Fortinet Product Guide - Lanaco

24. FortiAP Family Positioning. FortiWiFi. FortiAP. FortiAP-S Series. Management. FortiManager. FortiGate. FortiCloud. APs per site. One. Many. Few. S...

25 downloads 932 Views 12MB Size
Fortinet Product Guide Tomislav Tucibat

Major accounts manager

© Copyright Fortinet Inc. All rights reserved.

A Global Leader and Innovator in Network Security Fortinet Quick Facts

Global presence and customer base

$770M

• Customers: 270,000+

Revenue

• Units shipped: 2.5+ Million • Offices: 80+ worldwide Platform Advantage built on key innovations

• FortiGuard: industry-leading threat research

$13M

• FortiOS: tightly integrated network + security OS

2003

2014

• FortiASIC: custom ASIC-based architecture

~$1B

• Market-leading technology: 300 patents, 250 pending

Cash

Founded November 2000, 1st product shipped 2002, IPO 2009 HQ: Sunnyvale, California Employees: 4200+ worldwide Consistent growth, gaining market share Strong positive cash flow, profitable

$16M 2003

2014 Based on Q4 and FY 2014 data

2

Fortinet Market Position

The Analyst Perspective Gartner UTM Magic Quadrant

Position Magic Position Quadrant Magic Application Quadrant Deliver Controller Enterprise

Firewall

2005–2013 2006–2013 Position

Position Magic Magic Quadrant Quadrant Security EEnterprise Mail Gateway Firewall

2010–2013 2006–2013

3

#1 in Network Security Appliances Unit Share

FTNT CSCO CHKP JNPR PANW  Gaining overall market share  Gaining share in higher-end markets

FortiGate – most deployed security appliance

IDC Worldwide Security Appliances Tracker, March 2015 (based on annual unit shipments)

4

FortiGate: Most Deployed Security Appliance IDC Worldwide Quarterly Security Appliance Tracker Highlights (2015Q1): • •

• • •

2,014,325 Fortinet security appliances shipped since 2004 1,148,916 Fortinet security appliances shipped since 2012; Fortinet shipped 124% units versus their next closest competitor Fortinet shipped 139% units versus their next closest competitor in 2013 Fortinet shipped 168% units versus their next closest competitor in 2014 Fortinet shipped 171% units versus their next closest competitor in the first quarter of 2015

http://www.fortinet.com/press_releases/2015/leading-analyst-firm-data-identifies-fortinet-security-market-leader.html 5

A Global Leader and Innovator in Network Security Balanced, but Enterprise & Carrier Driven

35%

40%

Entry Level

High-end

25% Mid-range Billings by Product Segment

9 of Top 10

7 of Top 10

Global 100

Global 100 Major Banks

7 of Top 10

9 of Top 10

Global 100 Computer Services

Global 100 Aerospace & Defense

Q4 2014

6

Fortinet Advantage – FAST FortiASICs Dramatically Boost Performance

NP 6

CP 8

IPS

6Gbps 2Gbps 3.5Gbps

10Gbps 9Gbps

IPS VPN

Baseline

FW VPN IPS

40Gbps 25Gbps

FW VPN

FW

 10X data center firewall performance  5X NGFW performance  Security that keeps up with growing bandwidth requirements

7

Fortinet Advantage – SECURE FortiGuard Labs Threat Research

Per Minute 25,000

Per Week

Spam emails intercepted

390,000 Network Intrusion Attempts resisted

83,000 Malware programs neutralized

160,000 Malicious Website accesses blocked

59,000 Botnet C&C attempts thwarted

39 million Website categorization requests

Total Database

47 million

170

New & updated spam rules

Terabytes of threat samples

100

17,500

Intrusion prevention rules

Intrusion Prevention rules

2 million

5,800

New & updated AV definitions

Application Control rules

1.3 million

250 million

New URL ratings

Rated websites in 78 categories

8,000 Hours of threat research globally

173 Zero-day threats discovered

Based on Q1 2015 data Image: threatmap.FortiGuard.com

8

Fortinet’s Global Infrastructure Built To Support Global Enterprises and Businesses Worldwide GLOBAL

HQ & Development Center Dev. & Escalation Center Support Center FDN server sites Sales Office In-country Sales/Support

9

EMEA Support Team (TAC) - GLOBAL Sophia Antipolis

Dubai

Prague

Frankfurt

Bangalore

London

10

Unparalleled Independent 3rd Party Certification Fortinet

Check Point

Cisco

Palo Alto Networks

Juniper

FireEye

NSS - Firewall NGFW

Recommended

Recommended

Recommended & Neutral

Caution

Caution

x

NSS - Firewall DC

Recommended

x

x

x

x

x

NSS - Breach Detection

Recommended

x

Recommended

x

x

Caution

NSS - IPS (DC)





x

x

Caution

x

NSS - IPS (Enterprise)



x

Recommended

x

Caution

x

NSS - WAF

Recommended

x

x

x

x

x

BreakingPoint Resiliency

Record High - 95

x

x

Poor - 53

x

x

ICSA Firewall





x





x

ICSA IPS





x

x

x

x

ICSA Antivirus



x

x

x

x

x

ICSA WAF



x

x

x

x

x

VB 100



Caution

x

x

x

x

AV Comparative



x

x

x

x

x

Common Criteria













FIPS













Description

Contains results from the latest published NSS Labs reports as of Sept. 30 2014

X = did not participate, not certified

11

NSS Labs Validates Our Advantage  Fortinet is “Recommended” while top competitors are not NGFW

X-axis = TCO per protected Mbps

Breach Detection

Y-axis = Security Effectiveness

Upper right quadrant = “Recommended”

Lower left quadrant = “Caution” 12

NSS Labs Validates Our Advantage… continued  Fortinet is “Recommended” while top competitors are not Firewall

X-axis = TCO per protected Mbps

Web Application Firewall

Y-axis = Security Effectiveness

Upper right quadrant = “Recommended”

Lower left quadrant = “Caution” 13

Complete Network Security Solution MANAGEMENT

PLATFORM USERS

ENDPOINTS

ACCESS

SEGMENTATION

NETWORK

APPLICATION

DATA

SECURITY SECURITY THREAT INTELLIGENCE 14

SECURITY OPERATING CENTER

User ID Mgmt.

Central Log & report

Central Device mgmt.

DATA CENTER

File Analysis

Cloud based Mgmt.

DB Security

FortiCloud

FortiAuthenticator FortiAnalyzer FortiManager Network Tester

3G/4G WAN

FortiExtender

FortiWiFi

FortiSandBox Network Tap

FortiTap

Security gateway

FortiWAN

App Servers

FortiDB

FortiTester

Site-tosite VPN

Secure WiFi Access

Mail Security Gateway

Mail Servers

FortiMail

Link Load Balancer

Secure Web Caching server

FortiGate

LAN

REMOTE L2 Switching

Remote VPN Endpoint Security

FortiSwitch

WiFi Access

FortiAP

IP Cam. Recorder

FortiRecorder

FortiToken FortiClient

DB Servers

IP PBX

FortiVoice/ FortiGateVoice

2 Factor OTP Token

MOBILE

FortiCamera

FortiFone

Web App. Firewall

Failopen Device

FortiBridge L7 D/DOS Mitigator

FortiWeb

FortiCache Load Balancer

FortiADC Web Servers

FortiDDoS 15

FortiGate/FortiWiFi

16

FortiGate Deployments Data Center / Private Cloud / SDN

5 4

Public Cloud

Virtual Machine Firewall

6

Data Center Firewall (DCFW)

Boundary

Carrier/MSSP

7

Carrier Class Firewall (CCFW)

Core Network Internet / WAN

Internal Network

3

Cloud Firewall (CFW)

Internal Segmentation Firewall (ISFW)

Mobile Users

Managed Endpoint

2

Next Gen Firewall + Advanced Threat Protection / Next Gen IPS (NGFW + ATP) / NGIPS

Enterprise Campus Or Branch Office

1

Connected Unified Threat Management (Connected) UTM

Distributed Enterprise & Small Business

17

FortiGate Product Range Multi Core

CPU

SoC

1 Gbps

NP

CPU

CP

10 Gbps

Multi Core NP

CP

Chassis System

CPU

10 Gbps - 50 Gbps

50 Gbps - 1 Tbps

Multi Core

CPU

H/W Dependent

DCFW/CCFW 3000 Series

Personality, Performance and Scalability

ISFW

5000 Series

1000 Series 30-90 Series

100-200 Series

CFW/VMF W

NGFW/ NGIPS

300-900 Series

VM Series

UTM Software & Services Product Range

FortiGuard Security Services Entry Level

Mid Range

FortiOS Operating System High End

FortiCare Support Services Virtual Appliances

18

Inside FortiOS ATP

OSS Support

AAA

Central Mgmt.

Integrations

Configuration

Visibility

Log & Report

Diagnostics

Management

Anti-Malware

IPS

Application Control

Web Filtering

Email Filtering

Firewall

VPN

DLP

User & Device Identity

SSL inspection

Security Functions

Wireless Controller

Switch Controller

Endpoint Manager

Token Server

Vulnerability Scanner

Extensions Virtual Systems

:::::::::: Virtual Domains :::::::::: Routing

NAT/CGN

L2/Switching

QoS

IPv6

Wan Optimization

WAN Link / Server LB

High Availability

Network Functions Network Services

NAT/Route

Transparent

Sniffer

Operating Modes

LAN

WiFi

WAN

Network Interface

Physical Appliance (+ASICS)

Hypervisor

Cloud

Platform * Features may varied by models

19

FortiGate Virtual Appliance Series Agile Security for Virtual Environments Primary Benefits: ✔ ✔





FG-VM

Increased visibility and security within virtualized infrastructure better protect critical resources Ability to manage virtual appliances and physical appliances from a single pane of glass management platform reduces TCO Comprehensive Hypervisor support Feature-rich security and virtual networking support facilitate wide deployment and requirement options

VMware ESXi

Citrix Xen

Xen

KVM

MS Hyper-V

Amazon AWS

MS Azure

20

Services, Licenses & Subscriptions Included with FortiGate • • • • • • •

DNS Service DDNS Service NTP Service 2 FortiTokenMobile License* 10 FortiClient Endpoint License* 10 VDOMs License FortiCloud Service (trial)*

+ FortiTokenMobile License + Endpoint License** + VDOM License** + FortiCloud Storage Top-up + SMS Top-up

FortiCare Subscription Required • • • • •

Geography Updates BYOD Signatures Updates USB Modem DB Updates Vulnerability Scan Signature Updates Firmware Update

*Registration Required ** Available on selected Models 21

Services, Licenses & Subscriptions FortiGuard AV Subscription • • •

Botnet IP reputation DB FortiCloud Sandbox Service (for v5.2.2 and below) Proxy & Flow based AV signatures

FortiGuard Web Filter Subscription • •

DNS Based Web Categories Filtering Proxy & Flow based Web Categories DB

FortiGuard NGFW Subscription • •

IPS Signature Updates Application Control Signature Updates

FortiGuard Anti-spam Subscription •

Anti-spam Services

22

FortiAP

23

FortiAP Family Positioning FortiWiFi

FortiAP

FortiAP-S Series

Management

FortiManager

FortiGate

FortiCloud

APs per site

One

Many

Few

IPS, AV, App, URL

IPS, AV, App, URL

IPS, AV, App*, URL

VPN

Yes

No

No

WIDS / Rogue AP

Yes

Yes

Yes

Automatic Channel Selection

Yes

Yes

Yes

Fast Roaming (OKC)

No

Yes

Yes*

Wireless Mesh

Yes (Root)

Yes

Yes*

FortiPresence

Yes

Yes

Yes*

Security

*Check datasheet for availability

24

FortiAP Family 802.11ac

FAP-320C 3x3:3 Dual Radio Dual Band

Resiliency and Versatility

802.11ac

FAP-222C FAP-224D FAP-222B

2x2:2

Performance

FAP-221/223C

802.11ac

FAP-221/223B

FAP-28C Single Radio

1x1:1 Value

802.11ac

FAP-321C FAP-320B

FAP-24D FAP-210B

FAP-25D FAP-21D FAP-14C FAP-11C Remote

FAP-112D FAP-112B Outdoor

Indoor

25

Hardware Overview – FortiAP S-Series FAP-S311/313C

FAP-S321/323C

Smoke Detector Form Factor

Smoke Detector Form Factor

Rx / Tx

3x3

3x3

Radio 1

2.4/5GHz b/g/n (450 Mbps) or a/n/ac dual-band (1300 Mbps)

5GHz a/n/ac concurrent (1300 Mbps)

Radio 2

-

2.4 GHz b/g/n (450 Mbps)

802.3af

802.3af

311C: 3 internal 313C: 3 external

311C: 6 internal 313C: 3 external

1 x GE RJ45

1 x GE RJ45

Yes

Yes

FortiCloud

FortiCloud

Form Factor

PoE Antennas Ethernet Interfaces USB Management

26

FortiSwitch

27

Introducing FortiSwitch Access level Gigabit Switches with ease of use and low cost of ownership FSW-28C FSW-80-POE FSW-124B-POE FSW-224B

 Outstanding price, performance, and scalability to organizations with diverse operational needs. Primary Benefits: ✓ High Port Density ✓ Integrated Power Over Ethernet

FSW-324B FSW-348B FSW-448B

✓ Connect Access Points, Peripherals, Cameras, Phones ✓ Create an integrated, secure network

28

40G

FSW-3032D

10G

Data Center

FortiSwitch Family

FSW-1024D

Access

1G

FL Stacking

Secure Access

40G 

POE

FL Stacking

FSW-524D-FPOE

FSW-548D-FPOE

POE/+

FSW-424D-FPOE

POE/+

FSW-448D-FPOE

POE/+

FSW-224D-FPOE FSW-224D-POE

POE/+

FSW-248D-FPOE

FSW-108D-POE

FSW-28C

POE

FSW-1048D

FSW-80-POE

8 ports

POE POE

FSW-124D-POE FSW-124D

POE

FSW-224B-POE

POE

FSW-124B-POE

24 ports

32 ports

48 ports 29

FortiClient

30

Introducing FortiClient Comprehensive end-point protection & security enforcement Multifunctional Host Security • •

Flexibility in deployment Fully integrated features, reduce needs for multiple client solutions

End Point Control •

Enforce compliance and security policies on mobile hosts

Centralized Logging and Reporting •

Via FortiGate for enterprise requirements

31

FortiClient V5.2 Windows

New in 4.0 MR3 Mac OSX

iOS

Android

IPSec VPN





-



SSL VPN





Web Mode Only



2FA









Anti-Virus





-

-

Web Filtering









WAN Optimization



-

-

-

Registered for Central Management Config Provisioning









Logging (to FMGR/FAZ)





-

-

Windows AD SSO Agent





-

-

Application Firewall





-

-

Vulnerability Scanning & Reporting





-

-

Custom Install





-

-

32

FortiToken

33

Introducing FortiToken Oath Compliant Time Based Hardware One Time Password Token Supports Strong Authentication • • • • • • •

IPSEC VPN SSL VPN Administrative Login Captive Web Portal 802.1x Authentication Web Application Access SSO

Authentication Platforms • •

FortiGate (FOS4.3 and later) FortiAuthenticator (FAC 1.4 and later)

Secure Seed Delivery Options • • •

Online Via FortiGuard Encrypted file on CD (FTK-200S) In-house Seed Provisioning Tool (special order)

34

Introducing FortiToken Mobile Oath Compliant Time Based One Time Password Soft Token Highly Secure • • • • •

Pin Protected App Device Binding Brute Force Protection Dynamic Seed Generation Encrypted Seed Storage

Authentication Platforms • •

FortiGate (FOS5.0 Beta 5 and later) FortiAuthenticator (FAC 1.4 and later)

Broad Device Support • • •

iOS (iPhone, iPad, iPod Touch) Android BlackBerry (TBD)

35

FortiAnalyzer

36

Introducing FortiAnalyzer Logging, reporting and analysis from multiple Fortinet devices Aggregated Logging • • •

Singular View of all Fortinet Devices Built-in Content Archiving Malicious File Quarantine

Centralized Reporting • •

Predefined Summary & Device Reports Hundreds of Customizable Charts & Graphs

Analysis & Event Correlation • •

Vulnerability Assessment Network & Log Analysis

Scalable Solution • • • •

Hardware and VM Versions Available Collector/Analyzer Modes for Large Deployments High Performance Logs/Sec Processing Support for Internal or External SQL Databases

37

FortiManager

38

Introducing FortiManager Tools that effectively manage any size Fortinet security infrastructure, from a few to thousands of appliances Administrative Domains (ADOMs)

Locally Hosted Security Content





Enables the primary ‘admin’ to create Virtual Management Domains containing devices for other administrators to monitor and manage



Allows administrators better control over security content updates and provides improved response time for rating databases. Run a local copy of AV, IPS, URL, A/S signature databases.*

Hierarchical Objects & Policy Management • • •

Create Global Objects and Policies Assign to ADOM or groups of ADOMS Create device configuration templates to quickly configure a new Fortinet appliance

Web Portal SDK •

JSON-based API allows MSSPs to offer administrative web portals to customers

* Capabilities varied by Models 39

FortiSandbox

40

Introducing FortiSandbox Advanced Threat Protection solution designed to identify and thwart the highly targeted and tailored attacks Advanced Threat Protection • • •

Multi-layered filtering with Code Emulator, AV engine, Cloud query and Virtual OS sandbox Handles multiple file types, includes files that are encrypted or obfuscated Examine files from various protocols, included those that uses SSL encryption

4 Latest AV Signature Update

Flexible Operation Modes • •

Receives file sample using integration with FortiGate/FortiMail, sniffer mode and manual file uploads Capture files from remote locations using deployed FortiGates

3 Malicious Analysis output

? Monitoring and Reporting •

Detailed analysis reports and real-time monitoring and alerting

1 File Submission

2

Centralized File Analysis

41

FortiAuthenticator

42

Introducing FortiAuthenticator Identity Management, User Access Control and multi-factor identification Authentication and Authorization •

RADIUS, LDAP, 802.1X

Two Factor Authentication • •

FortiToken Tokenless, via SMS and email

Certificate Management • •

X.509 Certificate Signing, Certificate Revocation Remote Device / Unattended Authentication

FortiToken Issuing CA

Fortinet Single Sign on • •

Active Directory Polling RADIUS Integration

LDAP User Database

FortiAuthenticator

43

FortiDDoS

44

Distributed Denial Of Service?

45

Puppetnets for DDoS attacks To avoid client-side caching GET 1.gif?12345679

www.victim.com

www.IamGullible.com

GET 1.gif?12345678

stealth 46

46

Introducing FortiDDoS Hardware Accelerated DDoS Intent Based Defense Rate Based Detection •

High performance protection using ASIC

Self Learning Baseline • •

Ease Maintenance Maintain appropriate protection dynamically

ISP 1

FortiDDo S

Web Hosting Center

Signature Free Defense •

Hardware based protection

Inline Full Transparent Mode •

No MAC address changes

Granular Protection •

Multiple thresholds to detect subtle changes and provide rapid mitigation

Firewall

ISP 2

Legitimate Traffic Malicious Traffic

47

FortiMail

48

Introducing FortiMail Advanced anti-spam and antivirus filtering solution, with extensive quarantine and archiving capabilities. Specialized messaging security system •

Advanced, bi-directional filtering prevents spread of spam, viruses, phishing, worms, and spyware

Flexible deployment options •

Transparent, Gateway, and Server modes that adapts to organizational needs and budget

Mail Servers

FortiMail

Identity based encryption •

Secure, encrypted communication

Email archiving •

On-box archiving facilitates policy and regulatory compliance requirements

49

FortiWeb

50

Introducing FortiWeb Web application firewall to protect, balance, and accelerate web applications.

Web Application Firewall • • • • •

Aids in PCI DSS 6.6 compliance Protection against OWASP Top 10 Application layer DDoS protection Auto Learn security profiles Geo IP data analysis and security

Web Vulnerability Scanner •

Scans, analyzes and detects web application vulnerabilities

Application Delivery •

Web Application Servers

FortiWeb SQL Injection, XSS…

Assures availability and accelerates performance of critical web applications

51

FortiDB

52

Introducing FortiDB Database Activity Monitoring and Vulnerability Assessment solution Database Activity Monitoring (DAM) • • •

Real-time monitoring of key users and critical transactions User Activity Base lining Block database attacks in real time

FortiDB

Vulnerability Assessment • •

Sensitive data discovery in databases Vulnerability scanning with remediation advice

Policy Driven Controls •

Automated process of establishing IT controls

Database Audit and Compliance •

For compliance and forensics analysis purpose

Database Servers

Deployment options: Sniffer, Native Audit and Agents

53

FortiADC

54

Introducing FortiADC Optimize the availability, performance and scalability of mobile, cloud and enterprise application delivery Application Availability • • • • •

Layer 2/3/4 and 7 load balancing techniques Application session persistence Proxy and transparent modes Global Server Load Balancing (GSLB) for geographic resilience Link Load Balancing

Application Acceleration • • • •

Web Application Servers

TCP Optimization Memory based content caching Data compression SSL Offload and acceleration

Application Interoperability •

Implementation Guides for Microsoft Exchange, Lync, SAP etc.

55

Other Information

56

Virtual Appliance Platforms VMware

Citrix

Open Source

vSphere v4.x

vSphere v5.x

vSphere v6.0

Xen Server v5.6 SP2

Xen Server v6.0

Xen

KVM

FortiGate-VM*















FortiManager-VM











FortiAnalyzer-VM









FortiWeb-VM









FortiMail-VM









FortiAuthenticator-VM





Virtual Appliance

Microsoft Hyper-V 2008 R2

Hyper-V 2012

Azure

✔ **





























✔ **



AWS

✔ ✔











FortiVoice-VM











FortiRecorder-VM











FortiSandbox-VM

5.1, 5.5

FortiWAN-VM





FortiADC-VM FortiCache-VM

Amazon

5.5



* Also as FortiGate-VMX for VMWare NSX ** Also available as pay-as-you-go licensing option

57

FortiGuard Services App. Control

IPS ✔

FortiGate

IP Rep./ Anti-bot

AV ✔^

Web Filtering

Anti-spam

Vuln. Scan





✔*





FortiCache





FortiMail

✔^

FortiWeb







✔ ✔



FortiADC D-Series





FortiADC E-Series



FortiDDoS



FortiDB

DB Security



FortiSandbox FortiClient*

WAF



* Free Subscription Service(s) ^ FortiSandbox Integration

58

A Strategic Approach Against an Increasingly Sophisticated Threat Tomislav Tucibat Major Accounts Manager

© Copyright Fortinet Inc. All rights reserved.

59

What We Used To Think

60

How We Think Today

61

The Anatomy Of An Attack

“Generic Threat” Bot Zero Day Threat

Trojan Virus Worm

Devices Email Web sites Physical media

62

Advanced Targeted Attack Lifecycle Day 1

2 Years + “Bot net” Activation

Advanced Targeted Attack

“Social Engineering”

Zero Day Exploit 63

The Threat is Worse Than Ever

*Akylus July 2014

64

With A Consistent Motivation

*Hackmageddon July 2014

65

2014 Threat Landscape Developments IoT: The Moon Worm Linksys Routers

Heartbleed Vulnerable OpenSSL

Apple iCloud Ransomware $100 EUR Oleg Pliss

Havex RAT OPC Server Spy

Cybervor 1.2B User & Pass 500M emails

Feb 13 May 26

Apr 07

Jun 23

Aug 05

Aug 15

Supervalu Data Breach, 200 Stores Affected Evernote Hack 50M Users

Q2 2014 (IDC): 301.3M Smart Phones Shipped Android 84.7% Market

Mar 2013

February: Drive-By Mobile (DriveGenie)

Jun 10

Evernote Hack 164,644 Forum Members

June: Pletor Mobile Ransom (Doc Encryption)

July: Dorkbot/Ngrbot Kamikaze

66

2015 - Another Record Year of Security Breaches

US Federal Governme nt OPM 21.5M +

Scottrade 4.6M customers

Twitt er

Ashley Madison 37M Potential Divorces Source: DataBreaches.net

V-Tech 4.3 M exposed British Gas 2,000 customer data

Anthem IRS One-third 100,000 + Taxpayer Americans personal affected information Hackin g Team

Talk Talk T-Mobile 157,000 customers, 15M customers at risk for 21,000 personal and bank Carphone social security Warehouse details Hello Kitty data stolen 2.4M Users Personal Excellus 4% of UK information for BlueCross Population 3.3 million BlueShield accounts UCLA 10M Patient Health Records 67

No One Is Immune

Did you change your password?

68

ebay – The Impact by the Numbers

145 M 525,600

262,800 551

User accounts compromised

Minutes in a year

Number of Passwords changed in a year (Average 2 minutes/password)

Man/years wasted changing passwords

69

Follow The Acronym Trail

70

Is There A Silver Bullet For Defeating an ATA?

Advanced Targeted Attack

71

Focus on Three Key Actions

Step 1 - Prevent

Step 2 - Detect

Step 3 - Mitigate

• Prevent threats before they enter your network

• Discover threats that have or tried to enter the network

• Respond to any threats that have breached the network

• Proactive is key

72

Fortinet Advanced Threat Protection Framework

73

Step 1 - Prevent  Stateful Firewall

 2 Factor Authentication  Intrusion Prevention  Application Control

 Web Filtering  Email Filtering  Anti-Virus

74

A Cornerstone of Prevent

The reports of my death have been greatly exaggerated.

75

The Human Factor - Laziness

“Old Habits Die Hard”

76

Operating Systems Require Constant Updates

Installed PC Operating Systems* 9% 3%

12%

24%

52%

Windows 8/8.1 Windows 7 Windows XP Windows Vista *Net Applications September 2014

77

Not All Anti-Virus Solutions are Equal

Detection Technology

Network Placement

Operational Efficacy 78

Step 2 - Detect  Stateful Firewall

 Client reputation

 2 Factor Authentication

 Network behavior analysis

 Intrusion Prevention

 Sandboxing

 Application Control

 Web Filtering  Email Filtering  Antivirus

 Botnet detection

79

Payload Analysis (aka “sandboxing”)  What is it?

Unsafe action, escape attempt

X

» Virtual container, reflecting an end user desktop, in which untrusted programs can be safely examined

 What happens in it? » Code is executed in an contained, virtual environment communication » Activity is logged and is analyzed for suspect characteristics Controlled inspection » Rating is determined based on system, file, web and traffic activity

 Why is it important? » Traditional security looks at static attributes (signature, heuristic, pattern, reputation, etc.) rather than dynamic activity » In many cases, a site or code is just the first, small stage 80

But a Word of Caution,,,,,

http://www.darkreading.com/attacks-breaches/the-increasing-failure-of-malware-sandbo/240159977

81

Step 3 - Mitigate  Stateful Firewall

 Client reputation

 2 Factor Authentication

 Network behavior analysis

 Intrusion Prevention

 Sandboxing

 Application Control

 Web Filtering

 Consolidated logs and reports

 Email Filtering

 Professional Services

 Antivirus

 User or Device Quarantine

 Botnet detection

 Real-time Activity Views

 Security Reporting  Threat Intelligence  Threat Prevention Updates 82

Coordinated Defense Strategy

In-Network Defenses

Continuous Updates

Threat Research and Discovery

83

The Fortinet ATP Solution

FortiGuard Lab FortiGuard Services

84

Protecting Today’s Network  Evolution, evolution, evolution

 Wherever there is value, the cyber criminal will follow

85

Protecting Today’s Network  Evolution, evolution, evolution

 Wherever there is value, the cyber criminal will follow

 Anticipate, React, Respond

86

Protect your Entire Network with ONE Operating System FortiOS to Enable Network Segmentation and Deliver Ultimate Visibility Tomislav Tucibat – Major Accounts Manager 19th May

© Copyright Fortinet Inc. All rights reserved.

UTM Layered NGFW Defense APT

88

FortiGuard

FortiOS

NGFW

FW

89

Focus Areas

I S

APT

F

360o

W

90

APT

STANDALONE SANDBOX LIMITED INTEGRATION Time to Protect: ?

Play Safe!

FORTINET ANTI-VIRUS Time to Protect: 4 Hours.

5.4: FORTIGATE/WEB/MAIL + FORTISANDBOX Time to Protect: 2-3 minutes.

5.4: ENDPOINT + FORTISANDBOX Time to Protect: 0

Out of Bounds Drive to ER Call Ambulance 91

APT

Submission I N T E G R AT I O N S File Interception • Extracts in-line samples (clear or SSL encrypted) • Uses AV Profile – Flow and Proxy Mode File submission • Intelligently only send supported file types • File tying is done of FGT AV engine

• Auto-updated with AV services

? FILE SUBMISSION

• Manual file types whitelisting to conserve bandwidth Appliance or Cloud – same technology !

92

APT

Retrieving Results •

Summary Results



FortiView Visibility



Detailed Malware Report



Directly in the UI

FORTIVIEW FORTISANDBOX VIEWER By Source (with Threat Scoring), by File

S TAT U S S U M M A RY ON DASHBOARD

A N A LY S I S R E P O RT V I A FORTIVIEW DRILL-IN

93

Dynamic Protection Ecosystem

APT

FORTISANDBOX

QUERY 1

File Submission

File Submission

2

Detailed Status Report

4

FSA Dynamic Threat DB Update

File Status result for auto File Hold & Quarantine FSA Dynamic Threat DB Update

1

2 3a 4

1

File submission for Analysis

2

Respective analysis results are returned

R E M E D I AT I O N 3a Auto File Quarantine on Host with option to hold file until result

3b Manual Host Quarantine by Admin Real-time engine & intelligence updates FORTIGATE

Manual Source IP Quarantine using

3c Firewall

FORTICLIENT

PROTECTION 3b Control Host Quarantine 4 3c

Enforce Network Quarantine

Proactive dynamic Threat DB update to gateway and host 94

APT

Taking Action F O R T I G AT E  F O R T I S A N D B O X I N T E G R AT I O N Threat Protection Updates • Periodic (every minute) push update to FSA registered devices • Malicious File checksum DB • Malicious URL List

FSA DYNAMIC THREAT DB UPDATE

95

APT

Endpoint Integration F O R T I G AT E  F O R T C L I E N T I N T E G R AT I O N Endpoint Control • Manually instruct FortiClient to selfquarantine via FortiView • Host will not be able to make any network communication, except to FortiGate • Administrator may release client once deemed appropriate via the “User Quarantine Monitor”

HOST QUARANTINE

96

APT

Quarantine without Host Control or Visiblity F O R T I G AT E  N E T W O R K

NETWORK QUARANTINE

Source Quarantine • Block traffic traversing through FortiGate for a particular infected source temporarily or permanently • Can be used for other scenarios such as an external attacker • Administrator may release client once deemed appropriate via the “User Quarantine Monitor”

97

APT

APT

T O D AY

Costly. Time consuming. Limited expertise.

TOMORROW

Fast Reaction Centralized expertise. Notify & alert in real time.

98

I S F W

99

A WAR AN A L O G Y: WAL L E D C I T I E S

2-dimensional landscape. Protect the perimeter. “Full trust” model inside the city.

ARMIES OF MEN

Attack the perimeter. Exploit weaknesses in perimeter.

100

CHANGING LANDSCAPES

AERIAL WARFARE 3D ATTACK SURFACE

101

CHANGING LANDSCAPES

MOBILITY. LATERAL MOVEMENT. RECONNAISSANCE.

102

CHANGING LANDSCAPES

KNOW YOUR ENEMY. “ZERO TRUST” MODEL.

103

… a lot like a walled city… People establish commerce

Form interactions

Buildings Roads Egress point

104

Modern attacks happen INSIDE the city

105

From “Full Trust” to “Zero Trust” VIRTUAL • • •

Data Center Migrations East/West Policy Management Orchestration & Integration



Automation

PHYSICAL • • •

Layered Networks Internal Segmentation Co-ordination among internal security elements



REST API Evolution 106

I S F W

Building Blocks SECUR Data Center

Cloud Cloud

E VM

SECUR E

BYOD

ENDPO Internet

INT WLAN

SECURE ACCESS Edge Gateway

Cloud Cloud

LAN Access Home Office

Branch Office WAN

107

I S F

Access Layer: Wireless

W



Managed AP Portfolio



Tight integration with security policy



Single pane of glass



Moving Security down to the access layer



5.4 Extensions •

Flexibility Controls for Large Environments



Central AP Across Multiple FortiGate / Sites



HA Clusters & Redundancy



Maps & Provisioning

108

Integrated Secure access solution that provides security and access control in one box

Why Integrated?

  

Integrated: Industry’s most integrated secure access offering Unified Management: Single pane of glass to manage both security and access. Scalable: Scalable to support enterprises of all different sizes Central Location

FortiCloud

Remot e

Integrated • Security appliance and access control in one box with WLAN controller built in

Branch Office

Unified Management • Single pane to manage switches, access points, security appliances and more

Scalable • Scalable to support enterprises of all sizes • Full line from large to small secure access appliances 109

Integrated Security and WLAN Control

 Enterprise WLAN controller  Single pane of glass

 Rogue AP and WIDS

 Unified wired/wireless

 Integrated captive portal

 Application control  FortiGuard Services Security

Securit y

Access Control

 Tunnel, bridge and mesh  BYOD (Device ID & Policy)  Guest (non IT)  Telecommuter  High Density Feature

 Auto RRM

110

Integrated Secure access solution that provides security and access control in one box

Why Integrated?

  

Integrated: Industry’s most integrated secure access offering Unified Management: Single pane of glass to manage both security and access Scalable: Highly scalable to support large enterprises

111

Integrated Wi-Fi talking points • • • • • •

Who else has this? Easy to add on existing Fortigate as every Fortigate is a wireless controller! Easy licensing: No AP license, No feature license It has security in its DNA (security goes first, Wi-Fi goes second as access to network) Don’t forget about the Wi-Fi features (mentioned earlier) Goes well with: • Enterprise/Distributed Enterprise (with multiple small remote sites, mobile workers), • Hospitality • Primary/High education (where advanced security is a must) • SMB • Flexible AP models (from 1x1:1 to 3x3:3 802.11ac, internal/external antennas, indoor/outdoor/remote) • Really scalable • Goes to Cloud and back 112

I S F

Access Layer: Switches

W



Managed Switch Portfolio



Tight integration with security policy



Single pane of glass



5.4 Extensions •

Large Number of Switch Options



Stacking



HA Clusters & Redundancy



Dynamic Discovery & Linking

113

APT

Endpoint: NAC Controls F O R T I G AT E  F O R T C L I E N T I N T E G R AT I O N Endpoint Control • Provision & Co-ordination via central console (AD environments typically) POLICY & QUARANTINE

• Manage endpoint policy via ISFW Framework • Host-based Quarantine

114

Hold On… I’m already secure – I bought & deployed all these products! •

UTM / NGFW



Sandbox



WAF

OK.



DDOS

Show me how secure you are.



Endpoint

115

FortiView

116

AVAILABLE IN

360o

Visibility – FortiView

5.4

117

360o

Topology Discovery & Data Exchange

118

360o

New 360° View

119

360o

Reports

Flat UI Simple Easily Customized FortiView Integration

120

360o

I S F

Compliance Reports

W

121

THANK YOU

122