Transcript
My name is Michael Nichols. I am the Information Security Architect at TMH, Toyota Material Handling North America. Toyota Material Handling is the industry leader in forklift manufacturing. We build a lot of different material handling solutions from tuggers to forklifts to other forms of heavy machinery handling. So our campus is 57 acres, I believe. We have four plants. We're building a fifth currently. In the next two years, we're going to actually be building a sixth campus that is about a mile away. Between that, we have four plants in our main campus that are all interconnected through single-mode fiber coming back to our main data center inside the Plant One facility. My concern would come down to allowance of traversal networks, right? So east-west traffic, being able to get to things you shouldn't be able to get to. I want to make sure that I can secure the network from a routing standpoint as well as access-based and role-based access configurations. Honestly, visibility. We don't know what we don't know. We can't fix what we don't see. So being able to shine a light on those issues wherever possible. Toyota had a legacy hardware problem, we can say that. We had a lot of older, aged-out infrastructure and the question was, what do we need to do to get up to a modernization, right? We were dealing with a lot of outages caused by the old infrastructure and we were running into issues without the ability to add on support contracts because a lot of those devices were end-of-support, end-of-sale, so we weren't able to keep those up to date. We ran into firmware problems, vulnerability problems, so we had to go and find a solution. We thought about a lot of different options, but ultimately Fortinet met our demand. They were in line with our Toyota core values. They allowed us a lot more insight into the network than we had before and it was really easy to deploy. So starting my journey on the networking side, we kicked off the project to upgrade our entire core networking as well as our LAN network throughout our campus. On top of that, we just kept adding Fortinet products, so it was only natural to look into the FortiEDR, the FortiDeceptor, and the other security offerings that Fortinet has. We have edge FortiGates, right? So we have IBGP configuration between five zones. Those zones are plant, enterprise, data center, wireless, and DMZ. The DMZ is segregated off of the network. The entire process probably took 18 months and ultimately it was really great. We did utilize Fortinet professional services and we were able to come to solutions and find problems that we didn't know we had. We do have our FortiGates managed by the FortiManager. We do a lot of local changes and we allow those changes to sync up to the FortiManager to save time. But if it's a bigger change, then we look to utilize the workflow management capabilities of FortiManager to go in line with our CAV process. Everything is managed through a switch controller and an AP controller. So right now we're utilizing FortiNAC on the wireless. We have three NAC-controlled SSIDs across our entire campus and among those three SSIDs, there's about 14 different VLANs. It's been a fantastic tool for securing, hardening, and bettering the user experience for the wireless solution we have. We do FortiEDR Cloud. We install the on-prem core pieces as well as the collectors on our endpoints. We chose FortiEDR because it works with the other Fortinet products. We wanted an endpoint solution that we could manage the clients when they're both on-network and off-network. We have such a remote workforce nowadays since COVID, so being able to monitor that device wherever it goes was key for us. FortiDeceptor really helps us with what's going on inside of our network. You've got the north and south, east and west. A lot of times you're going to lose visibility within the actual LAN network unless you have something that can see that or report on that. Also, FortiDeceptor helps with our IoT or OT environment. As we know, OT is very sensitive on what type of security products you roll out, what type of agents you want to roll out. So being able to take FortiDeceptor and have it sit within that OT environment and provide a target for potential threat actors helps to give us visibility we didn't have before. Starting with EDR, that's really helped because we're a very lean team. Toyota is known for being lean. With FortiEDR, there's more proactive security controls in place that will stop things from happening instead of just getting alerted after the fact. With FortiNDR, I look at that as helping with the east and west traffic within our environment, understanding the flows and the different types of threats that might be within our network that we may not see that may not pass a firewall. I see that working in conjunction with FortiDeceptor, also FortiEDR, being able to identify a threat and potentially isolate that threat. Coming from the networking side, implementing the FortiGates with the switching and APs, being able to have that single place to go and manage everything has been very helpful. You don't have to go, all right, I need to go here to do the APs, I need to go here to do the switches, or go manage everything individually. It's all done within one place. So taking that, the other Fortinet products have, again, a similar look and feel, that FortiOS feel. It's like two clicks to get somewhere instead of having to make a change in four different locations, and it makes training a lot easier, it makes triaging network-related issues a lot easier, it makes bringing people online, if they're going to be accessing the network through a new device that's not been registered yet, we can register them quickly through bring your own device or pre-profile registration through the NAC. So I think that the FortiOS product, the entire operating system as a whole, as that single pane of management is fantastic. I think the real benefit there is more along the lines of the communication between the teams, I think the ability for the security team to communicate well with us, and we can go back and forth and say, hey, this is what we see, and they can say, hey, this is what we see, and those things look very similar from both sides, so if they have an issue and they need us to help them with, we can help them and vice versa. Because I know when we were looking at Fortinet as a partner, being able to purchase one product and getting so many things with it included at no cost was a big driver for us. Also with time savings, I think the look and feel you get from product to product, not every product looks the same, but most do, and being able to know where to go, what to do, I think just has helped our team to really skill up and learn how to use the tools faster. We are looking to spread our stack, if you will. We are currently discussing bringing in hardware as a service to our dealer networks. We have many dealers across the globe. We have a lot in the continental U.S., so we are going to be looking at managing all of those FortiGates through FortiManager, and we are looking at utilizing new Fortinet technologies such as FortiAI Ops and FortiPresence and ZTNA, so we have a lot of things in the pipeline with Fortinet, and we are excited about it.
