FORTIOS
FortiGuard Threat
Intelligence
Open
Ecosystem
Fabric Management
Center
NOC SOC
02012021
33 © Fortinet Inc. All Rights Reserved.
Security-Driven Networking Adaptive Cloud Security
FortiGuard Security Services
Open Ecosystem Fabric Management
Center - NOC
Zero Trust Access
Fabric Management Center - SOC
LAN Edge
WAN Edge
DC Edge
Cloud Edge
FortiGate
FortiExtender
FortiAP
FortiSwitch
FortiSASE
FortiGate
SD-WAN
FortiProxy FortiISolator
Network
Platform
Applications
FortiGate
VM
FortiDDos
FortiSegment
Cloud
Networking
FortiCASB FortiCWP FortiWeb FortiMail
FortiADC FortiGSLBAWS Native Azure Native
FortiToken
FortiNACFortiClient
FortiAuthenticator
FortiMonitor
FortiManager
FortiCloud
Endpoint Breach Incident Response
FortiXDR
FortiEDR
FortiAnalyzer FortiSIEM
FortiISOAR
FortiSandbox
FortiAI
FortiDeceptor
FortiGuard MDR
Service
SOC & NOC User Security
User Security
Device Security
Content Security
Advanced
SOC/NOC
Web Security
Connector Fabric API
DevOps Extended Fabric
Ecosystem
We Provide the Broadest Coverage in the Industry
Security-Driven Networking Adaptive Cloud Security
FortiGuard Security Services
Open Ecosystem Fabric Management
Center - NOC
Zero Trust Access
Fabric Management Center - SOC
LAN Edge
WAN Edge
DC Edge
Cloud Edge
FortiGate
FortiExtender
FortiAP
FortiSwitch
FortiSASE
FortiGate
SD-WAN
FortiProxy FortiISolator
Network
Platform
Applications
FortiGate
VM
FortiDDos
FortiSegment
Cloud
Networking
FortiCASB FortiCWP FortiWeb FortiMail
FortiADC FortiGSLBAWS Native Azure Native
FortiToken
FortiNACFortiClient
FortiAuthenticator
FortiMonitor
FortiManager
FortiCloud
Endpoint Breach Incident Response
FortiXDR
FortiEDR
FortiAnalyzer FortiSIEM
FortiISOAR
FortiSandbox
FortiAI
FortiDeceptor
FortiGuard MDR
Service
SOC & NOC User Security
User Security
Device Security
Content Security
Advanced
SOC/NOC
Web Security
Connector Fabric API
DevOps Extended Fabric
Ecosystem
We Provide the Broadest Coverage in the Industry
34 © Fortinet Inc. All Rights Reserved.
•FOS-based ZTNA
•Leveraging existing investments in FortiGates (lower TCO)
•Complete WFA coverage, including campus
•Traffic traversing Industry-leading FortiGate technology
•Leverage SD-WAN, SD-Branch capabilities
•ZTNA Client also VPN client
•Transition to ZTNA simplified
•Shift to ZTNA at customer’s pace
•No Licenses Required
•Simply a feature in FOS & FortiClient to turn on!
Fortinet ZTNA advantages
Convergence of capabilities, Complete coverage, and Cost
Fortinet Championship Trophy
•FOS-based ZTNA
•Leveraging existing investments in FortiGates (lower TCO)
•Complete WFA coverage, including campus
•Traffic traversing Industry-leading FortiGate technology
•Leverage SD-WAN, SD-Branch capabilities
•ZTNA Client also VPN client
•Transition to ZTNA simplified
•Shift to ZTNA at customer’s pace
•No Licenses Required
•Simply a feature in FOS & FortiClient to turn on!
Fortinet ZTNA advantages
Convergence of capabilities, Complete coverage, and Cost
Fortinet Championship Trophy
35 © Fortinet Inc. All Rights Reserved.
•Ongoing verification of users and devices
•Per session user identity checks
•Per session device posture checks (OS version, A/V status,
vulnerability assessment)
•More granular control
•Access granted only to specific application
•No more broad VPN access to the network
•Easier user experience
•Auto-initiates secure tunnel when user accesses applications
•Same experience on and off-net
The Evolution of (Remote) Access to Applications
Bringing Zero Trust principles to Remote Access
•Ongoing verification of users and devices
•Per session user identity checks
•Per session device posture checks (OS version, A/V status,
vulnerability assessment)
•More granular control
•Access granted only to specific application
•No more broad VPN access to the network
•Easier user experience
•Auto-initiates secure tunnel when user accesses applications
•Same experience on and off-net
The Evolution of (Remote) Access to Applications
Bringing Zero Trust principles to Remote Access
Zero Trust & SASE Demo
https://fortinet.wistia.com/medias/6iuryd8411
https://fortinet.wistia.com/medias/6iuryd8411
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 110
- Slides 37
- Age 419 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views