Module

M d l 5:
Management and Analytics
Network Security Expert Program
NSE Level 1 Fortinet Network Security Solutions

1
Table of Contents
Module 5: Management and Analytics

Module Objectives

Management
Device
Policy
Security

Analytics

2
 Module Objectives
Module 5: Management and Analytics

At the conclusion of this course you will understand:

What issues or problems may be solved through security management consoles

How features and functions enable integrated security management

The scope of policy magnitude and operational considerations

The importance of auditing in policy and security management effectiveness

How analytics inform policy and management to improve network security

3
Management and Analytics

What is Security Management?

The intersection of IT security & IT operations

Software-based solution
Vulnerability assessment
Automated remediation
Configuration assessment

Goal: Reduce security risks!

4
Security Management

A complex environment, simplified for the administrator

Security Management addresses multiple issues:

Device configuration
SM SM SM
Analyst Console Database
Firewall policy
Content security proxy
SM Monitored Devices

SecurityManagement(SM)ConceptualDiagram

5
 Security Management

Essential features to managed service providers

Segmentation
Multi-tenancy with ADOMs

Scalability
Virtual firewall positioning & deployment
VDOMs

High
g Performance Segmentation
Customization & automation
Scalability
Extensible APIs
High Performance
HighPerformance

6
 Security Management

Security management consolemanagement

Operating environment considerations

Scalability
Delivery
D li platforms
l tf
Physical / VM / Cloud

Licensing and device management

Administrative domains ((ADOMs)) & scope of services

7
 Policy and Security

Advantages
Ad t off the
th policy
li package
k

Object library

The importance of global policies

8
Policy and Security

Managing Firewall rules

Reduction & optimization

Advantages of auditing in security management

Organizational compliance
Workflow / Approvals
Forensic identities tracing

9
Analytics: The Function of Analytic Reporting

The function of analytic reporting

Focus on security effectiveness and improvement

End-to-end (or it should be)

Cyclical,
Cyclical not linear

10
Analytics: SIEM

Security Information and Event Management (SIEM)

What SIEM does

Event logging

Event correlation

Incident alerting

11
Analytics: Logging

What is logging?

Industry standards

Most effective methods

Effects on device visibility

12
 Analytics: Network Visibility

What is the importance of Network Visibility?

Network monitoring & troubleshooting

Application monitoring & profiling

Capacity planning & network trends

Detection of unauthorized WAN traffic

13
Summary

Security management:
Simplified administration Complex protection

Scalable & platform tailorable

Small to large distributed enterprise
Physical to virtual to cloud

The advantages of:

Administrative domains
Auditing / Logging
Network visibility

14
 Questions? & Answers!
Module 5: Management and Analytics
NSE Level 1 Fortinet Network Security Solutions

15