FortiSIEM Overview - Exclusive Networks
Transcript of FortiSIEM Overview - Exclusive Networks
FortiSIEM Overview
La soluzione Fortinet alla gestione degli eventi e delle informazioni sulla sicurezza
Piero ProvenzaSystem Engineer – Exclusive Networks
FortiSIEM Overview Architecture Configuration Management DB (CMDB) Dashboard, Analytics & Reporting Vulnerabilities and Risks Customizing to Your Environment Incident Investigation & Remediation
Agenda
FortiSIEM Overview
What is SIEM
The Goal To detect threats and breaches sooner Provide deep context for root causes Supply information for remediation and prevention
Primary data analysis tasks Indexing, searching, correlating, user ID/location, baseline
Logs Syslog, SNMP Traps, WMI, Netflow
Other Agent-less, Agents, Windows Agents
How SIEM Works
FortiSIEM Key Features Overview
Unified NOC & SOC – Single Pane of Glass
Architecture
Main Components
Architecture
FortiSIEM – Physical and Virtual
FortiSIEM - Scenarios
Configuration ManangementData Base (CMDB)
FortiSIEM Discovery
FortiSIEM Logs Collection
FortiSIEM CMDB Summary
After Discovery
After Discovery – Collection Templates Applied
CMDB Performance and Availability Monitoring
CMDB Business Services
Dashboard, Analytics & Reporting
Dashboards
FortiSIEM Analytics
Reporting
Vulnerabilities and Risks
Vulnerability Scanner Integration
FortiSIEM Risk Dashboard and Host Risk Score
Customizing to Your Environment
Extensible and Customizable
Incident Investigation & Remediation
FortiSIEM Incident Investigation and Response
FortiSIEM Incident Remediation
Summary – Benefits to Your Environment
PowerLAB & Prossimi EventiExclusive Networks
PowerLAB Torino – Network Layout
Thank you!
Piero [email protected]