Time
59 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hey, everyone, welcome back to the core. So in the last video, we talked about
00:03
just a generalized over you of the Ford Net 40 Web cloud Web application. Fire was a service dashboard screen. So we just went over the basic navigation there again, Feel free to politics video and go back to that one. Watch it and then feel free to play around inside of the product itself.
00:19
In this video, we're gonna start off our case studies We'll start here with case study number one. As I mentioned these air pretty short case studies just to sort of get you thinking around different use cases for this particular product.
00:30
And our controls are coming coming from tag Cyber. So Dr Amoroso has a course on cyber called the 50 security controls 50 c c. So secure controls. And so you want to definitely check that course out If you want to dive into some of them more of the control aspect of things. Thio, help your company more
00:51
now you know. So I've got listed here off their document which have also referenced here at the bottom of this particular document. So there's the actual reference point there. It's called the tag Cybersecurity Annual, and you could find that on their website. So just Google serves tag cybersecurity and you'll be able to find them real quick.
01:07
And there's a couple of controls that are applicable. There's many that are applicable, but there's a couple of main ones. They're applicable for this type of product, being it a Web application firewall. So we're looking at the tag Cyber Enterprise Controls as well as the tag Cyber Network Controls.
01:23
So our case study. So here we have cyber a furniture, right? So if you by the way, if you think that cyber Asian branch into furniture, we may be considering that if you think it's cool enough idea, and if you want to fund it, just getting
01:36
so. Severin Furniture is a world renowned manufacturer of office furniture, and I'm not gonna read you this entire thing verbatim. You could find this in the resource of section of the course
01:42
and just go ahead and follow along.
01:45
So the company's been around for a while, as you see, it was founded in 1930
01:49
and it focuses on
01:51
years or based research and design. So what it's doing is it's going into organizations and it's saying, Okay, you've got this office space here. So what we want to do is we want to come in and design a beautiful space for your employees of health's improved productivity,
02:05
and that utilizes the space most efficiently, so it keeps your costs low. So that's really the problem that they try to solve, right?
02:13
And so they're solving this. Organizations have been successful since we've been in business so long
02:17
what they've done recently, those they've integrated some technology, right? So the integrated a space sensing network and in mobile app.
02:23
And this basically is just gonna help the companies that use big data toe optimize your workplace is even better to help increase that employee productivity even more because we all kind of know that we want to make more productive it employees, especially in today's world of people being so busy and the latest technology keeps coming out and keep coming out.
02:42
So one thing they've done is well. To save money of their end, cyber furniture has gone ahead and implemented the use of coyote or injured Internet of things controlled lighting system. So the goal there again is to save money during in their manufacturing facilities,
02:58
however,
02:59
they've been using a traditional waft solution. So traditional Web application, firewall solution and, as you know, or if you don't know those are pretty cumbersome to manage. And especially if you don't have a highly skilled security team, especially creating custom rules, etcetera, etcetera. So as threats evolved, it becomes very difficult to manage these types of things without a dedicated team
03:19
for them.
03:21
So what happened? Well, a recent compromise of one of the Web applications. That's not a good thing right
03:27
now without going into too many details on that particular attack or anything like that. We kind of skipped over that here,
03:32
and we've gone into the aspect of like, OK, they haven't incident. They haven't attacked happened They had a compromise happen.
03:38
They've been using a traditional laugh. Now they want to use something else right.
03:44
They want to use something that's a lot easier to manage that helps reduce that overhead associated with using a traditional last solution.
03:51
So
03:53
what I want you to think through is a very simple question here. What products that the company used to reduce operational overhead found with traditional laugh solutions. If you haven't figured out the answer yet, I'll go ahead and pause for just a few seconds. But it's pretty easy, and I'll say, Take a look at the screen in front of you because the answer is there
04:12
all right? Of course, you should have guessed the Ford Net 40 Web Cloud replication Fire was a service solution. And again, the reason for that is because it's so easy to manage. You noticed as we went through the navigation of the dashboard screen there, it was very easy for someone that's nontechnical to find the information that they're looking for.
04:30
So one thing I just want to show you along those lines, since we're to talk about how easy it is to manage, let's just talk about and show you how easy it is to create the custom rules. And again, we had taken a look at those earlier to see how easy it was to create custom rules for our particular application.
04:47
All right, so what we're going to do is we're just going to look at creating an exception for one of our security rules. So let's pretend as we go here's under security rules and then to known attacks. Here
04:58
you'll see again by default. It goes ahead and blocks the most common vulnerabilities that are out there from the old boss Top 10.
05:05
But what we could do is we can add exceptions to this year. We can create an exception rule just by selecting the button right here.
05:13
And then we get at in our exception right here. Now, if we highlight over, this little help option here is gonna tell you exactly what to put in there. Of course, it's going to be your string,
05:23
and we can take a look at different signature information that is already blocking. So if you want to take a look down here, we can just click on some random ones here and you'll see that it's grabbing
05:32
common vulnerabilities and common exploits and showing where it's going to be blocking it at.
05:40
So these are the signatures right here
05:42
that is flagging
05:45
and again as we click through the menu here.
05:47
So again, if we wanted to, we could add an exception here. If we said no, This looks, you know, legitimate, which obviously it's not. It's across a scripting attack, but let's say that this was a legitimate thing. We could just grab that string, throw it up in there and create our exception very, very easily.
06:03
We could also
06:05
select different types of attacks. So as an example, if I just want to look for sequel injection attacks, I can look for those. And I can also again say, Oh, no, hey, this looks good. Let me go and add this. It's as an exception. I can also add in more signatures there. If I feel that I've got something that's come through that doesn't look right, I can add that in there as well.
06:27
So it's very easy to navigate this particular dashboard and Adan's custom rule sets. Also, I'm gonna go ahead and cancel all of that there.
06:33
Under the access rules. We can also customize our request limits so we can come in here and create things very simply as well.
06:44
All right, so in this video, we just talk briefly about our case study number. Once again, cyber furniture. They've been implementing some new technology as well as using I o T
06:53
management for their lighting system to save money and what they had found reusing a traditional last solution. What was a real problem? What they found is that it was causing too much overhead, which led to their employees not being able to manage it effectively, which then led to a compromise of one of their Web applications.
07:10
They were looking for a solution that allowed them
07:14
to reduce that overhead and find something that's very easy to manage. That takes a couple of clicks and you can set things up. And, of course, we all knew the answer already, which was a Ford Net 40 Web Cloud Replication firewall as a service solution.
07:28
In the next video, we're gonna take a look at our second key study, and we'll take a look at how that might affect an organization.

Up Next

Fortinet FortiWeb Cloud WAF-as-a-Service

This course will cover a brief overview of the Fortinet FortiWeb Cloud WAF-as-a-Service. Learners will subscribe to the product in AWS Marketplace and then learn how to use the solution to automatically integrate their Route 53 domain name, setting up an EC@ instance, and create a web app.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor