目前位置: 新聞總覽 -> 最新訊息 -> Fortinet: Enhance and extend your SOC with visibility, control and automation
2022年08月03日
Fortinet: Enhance and extend your SOC with visibility, control and automation
Cornelius Mare, Chief Information Security Officer at Fortinet A/NZ, offers insights on how to extend your security policies across all edges and clouds, add comprehensive controls to enforce those policies and build a fabric for automated responses.
You can’t defend against what you can’t see. And if you do detect something amiss, you need the right controls to isolate, analyse and mitigate the event. Further, since today’s networks operate at breakneck speed, these controls need to respond in nanoseconds and that requires automation. Visibility, control and automation. The three keys to network protection.
More and more network activity is taking place outside the core. Edge computing lets any number of users and devices access and process data and applications. And these data and applications can be hosted anywhere in the cloud. Your network is truly a global enterprise.
But this dispersed network topology broadens the attack surface. Adversaries have more opportunities, more tools and more targets, you included. Visibility, control and automated responses are more critical than ever.
Your challenge is to maintain granular-level visibility, implement comprehensive controls and create a security fabric for automated responses across your entire distributed network - inside the core, at all edges and into the cloud.
Visibility across workloads and clouds
Comprehensive protection is predicated by total visibility amongst all network components. All log-ons, users, traffic, applications and data processing. But it’s not enough just to observe. Your security fabric has to react, in near real time, to any anomalous activity.
But before you can identify ‘anomalous activity you need to define what is normal and expected. That is the role of your security policy. For maximum protection, your policy has to extend across the network to ensure consistent visibility, comprehensive controls and orchestrated responses.
The only feasible strategy to achieve this is to employ a network-wide security fabric that supports your policies across all devices and workloads, captures transactions and displays critical metrics via a centralised console. Further, it must be able to react, automatically, to anomalous events in near-real-time. This is the Fortinet advantage.
Security fabric solutions
Security fabric solutions can include Zero Trust Network Access (ZTNA) for strong authentication capabilities for users and devices and ‘least privilege’ access, Secure Access Service Edge (SASE) to protect cloud-based apps and data, Secure SD-WAN for branch office protection, real-time threat intelligence and many more specialised services.
All of these solutions work together to provide SIEM (security information and event management) and SOAR (security orchestration, automation and response) and, ultimately, extended detection and response (XDR).
Security fabric delivery
Delivering integrated, comprehensive and flexible security services to your network edges and into the cloud can take many forms. Security as a service (SaaS) is an effective way to add advanced tools, like sandboxing, to your repertoire. Fabric APIs allow you to add specific security services, such as application firewalls, to your DevOps initiatives. Fabric connectors allow you to extend your security policies to cloud-based platforms such as AWS, Google Cloud, Microsoft Azure and more.
Regardless of the service mechanism, a comprehensive security fabric, employing a multi-layer ‘defence-in-depth’ approach, is your best line of defence against malicious activity including ransomware. One that covers the core, edge and cloud. One that provides visibility, control and automation. And one that can scale to speed to secure all of your digital initiatives.
Source:
https://channellife.co.nz/story/fortinet-enhance-and-extend-your-soc-with-visibility-control-and-automation
|
|