Fortinet Product Guide Tomislav Tucibat
Major accounts manager
© Copyright Fortinet Inc. All rights reserved.
A Global Leader and Innovator in Network Security Fortinet Quick Facts
Global presence and customer base
$770M
• Customers: 270,000+
Revenue
• Units shipped: 2.5+ Million • Offices: 80+ worldwide Platform Advantage built on key innovations
• FortiGuard: industry-leading threat research
$13M
• FortiOS: tightly integrated network + security OS
2003
2014
• FortiASIC: custom ASIC-based architecture
~$1B
• Market-leading technology: 300 patents, 250 pending
Cash
Founded November 2000, 1st product shipped 2002, IPO 2009 HQ: Sunnyvale, California Employees: 4200+ worldwide Consistent growth, gaining market share Strong positive cash flow, profitable
$16M 2003
2014 Based on Q4 and FY 2014 data
2
Fortinet Market Position
The Analyst Perspective Gartner UTM Magic Quadrant
Position Magic Position Quadrant Magic Application Quadrant Deliver Controller Enterprise
Firewall
2005–2013 2006–2013 Position
Position Magic Magic Quadrant Quadrant Security EEnterprise Mail Gateway Firewall
2010–2013 2006–2013
3
#1 in Network Security Appliances Unit Share
FTNT CSCO CHKP JNPR PANW Gaining overall market share Gaining share in higher-end markets
FortiGate – most deployed security appliance
IDC Worldwide Security Appliances Tracker, March 2015 (based on annual unit shipments)
4
FortiGate: Most Deployed Security Appliance IDC Worldwide Quarterly Security Appliance Tracker Highlights (2015Q1): • •
• • •
2,014,325 Fortinet security appliances shipped since 2004 1,148,916 Fortinet security appliances shipped since 2012; Fortinet shipped 124% units versus their next closest competitor Fortinet shipped 139% units versus their next closest competitor in 2013 Fortinet shipped 168% units versus their next closest competitor in 2014 Fortinet shipped 171% units versus their next closest competitor in the first quarter of 2015
http://www.fortinet.com/press_releases/2015/leading-analyst-firm-data-identifies-fortinet-security-market-leader.html 5
A Global Leader and Innovator in Network Security Balanced, but Enterprise & Carrier Driven
35%
40%
Entry Level
High-end
25% Mid-range Billings by Product Segment
9 of Top 10
7 of Top 10
Global 100
Global 100 Major Banks
7 of Top 10
9 of Top 10
Global 100 Computer Services
Global 100 Aerospace & Defense
Q4 2014
6
Fortinet Advantage – FAST FortiASICs Dramatically Boost Performance
NP 6
CP 8
IPS
6Gbps 2Gbps 3.5Gbps
10Gbps 9Gbps
IPS VPN
Baseline
FW VPN IPS
40Gbps 25Gbps
FW VPN
FW
10X data center firewall performance 5X NGFW performance Security that keeps up with growing bandwidth requirements
7
Fortinet Advantage – SECURE FortiGuard Labs Threat Research
Per Minute 25,000
Per Week
Spam emails intercepted
390,000 Network Intrusion Attempts resisted
83,000 Malware programs neutralized
160,000 Malicious Website accesses blocked
59,000 Botnet C&C attempts thwarted
39 million Website categorization requests
Total Database
47 million
170
New & updated spam rules
Terabytes of threat samples
100
17,500
Intrusion prevention rules
Intrusion Prevention rules
2 million
5,800
New & updated AV definitions
Application Control rules
1.3 million
250 million
New URL ratings
Rated websites in 78 categories
8,000 Hours of threat research globally
173 Zero-day threats discovered
Based on Q1 2015 data Image: threatmap.FortiGuard.com
8
Fortinet’s Global Infrastructure Built To Support Global Enterprises and Businesses Worldwide GLOBAL
HQ & Development Center Dev. & Escalation Center Support Center FDN server sites Sales Office In-country Sales/Support
9
EMEA Support Team (TAC) - GLOBAL Sophia Antipolis
Dubai
Prague
Frankfurt
Bangalore
London
10
Unparalleled Independent 3rd Party Certification Fortinet
Check Point
Cisco
Palo Alto Networks
Juniper
FireEye
NSS - Firewall NGFW
Recommended
Recommended
Recommended & Neutral
Caution
Caution
x
NSS - Firewall DC
Recommended
x
x
x
x
x
NSS - Breach Detection
Recommended
x
Recommended
x
x
Caution
NSS - IPS (DC)
✔
✔
x
x
Caution
x
NSS - IPS (Enterprise)
✔
x
Recommended
x
Caution
x
NSS - WAF
Recommended
x
x
x
x
x
BreakingPoint Resiliency
Record High - 95
x
x
Poor - 53
x
x
ICSA Firewall
✔
✔
x
✔
✔
x
ICSA IPS
✔
✔
x
x
x
x
ICSA Antivirus
✔
x
x
x
x
x
ICSA WAF
✔
x
x
x
x
x
VB 100
✔
Caution
x
x
x
x
AV Comparative
✔
x
x
x
x
x
Common Criteria
✔
✔
✔
✔
✔
✔
FIPS
✔
✔
✔
✔
✔
✔
Description
Contains results from the latest published NSS Labs reports as of Sept. 30 2014
X = did not participate, not certified
11
NSS Labs Validates Our Advantage Fortinet is “Recommended” while top competitors are not NGFW
X-axis = TCO per protected Mbps
Breach Detection
Y-axis = Security Effectiveness
Upper right quadrant = “Recommended”
Lower left quadrant = “Caution” 12
NSS Labs Validates Our Advantage… continued Fortinet is “Recommended” while top competitors are not Firewall
X-axis = TCO per protected Mbps
Web Application Firewall
Y-axis = Security Effectiveness
Upper right quadrant = “Recommended”
Lower left quadrant = “Caution” 13
Complete Network Security Solution MANAGEMENT
PLATFORM USERS
ENDPOINTS
ACCESS
SEGMENTATION
NETWORK
APPLICATION
DATA
SECURITY SECURITY THREAT INTELLIGENCE 14
SECURITY OPERATING CENTER
User ID Mgmt.
Central Log & report
Central Device mgmt.
DATA CENTER
File Analysis
Cloud based Mgmt.
DB Security
FortiCloud
FortiAuthenticator FortiAnalyzer FortiManager Network Tester
3G/4G WAN
FortiExtender
FortiWiFi
FortiSandBox Network Tap
FortiTap
Security gateway
FortiWAN
App Servers
FortiDB
FortiTester
Site-tosite VPN
Secure WiFi Access
Mail Security Gateway
Mail Servers
FortiMail
Link Load Balancer
Secure Web Caching server
FortiGate
LAN
REMOTE L2 Switching
Remote VPN Endpoint Security
FortiSwitch
WiFi Access
FortiAP
IP Cam. Recorder
FortiRecorder
FortiToken FortiClient
DB Servers
IP PBX
FortiVoice/ FortiGateVoice
2 Factor OTP Token
MOBILE
FortiCamera
FortiFone
Web App. Firewall
Failopen Device
FortiBridge L7 D/DOS Mitigator
FortiWeb
FortiCache Load Balancer
FortiADC Web Servers
FortiDDoS 15
FortiGate/FortiWiFi
16
FortiGate Deployments Data Center / Private Cloud / SDN
5 4
Public Cloud
Virtual Machine Firewall
6
Data Center Firewall (DCFW)
Boundary
Carrier/MSSP
7
Carrier Class Firewall (CCFW)
Core Network Internet / WAN
Internal Network
3
Cloud Firewall (CFW)
Internal Segmentation Firewall (ISFW)
Mobile Users
Managed Endpoint
2
Next Gen Firewall + Advanced Threat Protection / Next Gen IPS (NGFW + ATP) / NGIPS
Enterprise Campus Or Branch Office
1
Connected Unified Threat Management (Connected) UTM
Distributed Enterprise & Small Business
17
FortiGate Product Range Multi Core
CPU
SoC
1 Gbps
NP
CPU
CP
10 Gbps
Multi Core NP
CP
Chassis System
CPU
10 Gbps - 50 Gbps
50 Gbps - 1 Tbps
Multi Core
CPU
H/W Dependent
DCFW/CCFW 3000 Series
Personality, Performance and Scalability
ISFW
5000 Series
1000 Series 30-90 Series
100-200 Series
CFW/VMF W
NGFW/ NGIPS
300-900 Series
VM Series
UTM Software & Services Product Range
FortiGuard Security Services Entry Level
Mid Range
FortiOS Operating System High End
FortiCare Support Services Virtual Appliances
18
Inside FortiOS ATP
OSS Support
AAA
Central Mgmt.
Integrations
Configuration
Visibility
Log & Report
Diagnostics
Management
Anti-Malware
IPS
Application Control
Web Filtering
Email Filtering
Firewall
VPN
DLP
User & Device Identity
SSL inspection
Security Functions
Wireless Controller
Switch Controller
Endpoint Manager
Token Server
Vulnerability Scanner
Extensions Virtual Systems
:::::::::: Virtual Domains :::::::::: Routing
NAT/CGN
L2/Switching
QoS
IPv6
Wan Optimization
WAN Link / Server LB
High Availability
Network Functions Network Services
NAT/Route
Transparent
Sniffer
Operating Modes
LAN
WiFi
WAN
Network Interface
Physical Appliance (+ASICS)
Hypervisor
Cloud
Platform * Features may varied by models
19
FortiGate Virtual Appliance Series Agile Security for Virtual Environments Primary Benefits: ✔ ✔
✔
✔
FG-VM
Increased visibility and security within virtualized infrastructure better protect critical resources Ability to manage virtual appliances and physical appliances from a single pane of glass management platform reduces TCO Comprehensive Hypervisor support Feature-rich security and virtual networking support facilitate wide deployment and requirement options
VMware ESXi
Citrix Xen
Xen
KVM
MS Hyper-V
Amazon AWS
MS Azure
20
Services, Licenses & Subscriptions Included with FortiGate • • • • • • •
DNS Service DDNS Service NTP Service 2 FortiTokenMobile License* 10 FortiClient Endpoint License* 10 VDOMs License FortiCloud Service (trial)*
+ FortiTokenMobile License + Endpoint License** + VDOM License** + FortiCloud Storage Top-up + SMS Top-up
FortiCare Subscription Required • • • • •
Geography Updates BYOD Signatures Updates USB Modem DB Updates Vulnerability Scan Signature Updates Firmware Update
*Registration Required ** Available on selected Models 21
Services, Licenses & Subscriptions FortiGuard AV Subscription • • •
Botnet IP reputation DB FortiCloud Sandbox Service (for v5.2.2 and below) Proxy & Flow based AV signatures
FortiGuard Web Filter Subscription • •
DNS Based Web Categories Filtering Proxy & Flow based Web Categories DB
FortiGuard NGFW Subscription • •
IPS Signature Updates Application Control Signature Updates
FortiGuard Anti-spam Subscription •
Anti-spam Services
22
FortiAP
23
FortiAP Family Positioning FortiWiFi
FortiAP
FortiAP-S Series
Management
FortiManager
FortiGate
FortiCloud
APs per site
One
Many
Few
IPS, AV, App, URL
IPS, AV, App, URL
IPS, AV, App*, URL
VPN
Yes
No
No
WIDS / Rogue AP
Yes
Yes
Yes
Automatic Channel Selection
Yes
Yes
Yes
Fast Roaming (OKC)
No
Yes
Yes*
Wireless Mesh
Yes (Root)
Yes
Yes*
FortiPresence
Yes
Yes
Yes*
Security
*Check datasheet for availability
24
FortiAP Family 802.11ac
FAP-320C 3x3:3 Dual Radio Dual Band
Resiliency and Versatility
802.11ac
FAP-222C FAP-224D FAP-222B
2x2:2
Performance
FAP-221/223C
802.11ac
FAP-221/223B
FAP-28C Single Radio
1x1:1 Value
802.11ac
FAP-321C FAP-320B
FAP-24D FAP-210B
FAP-25D FAP-21D FAP-14C FAP-11C Remote
FAP-112D FAP-112B Outdoor
Indoor
25
Hardware Overview – FortiAP S-Series FAP-S311/313C
FAP-S321/323C
Smoke Detector Form Factor
Smoke Detector Form Factor
Rx / Tx
3x3
3x3
Radio 1
2.4/5GHz b/g/n (450 Mbps) or a/n/ac dual-band (1300 Mbps)
5GHz a/n/ac concurrent (1300 Mbps)
Radio 2
-
2.4 GHz b/g/n (450 Mbps)
802.3af
802.3af
311C: 3 internal 313C: 3 external
311C: 6 internal 313C: 3 external
1 x GE RJ45
1 x GE RJ45
Yes
Yes
FortiCloud
FortiCloud
Form Factor
PoE Antennas Ethernet Interfaces USB Management
26
FortiSwitch
27
Introducing FortiSwitch Access level Gigabit Switches with ease of use and low cost of ownership FSW-28C FSW-80-POE FSW-124B-POE FSW-224B
Outstanding price, performance, and scalability to organizations with diverse operational needs. Primary Benefits: ✓ High Port Density ✓ Integrated Power Over Ethernet
FSW-324B FSW-348B FSW-448B
✓ Connect Access Points, Peripherals, Cameras, Phones ✓ Create an integrated, secure network
28
40G
FSW-3032D
10G
Data Center
FortiSwitch Family
FSW-1024D
Access
1G
FL Stacking
Secure Access
40G
POE
FL Stacking
FSW-524D-FPOE
FSW-548D-FPOE
POE/+
FSW-424D-FPOE
POE/+
FSW-448D-FPOE
POE/+
FSW-224D-FPOE FSW-224D-POE
POE/+
FSW-248D-FPOE
FSW-108D-POE
FSW-28C
POE
FSW-1048D
FSW-80-POE
8 ports
POE POE
FSW-124D-POE FSW-124D
POE
FSW-224B-POE
POE
FSW-124B-POE
24 ports
32 ports
48 ports 29
FortiClient
30
Introducing FortiClient Comprehensive end-point protection & security enforcement Multifunctional Host Security • •
Flexibility in deployment Fully integrated features, reduce needs for multiple client solutions
End Point Control •
Enforce compliance and security policies on mobile hosts
Centralized Logging and Reporting •
Via FortiGate for enterprise requirements
31
FortiClient V5.2 Windows
New in 4.0 MR3 Mac OSX
iOS
Android
IPSec VPN
✔
✔
-
✔
SSL VPN
✔
✔
Web Mode Only
✔
2FA
✔
✔
✔
✔
Anti-Virus
✔
✔
-
-
Web Filtering
✔
✔
✔
✔
WAN Optimization
✓
-
-
-
Registered for Central Management Config Provisioning
✔
✔
✔
✔
Logging (to FMGR/FAZ)
✔
✔
-
-
Windows AD SSO Agent
✔
✔
-
-
Application Firewall
✔
✔
-
-
Vulnerability Scanning & Reporting
✔
✔
-
-
Custom Install
✔
✔
-
-
32
FortiToken
33
Introducing FortiToken Oath Compliant Time Based Hardware One Time Password Token Supports Strong Authentication • • • • • • •
IPSEC VPN SSL VPN Administrative Login Captive Web Portal 802.1x Authentication Web Application Access SSO
Authentication Platforms • •
FortiGate (FOS4.3 and later) FortiAuthenticator (FAC 1.4 and later)
Secure Seed Delivery Options • • •
Online Via FortiGuard Encrypted file on CD (FTK-200S) In-house Seed Provisioning Tool (special order)
34
Introducing FortiToken Mobile Oath Compliant Time Based One Time Password Soft Token Highly Secure • • • • •
Pin Protected App Device Binding Brute Force Protection Dynamic Seed Generation Encrypted Seed Storage
Authentication Platforms • •
FortiGate (FOS5.0 Beta 5 and later) FortiAuthenticator (FAC 1.4 and later)
Broad Device Support • • •
iOS (iPhone, iPad, iPod Touch) Android BlackBerry (TBD)
35
FortiAnalyzer
36
Introducing FortiAnalyzer Logging, reporting and analysis from multiple Fortinet devices Aggregated Logging • • •
Singular View of all Fortinet Devices Built-in Content Archiving Malicious File Quarantine
Centralized Reporting • •
Predefined Summary & Device Reports Hundreds of Customizable Charts & Graphs
Analysis & Event Correlation • •
Vulnerability Assessment Network & Log Analysis
Scalable Solution • • • •
Hardware and VM Versions Available Collector/Analyzer Modes for Large Deployments High Performance Logs/Sec Processing Support for Internal or External SQL Databases
37
FortiManager
38
Introducing FortiManager Tools that effectively manage any size Fortinet security infrastructure, from a few to thousands of appliances Administrative Domains (ADOMs)
Locally Hosted Security Content
•
•
Enables the primary ‘admin’ to create Virtual Management Domains containing devices for other administrators to monitor and manage
•
Allows administrators better control over security content updates and provides improved response time for rating databases. Run a local copy of AV, IPS, URL, A/S signature databases.*
Hierarchical Objects & Policy Management • • •
Create Global Objects and Policies Assign to ADOM or groups of ADOMS Create device configuration templates to quickly configure a new Fortinet appliance
Web Portal SDK •
JSON-based API allows MSSPs to offer administrative web portals to customers
* Capabilities varied by Models 39
FortiSandbox
40
Introducing FortiSandbox Advanced Threat Protection solution designed to identify and thwart the highly targeted and tailored attacks Advanced Threat Protection • • •
Multi-layered filtering with Code Emulator, AV engine, Cloud query and Virtual OS sandbox Handles multiple file types, includes files that are encrypted or obfuscated Examine files from various protocols, included those that uses SSL encryption
4 Latest AV Signature Update
Flexible Operation Modes • •
Receives file sample using integration with FortiGate/FortiMail, sniffer mode and manual file uploads Capture files from remote locations using deployed FortiGates
3 Malicious Analysis output
? Monitoring and Reporting •
Detailed analysis reports and real-time monitoring and alerting
1 File Submission
2
Centralized File Analysis
41
FortiAuthenticator
42
Introducing FortiAuthenticator Identity Management, User Access Control and multi-factor identification Authentication and Authorization •
RADIUS, LDAP, 802.1X
Two Factor Authentication • •
FortiToken Tokenless, via SMS and email
Certificate Management • •
X.509 Certificate Signing, Certificate Revocation Remote Device / Unattended Authentication
FortiToken Issuing CA
Fortinet Single Sign on • •
Active Directory Polling RADIUS Integration
LDAP User Database
FortiAuthenticator
43
FortiDDoS
44
Distributed Denial Of Service?
45
Puppetnets for DDoS attacks To avoid client-side caching GET 1.gif?12345679
www.victim.com
www.IamGullible.com
GET 1.gif?12345678
stealth 46
46
Introducing FortiDDoS Hardware Accelerated DDoS Intent Based Defense Rate Based Detection •
High performance protection using ASIC
Self Learning Baseline • •
Ease Maintenance Maintain appropriate protection dynamically
ISP 1
FortiDDo S
Web Hosting Center
Signature Free Defense •
Hardware based protection
Inline Full Transparent Mode •
No MAC address changes
Granular Protection •
Multiple thresholds to detect subtle changes and provide rapid mitigation
Firewall
ISP 2
Legitimate Traffic Malicious Traffic
47
FortiMail
48
Introducing FortiMail Advanced anti-spam and antivirus filtering solution, with extensive quarantine and archiving capabilities. Specialized messaging security system •
Advanced, bi-directional filtering prevents spread of spam, viruses, phishing, worms, and spyware
Flexible deployment options •
Transparent, Gateway, and Server modes that adapts to organizational needs and budget
Mail Servers
FortiMail
Identity based encryption •
Secure, encrypted communication
Email archiving •
On-box archiving facilitates policy and regulatory compliance requirements
49
FortiWeb
50
Introducing FortiWeb Web application firewall to protect, balance, and accelerate web applications.
Web Application Firewall • • • • •
Aids in PCI DSS 6.6 compliance Protection against OWASP Top 10 Application layer DDoS protection Auto Learn security profiles Geo IP data analysis and security
Web Vulnerability Scanner •
Scans, analyzes and detects web application vulnerabilities
Application Delivery •
Web Application Servers
FortiWeb SQL Injection, XSS…
Assures availability and accelerates performance of critical web applications
51
FortiDB
52
Introducing FortiDB Database Activity Monitoring and Vulnerability Assessment solution Database Activity Monitoring (DAM) • • •
Real-time monitoring of key users and critical transactions User Activity Base lining Block database attacks in real time
FortiDB
Vulnerability Assessment • •
Sensitive data discovery in databases Vulnerability scanning with remediation advice
Policy Driven Controls •
Automated process of establishing IT controls
Database Audit and Compliance •
For compliance and forensics analysis purpose
Database Servers
Deployment options: Sniffer, Native Audit and Agents
53
FortiADC
54
Introducing FortiADC Optimize the availability, performance and scalability of mobile, cloud and enterprise application delivery Application Availability • • • • •
Layer 2/3/4 and 7 load balancing techniques Application session persistence Proxy and transparent modes Global Server Load Balancing (GSLB) for geographic resilience Link Load Balancing
Application Acceleration • • • •
Web Application Servers
TCP Optimization Memory based content caching Data compression SSL Offload and acceleration
Application Interoperability •
Implementation Guides for Microsoft Exchange, Lync, SAP etc.
55
Other Information
56
Virtual Appliance Platforms VMware
Citrix
Open Source
vSphere v4.x
vSphere v5.x
vSphere v6.0
Xen Server v5.6 SP2
Xen Server v6.0
Xen
KVM
FortiGate-VM*
✔
✔
✔
✔
✔
✔
✔
FortiManager-VM
✔
✔
✔
✔
✔
FortiAnalyzer-VM
✔
✔
✔
✔
FortiWeb-VM
✔
✔
✔
✔
FortiMail-VM
✔
✔
✔
✔
FortiAuthenticator-VM
✔
✔
Virtual Appliance
Microsoft Hyper-V 2008 R2
Hyper-V 2012
Azure
✔ **
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔ **
✔
AWS
✔ ✔
✔
✔
✔
✔
✔
FortiVoice-VM
✔
✔
✔
✔
✔
FortiRecorder-VM
✔
✔
✔
✔
✔
FortiSandbox-VM
5.1, 5.5
FortiWAN-VM
✔
✔
FortiADC-VM FortiCache-VM
Amazon
5.5
✔
* Also as FortiGate-VMX for VMWare NSX ** Also available as pay-as-you-go licensing option
57
FortiGuard Services App. Control
IPS ✔
FortiGate
IP Rep./ Anti-bot
AV ✔^
Web Filtering
Anti-spam
Vuln. Scan
✔
✔
✔*
✔
✔
FortiCache
✔
✔
FortiMail
✔^
FortiWeb
✔
✔
✔
✔ ✔
✔
FortiADC D-Series
✔
✔
FortiADC E-Series
✔
FortiDDoS
✔
FortiDB
DB Security
✔
FortiSandbox FortiClient*
WAF
✔
* Free Subscription Service(s) ^ FortiSandbox Integration
58
A Strategic Approach Against an Increasingly Sophisticated Threat Tomislav Tucibat Major Accounts Manager
© Copyright Fortinet Inc. All rights reserved.
59
What We Used To Think
60
How We Think Today
61
The Anatomy Of An Attack
“Generic Threat” Bot Zero Day Threat
Trojan Virus Worm
Devices Email Web sites Physical media
62
Advanced Targeted Attack Lifecycle Day 1
2 Years + “Bot net” Activation
Advanced Targeted Attack
“Social Engineering”
Zero Day Exploit 63
The Threat is Worse Than Ever
*Akylus July 2014
64
With A Consistent Motivation
*Hackmageddon July 2014
65
2014 Threat Landscape Developments IoT: The Moon Worm Linksys Routers
Heartbleed Vulnerable OpenSSL
Apple iCloud Ransomware $100 EUR Oleg Pliss
Havex RAT OPC Server Spy
Cybervor 1.2B User & Pass 500M emails
Feb 13 May 26
Apr 07
Jun 23
Aug 05
Aug 15
Supervalu Data Breach, 200 Stores Affected Evernote Hack 50M Users
Q2 2014 (IDC): 301.3M Smart Phones Shipped Android 84.7% Market
Mar 2013
February: Drive-By Mobile (DriveGenie)
Jun 10
Evernote Hack 164,644 Forum Members
June: Pletor Mobile Ransom (Doc Encryption)
July: Dorkbot/Ngrbot Kamikaze
66
2015 - Another Record Year of Security Breaches
US Federal Governme nt OPM 21.5M +
Scottrade 4.6M customers
Twitt er
Ashley Madison 37M Potential Divorces Source: DataBreaches.net
V-Tech 4.3 M exposed British Gas 2,000 customer data
Anthem IRS One-third 100,000 + Taxpayer Americans personal affected information Hackin g Team
Talk Talk T-Mobile 157,000 customers, 15M customers at risk for 21,000 personal and bank Carphone social security Warehouse details Hello Kitty data stolen 2.4M Users Personal Excellus 4% of UK information for BlueCross Population 3.3 million BlueShield accounts UCLA 10M Patient Health Records 67
No One Is Immune
Did you change your password?
68
ebay – The Impact by the Numbers
145 M 525,600
262,800 551
User accounts compromised
Minutes in a year
Number of Passwords changed in a year (Average 2 minutes/password)
Man/years wasted changing passwords
69
Follow The Acronym Trail
70
Is There A Silver Bullet For Defeating an ATA?
Advanced Targeted Attack
71
Focus on Three Key Actions
Step 1 - Prevent
Step 2 - Detect
Step 3 - Mitigate
• Prevent threats before they enter your network
• Discover threats that have or tried to enter the network
• Respond to any threats that have breached the network
• Proactive is key
72
Fortinet Advanced Threat Protection Framework
73
Step 1 - Prevent Stateful Firewall
2 Factor Authentication Intrusion Prevention Application Control
Web Filtering Email Filtering Anti-Virus
74
A Cornerstone of Prevent
The reports of my death have been greatly exaggerated.
75
The Human Factor - Laziness
“Old Habits Die Hard”
76
Operating Systems Require Constant Updates
Installed PC Operating Systems* 9% 3%
12%
24%
52%
Windows 8/8.1 Windows 7 Windows XP Windows Vista *Net Applications September 2014
77
Not All Anti-Virus Solutions are Equal
Detection Technology
Network Placement
Operational Efficacy 78
Step 2 - Detect Stateful Firewall
Client reputation
2 Factor Authentication
Network behavior analysis
Intrusion Prevention
Sandboxing
Application Control
Web Filtering Email Filtering Antivirus
Botnet detection
79
Payload Analysis (aka “sandboxing”) What is it?
Unsafe action, escape attempt
X
» Virtual container, reflecting an end user desktop, in which untrusted programs can be safely examined
What happens in it? » Code is executed in an contained, virtual environment communication » Activity is logged and is analyzed for suspect characteristics Controlled inspection » Rating is determined based on system, file, web and traffic activity
Why is it important? » Traditional security looks at static attributes (signature, heuristic, pattern, reputation, etc.) rather than dynamic activity » In many cases, a site or code is just the first, small stage 80
But a Word of Caution,,,,,
http://www.darkreading.com/attacks-breaches/the-increasing-failure-of-malware-sandbo/240159977
81
Step 3 - Mitigate Stateful Firewall
Client reputation
2 Factor Authentication
Network behavior analysis
Intrusion Prevention
Sandboxing
Application Control
Web Filtering
Consolidated logs and reports
Email Filtering
Professional Services
Antivirus
User or Device Quarantine
Botnet detection
Real-time Activity Views
Security Reporting Threat Intelligence Threat Prevention Updates 82
Coordinated Defense Strategy
In-Network Defenses
Continuous Updates
Threat Research and Discovery
83
The Fortinet ATP Solution
FortiGuard Lab FortiGuard Services
84
Protecting Today’s Network Evolution, evolution, evolution
Wherever there is value, the cyber criminal will follow
85
Protecting Today’s Network Evolution, evolution, evolution
Wherever there is value, the cyber criminal will follow
Anticipate, React, Respond
86
Protect your Entire Network with ONE Operating System FortiOS to Enable Network Segmentation and Deliver Ultimate Visibility Tomislav Tucibat – Major Accounts Manager 19th May
© Copyright Fortinet Inc. All rights reserved.
UTM Layered NGFW Defense APT
88
FortiGuard
FortiOS
NGFW
FW
89
Focus Areas
I S
APT
F
360o
W
90
APT
STANDALONE SANDBOX LIMITED INTEGRATION Time to Protect: ?
Play Safe!
FORTINET ANTI-VIRUS Time to Protect: 4 Hours.
5.4: FORTIGATE/WEB/MAIL + FORTISANDBOX Time to Protect: 2-3 minutes.
5.4: ENDPOINT + FORTISANDBOX Time to Protect: 0
Out of Bounds Drive to ER Call Ambulance 91
APT
Submission I N T E G R AT I O N S File Interception • Extracts in-line samples (clear or SSL encrypted) • Uses AV Profile – Flow and Proxy Mode File submission • Intelligently only send supported file types • File tying is done of FGT AV engine
• Auto-updated with AV services
? FILE SUBMISSION
• Manual file types whitelisting to conserve bandwidth Appliance or Cloud – same technology !
92
APT
Retrieving Results •
Summary Results
•
FortiView Visibility
•
Detailed Malware Report
•
Directly in the UI
FORTIVIEW FORTISANDBOX VIEWER By Source (with Threat Scoring), by File
S TAT U S S U M M A RY ON DASHBOARD
A N A LY S I S R E P O RT V I A FORTIVIEW DRILL-IN
93
Dynamic Protection Ecosystem
APT
FORTISANDBOX
QUERY 1
File Submission
File Submission
2
Detailed Status Report
4
FSA Dynamic Threat DB Update
File Status result for auto File Hold & Quarantine FSA Dynamic Threat DB Update
1
2 3a 4
1
File submission for Analysis
2
Respective analysis results are returned
R E M E D I AT I O N 3a Auto File Quarantine on Host with option to hold file until result
3b Manual Host Quarantine by Admin Real-time engine & intelligence updates FORTIGATE
Manual Source IP Quarantine using
3c Firewall
FORTICLIENT
PROTECTION 3b Control Host Quarantine 4 3c
Enforce Network Quarantine
Proactive dynamic Threat DB update to gateway and host 94
APT
Taking Action F O R T I G AT E F O R T I S A N D B O X I N T E G R AT I O N Threat Protection Updates • Periodic (every minute) push update to FSA registered devices • Malicious File checksum DB • Malicious URL List
FSA DYNAMIC THREAT DB UPDATE
95
APT
Endpoint Integration F O R T I G AT E F O R T C L I E N T I N T E G R AT I O N Endpoint Control • Manually instruct FortiClient to selfquarantine via FortiView • Host will not be able to make any network communication, except to FortiGate • Administrator may release client once deemed appropriate via the “User Quarantine Monitor”
HOST QUARANTINE
96
APT
Quarantine without Host Control or Visiblity F O R T I G AT E N E T W O R K
NETWORK QUARANTINE
Source Quarantine • Block traffic traversing through FortiGate for a particular infected source temporarily or permanently • Can be used for other scenarios such as an external attacker • Administrator may release client once deemed appropriate via the “User Quarantine Monitor”
97
APT
APT
T O D AY
Costly. Time consuming. Limited expertise.
TOMORROW
Fast Reaction Centralized expertise. Notify & alert in real time.
98
I S F W
99
A WAR AN A L O G Y: WAL L E D C I T I E S
2-dimensional landscape. Protect the perimeter. “Full trust” model inside the city.
ARMIES OF MEN
Attack the perimeter. Exploit weaknesses in perimeter.
100
CHANGING LANDSCAPES
AERIAL WARFARE 3D ATTACK SURFACE
101
CHANGING LANDSCAPES
MOBILITY. LATERAL MOVEMENT. RECONNAISSANCE.
102
CHANGING LANDSCAPES
KNOW YOUR ENEMY. “ZERO TRUST” MODEL.
103
… a lot like a walled city… People establish commerce
Form interactions
Buildings Roads Egress point
104
Modern attacks happen INSIDE the city
105
From “Full Trust” to “Zero Trust” VIRTUAL • • •
Data Center Migrations East/West Policy Management Orchestration & Integration
•
Automation
PHYSICAL • • •
Layered Networks Internal Segmentation Co-ordination among internal security elements
•
REST API Evolution 106
I S F W
Building Blocks SECUR Data Center
Cloud Cloud
E VM
SECUR E
BYOD
ENDPO Internet
INT WLAN
SECURE ACCESS Edge Gateway
Cloud Cloud
LAN Access Home Office
Branch Office WAN
107
I S F
Access Layer: Wireless
W
•
Managed AP Portfolio
•
Tight integration with security policy
•
Single pane of glass
•
Moving Security down to the access layer
•
5.4 Extensions •
Flexibility Controls for Large Environments
•
Central AP Across Multiple FortiGate / Sites
•
HA Clusters & Redundancy
•
Maps & Provisioning
108
Integrated Secure access solution that provides security and access control in one box
Why Integrated?
Integrated: Industry’s most integrated secure access offering Unified Management: Single pane of glass to manage both security and access. Scalable: Scalable to support enterprises of all different sizes Central Location
FortiCloud
Remot e
Integrated • Security appliance and access control in one box with WLAN controller built in
Branch Office
Unified Management • Single pane to manage switches, access points, security appliances and more
Scalable • Scalable to support enterprises of all sizes • Full line from large to small secure access appliances 109
Integrated Security and WLAN Control
Enterprise WLAN controller Single pane of glass
Rogue AP and WIDS
Unified wired/wireless
Integrated captive portal
Application control FortiGuard Services Security
Securit y
Access Control
Tunnel, bridge and mesh BYOD (Device ID & Policy) Guest (non IT) Telecommuter High Density Feature
Auto RRM
110
Integrated Secure access solution that provides security and access control in one box
Why Integrated?
Integrated: Industry’s most integrated secure access offering Unified Management: Single pane of glass to manage both security and access Scalable: Highly scalable to support large enterprises
111
Integrated Wi-Fi talking points • • • • • •
Who else has this? Easy to add on existing Fortigate as every Fortigate is a wireless controller! Easy licensing: No AP license, No feature license It has security in its DNA (security goes first, Wi-Fi goes second as access to network) Don’t forget about the Wi-Fi features (mentioned earlier) Goes well with: • Enterprise/Distributed Enterprise (with multiple small remote sites, mobile workers), • Hospitality • Primary/High education (where advanced security is a must) • SMB • Flexible AP models (from 1x1:1 to 3x3:3 802.11ac, internal/external antennas, indoor/outdoor/remote) • Really scalable • Goes to Cloud and back 112
I S F
Access Layer: Switches
W
•
Managed Switch Portfolio
•
Tight integration with security policy
•
Single pane of glass
•
5.4 Extensions •
Large Number of Switch Options
•
Stacking
•
HA Clusters & Redundancy
•
Dynamic Discovery & Linking
113
APT
Endpoint: NAC Controls F O R T I G AT E F O R T C L I E N T I N T E G R AT I O N Endpoint Control • Provision & Co-ordination via central console (AD environments typically) POLICY & QUARANTINE
• Manage endpoint policy via ISFW Framework • Host-based Quarantine
114
Hold On… I’m already secure – I bought & deployed all these products! •
UTM / NGFW
•
Sandbox
•
WAF
OK.
•
DDOS
Show me how secure you are.
•
Endpoint
115
FortiView
116
AVAILABLE IN
360o
Visibility – FortiView
5.4
117
360o
Topology Discovery & Data Exchange
118
360o
New 360° View
119
360o
Reports
Flat UI Simple Easily Customized FortiView Integration
120
360o
I S F
Compliance Reports
W
121
THANK YOU
122