The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements

By Jonathan Nguyen-Duy

Customer Perspectives

With the rapid shift to telework and multi-cloud architectures, business leaders are under pressure to establish secure and trustworthy access from any location to a wide variety of cloud-based services and enterprise resources. The traditional binary assumption that everything inside an organization’s perimeter should be inherently trusted creates a number of security challenges, especially in endpoints used for remote work. In many situations, organizations are using both personal and company-provided devices working from unsecure home and remote networks. Compounding the challenges of unsecure home networks is the fact that these devices are often offline – making it difficult to continuously assess risk and trust.

One international law firm grappling with these issues was looking for a simple, cost-effective approach to ensure edge device compliance while also improving its remote users’ experience.

Balancing Remote Security with User Access Requirements

The law firm’s challenges centered around validating the remote devices accessing the network. This meant ensuring those devices had compliant operating system versions, as well as the latest security patches and antivirus definitions. There was also the issue of endpoint security while working from unsecure home Wi-Fi networks and public internet connections.

To protect the assets on the corporate network from attack, misuse, or exfiltration, the firm needed to implement a least privileged, role-based access solution - meaning only the users should only be able to access network resources needed to perform their job. From a Zero Trust Access (ZTA) perspective, this meant continually updating roles and the devices associated with them, which required some way to frequently scan every remote device to assess its security posture.

As the firm was already leveraging the Fortinet Security Fabric, it wanted a ZTA solution that was an extension of that Security Fabric rather than a separately managed solution. This approach would improve overall security performance and simplify management.

Applying Fortinet’s Zero Trust Access

To maintain continuous visibility and access control of all devices on the network, the law firm leveraged Fortinet’s Zero Trust Access architecture. An effective ZTA solution will deliver visibility and control in three key areas: users and devices requesting network access, users and devices on the network, and those users’ and devices’ offline activities. The ZTA framework integrates various security solutions to enable organizations to identify and categorize the users and devices seeking access to enterprise networks. One of these solutions, FortiNAC network access control, can automatically discover and classify devices attaching to the network and assign role-based zones of control, which is especially useful for remote work. The FortiNAC controller performs the following:

• Scans the network for detection and classification of devices via agent or agentless (automated) methods
• Creates an inventory of all devices on the network
• Assesses the risk of every network endpoint
• Provides extensive support for third-party network devices to ensure effectiveness with existing network infrastructure
• Automates the onboarding process for a large number of endpoints, users, and guests
• Enforces dynamic network access control and enables network segmentation

ZTA solutions like this allow teleworkers to connect remotely and securely without endangering the enterprise network’s security. This system automatically identifies and assigns users to zones of control, only allowing access to resources necessary for their role.

Further, the firm was able to leverage existing FortiGate NGFWs for network segmentation based on business objectives and tag devices with their appropriate compliance restrictions. The FortiGate NGFW then enforces these restrictions, regardless of where the users take their devices. This drastically reduces the chance of internal resources being exposed in open remote networks. The law firm maintains its FortiGate NGFWs at the network edge, where they function as high-performance VPN gateways. This eliminates a common pain point for companies migrating at scale to remote work—the VPN headend bottleneck. With the scalable FortiGate NGFWs in place, all remote employees can continue to be as productive and as responsive to clients as they were at the office.

Improving Security Performance While Reducing Operational Complexity

As a result of implementing a ZTA strategy in this manner, employees can now easily access their authorized network resources, while the law firm can execute on its ZTA policies by continually monitoring endpoint status and automatically quarantining devices that are out of compliance or compromised. These capabilities helped the law firm secure their remote telework setup and improve remote users’ experiences when connecting to their network.