By Jon Bove from Fortinet
Many customers need strategic counsel and guidance now more than ever to navigate through new challenges as a result of the current reality. Given this, Fortinet channel partners can reach out to their customers to make sure they have the tools and resources they need to maintain business and operational continuity. In many circumstances, secure remote access built around a remote access VPN solution is just the start. Our partners’ expertise is critical in helping customers build an effective, quick-turn solution at little to no cost that can also be easily augmented over the next few weeks and months as they settle into this new environment.
Partners play an important role in ensuring their customers avoid implementing technologies that don’t scale while at the same time preventing additional risks that can be introduced in their rush to implement a short-term strategy. The key to this process is understanding the organization’s continuity strategy and providing invaluable guidance. Which is why, as a trusted partner, this is the time to make your skills and resources available to your customers.
To help you frame this conversation, we have pulled together a quick checklist of the things you can review with your customers to ensure they are ready.
Endpoint Security: Make sure your customers know that the FortiClient can be downloaded for free. It provides a VPN client to ensure that remote traffic remains secure. It can be managed using the FortiClient Enterprise Management Server to enable the centralized management of multiple endpoints at scale.
For organizations looking for an even more robust endpoint security solution, FortiEDR provides advanced, real-time threat protection for endpoints both pre- and post-infection, in addition to robust antivirus technologies installed at the kernel to detect and prevent malware infection, it can also respond to device breaches in real-time by detecting and defusing potential threats before they have the chance to compromise the system. With the addition of customizable playbooks, FortiEDR can also automate a variety of response and remediation procedures.
Connectivity: Your customers’ existing FortiGate solutions already combine VPN termination services with high scalability due to our custom security processors – which means that many customers already have a scalable VPN solution in place. In addition, the FortiClient can share the security state of endpoint devices when making a VPN connection so that your customers can establish and maintain clear visibility over their remote teleworker environment.
While VPN connections can be run and managed independently, organizations with large numbers of remote workers may want to consider the addition of a FortiClient EMS (Enterprise Management Server) solution. An EMS solution can securely and automatically share information between FortiClient and the network, push out software updates, and assign security profiles to endpoints. Your understanding of your customers' network and organizational capabilities will be invaluable in assessing which of these tools will simplify management and reduce overhead.
Access to Cloud Applications: Driving all traffic through a VPN tunnel can actually have a doubling impact on network traffic. In addition to all of the remote workers connecting into the network, the network will also need to manage all of the outbound connections to cloud services those users require for their jobs. Fortunately, FortiClient can be configured to support split-tunneling so outbound traffic can be connected directly the internet and SaaS services.
However, since this traffic will not be run through the organization’s edge security solutions, these direct connections will require a cloud-based security solution. FortiCASB is a cloud-native Cloud Access Security Broker (CASB) subscription service that is designed to provide visibility, compliance, data security, and threat protection for access to SaaS and other cloud-based services being used by an organization.
Network Access Control: Some of the ways that cybercriminals intend to exploit this rapid transition to a teleworker strategy is by hoping to get overlooked in the noise by masquerading as a legitimate corporate end-user or IoT device, or by hijacking a legitimate device. Network Access Control tools like FortiNAC can see and identify everything connected to the network, as well as control those devices and users, including dynamic, automated responses. FortiNAC enables IT teams to see every device and user as they join the network, combined with the ability to limit where devices can go on the network, and automatically react to devices that fall out of policy within seconds.
Network Segmentation: Once a user has been authenticated, and devices have been provided network access based on policy, it is critical to be able to manage their access to networked resources. Not only will many users be new to telework, some of the applications and other resources they need access to will be accessed remotely for the first time. Network segmentation ensures that devices, users, workflows, and applications can be isolated to prevent unauthorized access and data loss, as well as to limit exposure if a cybercriminal manages to breach the network perimeter. Segmentation can occur at the network perimeter using the FortiGate NGFW, or further enhanced using the FortiGate ISFW internal segmentation firewall.
Zero-Trust Network Access: The best angle from which to consider network security is to assume that every user and device has already been compromised. Combining all of the solutions outlined here enables organizations to ensure that devices and users are limited to the network resources they require to do their job, and nothing more, from the moment of access.
IT teams and partners should continue working together to make sure security loopholes have not opened up, that best practices are being observed, and to fill any gaps that may have appeared. Partners can also help ensure that systems are performing as they need to, assessing for new bottle necks and providing a general security checkup.
Many Fortinet customers already have all of the tools in place they need to transition to a secure remote access strategy at zero cost. They may simply need help in configuring devices to best accommodate new network traffic patterns and access points, or guidance in best practices. For example, partners can encourage customers to create a simple step-by-step email that walks employees through the process of downloading and installing their FortiClient solution and configuring it to connect to the corporate network. They may also want to stress-test their network to ensure they can handle the load created by a sudden increase in remote workers all seeking network access at the same time.
While many of the tools discussed in this blog may already be in place, additional technologies may be needed to provide a complete solution or to reduce overhead by simplifying a process, enabling resources to remain focused on more critical issues. By consulting with the IT and security teams and using the six steps outlined above as a guide, partners can help ensure that their customers remain secure while they adjust to a new teleworker business model.