SOC, SIEM, SOAR and SASE define Fortinet’s Security Fabric
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, deciphers the jargon and explains how an alphabet soup of integrated security services spells comprehensive protection for your network and ensures business continuity.
Business continuity is predicated on network performance. If you can deploy new network services at speed, your business will grow. If your network is slow, your business slows. And if it stops, you are out of business.
The very raison d’etre for your network services is to ensure that all stakeholders can access the digital assets they need when they need them regardless of location or device. Further, it requires constant development and deployment of new services. Yet every time your NOC (network operations centre) delivers a new network service they must ensure that it is secure. And that requires onboarding a specialised security service in parallel.
This is typically the domain of the SOC (security operations centre). Merging the roles of your NOC and SOC ensures that your network and security services can be deployed faster and in concert, provide granular level visibility into network activity and create a framework to react immediately to any security events.
The capability, known as SIEM (security information and event management), enables your NOC/SOC teams to define comprehensive security and network access policies and provides the tools to enforce them.
Orchestrated responses to security events
Network services typically consist of an amalgamation of components deployed over time. In-house servers and storage, branch office and remote connectivity, cloud-based and managed services and mobile users. All from different vendors with different protocols and, unfortunately, all requiring different security services which might or might not be inter-connected.
Your challenge is to standardise and unify all of your security services to protect your non-standard and disparate network services and deploy them to every edge of your network.
Your security services need to be able to detect any anomalous network activity, isolate the affected components and then repair any damage, all in near real time. To do this effectively, your security services must be automated and take advantage of artificial intelligence to reduce false positives and detect previously unknown threats.
Together these capabilities are known as SOAR (security orchestration, automation and response).
Network access control – The final piece of the puzzle
Network access control (NAC) provides the tools to govern who and what connects to your network. This is especially critical as staff rely on their mobile phones and laptops to connect to the network. Zero Trust Network Access (ZTNA) assumes that any device can be or already is compromised. ZTNA protocols authenticate, inventory, assess and then grant the minimum access permissions for every user and device that attempts to connect to the network. And, again, ZTNA tools have to communicate to support both SIEM and SOAR.
Taking ZTNA concepts into the cloud, Secure Access Service Edge (SASE) combines network and security functions with WAN capabilities into a single service model that controls network access regardless of where the data or applications are hosted. SASE provides end-to-end protection across the entire network and includes all users and devices.
Onboarding SIEM, SOAR and SASE as a Security Fabric
As stand-alone point solutions, these security services protect individual components of your network. But they are much more powerful when united by common policies, operating systems, real-time threat intelligence and automated procedures.
The most effective solution is a unified Security Fabric – such as Fortinet’s – that incorporates all of the latest security services, can be managed from a single-pane-of-glass NOC/SOC dashboard, is backed by a global constellation of threat intelligence labs and allows for fast and efficient onboarding. Anything less could compromise your network performance and that, in turn, threatens your business continuity.
Fortinet’s unified Security Fabric Services are available from a network of Authorised Partners across A/NZ as appliances, virtual appliances and cloud-based or managed services. Fortinet’s Security Fabric is backed by the global constellation of FortiGuard Labs to ensure that your defences are always updated with the very latest threat intelligence. And Fortinet’s commitment to research and development mean that, regardless of which way your network evolves, Fortinet will be right there with the fully-integrated security services to protect it.
About the author
Cornelius Mare is Director, Security Solutions at Fortinet A/NZ. As such, it is his business to know what’s happening in the cybersecurity world and how to help enterprises secure their transitional networks without sacrificing speed, functionality or control. In particular, Corne is an expert with hybrid cloud environments and artificial intelligence. These tools, along with other Fortinet security services, help organisations manage their digital transformations with confidence.
Fortinet (NASDAQ: FTNT) secures the largest enterprises, service providers and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.