Network Security & Firewalls

Fortinet Security Fabric Visibility, Analytics, and Automation for the Modern Enterprise

FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape. Integrated with the Fortinet Security Fabric, advanced threat detection capabilities, centralized security analytics, end-to-end security posture awareness and control, helps security teams identify and mitigate threats before a breach can occur.

Orchestrate security tools, people, and process for streamlined execution of tasks and workflows, incident analysis and response, and rapidly expedite threat detection, case creation and investigation, and mitigation and response.

Automate workflows and trigger actions with connectors, playbooks, and event handlers to accelerate your network security team's ability to respond to critical alerts, events, and service level agreement (SLA) for regulation and compliance.

Respond in real-time to network security attacks, vulnerabilities, and warnings of potential compromises, with threat intelligence, event correlation, monitoring, alerts and reporting for immediate tactical response and remediation.

FEATURE HIGHLIGHTS | Across Fortinet's Security Fabric | Incident Detection and Response | Centralized NOC/SOC Visibility for the Attack Surface

The FortiSOC view helps security and network operations teams protect network assets with correlated log and threat data and insights through actionable views with deep drill-down capabilities. Real-time notifications, reports, predefined or customized dashboards deliver single-pane visibility and actionable results. Utilize FortiAnalyzer workflow automation for simplified orchestration of security operations, management of threats, vulnerabilities, and incident response. Proactively investigate anomalies and threats through analysis of SIEM normalized logs in Threat Hunting view.

Event Management

Security teams can monitor and manage alerts and event logs from Fortinet devices, with events processed and correlated in a format that analysts can easily understand. Investigate suspicious traffic patterns and search using filters in predefined or custom event handlers to generate real-time notifications and monitoring for NOC and SOC operations, SD-WAN, SSL VPN, wireless, Shadow IT, IPS, network recon, FortiClient, and more.

High performance big data network analytics

FortiAnalyzer Big Data delivers high-performance big data network analytics for large and complex networks. It is designed for large-scale data center and high-bandwidth deployments, offering the most advanced cyber threat protection by employing hyperscale data ingestion and accelerated parallel data processing. Together with its new distributed software and hardware architecture and Fortinet's high performance next generation firewalls, this powerful 4RU chassis offers blazing fast performance, enterprise- grade data resiliency, built-in horizontal scalability, and consolidated appliance management.

Features | High Performance

• Totally redesigned and optimized architecture, employing the newest Big Data Kafka/ Hadoop/ Spark technologies
• Massive Parallel event streaming and data processing for high-speed ingestion, data storage, and search capabilities
• The highest performing FortiAnalyzer appliance: 300 000 logs/sec out-of-box, horizontally scalable to petabytes of storage

Unified Appliance Management

• Enterprise-grade Big Data Appliance with consolidated hardware and software monitoring through the Cluster Manager
• Simple installation, updating, expansion, and data management
• Built-in automation and customizable job templates

Reliable and Scalable Deployment

• Built-in enterprise high availability and data resiliency based on a newly optimized software and hardware architecture
• Designed for rapid scalability with multiple Big Data appliances using high speed 40 Gb/s built-in switch modules
• Specifically designed to accelerate the visibility and expansion of the Fortinet Security Fabric

Big Data Security Analytics

• Monitor and analyze your entire network from end-to-end at an accelerated rate, maximizing the visibility of your entire attack surface, network traffic, applications, users, and end-point hosts
• Interactive dashboards and informative reports using real-time tracking of key security metrics, link health status, and application steering performance
• Ready to use and customizable report templates for compliance, security posture assessments, and system performance checks
• Use log analytics to query IPFIX log messages collected, when Ingestion is configured in Flow mode

The FortiGate 100E series delivers next generation firewall capabilities for mid-sized to large enterprises, with the flexibility to be deployed at the campus or enterprise branch. Protect against cyber threats with security processor powered high performance, security efficacy and deep visibility.

Security

• Protects against known exploits, malware and malicious websites using continuous threat intelligence provided by FortiGuard Labs security services
• Identify thousands of applications including cloud applications for deep inspection into network traffic
• Detects unknown attacks using dynamic analysis and provides automated mitigation to stop targeted attacks

• Delivers industry's best threat protection performance and ultra-low latency using purpose built-security processor (SPU) technology
• Provides industry-leading performance and protection for SSL encrypted traffic

• Independently tested and validated best security effectiveness and performance
• Received unparalleled third-party certifications from NSS Labs, ICSA, Virus Bulletin and AV Comparatives

• Delivers an extensive routing, switching, wireless controller and high performance IPsec VPN capabilities to consolidate networking and security functionality
• Enables flexible deployment such as Next Generation Firewall and Secure SD-WAN

• Single Pane of Glass with Network Operations Center (NOC) view provides 360° visibility to identify issues quickly and intuitively
• Predefined compliance checklist analyzes the deployment and highlights best practices to improve overall security posture

• Enables Fortinet and Fabric-ready partners' products to collaboratively integrate and provide end-to-end security across the entire attack surface
• Automatically builds Network Topology visualizations which discover IoT devices and provide complete visibility into Fortinet and Fabric-ready partner products

A Non-Intrusive, Agentless Deception Solution to Detect and Stop Active In-Network Attacks

FortiDeceptor is Fortinet's non-intrusive, agentless deception platform that puts the power back into the hand of defenders, with the ability to deceive attackers into engaging with fake assets and ultimately revealing themselves.

A force multiplier to current security defenses, FortiDeceptor combines the concept of honeypot with threat analytics and threat mitigation capabilities. This is achieved by distributing a layer of deception assets across the network-decoys and tokens, such as fake keys and files on endpoints and servers-and creating a system of traps that look and operate like any other real asset across IT, OT, and IoT networks, intended to deceive, detect, and isolate known and unknown human and automated attacks.

With FortiDeceptor, instead of waiting for the threat actor to make a mistake and then detect their presence, you can now embrace an active defense approach where any step the attacker takes-whether they try to escalate privileges or run malware-becomes an opportunity for you to detect them.

Early Threat Detection, Minimal Network Impact

FortiDeceptor works by deploying and running decoys from the FortiDeceptor console using available IP addresses. As decoys leverage unused IP addresses across the different network segments, they do not impact network availability and, to the attacker, they seem like an integral part on your network. These IP addresses do not correspond to any real host or device on the network.

The FortiDeceptor platform consists of several deception components that together provide an authentic and scalable layer of deception assets that are identical to other assets across your network. These decoys are fake assets, such as industrial control systems, medical devices, ATMs, tank gauges, POS devices, IoT devices, network infrastructure, and more, that run real operating systems and services and generate fake but limited traffic to lure attackers to them, diverting them away from sensitive assets. FortiDeceptor provides an extensive inventory of decoys. You can also 'bring your own decoys' and upload your own golden images.

To expand the deception layer event further, FortiDeceptor places breadcrumbs (or tokens) on real endpoints and servers. These are fake documents, files, or fake credentials, that attackers look to leverage to move laterally or encrypt. The breadcrumbs, which are indistinguishable from real files and credentials, are designed to deceive the attacker or malware to laterally move to the decoy. FortiDeceptor immediately detects any use of fake credentials, generates alerts, and automatically isolates the endpoint using built-in endpoint isolation capabilities or security orchestration, automation, and response (SOAR) playbooks.

Accelerated Incident Response

? The solution generates high-fidelity, zero false-positive alerts, providing security teams with a unique advantage over malicious activity, and unparalleled visibility to detect and stop attacks, credential thefts, lateral movement, and malware activity. It also provides compensating security control when patching or when other security controls aren't an option. A good example of this is in OT environments where patches aren't available; even when patches are available, the time and effort required for maintenance is arduous.

A Non-Intrusive, Agentless Deception Solution to Detect and Stop Active In-Network Attacks

FortiDeceptor is Fortinet's non-intrusive, agentless deception platform that puts the power back into the hand of defenders, with the ability to deceive attackers into engaging with fake assets and ultimately revealing themselves.

A force multiplier to current security defenses, FortiDeceptor combines the concept of honeypot with threat analytics and threat mitigation capabilities. This is achieved by distributing a layer of deception assets across the network-decoys and tokens, such as fake keys and files on endpoints and servers-and creating a system of traps that look and operate like any other real asset across IT, OT, and IoT networks, intended to deceive, detect, and isolate known and unknown human and automated attacks.

With FortiDeceptor, instead of waiting for the threat actor to make a mistake and then detect their presence, you can now embrace an active defense approach where any step the attacker takes-whether they try to escalate privileges or run malware-becomes an opportunity for you to detect them.

Early Threat Detection, Minimal Network Impact

FortiDeceptor works by deploying and running decoys from the FortiDeceptor console using available IP addresses. As decoys leverage unused IP addresses across the different network segments, they do not impact network availability and, to the attacker, they seem like an integral part on your network. These IP addresses do not correspond to any real host or device on the network.

The FortiDeceptor platform consists of several deception components that together provide an authentic and scalable layer of deception assets that are identical to other assets across your network. These decoys are fake assets, such as industrial control systems, medical devices, ATMs, tank gauges, POS devices, IoT devices, network infrastructure, and more, that run real operating systems and services and generate fake but limited traffic to lure attackers to them, diverting them away from sensitive assets. FortiDeceptor provides an extensive inventory of decoys. You can also 'bring your own decoys' and upload your own golden images.

To expand the deception layer event further, FortiDeceptor places breadcrumbs (or tokens) on real endpoints and servers. These are fake documents, files, or fake credentials, that attackers look to leverage to move laterally or encrypt. The breadcrumbs, which are indistinguishable from real files and credentials, are designed to deceive the attacker or malware to laterally move to the decoy. FortiDeceptor immediately detects any use of fake credentials, generates alerts, and automatically isolates the endpoint using built-in endpoint isolation capabilities or security orchestration, automation, and response (SOAR) playbooks.

Accelerated Incident Response

? The solution generates high-fidelity, zero false-positive alerts, providing security teams with a unique advantage over malicious activity, and unparalleled visibility to detect and stop attacks, credential thefts, lateral movement, and malware activity. It also provides compensating security control when patching or when other security controls aren't an option. A good example of this is in OT environments where patches aren't available; even when patches are available, the time and effort required for maintenance is arduous.