Fortinets cyber security technology help organizations comply with the requirements of the Cyber Security Act and Personal Data Protection Act

Information Technology Press Releases Tuesday October 1, 2019 15:37
Bangkok--1 Oct--Communication Arts

Thailand has been rapidly responding to digital transformation to achieve the 4th industrial revolution as other parts of the world. On 27 May 2019, the Cyber Security Act of Thailand B.E. 2562 (2019) ("CSA") was published in the Government Gazette; therefore, it has been in effect since then. The Personal Data Protection Act (PDPA) has drawn various concepts from the EU General Data Protection Regulation (GDPR) and will come into effect next year. A one year transition period has been granted to companies and government agencies handling personal data to comply with key provisions of the Act. Therefore, the organizations in Thailand should comprehend the importance and find the ways to comply with these 2 Acts.

The main objective of the CSA is to secure national security in cyberspace, governing both public and private sector databases and information. CSA has applied the standards and guidelines of National Institute of Standard and Technology (NIST) to establish Cybersecurity Framework for cybersecurity privacy needs in Thailand in 5 core functions as follows:

1) Identify
2) Protect
3) Detect
4) Respond
5) Recover

Dr. Rattipong Putthacharoen, Senior Manager, Systems Engineering at Fortinet Thailand reveals that such Cybersecurity Framework provides the private sector organizations with a structure for assessing and improving their ability to prevent, detect and respond to cyber incidents. How to comply with the 5 Core Functions, the organizations need advance Security Fabric Platform from Fortinet. It is the first open architecture approach to security that dynamically adapts to and secure the IT infrastructure under Fabric-Ready Partner eco-system collaboration. Security Fabric Platform is broad (so as to have wide visibility of entire digital attack surface), integrated (so the protection covers across all devices, networks and appliances) and automated (the operations and response will be driven automatically by Machine Learning technology.)

Here are the 5 Functions and suggestions from Fortinet how to comply with them:

Organizations must develop an understanding of their environment to manage cybersecurity risk to systems, assets, data and capabilities. To comply with this Function, it is essential to have full visibility into your digital and physical assets and their interconnections, defined roles and responsibilities, understand your current risks and exposure and put policies and procedures into place to manage those risks.

Fortinet suggests at least to use the FortiToken and FortiNAC in order to identify and assess users; FortiInSight and FortiSIEM for asset and risk management purpose; FortiClient and FortiNAC for vulnerability assessment activities; next-generation firewall FortiGate, FortiAnalyzer and FortiManager for risk assessment and governance purposes.


Organizations must develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event. To comply, the organization must control access to digital and physical assets, provide awareness education and training, put processes into place to secure data, maintain baselines of network configuration and operations to repair system components in a timely manner and deploy protective technology to ensure cyber resilience.

Fortinet proposes to use FortiGate as security gateway and FortiDDos, FortiMail to protect the mail system, FortiWeb to protect web applications, FortiClient as well as FortiProxy and the advance threat technology FortiSandbox to detect Zero-day attacks. To protect cloud environment, Fortinet has developed Fortinet-hosted services as SaaS type; namely, FortiSandbox Cloud, FortiMail Cloud, FortiWeb Cloud, and FortiCASB services. Moreover, Fortinet extends the on-IaaS security services with leading Infrastructure as a Service providers including AWS, Microsoft Azure, Oracle Cloud Infrastructure and Alibaba Cloud.


Organizations must implement the appropriate measures to quickly identify cybersecurity events. The adoption of continuous monitoring solutions that detect anomalous activity and other threats to operational continuity is required to comply with this function. The organization must have visibility into its networks to anticipate a cyber incident and have all information at hand to respond to one. Continuous monitoring and threat hunting are very effective ways to analyze and prevent cyber incidents in ICS networks.

In order to identify the unknown zero-day threat, Fortinet proposes FortiDeceptor and FortiSandbox appliances. Besides the FortiSEIM and FortiAnalyzer installed at Security Operation Center (SOC) help keeping and analyzing digital traffic log, that the organization shall supply once being asked.


Should a cyber incident occur, organizations must have the ability to contain the impact. To comply, the organization must craft a response plan, define communication lines among the appropriate parties, collect and analyze information about the event, perform all required activities to eradicate the incident and incorporate lessons learned into revised response strategies.

For endpoint detection response, Fortinet deploys FortiClient to perform activities to remedy the situation such as stop the users from opening the malicious file; and uses FortiNAC to quarantine the infected user and devices. Besides, FortiSIEM, FortiAnalyzer and FortiManager help analyzing computer log and making notifications automatically. With Fortinet's latest Security-Defined Network technology, the connection and communications among security appliances and networking appliances; such as FortiGate, FortiSwitch and FortiAP are improved.

Fortinet can help organizations to restore any capabilities or services that were impaired due to a cybersecurity event on case by case basis.

The Personal Data Protection Act imposes high penalties for non-compliance. For example, it is punishable with administrative fines (up to THB 5 million), criminal penalties (imprisonment up to one year and/or fines up to THB 1 million). Therefore, Fortinet urges all entities to immediately assess the internal personal data governance and start taking action for compliance. The road to full compliance with the PDPA could involve the engagement from all departments and deploying advance security technology.

Fortinet is confident the Security Fabric Platform which is composed of sensitive data protection; including Data Loss Protection, Access Control, Data Integrity and Data Exposure. All the said features are embedded in Fortinet's solution both Security as a Service (SaaS) type for on-premise protection and Infrastructure as a Service (IaaS) for cloud-environment protection. The involved appliance shall be FortiToken, FortiNAC, FortiWeb and FortiClient. The right approach for the company should be customized to fit the size and the business operation of each entity.

Latest Press Release

CBEEX, WeBank and Green Inclusive jointly introduce Blockchain into Green Mobility Inclusive Platform

On June 5th, China Beijing Environment Exchange (CBEEX), WeBank and Green Inclusive jointly announced that they will carry out technical cooperation for the development of the Green Mobility Inclusive Platform using blockchain. The three parties signed a...

Huawei Wins Eight Awards, Including Five Grand Awards, at Interop Tokyo 2020

The COVID-19 pandemic has brought unprecedented changes to diverse industries and sectors. But it cannot prevent the rapid development of the ICT industry, it would seem. The Organizing Committee of Interop Tokyo 2020 — the largest ICT exhibition...

“Bleach Brave Souls” New Release in Asia! Pre-Registration Starts in June!

KLab Inc., a leader in online mobile games, announced that its hit 3D action game “Bleach: Brave Souls” will be released in Hong Kong, Macau, Taiwan, South Korea, Southeast Asia, South Asia and other Asian regions. Asia World (All Asia: AA)...

Photo Release: Metro Systems or MSC won Strategic Award 2019 HPE GreenLake

Mr.Palasilp Vichivanives Managing Director, Hewlett-Packard Enterprise Company have given “Strategic Award 2019 HPE GreenLake” which represents the leadership capability of HPE GreenLake Sale and Service to Mr. Veeraphan Durongsang,...

AIS continues its mission to solve E-Waste problems Strengthen the partners' network by joining forces with 3 sectors: government, private, and the public

Strengthen the partners' network by joining forces with 3 sectors: government, private, and the public in expanding 1,806 waste collection points throughout Thailand to welcome New Normal after lockdown ease in Phase 3 AIS continues its mission "If We...

Related Topics