Intent-based Segmentation

Achieve robust security architecture while reducing risk, complexity, and cost

FortiGate NGFWs that enable organizations to implement intent-based segmentation

Intent-Based Segmentation

Digital transformation is driving business growth and enabling new efficiencies.  However, aspects that make this growth possible, such as mobile computing, convergence of IT and operational technology (OT) environments, and sophisticated cyberattacks, often makes achieving end-to-end security a difficult task. Moreover, maintaining a robust security posture that implements consistent security policies across all network environments is increasingly challenging.

Having flat networks that were built on a ‘Trusted’ philosophy further compounds this problem by making it easier for cybercriminals to get inside the network and once inside, they become part of the trusted zone and run in a stealth mode. This allows them to quickly spread threats laterally. It’s extremely hard to detect and contain these cybercriminals as they move deeper into the network, resulting in cascading risks, exfiltration of valuable data and resultant economic impact and brand damage to the organizations.

Network Security and Infrastructure teams have adopted a combination of various types of micro, macro, and application segmentation techniques to secure data and digital assets. But these types of segmentation still lack complete coverage, and organizations require a new approach to addressing security.

With Fortinet intent-based segmentation, organizations can intelligently segment network and infrastructure assets regardless of their location whether on-premises or on multiple clouds. Dynamic and granular access control is then established by continuously monitoring the trust level and adapting the security policy accordingly. High-performance, advanced security isolates critical IT assets to ensure quick detection and prevention of threats using analytics and automation.

Powered by physical and virtual FortiGates, along with FortiOS innovations, intent-based segmentation provides end-to-end segmentation that extends networks and geographical boundaries.

 

 

High-Performance Advanced Security

Intent-based segmentation can also help achieve compliance and regulations, such as PCI compliance. The necessary steps to achieve are as follows:

run security assessments

Run Security Assessment

Start with the Security Rating service and run compliance report to assess if the network is operating according to required standards.

run security assessments

Label Assets using a Business Logic

Label assets using a business logic, for example using Fortinet's  Asset Tagging feature.  These tags allow all the PCI assets to be easily identified and searched in different views and reports of FortiManager and FortiAnalyzer. 

run security assessments

Decide where to apply the Segmentation

Deploy Endpoint and Micro-segmentation (for example, VMware NSX)

run security assessments

Apply granular access control

Rely on Identity and Access Management (IAM) to manage granular access control

run security assessments

Use Fabric Connector

Employ Fabric Connectors to seamlessly integrate with the deployed segmentation (e.g. VMware NSX) to provide high-performance advanced security and query an external trust database for dynamic trust information

Features and Benefits