at Financial Technnology Year
Please contact them if you have any questions.
Fortinet Security Fabric for Financial Services from Fortinet
Comprehensive security platform that integrates network, cloud, and endpoint security specifically for financial institutions and VC firms. Provides advanced threat protection, secure access solutions, and compliance capabilities for protecting financial operations and investments.
Product analysis by function
Cybersecurity Solutions for Operations and Finance
Specialized security tools protecting sensitive deal information, portfolio company data, and limited partner communications.
More Cybersecurity Solutions
More Operations and Finance ...
Access Control and Identity Management
(7 Yes /7 Known /10 Possible features)
|
Multi-factor Authentication (MFA) Requires users to verify identity using multiple credentials for critical systems. |
Fortinet Security Fabric supports multi-factor authentication (MFA) as part of its secure access solutions. | |
|
Single Sign-On (SSO) Support Allows seamless, secure access to multiple systems using one set of credentials. |
Single Sign-On (SSO) is part of Fortinet's access control integrations. | |
|
Role-Based Access Control (RBAC) Assigns system permissions based on job role to enforce least-privilege access. |
Role-based access control (RBAC) is a core feature in Fortinet's centralized policy management. | |
|
User Provisioning and De-provisioning Speed Time required to add or revoke user access upon onboarding or departure. |
No information available | |
|
Privileged User Monitoring Tracks activities of high-access users for early detection of misuse. |
Privileged user monitoring is included via the FortiSIEM and FortiAnalyzer solutions. | |
|
Audit Trail Retention Period Length of time that records of user access and changes are kept. |
No information available | |
|
Integration With Directory Services Can synchronize with corporate directories (e.g., Active Directory, LDAP). |
Supports integration with Active Directory, LDAP and other directory services. | |
|
Self-Service Password Reset Allows users to securely reset passwords without admin involvement. |
Fortinet FortiAuthenticator supports self-service password reset for users. | |
|
Account Lockout Threshold Number of failed login attempts allowed before an account is locked. |
No information available | |
|
Mandatory Password Expiry Enforces periodic password changes to reduce the risk of compromise. |
Mandatory password expiry policies are supported and configurable. |
Data Encryption and Confidentiality
(8 Yes /8 Known /10 Possible features)
|
In-Transit Encryption Utilizes strong cryptographic protocols (e.g., TLS 1.2+) for data moving across networks. |
In-transit encryption is enforced using TLS across Fortinet devices and solutions. | |
|
At-Rest Encryption Ensures stored data in databases and file systems is encrypted. |
Fortinet supports at-rest encryption as part of their security appliances and endpoint protection. | |
|
End-to-End Encryption for Communications All communication channels (email, messaging, file transfer) support end-to-end encryption. |
End-to-end encryption for various communication channels is supported depending on integration (e.g. FortiMail, VPN, and secure messaging). | |
|
Encryption Key Management Automated and audited management of cryptographic keys. |
Encryption key management is available with FortiManager and via HSM integrations. | |
|
Granularity of Data Encryption Defines whether encryption is file-level, database-level, or field-level. |
No information available | |
|
Hardware Security Module (HSM) Integration Supports securing keys within HSMs for added protection. |
Hardware Security Module (HSM) integration is supported for key protection. | |
|
Secure File Sharing Enables secure, encrypted document sharing with third parties or LPs. |
Secure file sharing is possible through FortiMail and FortiDrive solutions. | |
|
Data Loss Prevention (DLP) Monitors and blocks unauthorized data transfers inside and outside the organization. |
Data Loss Prevention (DLP) is a core component of Fortinet’s offerings. | |
|
Real-time Data Encryption Speed The speed at which the system can encrypt or decrypt data in real-time. |
No information available | |
|
Compliance with Industry Encryption Standards Effectively meets standards such as FIPS 140-2/3 or ISO/IEC 27001. |
Compliance with FIPS 140-2, ISO/IEC 27001, and other industry encryption standards is documented. |
Threat Detection and Incident Response
(7 Yes /7 Known /10 Possible features)
|
Real-time Threat Detection Ability to identify threats as they occur using AI/ML and signature-based detection. |
Real-time threat detection is achieved with FortiAI, FortiAnalyzer, and FortiSIEM. | |
|
Automated Incident Response Workflows System can automatically respond to certain threat types to contain damage. |
Automated incident response workflows are available through playbooks and orchestration tools. | |
|
Security Event Log Retention How long security events/logs are retained for forensic analysis. |
No information available | |
|
Integration with SIEM (Security Information and Event Management) Ability to feed data to SIEM platforms for correlated analysis. |
Integration with SIEM platforms, including third-party SIEMs, is supported. | |
|
Alert Notification Time Maximum time between threat detection and alerting security staff. |
No information available | |
|
24/7 Monitoring Security monitoring is available at all times, not just business hours. |
24/7 security monitoring is core to Fortinet's managed security service and products. | |
|
Customizable Threat Signatures Can create and tune custom detection signatures for sector-specific threats. |
Custom threat signature creation is possible in FortiGate and FortiSIEM. | |
|
Phishing Detection and Prevention Alerts users and blocks suspicious communications targeting credentials. |
Phishing detection and prevention are part of FortiMail and FortiPhish solutions. | |
|
Incident Response Playbooks Pre-defined, customizable workflows for different incident types. |
Incident response playbooks are included in FortiSOAR. | |
|
Mean Time to Detect (MTTD) Average time between threat occurring and being discovered. |
No information available |
Secure Communications
(8 Yes /8 Known /10 Possible features)
|
Encrypted Messaging Internal and external chat/messages are encrypted at rest and in transit. |
Encrypted messaging is available via FortiMail/secure communications modules. | |
|
Secure Video Conferencing Video meetings use encryption and access controls to protect confidentiality. |
Secure video conferencing is possible with integration to third-party platforms using FortiGate VPN/tunneling. | |
|
Encrypted Email Integration Email solutions support encrypted delivery and attachments. |
FortiMail supports encrypted email integration for messages and attachments. | |
|
Customizable Access Policies for Communications Ability to restrict communication tools usage by user or group. |
Access policies for communication can be customized in line with user/group policies. | |
|
Automated Message Retention Policy Controls how long communication records are kept and when they are deleted. |
Message retention policies are configurable in messaging/email security modules. | |
|
Message Recall or Revocation Capability to retract messages sent in error. |
Message recall/revocation can be implemented in secure mail and chat solutions. | |
|
Digital Signatures on Communications Ensures authenticity and non-repudiation for critical messages. |
Digital signatures are available through Fortinet’s secure messaging/email modules. | |
|
Watermarking Confidential Messages Messages can be automatically watermarked for traceability. |
No information available | |
|
External Participant Verification Verifies the identity of external recipients in communications. |
No information available | |
|
Communication Channel Redundancy System supports alternative communication methods in case of outages. |
Channel redundancy is available given Fortinet’s SD-WAN/failover design. |
Monitoring, Logging, and Reporting
(8 Yes /8 Known /10 Possible features)
|
Comprehensive Audit Logs Records all relevant system and user activities for auditing purposes. |
Comprehensive user/system audit logs available in FortiAnalyzer and related modules. | |
|
Customizable Reporting Dashboards Flexible dashboard tools for real-time monitoring and historical analysis. |
Dashboards are highly customizable in FortiAnalyzer and FortiSIEM. | |
|
Automated Compliance Reports Generates reports for regulatory and LP compliance needs. |
Automated compliance reporting is supported for various frameworks. | |
|
Log Integrity Monitoring Detects if audit logs have been tampered with. |
Log integrity is supported through tamper-evident storage and hashing. | |
|
API Access to Logs Logs and reports accessible via standard APIs. |
API access for logs is a documented feature. | |
|
Alert Customization Users can define thresholds and triggers for alerting. |
Users can customize alerting and thresholds extensively. | |
|
Log Retention Period Set length of time all logs are retained for compliance. |
No information available | |
|
Anomaly Detection in User Activity Automatically highlights unusual user behavior for investigation. |
Anomaly detection in user activity is provided through AI/ML inside FortiSIEM. | |
|
Scheduled vs Real-time Reporting System can provide both scheduled and real-time reports. |
Both scheduled and real-time reporting are available. | |
|
Audit Log Search/Filtering Speed Rate at which logs can be queried for specific events. |
No information available |
Compliance and Regulatory Support
(9 Yes /9 Known /10 Possible features)
|
Compliance Certifications Dashboard Displays current compliance certifications (e.g., SOC 2, ISO 27001). |
Compliance certifications dashboard is provided and updated as part of compliance modules. | |
|
GDPR Support Product supports General Data Protection Regulation for EU LPs and companies. |
GDPR compliance tools and support are documented for Fortinet Security Fabric. | |
|
California Consumer Privacy Act (CCPA) Support Compliant with CCPA for handling California data subjects. |
CCPA compliance is supported; documentation on handling California user data exists. | |
|
Automated Data Subject Requests Can handle right-to-access, right-to-be-forgotten, and correction requests. |
Automated data subject request support is possible via FortiSIEM and automation modules. | |
|
Audit-trail for Compliance Actions Proof of compliance actions is logged and accessible. |
Audit trails for compliance actions are part of logging/reporting suites. | |
|
Data Residency Controls Can restrict data storage and processing to certain jurisdictions. |
Data residency controls are available, especially in cloud-centric Fortinet deployments. | |
|
Policy Change Alerting Alerts administrators when compliance policies change or are updated. |
Policy change alerting for compliance is provided with integration to security operations alerts. | |
|
Compliance Report Generation Speed Time required to produce a full compliance report for auditors. |
No information available | |
|
Customizable Data Retention Policies Allows organizations to define bespoke regulatory retention periods. |
Customizable data retention policies are supported and can be defined per compliance need. | |
|
Vendor Risk Assessment Integration Integrates third-party assessments into compliance reporting. |
Vendor risk assessment integrations are possible via APIs and partner ecosystem. |
System Integration and Interoperability
(9 Yes /9 Known /10 Possible features)
|
Open API Availability Product offers open APIs for extensibility and automation. |
Open APIs are available for extensibility and integration. | |
|
Integration with Document Management Systems Works seamlessly with DMS like Box, Dropbox, SharePoint. |
Document management system integrations (e.g., SharePoint) are supported in partner solutions. | |
|
CRM Integration Works with Salesforce and other CRM systems for LP and portfolio tracking. |
CRM (e.g., Salesforce) integration is available and documented through partner connectors. | |
|
Automated Data Sync Frequency How frequently data is automatically synchronized across platforms. |
No information available | |
|
Support for SAML/OAuth Connectors Allows secure identity federation across multiple SaaS tools. |
SAML/OAuth connectors are supported for identity federation and SSO. | |
|
Marketplace of Pre-Built Integrations Catalog of out-of-the-box plugins and connectors. |
Marketplace for pre-built integrations is available via Fortinet and technology partners. | |
|
Custom Integration Toolkit Offers SDKs/libraries for custom workflow integration. |
Custom integration toolkit with SDKs/APIs is provided for workflow integration. | |
|
Real-time Integration Monitoring Notifies when integrations fail or are at risk. |
Real-time integration monitoring is available in dashboard modules. | |
|
Versioning and Backward Compatibility Ensures integration APIs remain available across product upgrades. |
API versioning and backward compatibility are part of platform assurance. | |
|
Granular Integration Permissions Permissions for integrations can be defined by user or group. |
Granular integration permissions are configurable by user group and role. |
Backup, Recovery, and Business Continuity
(6 Yes /6 Known /10 Possible features)
|
Automated Backups Scheduled, automatic backups of all critical data. |
Automated backups are supported across key Fortinet data stores. | |
|
Backup Frequency How often backups are taken. |
No information available | |
|
Recovery Point Objective (RPO) Maximum acceptable age of files in backup, indicating potential data loss time window. |
No information available | |
|
Recovery Time Objective (RTO) Maximum acceptable time to restore systems after a failure. |
No information available | |
|
Encrypted Backups All backup data is encrypted during storage and transit. |
Backups are encrypted in both storage and transit. | |
|
Geo-Redundant Backup Storage Backups are replicated in multiple data centers or regions. |
Geo-redundant backup storage is offered in Fortinet cloud and appliance solutions. | |
|
Disaster Recovery Playbooks Pre-defined procedures for different disaster scenarios. |
Disaster recovery playbooks are part of Fortinet best practice documentation. | |
|
Backup Restore Testing Frequency How often backup restores are tested for integrity. |
No information available | |
|
Granular Restore Capability Can restore individual files, folders, or full systems. |
Granular restore supported: individual files, folders, systems (depending on configuration). | |
|
Automated Failover Support Enables seamless transition to backup systems automatically. |
Automated failover support is core to Fortinet high-availability configurations. |
Workflow and User Experience Security
(6 Yes /6 Known /10 Possible features)
|
Context-aware Access Controls Adapts access policies based on user location, device, or time. |
Context-aware access controls are possible by combining device, location, and behavioral attributes. | |
|
User Activity Feedback System provides immediate visual/audible feedback for security events (e.g., successful login, warning for suspicious activity). |
User activity feedback (successful login, suspicious activity) is standard in user interfaces and logs. | |
|
Security Warnings/Explainability Clear and actionable security warnings for users. |
Security warnings and explainability are part of end-user notifications. | |
|
Adaptive User Training Prompts In-app security learning for users when risky behaviors are detected. |
No information available | |
|
Minimal Security Task Completion Time Low latency for users performing security actions (e.g., reviewing access requests). |
No information available | |
|
Accessibility Support in Secure Workflows Features and workflows accessible to all users, including those with impairments. |
No information available | |
|
Integrated Secure Approval Processes Enables approvals for sensitive actions within secured workflows. |
Integrated secure approval workflows are available in advanced policy modules. | |
|
Session Timeout Configuration Customizable length before automatic user logout due to inactivity. |
No information available | |
|
Mobile Security Features Appropriate controls and protections for mobile users. |
Mobile security features are included in FortiClient and FortiMobile. | |
|
Frictionless Delegated Access Temporarily delegate access securely and efficiently. |
Frictionless delegated access for temporary privileges is configurable with RBAC and policy controls. |
Vendor Management and Ecosystem Security
(8 Yes /8 Known /10 Possible features)
|
Third-party Risk Assessment Automation Automates evaluation and scoring of third-party risk. |
Vendor risk assessment automation can be achieved using API integrations with third-party services. | |
|
Vendor Access Control Restricts and monitors vendor/outsourced IT access to systems and data. |
Vendor access control is available through policy configuration and monitoring. | |
|
Continuous Vendor Security Monitoring Monitors ongoing risk from vendors (e.g., dark web exposure, breaches). |
Continuous vendor security monitoring is available via SIEM/third-party feeds. | |
|
Vendor Security Questionnaire Management Centralizes collection and review of security documentation from vendors. |
Vendor questionnaire management is possible through integration/API. | |
|
Vendor Breach Notification Speed Time between vendor-reported security incidents and notifications to your firm. |
No information available | |
|
Vendor Data Segmentation Ensures vendor access is limited to specific, well-defined areas and data sets. |
Vendor data segmentation is enforced via network segmentation and access controls. | |
|
Automated Vendor Offboarding Instant removal of vendor access once a contract ends. |
Automated vendor offboarding can be implemented through provisioning modules and API integration. | |
|
Vendor Cost Monitoring Tracks and manages the cost of vendor cybersecurity services. |
No information available | |
|
Vendor Contract Compliance Flags Alerts for upcoming expirations, lacking attestations, or non-compliance. |
Vendor contract compliance is notified via alerting and policy compliance modules. | |
|
Portfolio Company Security Guidance Tools Provides tools or frameworks for portfolio companies to follow security best practices. |
Security frameworks and tools for portfolio companies are available via documentation and managed services. |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.