Industry Trends

Taking a Platform Approach to Zero Trust

By Peter Newton | October 07, 2021

When it comes to security and networking, the two biggest challenges are complexity and visibility. Many organizations have countless solutions that they are trying to get to play nice with one another. And it doesn't always work out very well. So when leadership (or the President of the United States) says you need to implement a zero trust architecture, many might grown with concerns. And if you’re using incompatible products from multiple vendors that have multiple dashboards and challenging integrations, you can easily end up with a deployment so complex that it doesn't work with the systems you already have. In this scenario, that collective groan is quite justified.

As you embark on your zero trust journey, taking a platform approach and choosing solutions that are integrated by design will be much easier to deploy, configure, and maintain. That's why the Fortinet Security Fabric exists. Not only does it make it possible for Fortinet products to work together, it's an open ecosystem that includes a wide variety of vendors. This allows you to build one broad, integrated, and automated platform that includes a mixture of solutions that enable your network to easily change and expand alongside your business.

Fortinet zero trust solutions include zero-trust access (ZTA) and zero trust network access (ZTNA). The tightly integrated products make it possible for you to identify and classify all of the users and devices that seek network and application access, assess their state of compliance with internal security policies, automatically assign them to zones of control, and continuously monitor them, both on and off the network.

Fortinet Security Fabric Components Used in Zero Trust Security

The zero-trust model stipulates that organizations restrict user access to only the resources that are necessary for a given role and that they support the identification, monitoring, and control of networked devices. To support their journey to the cloud and work from anywhere trends, organizations can use the following Fortinet Security Fabric components for zero trust security:

Network Access Control

Maintaining continuous visibility and access control of devices on the network has historically been difficult. But the FortiNAC network access control solution supports agentless data collection to provide extensive visibility into everything on the network. It accurately discovers and identifies every device on, or seeking access to, the network, scans it to ensure that it is not already compromised, and classifies it by role and function. 

FortiNAC also can deliver dynamic network microsegmentation in a mixed vendor environment; it supports more than 170 different vendors and 2,400 different devices and interacts with the network to keep the devices in the proper network segment. It also integrates with FortiGate Next-generation Firewalls (NGFWs) to enable intent-based segmentation, which bases segmentation on business objectives, such as compliance with data privacy laws.

Endpoint Telemetry and Remote Access

For end-user devices, such as laptops and mobile phones, Fortinet extends zero trust access control and user and device access to applications both on and off the network through FortiClient. FortiClient ensures endpoint visibility and compliance throughout the Security Fabric. It also shares endpoint telemetry with the Security Fabric for unified endpoint awareness.

When end-user devices reconnect with the enterprise network, the FortiClient Fabric Agent shares endpoint security telemetry data with FortiGate NGFWs and the rest of the Fortinet Security Fabric. This data includes device operating system (OS) and applications, known vulnerabilities, patches, and security status. The data helps the Fortinet ZTA tools refine the access rules for the devices. For ZTNA, the FortiClient ZTNA agent provides the device posture check and the user identification as part of the verification process as well as creating the encrypted tunnel from the device to the FortiOS proxy point.

Identity Management

FortiAuthenticator serves as the hub of authentication, authorization, and accounting (AAA) with access management, single sign-on, and guest management services. It establishes user identity through logins, certificates, and multi-factor inputs. FortiAuthenticator shares these inputs with role-based access control services to match an authenticated user to specific access rights and services. FortiAuthenticator also supports Security Assertion Markup Language implementations so users can securely access Software-as-a-Service (SaaS) solutions such as Salesforce, ADP, or Microsoft 365.

Two-Factor Authentication

FortiToken provides two-factor authentication services to FortiAuthenticator, either through a hardware token or as a mobile solution. The mobile solution is an open authorization (OAuth)-compliant one-time password generator application for Android and iOS devices that supports both time-based and event-based tokens.

Zero Trust Everywhere

With decades of experience in helping enterprises maintain security coverage for their rapidly expanding networks, Fortinet offers highly effective zero trust solutions that deliver on the zero-trust principles of:

  • Ongoing verification of users and devices
  • Creating small zones of control
  • Granting minimal access to users and devices

By assembling these necessary pieces under the umbrella of a single, integrated platform – what we call the Fortinet Security Fabric – organizations can move forward with zero trust strategies that work no matter what stage of implementation they may be at and no matter where their users, devices, or resources may be located. 

Discover how Fortinet’s Zero-Trust Access framework allows organizations to identify, authenticate, and monitor users and devices on and off the network.