Fortinets cyber security technology help organizations comply with the requirements of the Cyber Security Act and Personal Data Protection Act

Information Technology Press Releases Tuesday October 1, 2019 15:37
Bangkok--1 Oct--Communication Arts

Thailand has been rapidly responding to digital transformation to achieve the 4th industrial revolution as other parts of the world. On 27 May 2019, the Cyber Security Act of Thailand B.E. 2562 (2019) ("CSA") was published in the Government Gazette; therefore, it has been in effect since then. The Personal Data Protection Act (PDPA) has drawn various concepts from the EU General Data Protection Regulation (GDPR) and will come into effect next year. A one year transition period has been granted to companies and government agencies handling personal data to comply with key provisions of the Act. Therefore, the organizations in Thailand should comprehend the importance and find the ways to comply with these 2 Acts.

The main objective of the CSA is to secure national security in cyberspace, governing both public and private sector databases and information. CSA has applied the standards and guidelines of National Institute of Standard and Technology (NIST) to establish Cybersecurity Framework for cybersecurity privacy needs in Thailand in 5 core functions as follows:

1) Identify
2) Protect
3) Detect
4) Respond
5) Recover

Dr. Rattipong Putthacharoen, Senior Manager, Systems Engineering at Fortinet Thailand reveals that such Cybersecurity Framework provides the private sector organizations with a structure for assessing and improving their ability to prevent, detect and respond to cyber incidents. How to comply with the 5 Core Functions, the organizations need advance Security Fabric Platform from Fortinet. It is the first open architecture approach to security that dynamically adapts to and secure the IT infrastructure under Fabric-Ready Partner eco-system collaboration. Security Fabric Platform is broad (so as to have wide visibility of entire digital attack surface), integrated (so the protection covers across all devices, networks and appliances) and automated (the operations and response will be driven automatically by Machine Learning technology.)

Here are the 5 Functions and suggestions from Fortinet how to comply with them:

Organizations must develop an understanding of their environment to manage cybersecurity risk to systems, assets, data and capabilities. To comply with this Function, it is essential to have full visibility into your digital and physical assets and their interconnections, defined roles and responsibilities, understand your current risks and exposure and put policies and procedures into place to manage those risks.

Fortinet suggests at least to use the FortiToken and FortiNAC in order to identify and assess users; FortiInSight and FortiSIEM for asset and risk management purpose; FortiClient and FortiNAC for vulnerability assessment activities; next-generation firewall FortiGate, FortiAnalyzer and FortiManager for risk assessment and governance purposes.


Organizations must develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event. To comply, the organization must control access to digital and physical assets, provide awareness education and training, put processes into place to secure data, maintain baselines of network configuration and operations to repair system components in a timely manner and deploy protective technology to ensure cyber resilience.

Fortinet proposes to use FortiGate as security gateway and FortiDDos, FortiMail to protect the mail system, FortiWeb to protect web applications, FortiClient as well as FortiProxy and the advance threat technology FortiSandbox to detect Zero-day attacks. To protect cloud environment, Fortinet has developed Fortinet-hosted services as SaaS type; namely, FortiSandbox Cloud, FortiMail Cloud, FortiWeb Cloud, and FortiCASB services. Moreover, Fortinet extends the on-IaaS security services with leading Infrastructure as a Service providers including AWS, Microsoft Azure, Oracle Cloud Infrastructure and Alibaba Cloud.


Organizations must implement the appropriate measures to quickly identify cybersecurity events. The adoption of continuous monitoring solutions that detect anomalous activity and other threats to operational continuity is required to comply with this function. The organization must have visibility into its networks to anticipate a cyber incident and have all information at hand to respond to one. Continuous monitoring and threat hunting are very effective ways to analyze and prevent cyber incidents in ICS networks.

In order to identify the unknown zero-day threat, Fortinet proposes FortiDeceptor and FortiSandbox appliances. Besides the FortiSEIM and FortiAnalyzer installed at Security Operation Center (SOC) help keeping and analyzing digital traffic log, that the organization shall supply once being asked.


Should a cyber incident occur, organizations must have the ability to contain the impact. To comply, the organization must craft a response plan, define communication lines among the appropriate parties, collect and analyze information about the event, perform all required activities to eradicate the incident and incorporate lessons learned into revised response strategies.

For endpoint detection response, Fortinet deploys FortiClient to perform activities to remedy the situation such as stop the users from opening the malicious file; and uses FortiNAC to quarantine the infected user and devices. Besides, FortiSIEM, FortiAnalyzer and FortiManager help analyzing computer log and making notifications automatically. With Fortinet's latest Security-Defined Network technology, the connection and communications among security appliances and networking appliances; such as FortiGate, FortiSwitch and FortiAP are improved.

Fortinet can help organizations to restore any capabilities or services that were impaired due to a cybersecurity event on case by case basis.

The Personal Data Protection Act imposes high penalties for non-compliance. For example, it is punishable with administrative fines (up to THB 5 million), criminal penalties (imprisonment up to one year and/or fines up to THB 1 million). Therefore, Fortinet urges all entities to immediately assess the internal personal data governance and start taking action for compliance. The road to full compliance with the PDPA could involve the engagement from all departments and deploying advance security technology.

Fortinet is confident the Security Fabric Platform which is composed of sensitive data protection; including Data Loss Protection, Access Control, Data Integrity and Data Exposure. All the said features are embedded in Fortinet's solution both Security as a Service (SaaS) type for on-premise protection and Infrastructure as a Service (IaaS) for cloud-environment protection. The involved appliance shall be FortiToken, FortiNAC, FortiWeb and FortiClient. The right approach for the company should be customized to fit the size and the business operation of each entity.

Latest Press Release

The Most Powerful and Advanced Smartphones the iPhone 11 Pro and iPhone 11 Pro Max and the All New Dual Camera iPhone 11 Available for Pre-Order from TrueMove H on Friday, October 11, 2019

TrueMoveH today announced it will offer the latest products from Apple, including the iPhone 11 Pro and iPhone 11 Pro Max, a new pro line for iPhone, as well as the new dual-camera iPhone 11. Customers will be able to pre-order iPhone 11, iPhone 11 Pro...

Things on Net Co., Ltd. launched Sigfox 0G Network dedicated to IoT The first world-class IoT communication technology network in Thailand, Providing integrated solution and create an ecosystem for the Thai IoT market

Things on Net Co., Ltd. plans to penetrate the Thai IoT market after obtaining an exclusive right as the sole Sigfox operator in Thailand. The firm provides the world's leading communication technology that can globally distribute signal for...

ภาพข่าว: แอพพลิแคด เปิดงาน AppliCADs SOLIDWORKS Innovation Day 2020 ตอบโจทย์การออกแบบอุตสาหกรรมอย่างครบวงจร

คุณประภาส ตั้งอดุลย์รัตน์ (กลาง) ประธานเจ้าหน้าที่บริหาร บริษัท แอพพลิแคด จำกัด (มหาชน) ถ่ายภาพเป็นที่ระลึกร่วมกับ Mr. Masaki Konno, Managing Director - Asia Pacific South, Dassault Systemes (ซ้าย) และ Mr. Brian Sung, Vice President, Professional...

Vymo Announces Partnership With ABeam Consulting

Today, New York-based, Vymo, Inc.("Vymo", Head office: New York with APAC HQ: Singapore and CEO Yamini Bhat) and ABeam Consulting Ltd. ("ABeam Consulting", Head Office: Tokyo; President and CEO: Toshinori Iwasawa), announced the partnership for expanding...

Kasperskys Stephan Neumeier recognised for outstanding leadership at the Asia Corporate Excellence Sustainability Awards (ACES) 2019

Stephan Neumeier, Managing Director for Asia Pacific (APAC) at Kaspersky was awarded the "Outstanding Leaders in Asia" title at this year's Asia Corporate Excellence & Sustainability Awards (ACES) 2019 on September 20, 2019. Having joined Kaspersky...

Related Topics