Layered protection. Fortinet & Flowmon Networks /TS Solution blog /Habr
Recently, more and more companies are ripening to echeloned protection, when one solution protects the network perimeter, the other - end stations, the third constantly monitors the network, detecting anomalies, the fourth scans the network for unpatched vulnerabilities, and so on. At the same time, the need for various integrations is growing and it's good when they are out of the box, that is, you don't need to write complex scripts.
We recently wrote about the new TS Solution service - CheckFlow
This is a free audit of network traffic (both internal and external). Flowmon - a telemetry analysis and network monitoring solution that provides valuable information for both network administrators and security guards: anomalies, scans, illegitimate servers, loops, illegitimate interactions, network intrusions, zero-day attacks and much more.
I also recommend referring to article 9 common network problems that can be detected by analysis with Flowmon 3-3-3553.
Integration Flowmon & FortiGate
Integration was mentioned in our
In general, it consists in the fact that the Next-Generation Firewall (such as FortiGate) protects the perimeter, and Flowmon monitors the network infrastructure, thereby giving the customer full network visibility. However, Flowmon can only detect, but not prevent attacks and anomalies, because it works on telemetry, which is obtained using Netflow /IPFIX. An NGFW or NAC (Network Access Control) solution can be used to quarantine a suspicious or infected host.
So, the vendor Flowmon has released a shell script that, in response to security incidents, can perform the following actions on FortiGate:
Block the infected host by IP address (IP Ban);
Quarantine the host using FortiClient at MAC address (Quarantine with FortiClient);
Dynamic quarantine for all infected hosts by MAC addresses (Access Layer Quarantine);
FortiEDR you can cure the car and conduct a security incident investigation.
In order to move a host out of quarantine, select it and press the button. Remove
The ubiquitous approach to defense in depth is pushing many vendors to integrate with other solutions out of the box. This article covered how to integrate, configure and demonstrate how Flowmon and FortiGate work together.
In the near future, we are planning a webinar, where we will tell in more detail how Flowmon and Fortinet complement each other, their integration with each other, and also answer your questions. Registration is available at link
If you are interested in this topic, then stay tuned in our channels (Telegram, Facebook, VK, TS Solution Blog)!
It may be interesting
Your post is very helpful to get some effective tips to reduce weight properly. You have shared various nice photos of the same. I would like to thank you for sharing these tips. Surely I will try this at home. Keep updating more simple tips like this. buffet catering service Dudley
Ants removal service