Reduce Threat Containment Time to Seconds Fortinet ...€¦ · Gap between SOC & NOC Corporate Network 1 Command & Control Server Internet Switch Compromised endpoint attempts to

© Copyright 2016 Bradford Networks

Reduce Threat Containment Time to Seconds

Fortinet & Bradford Networks

Rick LeClerc, Chief Solution Architect

James Cabe, Lead Architect & Evangelist


Agenda

MARKET TRENDS

ENTERPRISE SECURITY CHALLENGES

SOLUTION

GO-TO-MARKET

COMPANY OVERVIEW

SUMMARY


Company Overview

Bradford Networks is leading the evolution of Network Access Control to

Security Automation & Orchestration by providing

End-to-end Visibility, Dynamic Access Control and Automated Threat Response

• Corporate: Venture Funded Private Company with HQ in Boston

• Use Cases: Onboarding, Network lockdown, NAC, Compliance, Analytics, Network Segmentation, Guest Management, Threat Response, etc.

• Deployment: Appliances, VM, Cloud

• Integration: SmartEdge Platform with REST API

• Go-To-Market: Value Added Resellers & Distributors

• Customers: 1000+ in 25+ countries

• Verticals: Finance, Healthcare, Hospitality, Retail, Education, Utilities, Gov

• Market Validation: Gartner MQ Visionary; 5 Star rating from SC Magazine


Agenda

MARKET TRENDS


SOLUTION

GO-TO-MARKET

COMPANY OVERVIEW

SUMMARY


Ever Expanding Attack Surface

YOUR

BUSINESS

USERS SUPPLIERS

PARENT

COMPANY

GUESTS

PARTNERS

CONSULTANTS

BYOD

INTERNET

OF THINGS


Tsunami of Internet of Things (IoT)

6

Good Protection

Good Context

Corporate

Moderate Protection

Moderate Context

BYOD

Limited Protection

Limited Context

Internet

Of Things


Growing Security Concerns

TODAY 2020

NO DECLINE

1.5 MILLION

Open security positions

$6 TRILLION

Cyber crime cost

1.5 BILLION PEOPLE

Breaches will affect over

21 BILLION

Connected “things”

205 DAYS

To detect an external breach

11 MILLION

Records compromised in June 2016

6.4 BILLION

Connected “things”

1 MILLION

Open security positions

$3 TRILLION

Cyber crime cost

THE TRUE CHALLENGE = 1

UNCONTAINED THREAT

OPEN PORT

UNKNOWN DEVICE

No decline in sight

IT ONLY TAKES ONE

7 – Company Confidential –


Budget Shifts

% of Enterprise Security Budgets Spent on Detection/Response*

2014: 10%

*Shift Cybersecurity Investment to Detection and

Response, 7 January 2016, Ayal Tiroush, Paul E. Proctor

2014

10%

60% 2020

Detection & Response

8

2020: 60%


Agenda

MARKET TRENDS


SOLUTION

GO-TO-MARKET

COMPANY OVERVIEW

SUMMARY


Vulnerable Endpoints


Threat Detection & Response

3

Months

6

Months

205 Days Median # of days attackers are present

on a victim network before detection.

THREAT UNDETECTED

Source: 2015 M-Trends Report

THREAT RESPONSE

9

Months

Detection

Breach

? Days

11


Gap Between

SOC & NOC

Threat Containment Challenges

Silos of

Information Too Many

Security Events


Gap between SOC & NOC

Corporate Network

1

Command & Control

Server

Internet

Switch

Compromised endpoint

attempts to call home

Callback

blocked

6

Network Operation Center

(NOC)

Security Operation Center

(SOC)

5

4

3 Review Events

Review Logs

Analyze Data

Incident Response

Contact NOC

7

Isolate/Contain Host

Switch

Long Threat

Containment

Timeline

8

9

Detect Host location

Determine Device Criticality

FortiGate

2


Agenda

MARKET TRENDS


SOLUTION

GO-TO-MARKET

COMPANY OVERVIEW

SUMMARY


Network Security Technology Evolution

Evolution of NAC

NAC 1.0 Safe Onboarding

Security Automation & Orchestration NAC 2.0

BYOD

Enable Scalable On-boarding

Ensure Safe Devices

Enable Safe Network

Provisioning

Guest Management

Rapid Security Events Triage

Reduce Threat Containment

Time



Augmenting existing Security Controls

Analytics – Trending, Compliance, Forensics

• Contextual policy management • Risk assessment & mitigation • Dynamic network access control

RESULT Auto Adjusting

Controls

• Endpoints, Users, Applications • Network Infrastructure • Current & historical state

RESULT Know the Unknowns

• Rapid security events triage • Granular containment options • IR work-flow integrations

RESULT Containment

in Seconds



Firewall VPN IDS/IPS SIEM Router Switch Wireless Access Point

Vis

ibil

ity

C

on

trol

Leveraging Network Infrastructure

SNMP

CLI

SNMP

CLI

Radius

SNMP

Syslog

API

SNMP

Syslog

API

Radius SNMP

Syslog

API

SNMP

CLI

Radius


Bradford + Fortinet

IP ADDRESS

MAC ADDRESS

LOGGED IN USER NAME

SECURITY GROUP

DEVICE TYPE AND OWNER

USER’S OTHER DEVICES

INSTALLED APPLICATIONS

OPERATING SYSTEM

WIRELESS ACCESS POINT

WIRED SWITCH PORT

CONNECTION DURATION/HISTORY

NETWORK ADAPTERS

ENDPOINT COMPLIANCE

Adding Intelligence to Security Events


Security Alerts with Context

DEVICE

TYPES

USERS &

GROUPS

CONNECT

POINT

OS/

APPS

CONNECT

TIME

VPN

IP Address


Automated Threat Response

Restrict

Access Execute a

Script

Context-Aware

Email/Text Click-To

Restore

Response

Cyber Security Defense

Visibility Prevention Detection

Correlation


Integrated Offering – Data Flow

Corporate Network

Network Sentry

1

2 3

4

Command & Control

Server Internet

Switch

A compromised system

connects to the corporate

network and attempts to

call home

FortiGate

blocks

callback Fortinet FortiGate alerts Network

Sentry of the compromised system

Network Sentry correlates IP address,

user name and device details to identify

the location and isolate the device

FortiGate


Bridging the Gap – SOC & NOC

1

Command & Control

Server

Internet

Compromised endpoint

attempts to call home

NOC

SOC

Isolate/Contain endpoint

Alerts Network Sentry of

compromised endpoint

3

4

Threat Response

Bradford Networks’

Network Sentry

Events Correlation Engine

WHO WHAT WHERE WHEN

Corporate Network

Switch

Switch

Short Threat

Containment

Time

Callback

blocked

FortiGate

2


Agenda

MARKET TRENDS


SOLUTION

GO-TO-MARKET

COMPANY OVERVIEW

SUMMARY


Joint Go-to-market

• FortiGate, FortiSandbox, FortiSIEM,

• Fortinet Single Sign-On Agent

• Fabric-Ready Technology Alliance Partner Integration

• Secure Enterprise Premier (SEP) or Response (SER)

• Includes Automated Threat Response

• VM (ESXi, Hyper-V) or Appliance Network Sentry License

• FineTec, SecureSense, Atrion, Converged Networks, FutureCom, IntegraOne, IPS Networks

Mutual Channel Partners

• Luther College

• Widener University

• The Pittsburg Cultural Trust, etc. Deployed Integration

• Joint Solution Brief

• Configuration Guide

• Presentations Collateral


Agenda

MARKET TRENDS


SOLUTION

GO-TO-MARKET

COMPANY OVERVIEW

SUMMARY


Gaining Market Traction

› Augments FortiGate, FortiSandbox & FortiSIEM functionality

› Highlight shift from Incident Response to Automated Threat Response

› Point to rapid adoption of BYOD and IoT – unmanaged endpoints, or endpoints without an agent

› Endpoint and network visibility for rapid triage of security events

› Granularity in containment

› Threat response automation to shorten containment time


RETAIL HEALTHCARE/

BIOTECH FINANCIAL SERVICES

EDUCATION GOVERNMENT/

DEFENSE TECHNOLOGY UTILITIES

ENERGY INSURANCE MANUFACTURING MEDIA/

ENTERTAINMENT REAL ESTATE TRANSPORTATION HOSPITALITY

Trusted by Companies Worldwide…



Call to Action

FineTec: [email protected]

Bradford Networks: [email protected]

Fortinet: [email protected]

Resources https://www.bradfordnetworks.com/resources/network-

sentry-fortinet/

Partner Portal https://bradfordnetworks.force.com/partners/login

mailto:[email protected]



https://www.bradfordnetworks.com/resources/network-sentry-fortinet/






https://bradfordnetworks.force.com/partners/login

https://bradfordnetworks.force.com/partners/login

Documents

Reduce Threat Containment Time to Seconds Fortinet ...€¦ · Gap between SOC & NOC Corporate Network 1 Command & Control Server Internet Switch Compromised endpoint attempts to