Network devices in modern enterprises must be proactively monitored on a constant basis in order to detect potential vulnerabilities and security anomalies. The challenge for security administrators is to determine which of these vulnerabilities are most indicative of a future breach. Without advanced correlation combined with machine learning, this task becomes difficult and time-consuming. FortiMonitor utilizes big data analytics to provide a holistic view of your network security. Interoperating in conjunction with the Fortinet portfolio and/or third-party products, FortiMonitor gives you the visibility you need to identify future attack vectors within your network. It effectively gives you the ability to locate and prioritize vulnerabilities in your front-line security before attackers can exploit them.
FortiMonitor allows administrators to monitor security events from defined internal assets. These assets can include individual hosts/ devices, groups of hosts (including groupings by region), websites and network segments. Risks can then be determined from assets based on resultant vulnerability scans correlated with other security events. Assets can also be individually queried and rated for their resilience against varying attack types on an ad-hoc basis.
Log collection and normalization
When overseeing your enterprise security, the ability to collect and categorize logs from disparate devices is crucial. The relationships between devices are inherently difficult to normalize - parsers often need to be written to determine field mappings and security indicators are typically vendor specific. FortiMonitor is able to collect logs at speeds in excess of 120.000 logs per second from a myriad of vendor devices. Collected events are instantly normalized pursuant to the FortiMonitor knowledge base so fields can be further classified and correlated in a uniformed fashion.
FortiMonitor can centrally manage and schedule a diverse set of third party vulnerability scanners. This will allow you to spend less time administrating individual vulnerability scanners and more time analyzing scan results. Results are also merged, allowing you to see vulnerability data using standard reference codes such as CVE and BugTraq.
While individual security events can be indicative of potential vulnerabilities or malicious activity, it is often difficult to assign an importance to addressing them. By correlating events, you can immediately understand which assets need instant attention. For example, a vulnerability scan may uncover a potential SQL injection attack vector on a specific host. That same host may be the target of a set of external application attacks. Individually, these events may be flagged as low priority risks, but when combined they are indicative of an imminent breach.
By utilizing Key Risk Indicators (KRIs), FortiMonitor is able to assess security risks to a variety of targets including your entire network, regions, hosts groups, websites or individual devices. The more potential attack vectors assigned to a target, the higher the risk rating. Key Risk Indicators are based on a multitude of threat growth statistics combined with the detection of asset vulnerabilities.
In addition to drill-down style visibility, FortiMonitor supports several predefined reports which can be scheduled or run in ad-hoc fashion. Reports can also be customized with a detailed set of fields to choose from. Assess your current overall risk levels with KPI reporting or determine the security posture of specific assets at specific locations. FortiMonitor gives you the forewarning you need to ensure you're protected from any potential security incidents.