Skip to content Skip to navigation Skip to footer

Securing Critical Infrastructure with Fortinet

Fortinet is a Leader in the IT/OT Security Platform Navigator 2022

Overview

The convergence of operational technology (OT) and information technology (IT) impacts the security of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. As the air gap is removed, these systems are exposed to an expanding threat landscape and are targets for hackers involved in terrorism, cyber warfare, and espionage. Extending well beyond the traditional factory plant floor, attacks on critical infrastructures such as power plants, factories, water treatment systems, oil rigs, and traffic control systems can result in threats to national security, financial loss, risk to brand reputation, and even loss of life.

For more than a decade, Fortinet has protected OT environments in critical infrastructure sectors such as energy, defense, manufacturing, food, and transportation. By designing security into complex infrastructure via the Fortinet Security Fabric, organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant.


What’s new in FortiOS 7.2

With over 300 new features and enhancements, this FortiOS release empowers the Fortinet Security Fabric by introducing new security features, increasing the degree of convergence, and simplifying security management for operational technology (OT) environments.

These new features demonstrate Fortinet’s commitment to addressing OT challenges:

  • Asset Identity Center: Visualize connected assets in your OT network through dashboards that display the network topology using the Purdue model. See which assets are communicating within and across the Purdue Levels.
  • Security policy improvements: Learn how OT traffic is flowing leveraging the new monitor and learn capability then create new policies with a simplified policy interface.
  • Access network visibility: Enhanced FortiSwitch Topology view now shows important statistics in a single pane.
  • Air-gap license activation: Simplify and streamline licensing in environments even when they are isolated from the Internet.
Securing OT in the Face of IIoT and 5G

Securing OT in the Face of IIoT and 5G

Read Now
Causes and Consequences of IT and OT Network Convergence

Causes and Consequences of IT and OT Network Convergence

Read Now


 

Fortinet's ICS/SCADA solution

Fortinet’s solution integrates OT security solutions with best-of-breed threat protection for corporate IT environments that extend from the data center, to the cloud, to the network perimeter. It also provides visibility, control, and automated at speed analytics detection within the OT environment while provisioning built-in support for industry standards. Additionally, it minimizes complexity and reduces the operating expense (OpEx) of OT security management, when compared to point security solutions in siloed IT and OT environments.

The Industrial Zone is the area where the production takes place. This zone includes the digital control elements like PLCs and RPUs that convert IP communication to serial commands. It also includes additional networks such as the camera surveillance network and networks to support IoT devices. Fortinet products in this zone include: FortiSwitch, FortiAP, FortiPresence, and FortiCamera. Select Wireless Network to learn more about FortiAPs in the Industrial Zone.

Wireless Network: As OT environments provide connectivity to a range of devices with wireless networks, protection for this edge is essential. FortiAPs, managed and secured by FortiGate appliances, deliver complete protection of wireless networks, and are rugged to survive the harsh environments in the Industrial Zone. FortiPresence provides insight into the physical movement of people within OT sites both in real time and across time periods by leveraging the existing onsite Fortinet access points to detect each person’s smartphone WiFi signal. Get complete visual coverage inside and out with FortiCamera. With options for indoor and outdoor, vandal-proof, weatherproof, low-light night vision, fixed and motorized zoom lenses, and two-way audio, FortiCamera fits every OT environment. Get complete visual coverage inside and out with FortiCamera. With options for indoor and outdoor, vandal-proof, weatherproof, low-light night vision, fixed and motorized zoom lenses, and two-way audio, FortiCamera fits every OT environment. Get complete visual coverage inside and out with FortiCamera. With options for indoor and outdoor, vandal-proof, weatherproof, low-light night vision, fixed and motorized zoom lenses, and two-way audio, FortiCamera fits every OT environment.
scada-industry-zone Wireless Network FortiCamera FortiCamera FortiPresence FortiPresence

Site Operations enables the centralized control and monitoring of all the systems that run the processes in a facility. This is where OT systems share data with IT systems. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. Select Wireless Network to learn more about FortiAPs in the Industrial Zone.

Wireless Network: As OT environments provide connectivity to a range of devices with wireless networks, protection for this edge is essential. FortiAPs, managed and secured by FortiGate appliances, deliver complete protection of wireless networks, and are rugged to survive the harsh environments in the Industrial Zone.
scada-ot-zone Wireless Network

Between the enterprise and site operations zones exists the Industrial Demilitarized Zone (IDMZ). The IDMZ allows the organization to securely connect networks with different security requirements. Security protection includes authentication and business segmentation to provide the visibility, control and situational awareness to manage against known and unknown threats. Verify who and what is on the network, and provide role-based access control for users, devices, applications, and protocols. Address unknown threats with sandboxing and deception detection. Implement logical business segmentation using gates and switches. Address known threats to the network. Become situationally aware of what happens in OT and IT environments. Select the Fortinet products to learn more.

FortiNAC provides the visibility to see everything connected to the network, as well as the ability to control those devices and users, including dynamic, automated responses. FortiAuthenticator strengthens security by ensuring only the right person at the right time can access sensitive networks and data. FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss. FortiDeceptor provides accurate detection that correlates an attacker’s activity details and lateral movement that feeds up to a broader threat campaign. Threat intelligence gathered from the attacker can be applied automatically to inline security controls to stop attacks before any real damage is done. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiSwitch offers a broad portfolio of secure, simple, and scalable Ethernet switches ideal for SD-Branch and applications ranging from desktop to data center. Easily manage Fortinet solutions with FortiManager. It supports network operations providing centralized management, best practices compliance, and workflow automation providing better protection against breaches. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiAnalyzer provides analytics-powered reporting for better detection against breaches and known threats. FortiSIEM provides visibility, correlation, automated response, and remediation in a single, scalable solution to improve responses and stop breaches before they occur.
diagram-scada-dmz-zone FortiNAC FortiAuthenticator FortiSandbox FortiDeceptor FortiGate1 FortiSwitch FortiManager FortiGate2 FortiAnalyzer FortiSIEM

The enterprise zone typically sits at the corporate level and spans multiple facilities, locations, or plants where the business systems  work to perform tasks such as scheduling, logistics, and supply chain management. Data is gathered from the individual locations and accumulated to support business decision making. Select the Fortinet products to learn more.

FortiMail secure email gateway delivers consistently top-rated protection from common and advanced threats while integrating robust data protection capabilities to avoid data loss. FortiWeb protects business-critical web applications from attacks that target known and unknown vulnerabilities. FortiADC optimizes the availability, user experience, and application security of enterprise applications. It provides application availability using Layer 4/Layer 7 load balancing, data center resiliency, application optimization, and a web application firewall to protect web applications. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiSwitch offers a broad portfolio of secure, simple, and scalable Ethernet switches ideal for SD-Branch and applications ranging from desktop to data center.
diagram-scada-enterprise-zone FortiMail FortiWeb FortiADC FortiGate1 FortiGate2 FortiSwitch

The Internet/WAN Zone delivers access to cloud-based services for compute and analytics to support ERP and MRP systems for an operational environment. It is also where remote employees and third-parties access the network.  For strong authentication, two-factor authentication and VPN tunnels are used to verify identity and keep data private. Select the Fortinet products to learn more. 

FortiClient strengthens endpoint security through integrated visibility, control, and proactive defense, and VPN tunnels help verify identity and secure data. Discover, monitor, and assess endpoint risks to ensure compliance and mitigate risks. FortiClient strengthens endpoint security through integrated visibility, control, and proactive defense, and VPN tunnels help verify identity and secure data. Discover, monitor, and assess endpoint risks to ensure compliance and mitigate risks. FortiToken enables businesses of all sizes to manage two-factor authentication implementations from anywhere there is an internet connection. FortiToken enables businesses of all sizes to manage two-factor authentication implementations from anywhere there is an internet connection. Fortinet on Amazon Web Services (AWS) delivers the same powerful security controls as for Fortinet industry-leading hardware devices. Fortinet provides Microsoft Azure and Office 365 users with broad protection, native integration, and automated management for consistent enforcement and visibility across multi-cloud infrastructures. Fortinet for Google Cloud Platform (GCP) provides the ability to confidently and safely deploy applications in multiple clouds and data centers.
diagram-scada-internet FortiClient FortClient2 FortiToken1 FortiToken2 AWS Azure Google Cloud
video thumb ot visibility

Visibility

Gain awareness of any device, anywhere on the network, determine the degree of trust and continuously monitor behavior to maintain a level of trust. Define the attack surface and ensure active device and traffic profiling. Traffic visibility ensures actionable intelligence, and teams can be selective on allowed traffic, ports, protocols, applications and services. Enforcement points within the environment ensure north-south and east-west protection.

Watch Now

Control

Depend on each system and subsystem doing its job—and only it’s job. Multifactor authentication ensures the right people have the assigned permissions and access and is backed by enforcement zones. Network segmentation and micro segmentation provide a layered and leveled approach with zones of control. Quarantine and sandboxing prevent threats before they can act.

Watch Now
Fortinet Security Fabric for Operational Technology Environments | Infrastructure Security
2022 State of Operational Technology and Cybersecurity Report | OT Security

Behavioral Analytics

Continuous analysis of behaviors help teams learn what, where, when, who, how by gathering intelligence about known and unknown threats. A central security tool helps with logging, reporting and analytics, and evaluates activity collected across the system. It also provides security information and event management, and security orchestration automation and response capabilities. Insights are gained via user and device behavior analysis and threat assessments ensure continuous protection.

Watch Now

The Fortinet ICS/SCADA Solution Includes:

Next-Generation Firewall

Next-Generation Firewall

Secure Wireless

Secure Wireless

Switching

Switching

Malware Sandbox – FortiSandbox

Malware Sandbox – FortiSandbox

Identity and Access Management

Identity and Access Management

Central Management

Central Management

Analytics, Reporting & Response

Analytics, Reporting & Response

SIEM

SIEM

Additional Resources

White Papers

2022 State of Operational Technology and Cybersecurity Report Enabling NIS Directive Compliance with Fortinet for Operational Technology Aligning Your Security Program with the NIS Directive Securing OT Systems in the Face of Rapid Threat Evolution Independent Study Finds That Security Risks Are Slowing IT-OT Convergence

Solution Guides

Fortinet Secures OT Networks Against Advanced Threats Securing OT Networks with Microsegmentation Fortinet Provides Zero-day Protection in OT Environments Securing Open Platform Communications in OT Environments with FortiGate Next-generation Firewalls Simplifying SD-WAN for Operational Technology Environments for Reliable Connectivity

Reports

Effective ICS Cybersecurity: Using the IEC 62443 Standard Cybersecurity in Water Management Facilities

eBooks

OT Cybersecurity Designed for Critical Plant and Manufacturing Operations Protecting Plant and Manufacturing Operations from the Expanding Attack Surface Strategies That Reduce Complexity and Simplify Security Operations Fortinet Analytics-Powered Security and Log Management Traditional Segmentation Fails in the Face of Today's Expanding Attack Surface

Videos

Security for the Changing Shape of Operational Technology OT Security Architecture Fortinet Security Fabric for Operational Technology Environments

Infographics

2021 State of Operational Technology and Cybersecurity 2021 Assessing the State of OT Security and the Cyber Supply Chain

Checklists

Choosing an SD-WAN Solution for Operational Technology Environments: 5 Requisite Capabilities How Fortinet Intent-based Segmentation Helps CIOs Manage Increased Security Complexity

Case Studies

SISAG Steelcase GEMÜ Falu Energi & Vatten Houston County Electric Cooperative Sullair Argentina Nordlaks

Webinars

Securing the Future of Industrial Control Systems

Quick Links

links image 1 139x100

Free Product Demo

Explore key features and capabilities, and experience user interfaces.
resource center icon 139X159

Resource Center

Download from a wide range of educational material and documents.
links image 2 139x121

Free Trials

Test our products and solutions.
contact sales icon 139x85

Contact Sales

Have a question? We're here to help.
Also of Interest