fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project-
fast international shippingISO 9001/27001 Corporate certificationManufacturer certified experts for your project
Imagine you are a service provider for companies with high security standards or you have high security standards for data protection in your company and want to do your utmost to meet them. This also means that the security solution must work completely on-premise and no data may leave the company's internal network for this purpose. This eliminates all solutions that would use the cloud.
Fortinet is aware of such requirements and offers a security concept that meets these demands.
In a hypothetical scenario, the network, the emails and the end devices are to be protected.
This is easily possible with a FortiGate as a firewall, a FortiMail as an e-mail gateway and a FortiSandbox as an on-premise sandbox solution. For the endpoint, FortiClient with the Enterprise Management Server would be used.
As expected, the firewall is used at the edge of the network and provides the first bulwark from the outside. Depending on the size of the network, other smaller FortiGate firewalls can also be used to segment the network. Fortinet offers a wide range of models here, so that there is a suitable firewall for every application.
The FortiGate can take on many tasks here, for example an anti-virus scan of all traffic can be carried out, if desired even with deep packet inspection for SSL-encrypted communication. The certificates are also checked for validity.
In addition, the FortiGate can provide IPSec or SSL VPN connections to securely connect remote locations or home office workstations, SSL connections can even be provided without client software, using a web portal based on HTML5. Alternatively, any OpenSSL compatible VPN client can be used. FortiClient also offers VPN functionality and the great advantage for administrators that configuration can be carried out remotely, even retrospectively.
With the help of Application Control, you can also restrict or block access to undesirable services and sites. For example, the use of the TOR network. The big advantage is that you do not have to maintain the addresses of the input/output nodes yourself. Fortinet does this for you and the FortiGate downloads the latest information. In this way, you can restrict, block or, if necessary, explicitly allow services with just a few clicks.
In the case of e-mails, the FortiGate can intervene at several points to protect you. On the one hand, an anti-spam filter can filter out e-mails before they arrive in the network. On the other hand, the so-called Content Disarm & Reconstruction service can clean up documents such as PDFs and Office files from URLs and macros before they are delivered. An unprocessed copy can then either be discarded or forwarded to a FortiSandbox for further review.
However, these tasks should be handed over to a dedicated appliance such as the FortiMail for larger email volumes. This would not only relieve the FortiGate, but also bring with it other features such as the Dynamic Adult Image Analysis Service. With this service, the FortiMail can analyse images and recognise whether they are images that one would rather see in a red light district. Scanning for spam, viruses and unwanted content would take place even before the email is delivered to the email server.
FortiSandbox is, as the name suggests, a sandbox solution for behavioural analysis of suspicious files. It can analyse the behaviour of executable files and even operate menus independently. It can use Windows 7, 8.1, 10 as well as Linux and Android locally as a VM. An analysis in Mac OS X is only available as a cloud service.
The FortiSandbox can be automatically supplied with suspicious content by FortiGate, FortiMail and FortiClient. In the case of the FortiClient, access to the file would be blocked while the analysis is running. To avoid having to analyse files unnecessarily often, the FortiSandbox remembers a hash value of the file and the result. So if the file should be submitted repeatedly, the FortiSandbox would recognise the file and directly transmit the result of the last analysis.
In addition to the automatic analysis, a manual on-demand analysis is also possible at any time, either by uploading a file or entering a URL.
But the end device must also be protected. Fortinet offers the FortiClient for this purpose. Generally, the FortiClient can be used with administration via the Enterprise Management Server, or EMS for short. This is included free of charge in the licence. FortiClient offers a fully-fledged anti-virus, web filter and VPN solution. In addition, a vulnerability analysis for the installed operating system and the installed programmes is also possible. This ensures that the latest version is used. Fortinet does not differentiate between the office computer and a server, which means that one licence would cover both areas. The FortiClient also supports Windows, MAC OS X and Linux operating systems.
The network administrator is even able to set threshold values via compliance guidelines, from which point a client is no longer allowed to be on the network. For example, if the computer has been infected, e.g. via a USB stick. Then the client is automatically isolated and an alarm is generated. But access can also be blocked if updates for the FortiClient or the operating system have not yet been installed. Updates are then still possible, but the remaining access would be blocked until the compliance guidelines are met.
As you can see, the components work together in symbiosis, the Fortinet Security Fabric. The individual components communicate with each other and exchange information. This ensures that all aspects of a network are secured. At the same time, no data would leave the company, as all checks would happen on-premise.
If you are interested in a security solution from Fortinet and would perhaps even like a trial, please feel free to contact us by phone, email or the contact form.