Business & Technology

Extending the Security Fabric: Refining the Security Operations Center

By Michael Reinhart | January 10, 2017

Monitoring, managing, and protecting the formless scope and scale of today’s highly distributed and dynamically changing digital enterprise network is a daunting task for IT and Security Operations Teams. The proliferation of IoT and mobile devices, the convergence of IT and OT, and adoption of cloud-based networking and services is making detection and response to threats increasingly difficult, if not impossible with today’s tools. When the network around you is constantly adapting to shifting demands, how do you effectively track and catalog the devices, elements, and infrastructure you are supposed to be protecting, or determining what baselines of “normal ”look like anymore? 

This complex and challenging environment is further exacerbated by the digital transformation of business processes and elements in support of greater efficiencies and better customer experiences, along with the need for the operational support needed to facilitate these efforts on an accelerated scale – something that Gartner is calling “Intent Based Networking”. According to Joe Skorupa, a Gartner VP and distinguished analyst, “Intent-based networking adoption is being driven by digital business transformation's requirements to increase network agility while increasing reliability/availability. The increasing complexity of networks, combined with critical skills shortages in design/deploy/operate tasks, are increasing pressure on infrastructure and operations (I&O) leaders to find a better way to map the requirements of the business to infrastructure behavior in a timely, consistent and verifiable way.”

The challenge is that today’s static and isolated security tools, devices, and platforms make up the core of today’s network and security operations centers, and they were simply never designed or built to protect the environments organizations are deploying today. Security operations teams are quickly realizing they can’t prevent what they can’t predict, so they are beginning to shift their focus to more rapid detection and response to threats. However, rapidly detecting and responding to today’s threats requires tightly integrated technology solutions that are agile and scalable. These solutions also need to deliver adaptive, real-time visibility into the threat landscape, along with the ability to identify, collect, parse, normalize, and correlate a variety of types and sources of threat data from both inside and outside the network and security domains. Visibility also means delivery of more contextual analytics that can more rapidly isolate active threats on the network before they spread, and with the ability to automatically synchronize security and network components to respond to attacks in real time.

Fortinet’s Security Operations Solution has been purposefully designed and built from the ground up to serve this market need by bringing together much of the data and analytics that have traditionally resided in disparate and dis-integrated Network and Security Operations management tools and silos. Fortinet’s Security Operations Solution leverages the pervasive framework of the Fortinet Security Fabric. Its broad, powerful, and automated security management capabilities provide the network and security intelligence needed to arm both IT and security teams with the insights they require to maximize the protection of their Fortinet technology infrastructure.

The Security Operations Solution goes on to enhance and expand the Security Fabric with comprehensive, intelligent, scalable, and highly adaptive security operations elements that are able to discover, gather, cross-correlate, and analyze data from a multitude of sources, including those sourced from Fortinet partners and even competitors. This more integrated and more holistic approach to rapid identification and detection of threats serves to facilitate Intent-Based Network Security architecture operations decision making now and into the future.

Leveraging and going beyond the Fortinet Security Fabric, the Fortinet Security Operations Solution combines FortiSIEM, FortiAnalyzer, and FortiManager, along with Threat Intelligence data derived from FortiGuard Labs and external third-party threat intelligence feeds.

  • FortiSIEM –Dynamically auto-discovers the physical and virtual elements attached to the network, self-learns their configurations, and maps their interrelationships to create a dynamic centralized management database (CMDB.) FortiSIEM also provides industry leading, patented threat detection technology that  able to cross correlate both NOC (performance) analytics and SOC (event and log) analytics in real-time, empowering any operations center with a deeper understanding and greater context of their ever-changing threat landscape. FortiSIEM is also able to bring in context and current information from FortiGuard Labs and other third party Threat Intelligence Services for additional sources of context in streamlining detection and response efforts. And all this is delivered through a single-pane-of-glass interface for ease of operations.

FortiSIEM also provides a wide array of pre-built reports, including compliance with the latest regulatory standards and for seeing and managing the performance of business applications. Multi-tenant architecture support is standard, with customizable physical and logical reporting domains, including differentiated reports for various network segments and microsegments. And FortSIEM’s patented and highly scalable architectural design ensures that organizations are able to keep pace with an ever-increasing volume of log and event data without interruption.

  • FortiAnalyzer – Provides centralized threat data collection and analysis from the log and event data derived from all Fortinet security and network devices attached to and distributed across an organization’s networking environment, enabling much faster and more accurate threat detection.
  • FortiManager – Enables SOC and NOC personnel to initiate and synchronize a coordinated response to detected threats, along with the ability to manage and push new security policies across all Fortinet devices no matter what part of the network is being compromised. In addition, a growing number of Fortinet technology partners are an integral part of this distributed security framework.

Fortinet’s Security Operations Solution greatly consolidates, simplifies, and accelerates rapid detection, isolation, and response efforts for any organization by bringing together the best of Fortinet’s dynamic and responsive Security Fabric and associated management solutions, combined with the adaptive and expanded context derived from the ability to continually self-learn the environment outside the Fortinet world, combined with the real-time analytics derived from hundreds of external network, security, and operations sources, from end-points to the cloud.