Fortinets cyber security technology help organizations comply with the requirements of the Cyber Security Act and Personal Data Protection Act

Information Technology Press Releases Tuesday October 1, 2019 15:37
Bangkok--1 Oct--Communication Arts

Thailand has been rapidly responding to digital transformation to achieve the 4th industrial revolution as other parts of the world. On 27 May 2019, the Cyber Security Act of Thailand B.E. 2562 (2019) ("CSA") was published in the Government Gazette; therefore, it has been in effect since then. The Personal Data Protection Act (PDPA) has drawn various concepts from the EU General Data Protection Regulation (GDPR) and will come into effect next year. A one year transition period has been granted to companies and government agencies handling personal data to comply with key provisions of the Act. Therefore, the organizations in Thailand should comprehend the importance and find the ways to comply with these 2 Acts.

The main objective of the CSA is to secure national security in cyberspace, governing both public and private sector databases and information. CSA has applied the standards and guidelines of National Institute of Standard and Technology (NIST) to establish Cybersecurity Framework for cybersecurity privacy needs in Thailand in 5 core functions as follows:

1) Identify
2) Protect
3) Detect
4) Respond
5) Recover

Dr. Rattipong Putthacharoen, Senior Manager, Systems Engineering at Fortinet Thailand reveals that such Cybersecurity Framework provides the private sector organizations with a structure for assessing and improving their ability to prevent, detect and respond to cyber incidents. How to comply with the 5 Core Functions, the organizations need advance Security Fabric Platform from Fortinet. It is the first open architecture approach to security that dynamically adapts to and secure the IT infrastructure under Fabric-Ready Partner eco-system collaboration. Security Fabric Platform is broad (so as to have wide visibility of entire digital attack surface), integrated (so the protection covers across all devices, networks and appliances) and automated (the operations and response will be driven automatically by Machine Learning technology.)

Here are the 5 Functions and suggestions from Fortinet how to comply with them:
Identify

Organizations must develop an understanding of their environment to manage cybersecurity risk to systems, assets, data and capabilities. To comply with this Function, it is essential to have full visibility into your digital and physical assets and their interconnections, defined roles and responsibilities, understand your current risks and exposure and put policies and procedures into place to manage those risks.

Fortinet suggests at least to use the FortiToken and FortiNAC in order to identify and assess users; FortiInSight and FortiSIEM for asset and risk management purpose; FortiClient and FortiNAC for vulnerability assessment activities; next-generation firewall FortiGate, FortiAnalyzer and FortiManager for risk assessment and governance purposes.

Protect

Organizations must develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event. To comply, the organization must control access to digital and physical assets, provide awareness education and training, put processes into place to secure data, maintain baselines of network configuration and operations to repair system components in a timely manner and deploy protective technology to ensure cyber resilience.

Fortinet proposes to use FortiGate as security gateway and FortiDDos, FortiMail to protect the mail system, FortiWeb to protect web applications, FortiClient as well as FortiProxy and the advance threat technology FortiSandbox to detect Zero-day attacks. To protect cloud environment, Fortinet has developed Fortinet-hosted services as SaaS type; namely, FortiSandbox Cloud, FortiMail Cloud, FortiWeb Cloud, and FortiCASB services. Moreover, Fortinet extends the on-IaaS security services with leading Infrastructure as a Service providers including AWS, Microsoft Azure, Oracle Cloud Infrastructure and Alibaba Cloud.

Detect

Organizations must implement the appropriate measures to quickly identify cybersecurity events. The adoption of continuous monitoring solutions that detect anomalous activity and other threats to operational continuity is required to comply with this function. The organization must have visibility into its networks to anticipate a cyber incident and have all information at hand to respond to one. Continuous monitoring and threat hunting are very effective ways to analyze and prevent cyber incidents in ICS networks.

In order to identify the unknown zero-day threat, Fortinet proposes FortiDeceptor and FortiSandbox appliances. Besides the FortiSEIM and FortiAnalyzer installed at Security Operation Center (SOC) help keeping and analyzing digital traffic log, that the organization shall supply once being asked.

Respond

Should a cyber incident occur, organizations must have the ability to contain the impact. To comply, the organization must craft a response plan, define communication lines among the appropriate parties, collect and analyze information about the event, perform all required activities to eradicate the incident and incorporate lessons learned into revised response strategies.

For endpoint detection response, Fortinet deploys FortiClient to perform activities to remedy the situation such as stop the users from opening the malicious file; and uses FortiNAC to quarantine the infected user and devices. Besides, FortiSIEM, FortiAnalyzer and FortiManager help analyzing computer log and making notifications automatically. With Fortinet's latest Security-Defined Network technology, the connection and communications among security appliances and networking appliances; such as FortiGate, FortiSwitch and FortiAP are improved.

Recover
Fortinet can help organizations to restore any capabilities or services that were impaired due to a cybersecurity event on case by case basis.

The Personal Data Protection Act imposes high penalties for non-compliance. For example, it is punishable with administrative fines (up to THB 5 million), criminal penalties (imprisonment up to one year and/or fines up to THB 1 million). Therefore, Fortinet urges all entities to immediately assess the internal personal data governance and start taking action for compliance. The road to full compliance with the PDPA could involve the engagement from all departments and deploying advance security technology.

Fortinet is confident the Security Fabric Platform which is composed of sensitive data protection; including Data Loss Protection, Access Control, Data Integrity and Data Exposure. All the said features are embedded in Fortinet's solution both Security as a Service (SaaS) type for on-premise protection and Infrastructure as a Service (IaaS) for cloud-environment protection. The involved appliance shall be FortiToken, FortiNAC, FortiWeb and FortiClient. The right approach for the company should be customized to fit the size and the business operation of each entity.


Latest Press Release

ADATA Launches Slim and Stylish T10000 Power Bank

ADATA Technology (Taiwan Stock Exchange: 3260.TWO), a leading manufacturer of high-performance DRAM modules, NAND Flash products, and mobile accessories is pleased to announce the launch of the ADATA T10000 power bank. Sporting a slim profile and...

HP Strengthens Online Presence with Shopee

HP Thailand achieves success with impressive growth in sales across its technology product offerings on online platform HP Inc Thailand, the global leading technology portfolio strengthens its online presence with Shopee, the leading e-commerce platform...

Thai Language Added to Captain Tsubasa: Dream Team Global Version Today!

KLab Inc., a leader in online mobile games, is thrilled to announce the release of the official addition of full language support for the Thai language to its head-to-head football simulation game Captain Tsubasa: Dream Team. "Captain Tsubasa: Dream...

Yamaha Fine Technologies Unveils Micro Prober MP Series MP502/MP502-A Brand New High-frequency Characteristics Measurement System

Yamaha Fine Technologies Co., Ltd. (HQ: 283 Aoya-cho, Minami-ku, Hamamatsu; CEO: Yasuhiro Nakada) has developed the Micro Prober MP series of measurements systems capable of continuously inspecting the high-frequency characteristics of circuit boards...

ZTE and China Unicom win Best Network Intelligence Award at Broadband Awards 2019

ZTE Corporation (0763.HK / 000063.SZ), a major international provider of telecommunications, enterprise and consumer technology solutions for the Mobile Internet, today announced that ZTE and Guangdong branch of China Unicom have won Best Network...

Related Topics