Embed Size (px)
Citation preview
© Copyright Fortinet Inc. All rights reserved.
GDPR : La protection périmétrique avec Fortinet Security Fabric
October 6th, 2017
Steven Versonnen– Fortinet
Roland de Biolley - Fortinet
4
Do I need to care about GDPR?
Do I need to care about GDPR?
5
Do I need to care about GDPR?
OCTOBER 2017
SUNDAY MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
* M-Trends 2016
25 May 2018
No stress …
6
GDPR and technology
No silver bullet solution
Legal issue
Not technology
Consists of 99 articles
Only 1 article about technology
There is no “buy this and be compliant” solution
A safe network is an essential foundation
1. Strategy & Policies
2. Employee training
3. Procedures to address complaints
4. Agreements with third parties
5. Privacy by design
6. Data flow audit
7. Data register
8. Privacy impact assessment
9. Consent
10. Incident/Breach Response plan
11. Internal security audits
12. Technical security measures
7
Looking to the Future - What GDPR Requires
MAI 2018
SUNDAY MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
DATA BREACH
DETECTED!
DATA BREACH
REPORTED!
8
What Your Network Requires
INITIAL
INTRUSION!
Average time between
intrusion and detection =
200 DAYS*
* M-Trends 2016
* Verizon Breach Report 2016
9
The Hacker’s Advantage:Window of Opportunity
INITIAL INTRUSION “WINDOW OF OPPORTUNITY” BREACH DETECTION
10
The Fortinet Objective: Close the Window of Opportunity
INITIAL INTRUSION INTRUSION DETECTION
KNOW SOONER
REACT FASTER
11
THE ROAD TOAN INTEGRATED SOLUTION
12
Advanced Threat
Intelligence
Access
Client Cloud
Partner API
NOC/SOC
Network
ApplicationBROAD
POWERFUL
AUTOMATED
The First Step
Exchange security information between Fortinet
and non-Fortinet solutions to increase your
security visibility and enforcement to a higher
level
13
Today’s Network is Borderless - Network Segmentation Architecture from IoT to the Cloud Essential
IoT
Mobile
Windows
Mac
Private
Public
No Trust
Trusted
5G
100GAccess
Campus
WAN
Core
Orchestration
14
Branch Office Campus
Data Center
Remote Office
Mobile
PoS
IoT
More Ways to Get In – Even More Way to Get Data Out
15
Enhanced Protection Across the Entire Attack Surface
WAF
SWITCH
ACCESS
POINTS
Network
MOBILE IoT
WINDOWS MAC
APIs
SECURITY
SANDBOX
MANAGEMENT
ANALYTICS
CASB PRIVATE
PUBLICMETER
Access Apps
CloudEndpoint
16
WE DON’T KNOWWHAT WEDON’T KNOW.”
“
DONALD RUMSFELDFORMER US SECRETARY OF DEFENSE
17
99.5%
Need for Unknown Threat DetectionTarget attacks
18
Hand off:
High risk items
Hand off :
Provide ratings & results,
automatic signatures
Hand off:
Updating prevention
Prevent
• Act on known threats
and information
• Using NGFW, Web
Filtering and AntiVirus
• Important part of the
first line defenseFortiOS
FortiGate
FortiSandbox
Detect
• Unknown Threats
• Maximize Threat
Protection
Mitigate
• Immediately mitigate new threats
identified by FortiSandbox
Unknown Threat DetectionUsing FortiSandbox (FortiCloud or OnPremise)
© Copyright Fortinet Inc. All rights reserved.
‘Security Fabric’ real example
Ransomware & Data Breaches
20
21
22
23
24
25
26
27
28
© Copyright Fortinet Inc. All rights reserved.
Did it have to happen ?
30
31
32
33
34
35
Log, View and Act
Enterprise
Firewall
Secure
Access
Cloud
Security
Advanced
Threat
Protection
Application
Security
Security
Operations
FortiGuard
36
Log
37
View
38
Act
Topology Awareness
Security Fabric Reports
Single Management Plane (of Glass)
4th Dimension (4D)
39
IOC – Indicators of Compromise
Topology Awareness
Security Fabric Reports
Single Management Plane (of Glass)
4th Dimension (4D)
40
FortiAuthenticator: Gateway Into the Security Fabric
FortiAuthenticator
Secure Access
Network Entry
Certificate
Server
FSSO
FortiToken Mobile
41
CONCLUSION
We can make the life of a hacker difficult
Technology for GDPR is important
Close the hacker Window of Opportunity
Fortinet Security Fabric
» Detect. Mitigate. Prevent. Collaborate.
