Securely Work From Anywhere With the Fortinet Security Fabric Owner’s Manual
- June 12, 2024
- FORTINET
Table of Contents
Securely Work From Anywhere With the Fortinet Security Fabric Owner’s
Manual
Executive Summary
The way people work has fundamentally evolved, and organizations need to be
able to keep workers productive from multiple locations. They need to make it
possible for employees to work safely and securely whether they are located in
the office, at home, or on the road. The Fortinet Security Fabric platform
delivers endpoint, network, and remote access security that is required for
employees to work from anywhere (WFA). Its enterprise-class security provides
a consistent user experience in all locations with comprehensive management
and reporting.
The Changing Work Environment
Workforce security is constantly changing. Sometimes that change comes
gradually, but sometimes it happens almost overnight. Organizations have
supported remote working for decades, but only a small percentage of the
workforce routinely worked outside of an office. Even though videoconferencing
was available, management concerns kept the growth of remote work low; it was
generally the exception, not the norm. The pandemic of 2020 changed
everything, as the vast majority of workers that could work remotely were
pushed out of the office. Now that companies have seen productivity levels
remain high and employees have experienced the benefits of remote work, going
forward, more organizations need to support workers who routinely work in an
office, at home, and on the road. However, doing so expands the attack
surface, so it’s mandatory for organizations to provide consistent,
enterprise-class protection in all of those areas.
Consistent Security Everywhere
Fortinet is uniquely positioned to provide the necessary security for
employees working in the office, from home, or on the road because the
Fortinet Security Fabric offers enterprise-class protection for endpoint,
network, and remote access. This platform approach solves the issue of
managing and coordinating separate, point products with different policies for
each location. The Fortinet Security Fabric offers consistent policy and
enforcement, as well as reporting to help support hybrid work.
Working from home
The massive transition of the workforce to the home revealed both the benefits
and the shortcomings of people working where they live. Although the reduced
commute and flexible work hours increased productivity, the reduced
protections and lack of network control had a negative impact on
organizations. FortiGuard Labs saw a spike in attacks on home-based workers as
literally millions of remote workers and their vulnerable home networks and
devices and unprotected browsers expanded the attack surface almost
overnight.2
To improve security for remote access, organizations should shift from using virtual private networks (VPNs) to using zerotrust network access (ZTNA). ZTNA provides more verification and authentication of users and devices than a VPN. It also automates the encrypted tunnels and provides granular application access, which improves both security and the user experience. Fortinet offers ZTNA as a free feature in the FortiClient Fabric Agent and the FortiGate operating system. The FortiClient Fabric Agent includes the ZTNA agent, which enables the endpoint to create encrypted tunnels to the ZTNA proxy point, which is located in a FortiGate. The ZTNA proxy point authenticates both the user and the device. It checks for the appropriate device posture and the user’s rights to access a particular application.
Bad actors have targeted laptops that are located away from the layers of protection in the office, which has contributed to a surge in ransomware. Organizations should protect laptops with endpoint detection and response (EDR) solutions that can automatically detect malware as it starts to work, stop it, and restore the laptop to its pre-infected state. FortiEDR provides these features; it combines artificial intelligence with predefined playbooks for automated response. Unlike many EDR solutions that burden IT teams with too many false positives that can delay an effective response, FortiEDR uses cloud-based analysis and kernel-level actions to prevent potential malware from spreading while IT staff work to determine what is happening. Safe programs are restored and malware is removed with any changes rolled back to a pre-infection state.
For organizations, home networks present difficult security challenges because they need to protect these networks and optimize traffic for office productivity at the same time. Home networks are usually secured using retail wireless routers that are shared. Other users in the home might be streaming movies, playing online games, or performing other bandwidth intensive activities. The consumer-grade security and bandwidth sharing endanger corporate devices on a home network and can disrupt videoconferences, which can be critical to productivity. Fortinet has partnered with Linksys to address these issues. The Linksys HomeWRK for Business | Secured by Fortinet brings the simplicity and wireless coverage of the Linksys home wireless routers and pairs it with enterpriseclass security and management from Fortinet. Intended for organizations to provide to employees, Linksys HomeWRK for Business provides enterprise-class protection for the entire home while also prioritizing videoconferencing traffic. The organization has visibility and control over a business network while the employee has visibility and control over a private, personal network
Figure 1: Fortinet enables secure work from anywhere.
Working from the road
In addition to working from a set remote location, employees also work from
other non-office settings, such as airports, hotel ro ms, and coffee shops. In
these settings, employees need to connect back to organizational assets
entrusted networks. When users are working from the road, the Fortinet ZTNA
and EDR technologies provide the same benefits as they do for a home network.
The solutions control the safe access to applications and ensure the endpoint
stays safe from malware. ZTNA provides the encrypted tunnel to keep the
communication private and authenticates the user and device, just as it does
for a user working from home. FortiEDR monitors the programs and sessions on
the laptop and can step in and take action when it detects suspicious
activity. The main difference between the home environment and the traveling
environment is the network. When an employee is connecting from a home
network, additional hardware can be deployed to control and protect the
laptop, but that isn’t possible while traveling. For the traveling remote
worker, cloud-based security offers the best protection. The encrypted ZTNA
tunnel can connect to a point of presence (POP) where security services such
as firewalling, secure web gateway, DLP, ZTNA proxy, and CASB can be applied
to protect the user and traffic. FortiSASE remote cloud based security
delivers the benefits of the Fortinet FortiGate operating system from a
Fortinet-managed cloud instance.
Working from the office
The office setting has traditionally been the most protected, with layers of
security for employees and company hosted assets. Offices often have critical
company information such as process secrets, customer lists, and financial
records. Most companies go to great lengths to secure the offices and data
centers that contain their high-value digital assets with multiple next-
generation firewalls deployed for segmentation that include policies for
application control, user access, and traffic inspection. Fortinet FortiGate
Next-Generation Firewalls are the most widely deployed in the world and
provide extensive visibility and protection to customers of all types and
sizes. Even with these advanced security appliances, organizations still need
to protect and control application access and the laptops used at the office.
For this reason, ZTNA and EDR should also be deployed in the office to provide
consistent security policies in all locations and layered protections against
attacks.
Key Supporting Technologies
To secure networks, endpoints, and application access, products must be supported by certain key technologies. Identity and access management (IAM) tools such as FortiAuthenticator and FortiToken are required to enable the proper authentication of users with multi-factor authentication (MFA) and federating identity services. Organizations need FortiGuard Services to provide updated threat information to FortiGate Next-Generation Firewalls so they can use their IPS engines and signature matching to identify known threats and attacks. And management tools such as FortiManager and FortiAnalyzer, which can provide the single-pane-of-glass visibility and control across the entire platform, are also key to successfully deploying security to users when they are at home, in the office, or on the road.
New Requirements Need New Solutions
The need to support employees working from multiple locations has placed more pressure on networking and security teams. The technologies of the past, such as VPN, are being replaced by more advanced solutions that improve both security and the user experience. Fortinet is uniquely capable of providing all the networking and security technologies to support WFA. The solutions draw upon the Fortinet Security Fabric to deliver a broad, integrated, and automated solution to secure endpoints, networks, and application access.
- “Beyond Boundaries: The Future Of Cybersecurity In The New World Of Work,” Forrester, September 2021.
- Derek Manky, “Cyber Adversaries Are Exploiting the Global Pandemic at Enormous Scale,” FortiGuard Labs, August 12, 2020.
- “Future of Work Reinvented: Returning to the Workplace — Differently,” Gartner, 2021.
Copyright © 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
January 21, 2022 12:46 AM
1417262-0-0-EN