cl-nz logo
Story image

Securing the enterprise network with Fortinet: Perimeter, core and edges

14 Aug 2020

Jon McGettigan, Fortinet A/NZ Regional Director, discusses ‘core and edge’ network topology and explains why only fully-integrated security services can offer comprehensive protection.

Distributed enterprise networks require tightly-integrated security services. Any network service not so secured represents a weak point in an otherwise productive environment. The challenge is to secure all components of your network – perimeters, cores and edges – with unified security services that eliminate any gaps in your cyber defences. 

In addition, unified security services provide a framework for SOAR (security orchestration automation and response) capabilities which enable your network to detect, contain and mitigate security events and ensure business continuity.

Protecting the perimeter

Perimeter security at the gateway – ie. firewalls – are the most established of all of security services. Gateway firewalls regulate traffic into and out of your network. The more complex the network, the more complex the firewall requirements. 

A network can have more than one perimeter such as a SD-WAN or cloud-based services. In these cases the firewall must be able to protect each instance with the same unified policies, SOAR capabilities and management.

Perimeter protection is the first step – and a very necessary one – in securing the enterprise network. But protection inside the perimeter – the core data centre - is equally important.

Protecting the core

Enterprise data centres have more computational capacity than ever before and are fast-forwarding with hyperscaled application delivery architecture. Applications such as business intelligence, multi-media and IoT/5G require massive amounts of processing power and bandwidth. Security services have to scale at speed to keep up. Otherwise productivity will suffer.

Each core application requires protection, even if they are running as a virtual instance inside your data centre. This so-called ‘east-west’ protection ensures that even if the perimeter gateway is breached as a result of a mis-configured app or user error, the damage is contained and any malware is eliminated before it can spread to other virtual apps. 

To fully protect the core, you have to be able to fence off each application. Next Generation Firewalls are optimised to do just that.

Today’s Next Generation firewalls can deploy and configure internal east-west protection automatically by incorporating Hardware Accelerated Segmented Architecture. And they can keep up with hyperscaling traffic via dedicated Security Processing Unit (SPU) hardware. And, again, they provide a foundation for SOAR inside your data centre.

Protecting the edges

Hyperconnectivity between devices, applications and users is giving rise to multiple edges across the network. These can range from mobile phones and laptops to customer-facing web applications and IoT transceivers. These edges enhance the value of the network by many orders of magnitude. Indeed, applied network edges are the manifestation of digital transformation. 

But multiple network edges also expand the attack surface. Remote workforce? They need the same protection as the data centre. API-powered web apps? More opportunities for adversaries. Cloud-based services? Each session is a potential intrusion if left to chance. 

Each network edge requires a purpose-built, tightly-integrated security service. And the only way to enable SOAR across all network edges is to deploy security services unified by common policies and operations. Just one unsecured edge can bring an otherwise productive network to it’s knees.

Fortinet’s Security Fabric

Fortinet’s Security Fabric protects network perimeter(s), core(s) and edges with standardised products, policies and procedures. Based on FortiOS 6.4 and powered by dedicated processors (NP7, CP9, SoC4), Fortinet’s Security Fabric is the only range of complete core-to-edge security services available on the market that supports hyperscaling architecture.

Fortinet Security Fabric Services are available from a network of Authorised Partners across ANZ as appliances, virtual appliances and cloud-based or managed services. Fortinet’s Security Fabric is backed by the global constellation of FortiGuard Labs to ensure that your defences are always updated with the very latest threat intelligence. And Fortinet’s commitment to research and development mean that, regardless of which way your network evolves, Fortinet will be right there with the fully-integrated security services to protect it.

About the author

Jon McGettigan is Fortinet’s Australia, New Zealand & Pacific Islands Regional Director. As such, he is responsible for driving Fortinet’s continued expansion in the region through building and maintaining relationships with businesses, partners and staff. As a senior executive, he understands the risks, motivations and opportunities that face IT managers as they transform their networks into 21st century revenue centres.

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses.Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.