Managed SD-WAN with Threat
Monitoring and Response (TMR)
Secure enterprise connectivity combined with 24/7 cybersecurity protection
What is TMR and why is it critical to SD-WAN?
Introducing SD-WAN connectivity into any environment increases the number of potential attack vectors into that network.
Masergy Managed SD-WAN with TM R provides 24/7 real-time security alert monitoring and response by certified security analysts via the Fortinet FortiGate Unified Threat Management (UTM) appliance. TM R can be deployed in tandem with Masergy’s Managed SD-WAN service without any additional
customer premise equipment (CPE). This includes full visibility of any new attack vectors as well as providing expanded monitoring coverage for both north/south and east/west network traffic throughout the enterprise.
Service Delivery Overview
• Masergy leverages security best practices for Incident Response (IR) workflow (including NIST 800-61)
• All UTM alerts follow pre-defined workflow as defined by a select catalog of IR playbooks
• These playbooks are supported within Masergy’s Security Orchestration Automation and Response (SOAR) Platform to accelerate and optimize response effectiveness
• UTM alerts enter the SOAR platform via the event and alert management moduIe then are correlated against Masergy’s proprietary Global Threat Intelligence and 100+ additional sources of threat intelligence data
• Our tenured SOC analysts triage these alerts in real-time 24/7, making expert assessments and taking any needed responses on your team’s behalf—incl uding pushing firewall blocking rules to stop any threats
• If additional customer action is needed, our analysts will contact you with actionable information and guide your team through any steps to fully mitigate the threat
• Risk metrics and alerting IR workflow may be monitored via the Masergy Intelligent Service Control customer portal
TMR Solution Requirements
Maserpy Managed SD-WAN deployment usinp Fortinet FortiGate UTM-capable appliances
Solution Capability Highlights
• Fortinet UTM security appliance is powered by FortiGuard Security Services, which includes:
• Up-to-the minute threat intelligence in real time to stop the latest threats
• I nsig ht into occurring threats anywhere in the world through a g lobal network of more than three million sensors
• Fast and comprehensive intelligence via automated and advanced analytics and machine learning being applied to cross-discipline information
• Prevention of new attack exploits with proactive threat research
• Fortinet UTM appliances include Next-Generation Firewall (NGFW) and security processor technology for comprehensive visibility and advanced Layer 7 capabilities such as:
o Intrusion Prevention System (IPS) — Fortinet FortiOS’s I PS functionality is an industry-proven network security solution powered by purpose-built hardware and FortiASlCs.
• Validated best-in-class security and capacity with proven coverage and high performance
• Com prenensive protection provided by a sig natures-based IPS engine, protocol anomaly scanning, and DDOS mitigation
• I PS is kept up-to-date by research teams that work 24 hours a day worldwide, in order to detect and deter the latest known threats including zero-day attacks
° Both signature and anomaly-based detection techniques are leveraged, with the latest threat intelligence updates pushed to the Fortinet UTM appliances near real-time
• Comprehensive I PS library witn thousands of sig natures, including the latest defenses against stealtny network-level threars
o Anti-Malware/Antivirus – H ig h performance, network detection engine stops advanced malware before it even enters your enterprise network. Using industry-leading detection eng ines, the
Masergy TM R service prevents both new and evolving In reats from gaining a foothold in the network including viruses, spyware, worms, Trojans, and other malware.
• Automated content updates & latest malware and heuristic detection engines
• Proactive threat library protects against all known threats and variants
• Content Pattern Recognition Lanpuape with patented code recognition software protects against unknown variants
o Web Content Filtering: Web Filtering is desig ned to restrict or control the content users are authorized to access, delivered over the internet via a web browser.
• FortiGuard’s massive web-content rating databases power one of the industry’s most accurate web filtering services
• G ranular blocking and filtering provide web categories to allow, log, or block based on internet usage policies
• A wide choice of web filtering tecn nology options are available to provide each organization the most suita ble implementation for their specific business needs
• I ntegrated secure web proxy blocks and alerts by employee username on inappropriate and insecure web usage, such as: adult, gam bling, hacking, discriminatory sites
• Comprehensive URL data base provides rapid and comprehensive protection against all active malicious URLs
• Blocks DNS requests to known botnet command & control addresses
o Application Control: Application control technologies detect and ta xe action against network traffic based on the application that generated the traffic. Masergy Application Control uses protocol decoders based on the specific application that analyzes network traffic to detect application traffic, even if the traffic uses nonstandard ports or protocols.
• Better protects your organization by blocking or restricting access to risky applications via blacklists and whitelists
• Gives you visibility and control of thousands of applications and lets you add custom applications
• Lets you fine-tune your policies based on application type via application categories
• Optimizes bandwidth usage on your network by prioritizing, de-prioritizing, or blocking traffic based on application
• Flexible policies ena ble full control of attack detection methods
Real-time security analytics in a unified customer portal
Customize your view of security threats managed by the Masergy Threat Monitoring and Response
solution from within our customer portal. Our portal delivers real-time analytics and service
control for your company’s entire SD-WAN deployment.
o SSL Content Scanning & Inspection: Secure Sockets Layer (SSL) content scanning and inspection allows you to apply antivirus scan ning, web filtering, FortiGuard Web Filtering, and email filtering to encrypted traffic. To perform SSL content scan ning and inspection, the FortiGate unit does the following:
• I ntercepts and decrypts network sessions between clients and servers
• Applies content inspection to decrypted content, including:
• HTTPS, I MAPS, POP3S, and SMTPS Antivirus, DLP, and DLP archiving
• HTTPS web filtering and FortiG uard web filtering
• I MAPS, POP3S, and SMTPS email filtering
• Encrypts the sessions and forwards them to their destinations
Additional Service Benefits
• Masergy com bines Fortinet’s industry-leading security capabilities witn Masergy’s high performance global SD-WAN service using a singIe appliance that received “Recommended” ratings in two consecutive independent NSS Labs tests. NSS La bs also lauded this hardware for providing the lowest total cost of ownersnip (TCO) per Mbps among eignt vendors of the top SD-WAN vendors
• All Masergy SD-WAN network deployments include Shadow IT Discovery to detect and alert IT
managers of unauthorized cloud apps on the network. Shadow IT alerts are incorporated into the TM R security monitoring service giving you actionable data for incident response and/or active blocking of unwanted suspicious activity
• Masergy’s Managed SD-WAN with TM R service retains all security logs, tickets, and alerts for a
period of one year. All supporting security event data is retained for 30 days