FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Description Dynamically detecting, segmenting and auto-quarantine
“Sunburst”/SolarWinds” Vulnerable Endpoints from EMS Solution
Create
Zero-Trust Access Control Rules to continuously monitor and automatically
block access for compromised endpoints:
Run
the attached Script to add SolarWinds detection rules in your EMS
v6.4.2. (Open CMD with administrator access and run this command in
the same folder where you saved the script: sqlcmd -E -S.\fcems -d
fcm_default -i add_solarwind_ZTNA_Rules.txt)
This
script will add ZTNA tagging rules as seen in the screenshot below. Edit
one of the newly added rules and check to see if configured properly and
click save. You can also add additional rules to detect and tag
endpoints with critical vulnerabilities which includes Sunburst
vulnerability:
Under
Zero Trust Tags > Tag Monitor monitor for any endpoints with
“EndpointsWithSolarWinds” or “SolarWinds Suspicious” Tags. If any
detected then these endpoints can be quarantined and sent for
investigation/remediation.
As
part of the Fabric you can also use these ZTNA Dynamic Tags on FortiGate
to restrict or automatically quarantine network access for these
suspicious endpoints. See How
to add EMS ZTNA Tags in FortiOS dynamic policy for instructions.