Module

M d l 5:
Management and Analytics
Network Security Expert Program
NSE Level 1 – Fortinet Network Security Solutions

1
Table of Contents
Module 5: Management and Analytics

• Module Objectives

• Management
» Device
» Policy
» Security

• Analytics

2
 Module Objectives
Module 5: Management and Analytics

At the conclusion of this course you will understand:

• What issues or problems may be solved through security management consoles

• How features and functions enable integrated security management

• The scope of policy magnitude and operational considerations

• The importance of auditing in policy and security management effectiveness

• How analytics inform policy and management to improve network security

3
Management and Analytics

• What is Security Management?

» The intersection of IT security & IT operations

• Software-based solution
» Vulnerability assessment
» Automated remediation
» Configuration assessment

• Goal: Reduce security risks!

4
Security Management

• A complex environment, simplified for the administrator

• Security Management addresses multiple issues:

» Device configuration
SM SM SM
Analyst Console Database
» Firewall policy
» Content security proxy
SM – Monitored Devices

Security Management (SM) Conceptual Diagram

5
 Security Management

• Essential features to managed service providers

» Segmentation
• Multi-tenancy with ADOMs

» Scalability
• Virtual firewall positioning & deployment
» VDOMs

» High
g Performance Segmentation
• Customization & automation
Scalability
» Extensible APIs
High Performance
High Performance

6
 Security Management

• Security management console…management

» Operating environment considerations

• Scalability
• Delivery
D li platforms
l tf
» Physical / VM / Cloud

» Licensing and device management

• Administrative domains ((ADOMs)) & scope of services

7
 Policy and Security

• Advantages
Ad t off the
th “policy
“ li package”
k ”

» Object library

• The importance of “global policies”

8
Policy and Security

• Managing Firewall rules

» Reduction & optimization

• Advantages of auditing in security management

» Organizational compliance
» Workflow / Approvals
» Forensic identities tracing

9
Analytics: The Function of Analytic Reporting

• The function of analytic reporting

» Focus on security effectiveness and improvement

» End-to-end (or it should be)

» Cyclical,
Cyclical not linear

10
Analytics: SIEM

• Security Information and Event Management (SIEM)

• What SIEM does…

» Event logging

» Event correlation

» Incident alerting

11
Analytics: Logging

• What is logging?

» Industry standards

» Most effective methods

» Effects on device visibility

12
 Analytics: Network Visibility

• What is the importance of Network Visibility?

» Network monitoring & troubleshooting

» Application monitoring & profiling

» Capacity planning & network trends

» Detection of unauthorized WAN traffic

13
Summary

• Security management:
» Simplified administration – Complex protection

• Scalable & platform tailorable

» Small to large distributed enterprise
» Physical to virtual to cloud

• The advantages of:

» Administrative domains
» Auditing / Logging
» Network visibility

14
 Questions? & Answers!
Module 5: Management and Analytics
NSE Level 1 – Fortinet Network Security Solutions

15