Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Network Sentry
Security Automation & Orchestration
With Fortinet
Rick Leclerc - Solution Architect
Shawn Craig - Channel Manager
Agenda
• Bradford / Network Sentry Overview
• Fortinet Integrations (How to sell more Fortinet)
– Fortinet Wireless Controller (Meru) – Full Policy Engine
– Single Sign On for BYOD & Guest
– FortiGate – Automatically disable misbehaving hosts identified by
the Fortinet firewall (Web / Application Filter, Command & Control)
– Bradford to FortiSIEM – Sharing network / user context
– FortiSIEM to Bradford - Automatically disable misbehaving hosts
identified by the Fortinet SIEM (Successful Brute Force Attack)
• Sends “incident” information to Network Sentry in the form of syslog messages
to trigger Security Events. Security Events trigger Security Actions, which in-
turn trigger quarantine actions and notifications – RTR (SEP and SER license)
– FortiSwitch – Port based control without 802.1x
Continually Assess Risk of Every Endpoint
About Bradford Networks
Live Inventory of Network Connections
Appliance / Virtual / Cloud
Analytics & Forensics
Network Access Policy Engine
1,000+ Customers
5 Star Rating from SC Magazine
30+ Countries
Gartner MQ Visionary
Consistent Mission for 15 Years
Network Sentry
Visibility
Identify your attack
surface with complete
endpoint and network
visibility
Control
Full control of every
network connection to
enforce compliance,
network access
control, onboarding
and guest
management
Response
Automated threat
response shortens
containment time &
reduces costs
Leverage Existing Network Equipment
SIEM VPN
Concentrator
IDS/IPS Firewall Router Switch Access
Point
SNMP
CLI
SNMP
CLI
Radius
SNMP
Syslog
API
SNMP
Syslog
API
Radius SNMP
Syslog
API
SNMP
CLI
Radius
Visibility Control
Live Inventory of Network Connections (LINC)
CONNECT
TIMES
….
SITE 2
SITE N
SITE 1
OS/
APPS
CONNECT
POINT
VPN
CLOUD
SERVICE
VIRTUAL
MACHINE
PHYSICAL
APPLIANCE
DEVICE
TYPE
USER &
GROUP
SmartEdge Integration Platform
Compromise Trust
Fortinet Integrations
• Fortinet Wireless Controller (Meru) – Full Integration
• Single Sign On for BYOD & Guest
• FortiGate – Automatically disable misbehaving hosts identified by the Fortinet firewall (Web / Application Filter, Command & Control)
• Bradford to FortiSIEM – Sharing network / user context
• FortiSIEM to Bradford - Automatically disable misbehaving hosts identified by the Fortinet SIEM (Successful Brute Force Attack) – Sends “incident” information to Network Sentry in the form of syslog
messages to trigger Security Events. Security Events trigger Security Actions, which in-turn trigger quarantine actions and notifications – RTR (SEP and SER license)
• FortiSwitch – Port based control without 802.1x
Meru Wireless Controller
• Network Based Captive Portal
– BYOD, Guest & Contractor Support (Overlap)
• Endpoint Compliance
• Role Based Access
– Single SSID with Policy Server Defined VLANs
• Wired & Wireless NIC’s tied to a single host
• Selling advantage when competing against
– Aruba
– Aerohive
– Ruckus
– Xirrus
– Extreme (Zebra)
– Meraki
– Cisco
Wireless Policy Engine
Fortinet Integrations
• Fortinet Wireless Controller (Meru) – Full Integration
• Single Sign On for BYOD & Guest
• FortiGate – Automatically disable misbehaving hosts identified by the Fortinet firewall (Web / Application Filter, Command & Control)
• Bradford to FortiSIEM – Sharing network / user context
• FortiSIEM to Bradford - Automatically disable misbehaving hosts identified by the Fortinet SIEM (Successful Brute Force Attack) – Sends “incident” information to Network Sentry in the form of syslog
messages to trigger Security Events. Security Events trigger Security Actions, which in-turn trigger quarantine actions and notifications – RTR (SEP and SER license)
• FortiSwitch – Port based control without 802.1x
Single Sign-On
• Who can use this?
– Customers who have non-Fortinet layer 2 switches & wireless
– Bradford is authenticating the user/device prior to granting network
access
• Why would a customer care?
– User based firewall policies can be applied to non-domain
machines
Fortinet Single-Sign-On Integration
Fortinet Integrations
• Fortinet Wireless Controller (Meru) – Full Integration
• Single Sign On for BYOD & Guest
• FortiGate – Automatically disable misbehaving hosts identified by the Fortinet firewall (Web / Application Filter, Command & Control)
• Bradford to FortiSIEM – Sharing network / user context
• FortiSIEM to Bradford - Automatically disable misbehaving hosts identified by the Fortinet SIEM (Successful Brute Force Attack) – Sends “incident” information to Network Sentry in the form of syslog
messages to trigger Security Events. Security Events trigger Security Actions, which in-turn trigger quarantine actions and notifications – RTR (SEP and SER license)
• FortiSwitch – Port based control without 802.1x
FortiGate Alert and Contextual Information
Security Alert
Field Value
Vendor Fortinet
Type Threat
Sub Type Virus
Threat ID 32423
Description http Non
RFC-
Compliant
Response
Fround
Severity Critical
IP Address 192.168.102.6
Field Value
First Name John
Last Name Doe
Role Contractor
Email jdoe@bradfor
dnetworks.co
m
Phone 603 717-XXXX
Role Engineering
Contractor
Field Value
Host Name Johns PC
Operating
System
Windows 10
Adapter
Physical
Address
00:01:02:04:04:05
IP Address 192.168.102.6
Location Switch-2 Port 8
Host Information
TRUSTED
User Information
TRUSTED
Post Connect Security Rule – Disable Host
• Fortinet Wireless Controller (Meru) – Full Integration
• Single Sign On for BYOD & Guest
• FortiGate – Automatically disable misbehaving hosts identified by the Fortinet firewall (Web / Application Filter, Command & Control)
• Bradford to FortiSIEM – Sharing network / user context
• FortiSIEM to Bradford - Automatically disable misbehaving hosts identified by the Fortinet SIEM (Successful Brute Force Attack) – Sends “incident” information to Network Sentry in the form of syslog
messages to trigger Security Events. Security Events trigger Security Actions, which in-turn trigger quarantine actions and notifications – RTR (SEP and SER license)
• FortiSwitch – Port based control without 802.1x
Post Connect Security Rule – Disable Host
• Network & User Information
• Any Network Sentry Generated Event
Bradford to FortiSIEM
Fortinet Integrations
• Fortinet Wireless Controller (Meru) – Full Integration
• Single Sign On for BYOD & Guest
• FortiGate – Automatically disable misbehaving hosts identified by the Fortinet firewall (Web / Application Filter, Command & Control)
• Bradford to FortiSIEM – Sharing network / user context
• FortiSIEM to Bradford - Automatically disable misbehaving hosts identified by the Fortinet SIEM (Successful Brute Force Attack) – Sends “incident” information to Network Sentry in the form of syslog
messages to trigger Security Events. Security Events trigger Security Actions, which in-turn trigger quarantine actions and notifications – RTR (SEP and SER license)
• FortiSwitch – Port based control without 802.1x
Alert with Contextual Information
SIEM Field Value
First Name John
Last Name Doe
Role Contractor
Email jdoe@bradfordne
tworks.com
Phone 603 717-XXXX
Role Engineering
Contractor
Host Name Johns PC
Operating
System
Windows 10
Adapter
Physical
Address
00:01:02:04:04:0
5
IP Address 192.168.102.6
Location Switch-2 Port 8 Vendor Fortinet
Type Threat
Sub Type Virus
Threat ID 32423
Description http Non RFC-
Compliant
Response
Fround
Severity Critical
Security Alert
Security Alert Security Alert
TRUSTED
TRUSTED SIEM
Field Value
Vendor Fortinet
Type Threat
Sub Type Virus
Threat ID 32423
Description http Non RFC-
Compliant
Response
Fround
Severity Critical
IP Address 192.168.102.6
SIEM Field Value
Vendor Fortinet
Type Threat
Sub Type Virus
Threat ID 32423
Description http Non RFC-
Compliant
Response
Fround
Severity Critical
IP Address 192.168.102.6
FortiSIEM
Post Connect Security Rule – Disable Host
Fortinet Integrations
• Fortinet Wireless Controller (Meru) – Full Integration
• Single Sign On for BYOD & Guest
• FortiGate – Automatically disable misbehaving hosts identified by the Fortinet firewall (Web / Application Filter, Command & Control)
• Bradford to FortiSIEM – Sharing network / user context
• FortiSIEM to Bradford - Automatically disable misbehaving hosts identified by the Fortinet SIEM (Successful Brute Force Attack) – Sends “incident” information to Network Sentry in the form of syslog
messages to trigger Security Events. Security Events trigger Security Actions, which in-turn trigger quarantine actions and notifications – RTR (SEP and SER license)
• FortiSwitch – Port based control without 802.1x
FortiSwitch
• Port level control
• Network Based Captive Portal
– BYOD, Guest & Contractor Support (Overlap)
• Endpoint Compliance
• Role Based Access
– Single SSID with Policy Server Defined VLANs
• Wired & Wireless NIC’s tied to a single host
• Level playing field with other switch vendors
SEP SEA SER
Visibility
Network Visibility X X X
Endpoint Visibility X X X
User Visibility X X X
Live Reporting X X X
Historical Analytics X X X
Automation
Network Access Policies X X
BYOD / Onboarding X X
Guest Management X X
Endpoint Compliance X X
Automatic Device Classification X X X
MDM Integrations X X
Single Sign On / IP Change Tracking X X
Incident
Response
Event Correlation X X
Extensible Actions & Audit Trail X X
Alert Criticality & Routing X X
Guided Triage Workflows X X
BN
SmartEdge
Security Infrastructure Integration X X
REST API X X
Bradford Licensing Options
Takeaways
• Bradford Helps You Sell More Fortinet
– Reduce the time for threat mitigation through automation
– Differentiate FortiGate & FortiSIEM by adding the access layer
enforcement capability
• Offer to each partner
– Identify an existing Fortinet customer
– Install free Bradford SER solution to demonstrate value
– Customer becomes a reference for additional sales
– SER license gets you in the door, allows expansion to the rest
of the Network Access Control & Security Automation features
• Rick Leclerc
– (603) 867-4177
Free Network Sentry SER System
• VM-based Installation
– ESX or Hyper-V
– SNMP discovery
• Fortinet
– Layer 2 and Layer 3 Polling
– CAM / ARP Tables
Contact Finetec for Details