sb-au logo
Story image

Securing the enterprise network with Fortinet: Perimeter, core and edges

14 Aug 2020

Jon McGettigan, Fortinet A/NZ Regional Director, discusses ‘core and edge’ network topology and explains why only fully-integrated security services can offer comprehensive protection.

Distributed enterprise networks require tightly-integrated security services. Any network service not so secured represents a weak point in an otherwise productive environment. The challenge is to secure all components of your network – perimeters, cores and edges – with unified security services that eliminate any gaps in your cyber defences. 

In addition, unified security services provide a framework for SOAR (security orchestration automation and response) capabilities which enable your network to detect, contain and mitigate security events and ensure business continuity.

Protecting the perimeter

Perimeter security at the gateway – ie. firewalls – are the most established of all of security services. Gateway firewalls regulate traffic into and out of your network. The more complex the network, the more complex the firewall requirements. 

A network can have more than one perimeter such as a SD-WAN or cloud-based services. In these cases the firewall must be able to protect each instance with the same unified policies, SOAR capabilities and management.

Perimeter protection is the first step – and a very necessary one – in securing the enterprise network. But protection inside the perimeter – the core data centre - is equally important.

Protecting the core

Enterprise data centres have more computational capacity than ever before and are fast-forwarding with hyperscaled application delivery architecture. Applications such as business intelligence, multi-media and IoT/5G require massive amounts of processing power and bandwidth. Security services have to scale at speed to keep up. Otherwise productivity will suffer.

Each core application requires protection, even if they are running as a virtual instance inside your data centre. This so-called ‘east-west’ protection ensures that even if the perimeter gateway is breached as a result of a mis-configured app or user error, the damage is contained and any malware is eliminated before it can spread to other virtual apps. 

To fully protect the core, you have to be able to fence off each application. Next Generation Firewalls are optimised to do just that.

Today’s Next Generation firewalls can deploy and configure internal east-west protection automatically by incorporating Hardware Accelerated Segmented Architecture. And they can keep up with hyperscaling traffic via dedicated Security Processing Unit (SPU) hardware. And, again, they provide a foundation for SOAR inside your data centre.

Protecting the edges

Hyperconnectivity between devices, applications and users is giving rise to multiple edges across the network. These can range from mobile phones and laptops to customer-facing web applications and IoT transceivers. These edges enhance the value of the network by many orders of magnitude. Indeed, applied network edges are the manifestation of digital transformation. 

But multiple network edges also expand the attack surface. Remote workforce? They need the same protection as the data centre. API-powered web apps? More opportunities for adversaries. Cloud-based services? Each session is a potential intrusion if left to chance. 

Each network edge requires a purpose-built, tightly-integrated security service. And the only way to enable SOAR across all network edges is to deploy security services unified by common policies and operations. Just one unsecured edge can bring an otherwise productive network to it’s knees.

Fortinet’s Security Fabric

Fortinet’s Security Fabric protects network perimeter(s), core(s) and edges with standardised products, policies and procedures. Based on FortiOS 6.4 and powered by dedicated processors (NP7, CP9, SoC4), Fortinet’s Security Fabric is the only range of complete core-to-edge security services available on the market that supports hyperscaling architecture.

Fortinet Security Fabric Services are available from a network of Authorised Partners across ANZ as appliances, virtual appliances and cloud-based or managed services. Fortinet’s Security Fabric is backed by the global constellation of FortiGuard Labs to ensure that your defences are always updated with the very latest threat intelligence. And Fortinet’s commitment to research and development mean that, regardless of which way your network evolves, Fortinet will be right there with the fully-integrated security services to protect it.

About the author

Jon McGettigan is Fortinet’s Australia, New Zealand & Pacific Islands Regional Director. As such, he is responsible for driving Fortinet’s continued expansion in the region through building and maintaining relationships with businesses, partners and staff. As a senior executive, he understands the risks, motivations and opportunities that face IT managers as they transform their networks into 21st century revenue centres.

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses.Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.

Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
Cohesity announces integrated, automated disaster recovery
The new solution is integrated with the company’s existing backup and continuous data protection capabilities.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More