Scribd
Upload
20 views18 pages

Secure Access and Endpoint Solutions

Uploaded by

ថ្មី Vannak Sovannroth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
20 views18 pages

Secure Access and Endpoint Solutions

Uploaded by

ថ្មី Vannak Sovannroth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Challenge: Securing Users and Devices

Lack of consistent security for users/devices independent of location

Lack of security for remote users and inability


to maintain consistent security posture for
users anywhere

Traditional VPN based access lacks


necessary granular access control

Siloed point products and agents lead to


complex operations, and lack of
comprehensive visibility

With employees often working from


anywhere, their devices need strong security
even outside the network

Go Back End © Fortinet Inc. All Rights Reserved. 1


The Industry Analyst Recommendations

Securing
Secure Access Zero Trust
Endpoints

"Network operations and network security leaders "The shift from implicit trust to zero trust is a "Organizations are looking to integrate the endpoint
looking to support the anywhere, anytime access response to the rising incidents and costs of protection platform (EPP)/EDR with network and
requirements of a distributed, hybrid workforce cybercrime. A robust implementation of zero-trust cloud security technologies and make use of
should consider an integrated, cloud-centric solution" solutions can reduce the likelihood of attack." managed detection and response service"
Gartner The state of Zero-Trust Report, January 2022 Gartner How to Choose the Best EPP/EDR for Your
MarketGartner
Guide Market Guide for Single-Vendor SASE, September 2022
for Single-Vendor SASE Organization, June 2021
Published September 2022

Anywhere, Anytime Secure Zero-trust Mindset is the answer Move towards endpoint security
access for users convergence

Go Back End © Fortinet Inc. All Rights Reserved. 2


Fabric Solution: Access and Endpoint Security

Zero Trust Everywhere


Universal application access policies
enforced in all locations delivered as
Vendor Consolidation Payback Period a feature instead of point products
4 to 1 ~3 months Cloud-Delivered Security
Extend enterprise-grade security from
the cloud for strong protection of
remote users
Encrypted Tunnel Usage Reduction in security risk
Modern Endpoint Security
Behavior-based endpoint protection,
100% 65% detection and response to stop the
Compliance most sophisticated cyber-attacks

Go Back End © Fortinet Inc. All Rights Reserved. 3


Fabric Solution: Access and Endpoint Security
Universal ZTNA
Explicit application access with continuous verification for
secure connectivity

Secure Access Services Edge (SASE)


Cloud-delivered convergence to secure remote users with
better user experience

Identity & Access Management (IAM)


Authenticate and authorize user identities to securely
access corporate resources

Endpoint Detection & Response (EDR)


Modern endpoint security to stop ransomware and
advanced cyber-attacks

Network Access Control (NAC)


Zero trust for connected devices with visibility, control and
automated responses and remediation

AI-powered Security Services


Counter threats in real-time with AI-powered protection
natively integrated into the Fabric

Fortinet Privileged & Confidential © Fortinet Inc. All Rights Reserved. 4


Access & Endpoint Security Solution
Enabling consistent security and access for users and devices

Cloud-based Management & User-Based licensing

AI-powered Security Services

Identity Secure Application Connectivity Cloud-Delivered Secure Access


Internet

Home Public Cloud


ZTNA based Explicit SASE for Secure Internet and
Application Access SaaS Access
User Authentication

Converged Agent
Travel
Endpoint Protection Extended Detection & Response
Data Center

Device Access

IT Hygiene + NGAV + Covers endpoint, applications


Behavior-based EDR network and cloud SaaS

Zero Trust Everywhere Cloud-Delivered Security Modern Endpoint Security


© Fortinet Inc. All Rights Reserved. 5
Fortinet Products: Access & Endpoint Security
Enabling consistent security and user-experience for users and devices

FortiCloud SaaS Management and FortiTrust Licensing

FortiGuard Security Services

Identity
Converged Agent
Internet

Home FortiTrust Identity


Public Cloud

FortiClient
FortiToken 400

Travel
Data Center

FortiNAC
FortiEDR

SaaS

Zero Trust Everywhere Cloud-Delivered Security Modern Endpoint Security


© Fortinet Inc. All Rights Reserved. 6
Universal ZTNA
Fortinet Zero Trust Architecture
Web App

RDP
Data
Centre 1 File Share

EMS FortiGate-HW

Web App

RDP

File Share

FGT
INTERNET
Device User

SaaS Apps
SASE

Web App
1 2 3 4 5
Data RDP
Validate Verify Device Application Centre 2
Encrypted File Share
Device User Posture Access Only
FortiGate-HW

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 8
Access Limited to Authorized Personnel
Universal ZTNA Defined

VPN Universal ZTNA

Firewall Application Gateway


Data Center
DC
Remote User

Remote User
On-Prem User Cloud

Cloud

Continuous Trust Check


Access Entire Network

Explicit Access to Applications


Weak Security Posture

Superior User Experience


Poor User Experience

Fortinet Privileged & Confidential © Fortinet Inc. All Rights Reserved. 9


Single Vendor SASE
Secure Access Services Edge (SASE) Defined

Cloud Managed CASB


Sa
aS

SASE SWG

Web
te FWaaS
riva p
P p
A

SD-WAN
AI-Powered
Security Data Center
ZTNA

Securing Remote Users Cloud-delivered Security & Networking Better User Experience
Fortinet Privileged & Confidential © Fortinet Inc. All Rights Reserved. 11
FortiSASE
Secure Internet Access for Remote Users & Locations

Internet
Safe browsing from anywhere

Malware & ransomware prevention


Management Continuously assess the risks and automatically
Plane
respond to counter known and unknown
Inline threats
CASB ZTNA

Deep inspection of end-user activity


Thin Edge
FWaaS
Constant inspection of web activity for threats,
SWG
even when using secured HTTPS access

Secure Edge Market Leading Security as a Service


Agent Fortinet best-in-class Cloud security efficacy
powered by FortiGuard Labs
Agentless
FortiClient

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 12
Access Limited to Authorized Personnel
FortiSASE
Natively Integrated ZTNA

Internet Private
Apps Enabling Universal ZTNA
DCs/Cloud
App Gateway
Cloud provisioned
Management
Plane
ZTNA connections
Inline
CASB Private
ZTNA Apps Device attributes, user info,
posture-based security
HQs/Branches
SWG FWaaS App Gateway

Granular per-session
posture checks

Agent Continuous posture


re-assessment
FortiClient

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 13
Access Limited to Authorized Personnel
FortiSASE
Secure Private Access (SPA)

Internet
Apps Secure corporate app access
DCs/Cloud

FGT Secure Cloud & datacenter app access


Management
Anywhere secure access to corporate apps
Plane for asset protection and compliance
Inline
CASB ZTNA
Apps

HQs/Branches
Highly granular Access Control
FGT
Context-based zero-trust access enforcement,
SWG FWaaS
app based and adaptive with AI/ML

On-prem SD-WAN integration


Agent Superior user experience with full integration
with Fortinet SD-WAN architecture
Agentless
FortiClient

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 14
Access Limited to Authorized Personnel
FortiSASE
Secure SaaS Access for Visibility and Control

Internet
Secure Access to Cloud apps and files

Cloud App Access Control


Management Safe Cloud Application access and blocking
Plane API-CASB of malicious apps with in-line CASB feature
Inline
CASB ZTNA

Deep control & view of apps content


Control over app content and files with API-based
SWG FWaaS
CASB for enhanced security and threat detection

Unified agent for anywhere detection


Agent FortiClient Agent covers all the use-cases
from SASE, Zero-trust, SaaS security,
Agentless and End-Point Protection
FortiClient

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 15
Access Limited to Authorized Personnel
Endpoint Detection & Response
(EDR)
FortiEDR Components Architecture

Collectors Aggregated
Registration and information from
health status Collector and Core Environment and
Security
orchestration

Collector and Core


configuration
Collector configuration
Fortinet Cloud Service
Aggregator Central Manager (FCS)

Threat Hunting
Queries

Security incidents Core configuration Hash, metadata


and health status and extended IR
Threat Hunting instruction
data

Threat Hunting

Compressed
OS metadata
Threat intelligence
Core/Jumpbox

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 17
Access Limited to Authorized Personnel
FortiEDR
Modern Endpoint Security
Legacy Endpoint Protection (EPP with EDR)

Blocks mostly known attacks Detects / blocks unknown attacks

Reduces the attack surface Aids forensic investigations

Remediates & rolls back damage


Protects private data
Integrates with other security tools
This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 18
Access Limited to Authorized Personnel

You might also like