The financial industry is characterized by multi-cloud and multi-branch, and it faces more security challenges in the digital age. Especially in the context of rampant threats such as ransomware, the concept of "safe operation" requires financial companies not only to "know what is happening" to threats and attacks, but also "know why". Therefore, a financial company hopes to improve endpoint security protection, which can identify and block malicious behaviors in real time, and obtain detailed information about attack sources, attack methods, and attacker activities for subsequent traceability investigations. Fortinet provides the FortiEDR solution to meet its multi-cloud, multi-branch, localized deployment and other needs.
Multi-cloud distribution, how to break the terminal security of financial enterprises
There are various terminals in the financial industry, such as teller machines, business PCs, cloud servers, mobile devices, etc., which carry important functions such as daily office work, business processing, and service provision, and are also important circulation nodes for key financial data. The terminal is also the main entry point for various threats such as ransomware. Under the severe network security background, the security risks such as illegal access, virus intrusion, and information leakage are increasing sharply. How to strengthen terminal security management, resist external attacks, and ensure effective protection of data is an important issue facing the financial industry.
As an important and key application field of informatization, the financial industry has many years of exploration and construction in terminal security and other aspects. However, traditional terminal security products passively detect and replace defense with management, which can only defend against some threats. Due to the lack of capabilities such as intelligence linkage, in-depth analysis, and coordinated response, on the one hand, it is impossible to effectively detect and defend against 0-day attacks, fileless attacks, and long-term latent attacks; on the other hand, it is difficult to effectively trace and automate threats that have occurred. Joint defense response.
On the contrary, EDR discovers unknown threats through comprehensive research and judgment through active data collection, fusion of full information, intelligence collision, and threat model analysis. At the same time, through collaborative linkage, automation and other capabilities, it can effectively deal with threats as soon as they are discovered, and use in-depth analysis capabilities to provide users with various information such as attack sources, methods, and targets, which is convenient for reporting and future security prevention. This is what a financial company needs at the moment.
In addition, because a financial company deploys a collaborative office environment in multiple regions of Alibaba Cloud, combined with its own compliance and security requirements, it also has the following unique requirements:
Terminal data is stored locally, and EDR products must support local installation to meet data security requirements.
The business is deployed on the public cloud, and the EDR product supports public cloud deployment and can be deployed in a distributed manner to meet the nearby connection requirements of multiple locations.
In particular, Linux servers need to be protected, and EDR products are required to be deployed on Linux systems and to support a wide range of Linux systems.
Users provide virus samples to test the interception capability and display effect of FortiEDR.
Multi-cloud active-active, FortiEDR solution escorts financial enterprises
It can be said that localized deployment is one of the primary core key requirements of a financial enterprise. At present, among the mainstream EDR solutions at home and abroad, only FortiEDR supports local deployment. At the same time, FortiEDR components can be installed on the public cloud platform, and the communication components can be deployed in a distributed manner to meet the nearby connections of terminals in multiple places. In addition, FortiEDR also supports Windows/Linux/MAC/VDI and other terminals and multiple version systems. Not only that, FortiEDR's interception capability has been recognized by third-party testing organizations such as MITER ATT&CK and VirusTotal.
According to customer requirements, Fortinet built a PoC test platform, and the results showed that all test samples were successfully intercepted by FortiEDR and there were corresponding interception processes and logs. This also means that FortiEDR not only meets the needs of a financial enterprise in terms of localization, multi-cloud, Linux and other deployment capabilities, but also in the actual measurement of threat interception capabilities. In the end, FortiEDR completed the project through Alibaba Cloud multi-region deployment of core components, key region deployment of components such as threat hunting and centralized management, and agent deployment of various clients.
It is worth mentioning that the customer's environment involves public cloud dual centers and multiple office locations, requiring the EDR architecture to be able to operate in dual centers and active-active, and to meet the nearby access of office equipment in multiple locations. The flexibility of FortiEDR is sufficient to meet its needs. First of all, there is a decoupling relationship between FortiEDR components. FortiEDR communication components are deployed in two centers separately, and services are released. The terminal selects the nearest communication component according to the response time. If there is a sudden business interruption at the nearby business center, the device terminal will automatically switch to another business center, and the end user will not be aware of it and will always connect to the nearest business center to ensure low-latency communication. Secondly, FortiEDR can provide ISO version or KVM version to meet the requirements of different underlying environments.
In addition, this project is a long-term project, in addition to the terminal deployment in the early stage, there is also event monitoring during the period. In order to ensure the customer's use and daily management experience, FortiEDR products provide their own BPS service. This service is provided by the designated FortiEDR after-sales expert team. During the period, special personnel will be assigned for docking. The service content includes detailed product training, security event analysis, and configuration. Review, etc., to provide service guarantee for the implementation of the project.
Full-process protection, FortiEDR patented technology full-process capability
The FortiEDR security defense solution is capable of detecting, mitigating, responding, and remote repairing the entire process of terminal protection. Provide real-time protection and proactive risk management before infection; provide detection & suppression services after infection, free users from alarm fatigue, and provide customizable infection removal while automating response; proactively reduce attack surface through terminal hardening; at the same time, based on AI The patented core technology of software behavior detection (Code Hunting code tracking technology) and the patented core technology of Encryption Rollback can effectively prevent the integrity of system files/storage files from being destroyed in the ransomware scenario, that is, through the memory sandbox mechanism, it guarantees Integrity of original documents. In addition, the solution is also integrated with Fabric to achieve automatic response, and linked with FortiGate firewall to block threats. The project brings multiple benefits to a financial company:
Threat Detection and Blocking: FortiEDR enables early detection of malware, advanced persistent threats (APTs), and other security threats by monitoring and analyzing activity on endpoint devices in real time. It can take timely blocking measures to prevent these threats from spreading further and causing damage.
Attack source tracing and investigation: FortiEDR records and stores activity logs on terminal devices, which can help security teams conduct security incident investigation and attack source tracing. This helps to understand the attacker's behavior patterns and intrusion paths so that appropriate countermeasures can be taken.
Threat intelligence sharing: FortiEDR can integrate with other security products and services and share threat intelligence. This integration and sharing strengthens overall security defenses and improves detection and response to emerging threats.
Automated Response and Remediation: FortiEDR has automated response and remediation capabilities that take immediate action when a threat is detected. It automatically quarantines infected devices, stops malicious processes, and restores compromised system components, reducing business impact and recovery time.
Improved security performance: FortiEDR enhances enterprise security performance by providing real-time monitoring and threat detection. It can help discover and solve potential security vulnerabilities, strengthen the protection of terminal equipment, and thus improve the overall security defense capability.
Unique in the industry, localization advantages solve data sensitive problems
With the promulgation of laws and regulations such as the "Financial Data Security Data Security Assessment Specification" and the "Data Security Law", as well as the establishment of functional departments such as the National Data Bureau, key industries such as finance and insurance are more sensitive to data. "Data localization" has become a common phenomenon based on various requirements such as data security and security. In this regard, FortiEDR's on-premises deployment capability has a significant advantage. In addition, the threat detection, traceability, and automated response capabilities of the solution enable customers to obtain unparalleled terminal security protection. In addition, FortiEDR's BPS service can do the preliminary work for customer terminal deployment, making customers safe and worry-free throughout the process .