Yes, I believe that it is.
Deep Packet Inspection isn't a FortiGuard feature. It's a separate built-in feature you can enable to do "man-in-the-middle" on-the-fly decryption of outgoing or incoming traffic on a per-policy basis. With DPI, UTM features like AV, Web Filtering, Intrusion Protection, etc. can fully inspect the traffic and are thus more effective. Without DPI, encrypted traffic can only be partially inspected and encrypted payloads like ransomware can sneak through.
An example multi-layered approach to preventing ransomware on a single FortiGate would typically involve the following UTM features:
[ol]All of the above can be considered your first lines/layers of defense. Your desktop and server's hardened security configuration, and lastly your desktop and server antivirus software should be considered your last line of defense for ransomware.
So, all the FortGuard Security bundles include AV and IPS, but the ATP bundle doesn't IRDB/ISDB (IP Reputation), Web Filtering, DNS Filtering, Botnet DB, or Geo-IP, so I'd recommend the UTP bundle at a minimum as it includes everything above. The ENT or 360 bundles would be worth considering if you're are a larger enterprise managing a number of FortiGate firewalls where you'd want to centralize your management, reporting and automation of threat remediation (beyond the scope of this discussion).
Russ
NSE7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.