Fortinet details ONES security enhancements for enterprise SONiC deployments

ONES enhances the security framework for enterprise deployments of Software for Open Networking in the Cloud (SONiC) by implementing multiple protective measures such as Certificate Authority (CA) integration, Role-Based Access Control (RBAC), LDAP authentication, and mutual Transport Layer Security (TLS). This multilayered approach is aimed at ensuring secure communications, controlled user access, and continuous monitoring to identify vulnerabilities and satisfy compliance requirements.

Security Features Integration

ONES incorporates mutual TLS to enforce mutual authentication between clients and servers through digital certificate verification, securing data transfers across diverse vendor environments. It supports RBAC and LDAP authentication to centralize user identity management, streamline access permissions, and enhance the security posture.

Vulnerability Detection and Patch Management

Automated security scanning tools like Synk and SonarQube are embedded within ONES’ Continuous Integration and Continuous Deployment (CI/CD) pipelines to detect software vulnerabilities early during development. The platform facilitates ongoing patch application without necessitating complete system upgrades, minimizing operational disruptions while upholding system integrity.

Telemetry and Compliance Monitoring

ONES uses streaming telemetry to gather real-time information on software versions, licenses nearing end-of-life, and existing security vulnerabilities. The solution supports customizable policies and alert mechanisms that assist in continuous compliance enforcement and provide visual dashboards to identify anomalies promptly.

API Security and Access Controls

Application Programming Interface (API) endpoints within ONES are protected using authentication protocols such as API tokens and JSON Web Tokens (JWTs) (JWT). An API gateway manages traffic by enforcing rate limits and restricting access exclusively to authorized users and applications, which helps safeguard critical functions from unauthorized use.

Continuous Monitoring and Threat Detection

The platform employs machine learning-driven analytics alongside streaming telemetry to observe network behavior continuously, enabling the identification of unusual activities and triggering alerts for proactive threat mitigation. Account security is maintained through Multifactor Authentication (MFA) and activity tracking, with a designated super administrator account for system recovery operations.

ONES consolidates various security measures to support enterprise-grade protections for SONiC deployments, emphasizing automated vulnerability scanning, centralized identity management, encrypted communications, fine-grained access controls, and ongoing telemetry-based monitoring. This fact-based summary provides enterprise decision-makers with an overview of ONES’ approach to securing network fabrics in complex environments.