Network Sentry Security Automation & Orchestration With ... · (Successful Brute Force Attack) –Sends “incident” information to Network Sentry in the form of syslog messages

Network Sentry

Security Automation & Orchestration

With Fortinet

Rick Leclerc - Solution Architect

Shawn Craig - Channel Manager

Agenda

• Bradford / Network Sentry Overview

• Fortinet Integrations (How to sell more Fortinet)

– Fortinet Wireless Controller (Meru) – Full Policy Engine

– Single Sign On for BYOD & Guest

– FortiGate – Automatically disable misbehaving hosts identified by

the Fortinet firewall (Web / Application Filter, Command & Control)

– Bradford to FortiSIEM – Sharing network / user context

– FortiSIEM to Bradford - Automatically disable misbehaving hosts

identified by the Fortinet SIEM (Successful Brute Force Attack)

• Sends “incident” information to Network Sentry in the form of syslog messages

to trigger Security Events. Security Events trigger Security Actions, which in-

turn trigger quarantine actions and notifications – RTR (SEP and SER license)

– FortiSwitch – Port based control without 802.1x

Continually Assess Risk of Every Endpoint

About Bradford Networks

Live Inventory of Network Connections

Appliance / Virtual / Cloud

Analytics & Forensics

Network Access Policy Engine

1,000+ Customers

5 Star Rating from SC Magazine

30+ Countries

Gartner MQ Visionary

Consistent Mission for 15 Years

Network Sentry

Visibility

Identify your attack

surface with complete

endpoint and network

visibility

Control

Full control of every

network connection to

enforce compliance,

network access

control, onboarding

and guest

management

Response

Automated threat

response shortens

containment time &

reduces costs

https://www.bradfordnetworks.com/visibility/

https://www.bradfordnetworks.com/control/

https://www.bradfordnetworks.com/response/

Leverage Existing Network Equipment

SIEM VPN

Concentrator

IDS/IPS Firewall Router Switch Access

Point

SNMP

CLI

SNMP

CLI

Radius

SNMP

Syslog

API

SNMP

Syslog

API

Radius SNMP

Syslog

API

SNMP

CLI

Radius

Visibility Control

Live Inventory of Network Connections (LINC)

CONNECT

TIMES

….

SITE 2

SITE N

SITE 1

OS/

APPS

CONNECT

POINT

VPN

CLOUD

SERVICE

VIRTUAL

MACHINE

PHYSICAL

APPLIANCE

DEVICE

TYPE

USER &

GROUP

SmartEdge Integration Platform

Compromise Trust

Fortinet Integrations

• Fortinet Wireless Controller (Meru) – Full Integration

• Single Sign On for BYOD & Guest

• FortiGate – Automatically disable misbehaving hosts identified by the Fortinet firewall (Web / Application Filter, Command & Control)

• Bradford to FortiSIEM – Sharing network / user context

• FortiSIEM to Bradford - Automatically disable misbehaving hosts identified by the Fortinet SIEM (Successful Brute Force Attack) – Sends “incident” information to Network Sentry in the form of syslog

messages to trigger Security Events. Security Events trigger Security Actions, which in-turn trigger quarantine actions and notifications – RTR (SEP and SER license)

• FortiSwitch – Port based control without 802.1x

Meru Wireless Controller

• Network Based Captive Portal

– BYOD, Guest & Contractor Support (Overlap)

• Endpoint Compliance

• Role Based Access

– Single SSID with Policy Server Defined VLANs

• Wired & Wireless NIC’s tied to a single host

• Selling advantage when competing against

– Aruba

– Aerohive

– Ruckus

– Xirrus

– Extreme (Zebra)

– Meraki

– Cisco

Wireless Policy Engine









Single Sign-On

• Who can use this?

– Customers who have non-Fortinet layer 2 switches & wireless

– Bradford is authenticating the user/device prior to granting network

access

• Why would a customer care?

– User based firewall policies can be applied to non-domain

machines

Fortinet Single-Sign-On Integration









FortiGate Alert and Contextual Information

Security Alert

Field Value

Vendor Fortinet

Type Threat

Sub Type Virus

Threat ID 32423

Description http Non

RFC-

Compliant

Response

Fround

Severity Critical

IP Address 192.168.102.6

Field Value

First Name John

Last Name Doe

Role Contractor

Email jdoe@bradfor

dnetworks.co

m

Phone 603 717-XXXX

Role Engineering

Contractor

Field Value

Host Name Johns PC

Operating

System

Windows 10

Adapter

Physical

Address

00:01:02:04:04:05

IP Address 192.168.102.6

Location Switch-2 Port 8

Host Information

TRUSTED

User Information

TRUSTED

mailto:[email protected]



Post Connect Security Rule – Disable Host









• Network & User Information

• Any Network Sentry Generated Event

Bradford to FortiSIEM









Alert with Contextual Information

SIEM Field Value

First Name John

Last Name Doe

Role Contractor

Email jdoe@bradfordne

tworks.com

Phone 603 717-XXXX

Role Engineering

Contractor

Host Name Johns PC

Operating

System

Windows 10

Adapter

Physical

Address

00:01:02:04:04:0

5

IP Address 192.168.102.6

Location Switch-2 Port 8 Vendor Fortinet

Type Threat

Sub Type Virus

Threat ID 32423

Description http Non RFC-

Compliant

Response

Fround

Severity Critical

Security Alert

Security Alert Security Alert

TRUSTED

TRUSTED SIEM

Field Value

Vendor Fortinet

Type Threat

Sub Type Virus

Threat ID 32423


Compliant

Response

Fround

Severity Critical

IP Address 192.168.102.6

SIEM Field Value

Vendor Fortinet

Type Threat

Sub Type Virus

Threat ID 32423


Compliant

Response

Fround

Severity Critical

IP Address 192.168.102.6



FortiSIEM










FortiSwitch

• Port level control

• Network Based Captive Portal

– BYOD, Guest & Contractor Support (Overlap)

• Endpoint Compliance

• Role Based Access

– Single SSID with Policy Server Defined VLANs

• Wired & Wireless NIC’s tied to a single host

• Level playing field with other switch vendors

SEP SEA SER

Visibility

Network Visibility X X X

Endpoint Visibility X X X

User Visibility X X X

Live Reporting X X X

Historical Analytics X X X

Automation

Network Access Policies X X

BYOD / Onboarding X X

Guest Management X X

Endpoint Compliance X X

Automatic Device Classification X X X

MDM Integrations X X

Single Sign On / IP Change Tracking X X

Incident

Response

Event Correlation X X

Extensible Actions & Audit Trail X X

Alert Criticality & Routing X X

Guided Triage Workflows X X

BN

SmartEdge

Security Infrastructure Integration X X

REST API X X

Bradford Licensing Options

Takeaways

• Bradford Helps You Sell More Fortinet

– Reduce the time for threat mitigation through automation

– Differentiate FortiGate & FortiSIEM by adding the access layer

enforcement capability

• Offer to each partner

– Identify an existing Fortinet customer

– Install free Bradford SER solution to demonstrate value

– Customer becomes a reference for additional sales

– SER license gets you in the door, allows expansion to the rest

of the Network Access Control & Security Automation features

• Rick Leclerc

– (603) 867-4177

– [email protected]

Free Network Sentry SER System

• VM-based Installation

– ESX or Hyper-V

– SNMP discovery

• Fortinet

– Layer 2 and Layer 3 Polling

– CAM / ARP Tables

Contact Finetec for Details

Technical Contact Info

Rick Leclerc

[email protected]

603-867-4177

www.bradfordnetworks.com

Documents

Network Sentry Security Automation & Orchestration With ... · (Successful Brute Force Attack) –Sends “incident” information to Network Sentry in the form of syslog messages