FortiGate

blueberrystoreSecurity

Dec 9, 2013 (3 years and 8 months ago)

393 views

December 9, 2013

Security Consolidation

The way to unmatched performance, visibility & control

Franck Bernard

Country Manager

Fortinet, Inc.

Fortinet Corporate Overview


Founded in 2000

»
Global presence with 30+ offices
worldwide & 1,300+ employees


5,000+ channel partners


100,000+ customers


Majority of the Fortune Global 100


IPO Nov 2009,
NASDAQ: FTNT


2010 revenue of $325 Million


29%

YoY growth


Q3 2011:
37%

YoY growth


Dedicated
MSS

team

2

2003
2005
2007
2009
$13
$39
$80
$123
$155
$212
$252
Fortinet Revenue ($MM)

1.
Evolution of the Firewall Market

2.
Market Analysts’ View

3.
Enterprise Unified Threat Management

4.
Security Consolidation
³

5.
WLAN Security


Agenda

Evolution of the Firewall Market

Can You Keep Up?


Intelligence

»
Reduce emphasis on human
intervention


End
-
to
-
end protection

»
Policy compliance for all devices,
including mobile


Virtualization

»
Virtual appliances

»
Multi
-
tenant environments



Consolidation of gateway
functions

»
Simplification


Enterprise
-
class features
available for all segments

»
Not limited to large appliances


Growth of WLANs

»
Mobile enterprise


Firewall Market Evolution


Firewalls developed over 25 years ago

»
Initial protection by blocking traffic by port,
protocol, or IP address


From packet filtering to circuit level to proxy to deep
packet inspection…


Threat landscape evolved from primitive to
more sophisticated

»
Able to pose as legitimate traffic & bypass policies

»
Business processes evolved as well


Firewall policies disabled over time to allow critical
applications to pass through

Hardware Theft

Lock & Key

VPN

Firewall

Physical

Connection
-
Based

The Early Days

7

1980s

1990s

2000s

Today

Performance

/ Damage

Intrusions

Viruses

Trojans

Spam

Banned Content

Worms

Spyware

Anti
-
Spyware

Antispam

Web Filter

Antivirus

IPS

Content
-
Based

1980s

1990s

2000s

Today

Hardware Theft

Physical

Connection
-
Based

Lock & Key

VPN

Firewall

Vendors Followed The Threats

8

Performance

/ Damage

Result: Multiple Devices, Consoles, Vendors

9


Problems Created

»
Stand
-
alone, non
-
integrated security

»
Created gaps in security
strategy

»
Mix of off
-
the
-
shelf systems
and applications

»
Difficult to deploy / manage
/ use

»
High cost of ownership



Consolidation


Factors driving consolidation

»
Threats


Blended threats, multi
-
vector attacks
exploiting blind spots

»
User behavior


Growth of remote workforce

»
Applications behavior


“Webification”

»
Costs

10

»
Evolution of network/security
technologies


Ability to integrate stand
-
alone
technologies and deliver
performance


Greater accuracy of detection
capabilities


The Market Analysts’ View

11

IDC’s View


Unified Threat Management

»
The evolution of the traditional firewall into an all
-
inclusive security product:


Network firewalling


Network intrusion prevention


Gateway antivirus (AV)/antispam (AS)


VPN


Content filtering


Optional technologies, such as

»
Load balancing

»
On
-
appliance reporting


Firewall

VPN

IPS

Web
Filtering

AV/AS

Gartner’s View


Next Generation Firewall

»
Standard firewall features


Network address translation, stateful inspection, and VPN and suited for the large
enterprise

»
IPS is "truly integrated" with the firewall.

»
"Application
-
awareness" capability to recognize/control applications

»
“Extra
-
firewall" intelligence


Reputation analysis, integration with Active Directory, or useful blocking or vulnerability
lists

Firewall

VPN

IPS

Web
Filtering

App
Control

Enterprise Unified Threat
Management

WAN
Optimization

Fortinet's Approach to Consolidated Security

15

Complete Content Protection

Antivirus/
Antispyware

Data Loss
Prevention

Antispam

Endpoint
Protection/

NAC

Firewall

VPN

IPS

Web
Filtering

App
Control

Vulnerability
Mgmt

Wireless
LAN

IPv6,
Dynamic
Routing

SSL
Inspection

VoIP

Strong
Authenti
-
cation

VLANs,
VDOMs,
Virtual
Appliances

Enterprise Unified Threat Management


Convert stand
-
alone products into features

»
Simplify the network and improve visibility



Deliver comprehensive solutions for the
largest global networks and organizations

»
Improve performance

»
Increase protection

»
Reduce complexity



Continually raising the performance bar with
purpose
-
built hardware and software

»
Rely on custom processors and latest generation
general purpose processors




Visibility and Control


Single “pane of glass”
management console


Single OS for all security devices


Deployment Ease & Flexibility

»
Ability to deploy technologies where
needed





17

18

Consolidated Security with Real Time Updates


Intrusion Prevention:
Vulnerabilities and Exploits

Browser and website attack code crafted by hackers and criminal gangs.



Application Control:
Unwanted Services and P2P Limiting

Botnet command channel, compromised Facebook applications, independent of port or protocol


Web Filtering:
Multiple categories and Malicious sites

Botnet command, phishing, search poisoning, inappropriate content


Antispam:
Unsolicited messages

Phishing, Malware, Social Engineering and Junk


Antivirus:
All malicious code

Documents, macros, scripts, executables

Delivered via Web, Email, USB, Instant messaging, social networks, etc



Vulnerability Management:
Real time exploit updates

Multiple scanning points FortiGate, FortiAnalyzer, FortiWeb, FortiDB, and FortiScan


Integrated Threat Protection in Action

19

“Innocent” Video Link:

Redirects to malicious Website

Integrated Web Filtering

Blocks access to malicious Website

Network Antivirus

Blocks download of virus

Intrusion Protection

Blocks the spread of the worm

Solution:

Error message:

“Drops” copy of itself
on system and
attempts to propagate

“Out of date” Flash player error:

“Download” malware file

Problem:

20

The Zeus Attack vs. Complete Content Protection


Email Sent


Contains link to compromised site

.


Mail message detected as spam (phishing)


Phishing site sends BOT infection to user disguised as ‘Security Update’ application

Content scanning prevents malicious content from being downloaded


End user executes BOT application, is infected and now all their data is compromised

Botnet command channel is blocked, no compromised data can be sent.

Security administrator is alerted to existed of an infected system.


End user accesses phishing site, enters credentials, and criminals now have their details

.
.

Access to phishing website is blocked

ANTISPAM

WEB FILTER

ANTIVIRUS

INTRUSION

DETECTION

Can You Keep Up?


Intelligence

»
Reduce emphasis on human
intervention


End
-
to
-
end protection

»
Policy compliance for all devices,
including mobile


Virtualization

»
Virtual appliances

»
Multi
-
tenant environments



Enterprise
-
class features
available for all segments

»
Not limited to large appliances


Growth of WLANs

»
Mobile enterprise


23

Security Consolidation
³



Consolidation


Gateway features unification


Integrated security appliance


Block network & content threats


Accelerated performance


10 GbE



Up to 160 Gbps



24

Security Consolidation
³


Consolidation
²


Virtual Security Domains, Virtual Management & Reporting





Virtual Domains (VDOMs)


Enable a single Firewall,
Management and Reporting
system to function as
multiple independent virtual
systems

25

Security Consolidation
³


Consolidation
³



Choice of form factor: run it all on physical appliances or as virtual software


Public Zone

Server

Servers / DMZ

Desktops /
Private

Virtualized Data Center

DMZ/Private
Zone

Hardware
Appliances

Virtual

Appliances

Can You Keep Up?


Intelligence

»
Reduce emphasis on human
intervention


End
-
to
-
end protection

»
Policy compliance for all devices,
including mobile


Virtualization

»
Virtual appliances

»
Multi
-
tenant environments



Enterprise
-
class features
available for all segments

»
Not limited to large appliances


Growth of WLANs

»
Mobile enterprise


FortiGate WLAN

Ready for Prime Time

a

b

g

n

Revenue Opportunity


$
1,801


$
1,706


$
2,098


$
2,415


$
2,707


$
2,975


$
3,180

$-
$500.00
$1,000.00
$1,500.00
$2,000.00
$2,500.00
$3,000.00
$3,500.00
2008
2009
2010
2011
2012
2013
2014
Enterprise Wireless LAN Market Size Forecast

North America
EMEA
Asia/Pacific
Latin America
Worldwide
iPad usage
in enterprise
increases
TAM to
$4.5B

29

Building Blocks of Secured Wireless LAN
Solution

Secure Wireless
Access Points

Multi
-
Threat Security
with Integrated
Wireless Controller

Fortified Wireless
Space

FortiGate Secure WLAN


New Security Paradigm in WLAN

»
Firewall


»
Encryption

»
Antivirus

»
IPS

»
UTM

Application

Priority

Mobility

Reduced
TCO

Security

Scalability

VoWLAN

What Do Customers Want?

Guest

Access

Mesh

Networking

Planning/De
ployment

Mgmt/

Monitoring

FortiOS 4.3

FortiOS

FortiOS 4.4

FortiOS

Application Control/Prioritization


WLAN is a Shared Medium


Cloud means all applications
are HTTP


L7 Identification Required


Unique to Fortinet

FortiOS 4.3

FortiOS

FortiGate

Rogue AP Detection


PCI Compliance requires Rogue Access Point
detection and Wireless IPS at Retail locations


FortiGate Rogue AP Detection and
Suppression

»
Simultaneous Rogue Detection and background
scan

»
Simultaneous Rogue Detection and full
-
time scan

»
On
-
wire Rogue detection and suppression


Wireless IPS




FortiOS
4.3

FortiOS

Guest Access

-
Guest Manager

Receptionist can
create a single
account for visitor


Following fields
are customizable.


Admin can force
certain fields to be
mandatory


Expiration time can
be edited by
receptionist if
Admin allows


-
Guest Manager

Email accounts
can be printed out
or sent to visitors
smart phone via
SMS or Email


FortiOS

4.4

FortiOS

FortiPlanner
-

Planning/Deployment


Create floor plan

»
Shape, walls, windows, doors etc


Place APs

»
Automatic or manual


Propagation Prediction




FortiOS

4.3

FortiOS

Management & Reporting


FortiManager


Global management of all wireless
controllers and
settings



FortiAnalyzer


Central logging/reporting


Wireless
PCI compliance
reports


FortiOS

4.4

FortiOS

37

Summary


Consolidate Gateway features


Layered security


Simplification


Virtualize where reasonable


Optimization


Mitigate the enhanced security risk


Armorize your WLANs


Reverse engineering


“Single Pane of Glass”


Consolidated view of all activity


See, analyze, remediate


Thank You


Franck Bernard

fbernard@fortinet.com

FortiGate as a Sales Platform

Fortinet Product Portfolio
-

Security

Unified Threat
Management

FortiGate

Network Security

Platform

FortiAP

Secure Wireless
Access

Centralized
Management

FortiManager

Centralized Device

Management

FortiAnalyzer

Centralized Logging

and Reporting

Application
Security

FortiMail

Messaging Security

FortiWeb

Web Application
Firewall

Data & System
Security

Endpoint Security

Security Services

FortiDB

Database Security

FortiClient

Endpoint Security

FortiScan

Vulnerability
Management

FortiGuard

Real
time

Security Services

FortiAuthenticator

Remote Access
Management

Fortinet Product Portfolio


Network

Failover
Protection

FortiBridge

Fail
-
to
-
Wire Bypass

Application Load
Balancing

FortiBalancer

Application Delivery

Controllers

Web Caching

FortiCache

ISP & Enterprise
-
Class Content
Caching

Ethernet Switches

FortiSwitch

Gigabit Ethernet
Switches

VoIP & Analog
Telephony

FortiVoice

IP PBX & Phones

VPN Strong Authentication

Fortinet VPN

FortiGate

FortiGate

FortiAuthenticator

Open VPN

FortiWeb

FortiGate

Web App

Servers

Web Application Availability/Security

Standard Customer

Users, Complexity, Availability, Security, Speed

Web App

Servers

FortiGate

FortiWeb

FortiBalancer

Advanced Customer

Web

High Performance AD Integration

Content Filtering, AppControl

AD Cluster

Web

Email Servers

FortiMail

Mass Email Encryption

FortiGate

FortiAuthenticator

FortiGate

FortiAuthenticator

Total Web Content Filtering

HQ Access

FortiGuard

Public Access

FortiClient

FortiGate

FortiManager