Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    2024.7.0
    2024.10.0
    2024.9.0
    2024.7.0

    Sensor deployment strategy

    Sensor deployment strategy

    Sensor placement is prioritized for network locations where security events are most likely to occur. Data collected from multiple locations provides a complete and accurate picture of potential security threats. Below is a prioritized list of data source locations in a typical network environment.

    Number

    Location

    Description
    1 Egress Points

    Monitoring activity between your network environment and the Internet provides visibility of security events related to malware beaconing, command and control, network tunneling and data exfiltration activity.

    Benefits:

    • Captures north/south traffic from clients and servers

    • Enables detection of exfiltration, C2, tunneling, beaconing
    2 Core Switch

    Activity within your network can include security events related to lateral movement and staging of attacks between workstations and important internal resources such as internal web applications, file servers or your system infrastructure.

    Benefits:

    • Captures east/west traffic between clients and servers

    • Enables detection of lateral movement, staging, internal threats
    3 Data Center

    Your data center infrastructure is where your valuable information is stored, making it a target for theft and unauthorized access. Sensors placed between these servers and virtual hosts provide visibility of security events related to this activity.

    Benefits:

    • Captures east/west traffic between servers (including virtual)

    • Enables detection of data theft, unauthorized access
    4 DMZ

    Public facing applications such as mail services, web sites and business-to-business applications are constantly attacked. Monitoring network zones that host these applications provides visibility of security events related to unauthorized access and data exfiltration.

    Benefits:

    • Captures north/south traffic between DMZ and external clients

    • Enables detection of unauthorized access, vulnerability exploitation, exfiltration
    5 External Link

    Benefits:

    • Captures north/south traffic between external clients and the internal networks. Provides visibility to traffic even if it is blocked by the firewall

    • Enables detection of exploitation attempts
    6 Cloud Visibility

    Benefits:

    • Cloud infrastructure workload traffic analysis via AWS/Azure Machine Images or VM/KVM.

    • Teleworker and Remote Sites not backhauled to VPN via Zscaler integration.

    • Enables detection of un-managed and IoT devices and access to cloud infrastructure
    Previous
    Next

    Sensor deployment strategy

    Sensor deployment strategy

    Sensor placement is prioritized for network locations where security events are most likely to occur. Data collected from multiple locations provides a complete and accurate picture of potential security threats. Below is a prioritized list of data source locations in a typical network environment.

    Number

    Location

    Description
    1 Egress Points

    Monitoring activity between your network environment and the Internet provides visibility of security events related to malware beaconing, command and control, network tunneling and data exfiltration activity.

    Benefits:

    • Captures north/south traffic from clients and servers

    • Enables detection of exfiltration, C2, tunneling, beaconing
    2 Core Switch

    Activity within your network can include security events related to lateral movement and staging of attacks between workstations and important internal resources such as internal web applications, file servers or your system infrastructure.

    Benefits:

    • Captures east/west traffic between clients and servers

    • Enables detection of lateral movement, staging, internal threats
    3 Data Center

    Your data center infrastructure is where your valuable information is stored, making it a target for theft and unauthorized access. Sensors placed between these servers and virtual hosts provide visibility of security events related to this activity.

    Benefits:

    • Captures east/west traffic between servers (including virtual)

    • Enables detection of data theft, unauthorized access
    4 DMZ

    Public facing applications such as mail services, web sites and business-to-business applications are constantly attacked. Monitoring network zones that host these applications provides visibility of security events related to unauthorized access and data exfiltration.

    Benefits:

    • Captures north/south traffic between DMZ and external clients

    • Enables detection of unauthorized access, vulnerability exploitation, exfiltration
    5 External Link

    Benefits:

    • Captures north/south traffic between external clients and the internal networks. Provides visibility to traffic even if it is blocked by the firewall

    • Enables detection of exploitation attempts
    6 Cloud Visibility

    Benefits:

    • Cloud infrastructure workload traffic analysis via AWS/Azure Machine Images or VM/KVM.

    • Teleworker and Remote Sites not backhauled to VPN via Zscaler integration.

    • Enables detection of un-managed and IoT devices and access to cloud infrastructure
    Previous
    Next