One Article Review
Accueil - L'article:
Source AlienVault.webp AlienVault Blog
Identifiant 2736723
Date de publication 2021-05-04 10:00:00 (vue: 2021-05-04 10:07:23)
Titre New Advanced AlienApps for Fortinet
Texte Here at AT&T Cybersecurity, we feel strongly that security should fit into your business, not the other way around.  We lower the friction security brings to day-to-day operations through automating the essential security operations such as detection and response.  By integrating different security products together to form a consolidated security architecture, companies can be protected with less effort. Recently, we’ve taken another step on this journey by releasing a new pair of Advanced AlienApps for Fortinet.  Our Advanced AlienApps for FortiGate and FortiManager join our suite of existing AlienApps for Fortinet to enable collection of data and security response across the entire Fortinet product suite. fortinet app The FortiGate and FortiManager integrations unlock multiple response actions that make SOC analysts aware of what’s happening with network security and allow them to respond to alarms quickly.  Let’s take a look. FortiGate: Easy Firewall Integration The easiest, most straightforward integration comes via the FortiGate Advanced AlienApp.  This AlienApp allows SOC analysts to send response actions from Alarms or Events directly to your Fortinet firewall.  It is intended for use on a single firewall or HA pair of firewalls, and it allows the following response actions: Add a source or destination address to an Address Group.  The most common use case for this integration is shown in the figure 2 – blocking access to a potentially malicious internet destination.  This functionality can also be used to unblock addresses once the crisis is resolved. Add to custom category.  If you are using URL filtering categories to block access to inappropriate or potentially dangerous web sites, this method will enable you to add a URL to one of your custom categories.  Note that this is useful to block or unblock site Add address to static URL filter.  usm fortinet FortiManager Integration Integration with FortiManager opens up more use cases. FortiManager typically controls many different firewalls in your environment.  Consider the simple use case above – blocking access to a malware command and control.  If there is only one way out of your network, then the FortiGate implementation has you covered, but if you have path diversity, with different exits in different parts of the world or with different providers, the FortiManager integration is needed. Fortimanager This integration does the same set of actions, but communicates with the FortiManager instead of an individual firewall: Add address to Address Group, Custom Category, or URL filter rule Add address to Address. Group, Category, or URL using a rule However, FortiManager will propagate the address group or URL rules down to all the firewalls in the infrastructure they apply to.  This way, all the doors and windows can be closed the threat with a single response action from USM Anywhere.  Note that it may take a couple of minutes for all the changes to occur. Advanced AlienApp Dashboards As with all Advanced AlienApps, we’ve included a rich dashboard for both FortiManager and FortiGate.  The FortiManager dashboard above gives a quick look at active users, alert trends, and event types.  The FortiGate dashboard includes events
Envoyé Oui
Condensat above access across action actions actions: active add address addresses advanced alarms alert alienapp alienapps all allow allowing allows also analysts another anywhere apply architecture are around at&t automating aware between block blocking both brings business but can case cases categories category centralized changes charge closed collection comes command common communicates companies consider console consolidated control controls countries couple covered crisis custom customers cybersecurity dangerous dashboard dashboards data day destination detection different directly diversity does doors down each easiest easy efficiently effort enable entire environment essential event events existing exits extra feel figure filter filtering firewall firewall: firewalls fit following form fortigate fortigate: fortimanager fortinet free friction from functionality gives group happening has have help here how however implementation inappropriate included includes individual information infrastructure instead integrating integration integrations intended internet join journey less let’s login look lower make malicious malware many may method minutes more most multiple needed needing network new not note occur once one only opens operations organization other out over pair parts path place potentially product products propagate protected providers quick quickly recently reduce releasing resolved respond response rich rule rules same security see send set should shown simple single site sites soc source starting static step straightforward strongly such suite take taken them then these threat through time today together top trends trial try types typically unblock unlock url use used useful users using usm viewable visibility way we’ve web what’s will windows without work world your
Tags Malware Threat
Stories
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: