SOLUTION GUIDE. Secure Access Architecture. Enterprise Network Access with Complete Security

Similar documents
Secure Access Architecture

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

Fortinet Secure Wireless LAN

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Fortinet FortiGate App for Splunk

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

MSSP Advanced Threat Protection Service

Securing Next Generation Education A FORTINET WHITE PAPER

Securing the Data Center

The Fortinet Advanced Threat Protection Framework

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

How To Secure Your Store Data With Fortinet

The Fortinet Secure Health Architecture

The Fortinet Secure Health Architecture

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

Improving Profitability for MSSPs Targeting SMBs

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

Use FortiWeb to Publish Applications

Fortinet s Data Center Solution

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses

The Enterprise Cloud Rush

FortiVoice Enterprise

How To Get A Fortinet Security System For Free

FortiVoice Enterprise

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

BUSINESS OPPORTUNITY 4 CONNECTED UTM FOR SMALL OFFICES 6 SECURE COMMUNICATIONS FOR SMALL OFFICES 10 COMPETITIVE COMPARISONS 15

DEPLOYMENT GUIDE. FortiAP-S Series Deployment Guide. Secure Cloud-managed Wireless LAN Solution

FortiGate/FortiWiFi 60D Series

FortiGate/FortiWiFi 90D Series

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

SDN Security for VMware Data Center Environments

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

FortiGate 100D Series

Securing your IOT journey and beyond. Alvin Rodrigues Market Development Director South East Asia and Hong Kong. What is the internet of things?

FortiAuthenticator TM User Identity Management and Single Sign-On

Meraki 2015 Solution Brochure

WHITE PAPER SECURING DISTRIBUTED ENTERPRISE NETWORKS FOR PCI DSS 3.0 COMPLIANCE

Connect and Secure Retail

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

BYOD Networks for Kommuner

How To Ensure Security In Pc Ds 3.0

MSP Dashboard. Solution Guide

FortiAuthenticator - What's New Guide VERSION 4.0

Monitoring & Measuring: Wi-Fi as a Service

FortiGuard Security Services

High performance security for low-latency networks

Cisco Meraki solution overview Cisco and/or its affiliates. All rights reserved.

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

Managing a FortiSwitch unit with a FortiGate Administration Guide

Meraki: Introduction to Cloud Networking

Best Practices for Outdoor Wireless Security

FortiAP Wireless Access Points

High Performance NGFW Extended

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

FortiGate 200D Series

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits.

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

WHITE PAPER. Empowering the MSSP. Part 1: Real World Customer Needs

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Data Center security trends

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

Fortinet Advanced Threat Protection- Part 3

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

INTRODUCING isheriff CLOUD SECURITY

Network Design Best Practices for Deploying WLAN Switches

Top 10 Reasons Enterprises are Moving Security to the Cloud

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Simple, scalable, secure Complete BYOD solution Michael Lloyd HP- Enterprise Group

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

United Security Technology White Paper

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3

FortiGate. Accelerated security for mid-enterprise and branch office. Designed for today s network security requirements

Managed WiFi. Choosing the Right Managed WiFi Solution for your Organization. Get Started Now: to learn more.

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

The Fortinet SDN Security Framework

Best practices for WiFi in K-12 schools

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

Purchase and Import a Signed SSL Certificate

Deploying a Secure Wireless VoIP Solution in Healthcare

Next-Generation Firewalls: Critical to SMB Network Security

Transcription:

SOLUTION GUIDE Secure Access Architecture Enterprise Network Access with Complete Security

Introduction Technology and market trends are rapidly changing the way enterprises deploy local area networks, connect end devices and enable business applications of every type, and this has implications for how network access security is planned, deployed and managed. Growth in Unsecure Connected Devices The number and types of network-connected wireless devices continues to grow unabated. BYOD (Bring Your Own Device) is becoming the norm, and enterprise networks have begun to move beyond connecting laptops, smartphones and tablets. Now, emerging IoT (Internet of Things) applications are bringing new device types to the enterprise in virtually every industry. However, the exponential increase in unsecured connected devices presents new vulnerabilities and a growing attack surface for hackers to exploit. On top of the challenges of BYOD onboarding, IoT devices such as wireless sensor nodes, location-based beacons, and other small devices pose an additional threat, since many cannot support a suite of security solutions. This puts the onus on the network to keep these devices secure. Wireless Security is a Top CIO Concern The shifting device landscape from corporate-owned to employeeowned, and users growing reliance on the Internet, also puts device and application layer security in the limelight. Recent surveys indicate almost 50% of IT Decision Makers rate wireless LANs among the two most vulnerable areas of their IT infrastructure. Device and application proliferation go hand-in-hand. With mobile application use growing at 76% year on year, enterprises face not only support challenges from more enterprise applications, but also new vulnerabilities that stem from applications and devices never before seen on the network. Growing Operational Complexity for IT On top of this unprecedented growth, users expect a more unified access experience one that ensures consistent application and device policies across both wired and wireless environments, and across multiple devices per user. The growing sophistication of cyberattacks is exposing the vulnerabilities in traditional flat networks. The new strategy needed to protect against sophisticated attacks is to add multiple layers of defense, including explicit internal segmentation, to break or mitigate the chain of infection. All these changes in usage, devices and applications create an enormous challenge for IT organizations to protect the network from the ever-evolving array of threat vectors. Secure Access Experience the industry s most comprehensive network access security, regardless the size of your business, your network topology and choice of on-premise or cloud-based management. 2

Fortinet Secure Access Architecture These trends and the challenges ahead, call for a network access architecture that is not only secure but easy to manage, to safeguard critical internal enterprise assets and users from cyberattacks. This is where Fortinet s Secure Access Architecture leads the way. FIGURE 1 Secure Access Architecture Securing business communications, personal information, financial transactions and mobile devices involves much more than network access control. It requires scanning for malware, preventing access to malicious websites, end-point integrity checking, controlling application usage and much more. But typical Wi-Fi solutions do not cater to these requirements. They only address connectivity and access security. Security above Layer 2 is typically provided as an overlay by a variety of security appliances. Fortinet s network access solutions are different. They include comprehensive world-class network security at their core. Fortinet s secure access architecture ensures the same award winning security that is validated by independent certification agencies (NSS Labs, etc..) is available to every type of Wi-Fi deployment, from a stand-alone AP in an isolated office, to a handful of APs in a retail store to thousands of APs deployed across a large enterprise campus. To meet the diverse requirements of different use cases from large to small, on-premise versus cloud-based management, and organizational differences, different WLAN architectures and topologies have emerged. While other WLAN vendors present the same solution for every problem, Fortinet enables enterprises of any size, in any industry to choose the topology and network management that s suited for their network and organizational structure, without having to compromise on security protection. Fortinet Secure Access Offerings Only Fortinet has three distinctly different WLAN offerings: An Integrated wireless solution in which WLAN control and security are combined on a single high-performance appliance; an Infrastructure wireless solution made up from best-of-breed wireless, switching and security components; and a third, Cloud wireless solution which embeds security intelligence into cloud-managed access points. To provide the level of security equivalent to Fortinet, other vendors need a variety of different supplementary security products which add to the operational complexity and TCO (Total Cost of Ownership) of their solutions. In contrast, Fortinet s secure access portfolio offers the same comprehensive security across all three access platforms, whether on-premise or cloud-managed. This makes it easy for businesses to mix and match deployment models for different use cases, without giving up critical security protection. 3

Integrated Wireless Offering Unified Management, Superior Visibility and Control Fortinet s Integrated Secure Access offering is a family of thin access points, managed via an on-premise FortiGate. Recognized in both Gartner Group s Magic Quadrants for Unified Threat Management and Enterprise Firewalls, FortiGate consolidates the functions of Network Firewall, IPS, Anti-malware, VPN, WAN Optimization, Web Filtering and Application Control together with WLAN Control in a single platform. For branch office deployments FortiGate is also available with an integrated AP known as FortiWiFi. With security, connectivity and access control, unified through a single pane of glass, enterprises can centrally administer consistent user, device and application policies across wired and wireless with ease. FortiGate provides unprecedented visibility and control of applications, and enables effortless BYOD onboarding. Complete PCI-DSS and HIPAA compliance is assured, along with the industry s most comprehensive protection for all manner of wireless and Internet threats. And like other Fortinet security products, FortiGate is Secured by FortiGuard Labs, an internal security intelligence and research agency, which delivers regular signature updates, ensuring immediate protection from emerging cyberthreats. The combination of FortiGate security and FortiAPs gives enterprises of all sizes in various industries, the scalability to deploy thousands of APs, and enable secure access for tens of thousands of clients, without the complexity of additional point security products in order to provide comprehensive world-class threat protection. Key Benefits nunified management of wired, wireless and security nintuitive Single pane of glass management interface ncomprehensive threat protection provided by a single appliance none-box, all-inclusive solution for remote office network nunmatched visibility and control of applications and utilization nsecurity kept up to date through regular signature FIGURE 2 Fortinet Integrated Wireless Offering 4

Infrastructure Wireless Offering Easy Deployment and Scaling, Unique QoE Features Fortinet s Infrastructure Secure Access offering consists of best-of-breed components for switching, WLAN and cybersecurity. This is the ideal solution when it makes sense for an organization to separate the management of network access infrastructure from the network security infrastructure. The WLAN component provides a high-performance, premise-managed Wi-Fi network with a broad range of 802.11n and 802.11ac access points (APs). While FortiGate provides an access security overlay featuring a comprehensive portfolio of security services and granular application control, consolidated on a single, high-performance appliance. What makes the Infrastructure wireless offering so different is its unique Wi-Fi channel management architecture called Virtual Cell which simplifies deployment and scaling, and enables a number of compelling quality-of-experience advantages. These include superior voice mobility due to zero-handoff roaming, and more reliable user connections due to real-time load balancing based on actual traffic. Virtual Cell minimizes the complex, time-consuming process of channel planning, which can take months for a large installation, and it makes capacity scaling easy and disruption-free, because existing access points don t need reconfiguration. Virtual Cell also enables mission critical traffic isolation on dedicated spectrum a physical form of internal segmentation which assures optimum performance and combats sophisticated cyberattacks. Key Benefits neasiest deployment and capacity scaling in the industry nbetter Quality of Experience with faster, more reliable roaming nsuperior 802.11ac performance with site-wide channel-bonding nbonjour multicast suppression to prevent bandwidth waste ncomprehensive threat protection provided by one appliance nexceptional visibility and control of applications and utilization FIGURE 3 Fortinet Infrastructure Wireless Offering nsecurity kept up to date through regular signature updates from FortiGuard Labs 5

Cloud Wireless Industry s Most Secure, Controller-less Cloud Wi-Fi Fortinet s Cloud wireless solution is unlike any other Cloud Wi-Fi offering. Based on the FortiCloud Provisioning and Management Service, and a new class of access points, the solution combines advanced security protection at the network access edge, with the simplicity and convenience of cloud management. Equipped with extra memory and twice the processing power of typical thin access points, the FortiAP-S series performs real-time security processing on the Access Point itself. While configuration management and reporting via FortiCloud provides complete visibility of user, device and application usage, comprehensive threat analysis, and all the identity management tools needed for BYOD onboarding and guest access through captive portals. Combining Wi-Fi access and network security into the compact footprint of a single AP provides an exceptionally elegant and affordable WLAN solution for SMBs (Small Medium Businesses) and distributed enterprises. It lets users at small and remote sites connect to the Internet safely, without sacrificing security. Corporate users can still be authenticated against RADIUS servers over the WAN if desired, or via user accounts provisioned in FortiCloud, while all employee and guest traffic is subjected to enterprise-class cybersecurity protection locally at the network edge. Distributed enterprises can at last implement comprehensive security at remote sites, without needing to alter the security framework at corporate, or backhaul all traffic through the corporate network. Key Benefits ncomprehensive cybersecurity in remote offices without the cost and complexity of WAN backhaul nprovisioned and managed remotely through FortiCloud nindustry s most compact Wi-Fi access with layer 7 security nno recurring per AP licenses for full-featured cloud-management nlayer 7 control to prioritize, block or throttle any application npci-dss compliance with rogue AP detection and mitigation nsecurity kept up to date through FIGURE 4 Fortinet Cloud Wireless Offering regular signature updates from FortiGuard Labs 6

FortiSwitch Secure Access Switching FortiSwitch Secure Access Switches are feature-rich, yet cost effective, supporting the needs of enterprise campus and branch office network connectivity. With high density 24 and 48 port models, which support 802.11at Power over Ethernet (PoE), you can power anything from access points to VoIP handsets and surveillance cameras. FortiSwitch integrates directly into FortiGate, allowing switch administration and access port security to be managed from the same single pane of glass. Regardless of how users and devices are connected to the network (wired, wireless or VPN), you have complete visibility and control over your network security and access. FortiSwitch VLANs appear just like any other interface on a FortiGate, meaning you can apply policies to FortiSwitch ports just as you can with FortiGate WLAN ports. You even have visibility of per port and switch level PoE power usage. Unified control of switches through FortiGate together with security administration, simplifies remote management and troubleshooting. FIGURE 5 FortiGate Switch Management Internal Segmentation Firewall Unprecedented Performance Many campus networks have become flat. But as cyberattacks become more sophisticated, we now know from recent documented exploits that once hackers breach perimeter defenses, they can wreak havoc on a flat network very quickly. Multiple layers of defense is the new standard to protect against highly sophisticated attacks that are getting past border defenses. Explicit internal segmentation, with firewall policies between users and resources, limits traffic, gives you logs and helps to break the infection chain. But software-based firewalls designed for the perimeter are too slow. Fortinet is first to market with a purpose built Internal Segmentation Firewall (ISFW) appliance with multi-gigabit line-rate performance. Fortinet Authentication Scalable Authentication Ecosystem Network and Internet access is critical for almost every role within the enterprise; however, this requirement brings with it associated risks. The key objective of every enterprise is to provide secure but controlled network access, enabling the right person the right access at the right time. Fortinet Authentication solutions include a broad range of flexible options. With support for up to millions of users, Fortinet provides authentication solutions that span the Infrastructure, Integrated and Cloud offerings. Capabilities include single-sign, social login, and captive portal authentication options which can be integrated with internal or external RADIUS, LDAP and certificate management systems. Fortinet authentication can also be part of a complete ecosystem with third party partners for applications such as, payment gateways, booking systems, and Mobile Device Management (MDM). Many data breaches can be traced back to compromised login credentials obtained via phishing attacks and being used as the initial intrusion vector. Two-factor authentication with FortiToken goes a long way in closing that loophole with standards-based secure 7

authentication to further secure the network. Additionally, Certificate Authority functionality simplifies CA management and delivers user certificate signing, FortiGate VPN, or server x.509 certificates for use in certificate-based two-factor authentication. wireless analysis and reporting including usage, security logs and forensics, and industry regulatory compliance. Fortinet centralized management is the most flexible and scalable policy, analytics and reporting system. FortiAnalyzer Centralized Logging and Reporting Active Directory Poling Kerberos SSO Mobility Agent Login Portal & Widgets RADIUS Accounting Records SYSLOG REST API Branch Office FortiGate (physical or virtual) Headquarters Data Center FortiGate (physical or virtual) Policies Policies User Identity Management Database Branch Office Policies FortiManager Centralized Device and Policy Management FortiGate (physical or virtual) FIGURE 6 FortiAuthenticator Single Sign-On User Identification Methods Fortinet Management Policy Management, Analytics, Reporting Fortinet Management solutions support all network architecture options including physical, virtual, and public or private cloud. These solutions deliver the versatility you need to effectively manage your Fortinet-based security infrastructure. Fortinet drastically reduces management costs, simplifies configuration, and accelerates deployment. Key capabilities of Fortinet Management solutions include, SSID and radio policy configuration, centralized AP firmware upgrades, real-time client monitoring and deployment planning. In addition Fortinet management includes a multi-tenant portal for delivering Wi-Fi as service. Our analytics tools provide deep security and FIGURE 7 FortiManager Centralized Device and Policy Management Completely Secure Access, No Compromises As a global leader in network security, Fortinet provides complete and comprehensive security for the entire access network, no matter how large or small the enterprise. From campus, large office, branch office, to the corner shop. Fortinet offers the industry s most extensive network access security, regardless the size of your business, your network topology and choice of premises or cloudbased management. The Fortinet secure access portfolio delivers the same enterprise-class security in every scenario, without compromises. i Flurry Analytics 2014 - http://flurrymobile.tumblr.com/post/115194992530/shopping-productivity-and-messaging-give-mobile GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales EMEA SALES OFFICE 905 rue Albert Einstein Valbonne 06560, Alpes-Maritimes, France Tel +33 4 8987 0500 APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6513.3730 LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16 Col. Juarez C.P. 06600 México D.F. Tel: 011-52-(55) 5524-8428 Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. April 10, 2016

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information