Network checked: threats identified

22 August 2024

Testing the level of security of the enterprise network using FORTINET solutions.

The testing, which is carried out free of charge, allows you to display the state of information security in the computer network under study with a high degree of plausibility, and to get acquainted in real mode with the operation of information security tools of one of the world’s leading manufacturers.

The test kit consists of a FortiGate firewall (FG) and FortiAnalyzer software (FAZ).

FortiGate firewall FortiGate performs traffic analysis and captures events that are anomalous or suspicious according to active and updated criteria set for a given firewall. In this way, the firewall plays the role of a collector of information. The firewall can be provided for testing either as hardware or as virtual software.

FortiAnalyzer software registers selected events and stores them in the database for further analysis. In addition, the analyzer provides the possibility of deep and multifaceted analysis of these data and the generation of various reports that provide a graphical, statistical and tabular representation of the interpretations of the accumulated data. The analyzer is provided for testing as a laptop with a hypervisor installed on it and the analyzer software deployed as a virtual machine image.

Both products can be deployed on virtual machines.

The connection is made using the Mirroring Port / SPAN Port option. At the same time, to the mirror port to which the test circuit is connected, it is necessary to redirect traffic from that port of the core switch, which transmits the most complete set of data of applications and protocols used in the enterprise network. To accumulate a sufficient volume of statistical data, the testing time is defined as 2 weeks (14 calendar days) or more.

The test results are reports created on the basis of the database developed during the testing period, in which network events are registered, classified as abnormal or suspicious in response to the active and updated criteria set for this firewall (in the scope of NGFW – Next Generation Firewall).

If the creation of a «mirror port» is not possible, then the test device can be included in the break of the trunk channel in «transparent mode».

The reports are a comprehensive overview of the state of security in the network being tested based on data collected by the security device used in the test. The report includes both summary indicators and detailed analysis of threats, applications and content types. Displays of performance statistics and recommendations for eliminating these threats are also provided.

AM Integrator Group specialists will provide comprehensive assistance in analyzing and interpreting the received data and, if necessary, will provide recommendations on correcting deficiencies and further developing the Customer’s information security system.

📷
Тенденції розвитку систем накопичення електроенергії: виклики, технології та перспективи 📷
📷
Читати більше новин
EN