security consolidation the way to unmatched performance visibility control n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Consolidation The way to unmatched performance, visibility & control PowerPoint Presentation
Download Presentation
Security Consolidation The way to unmatched performance, visibility & control

Loading in 2 Seconds...

play fullscreen
1 / 45

Security Consolidation The way to unmatched performance, visibility & control - PowerPoint PPT Presentation


  • 105 Views
  • Uploaded on

Security Consolidation The way to unmatched performance, visibility & control. Franck Bernard Country Manager Fortinet, Inc. Fortinet Corporate Overview. Founded in 2000 Global presence with 30+ offices worldwide & 1,300+ employees 5,000+ channel partners 100,000+ customers

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Security Consolidation The way to unmatched performance, visibility & control


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Security ConsolidationThe way to unmatched performance, visibility & control Franck Bernard Country Manager Fortinet, Inc.

    2. Fortinet Corporate Overview Founded in 2000 Global presence with 30+ offices worldwide & 1,300+ employees 5,000+ channel partners 100,000+ customers Majority of the Fortune Global 100 IPO Nov 2009, NASDAQ: FTNT 2010 revenue of $325 Million 29% YoY growth Q3 2011: 37% YoY growth Dedicated MSS team Fortinet Revenue ($MM) 63.9% CAGR 2

    3. Agenda • Evolution of the Firewall Market • Market Analysts’ View • Enterprise Unified Threat Management • Security Consolidation³ • WLAN Security

    4. Evolution of the Firewall Market

    5. Can You Keep Up? • Intelligence • Reduce emphasis on human intervention • End-to-end protection • Policy compliance for all devices, including mobile • Virtualization • Virtual appliances • Multi-tenant environments • Consolidation of gateway functions • Simplification • Enterprise-class features available for all segments • Not limited to large appliances • Growth of WLANs • Mobile enterprise

    6. Firewall Market Evolution • Firewalls developed over 25 years ago • Initial protection by blocking traffic by port, protocol, or IP address • From packet filtering to circuit level to proxy to deep packet inspection… • Threat landscape evolved from primitive to more sophisticated • Able to pose as legitimate traffic & bypass policies • Business processes evolved as well • Firewall policies disabled over time to allow critical applications to pass through

    7. The Early Days Performance / Damage VPN Connection-Based Firewall Physical Hardware Theft Lock & Key 1980s 1990s 2000s Today

    8. Vendors Followed The Threats Performance / Damage Spyware Anti-Spyware Worms Antispam Spam Banned Content Web Filter Trojans Antivirus Viruses IPS Intrusions Content-Based VPN Connection-Based Firewall Lock & Key Hardware Theft Physical 1980s 1990s 2000s Today

    9. Result: Multiple Devices, Consoles, Vendors • Problems Created • Stand-alone, non-integrated security • Created gaps in security strategy • Mix of off-the-shelf systems and applications • Difficult to deploy / manage / use • High cost of ownership

    10. Consolidation • Factors driving consolidation • Threats • Blended threats, multi-vector attacks exploiting blind spots • User behavior • Growth of remote workforce • Applications behavior • “Webification” • Costs • Evolution of network/security technologies • Ability to integrate stand-alone technologies and deliver performance • Greater accuracy of detection capabilities

    11. The Market Analysts’ View

    12. IDC’s View • Unified Threat Management • The evolution of the traditional firewall into an all-inclusive security product: • Network firewalling • Network intrusion prevention • Gateway antivirus (AV)/antispam (AS) • VPN • Content filtering • Optional technologies, such as • Load balancing • On-appliance reporting Web Filtering VPN Firewall AV/AS IPS

    13. Gartner’s View • Next Generation Firewall • Standard firewall features • Network address translation, stateful inspection, and VPN and suited for the large enterprise • IPS is "truly integrated" with the firewall. • "Application-awareness" capability to recognize/control applications • “Extra-firewall" intelligence • Reputation analysis, integration with Active Directory, or useful blocking or vulnerability lists Web Filtering VPN Firewall App Control IPS

    14. Enterprise Unified Threat Management

    15. Fortinet's Approach to Consolidated Security Complete Content Protection WAN Optimization Antispam Endpoint Protection/ NAC Data Loss Prevention Antivirus/ Antispyware Strong Authenti-cation VLANs, VDOMs, Virtual Appliances Web Filtering VPN App Control IPS Firewall SSL Inspection Wireless LAN VoIP IPv6, Dynamic Routing Vulnerability Mgmt

    16. Enterprise Unified Threat Management • Convert stand-alone products into features • Simplify the network and improve visibility • Deliver comprehensive solutions for the largest global networks and organizations • Improve performance • Increase protection • Reduce complexity • Continually raising the performance bar with purpose-built hardware and software • Rely on custom processors and latest generation general purpose processors

    17. Visibility and Control • Single “pane of glass” management console • Single OS for all security devices • Deployment Ease & Flexibility • Ability to deploy technologies where needed

    18. Consolidated Security with Real Time Updates • Application Control: Unwanted Services and P2P LimitingBotnet command channel, compromised Facebook applications, independent of port or protocol • Intrusion Prevention: Vulnerabilities and ExploitsBrowser and website attack code crafted by hackers and criminal gangs. • Web Filtering: Multiple categories and Malicious sitesBotnet command, phishing, search poisoning, inappropriate content • Vulnerability Management: Real time exploit updatesMultiple scanning points FortiGate, FortiAnalyzer, FortiWeb, FortiDB, and FortiScan • Antispam: Unsolicited messagesPhishing, Malware, Social Engineering and Junk • Antivirus: All malicious codeDocuments, macros, scripts, executablesDelivered via Web, Email, USB, Instant messaging, social networks, etc 18

    19. Integrated Threat Protection in Action Problem: PORT 80 Error message: “Drops” copy of itself on system and attempts to propagate “Innocent” Video Link: Redirects to malicious Website “Out of date” Flash player error: “Download” malware file Solution: FIREWALL Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus WEB FILTERING ANTIVIRUS Intrusion Protection Blocks the spread of the worm INTRUSION PREVENTION

    20. The Zeus Attack vs. Complete Content Protection • Email Sent – Contains link to compromised site. Mail message detected as spam (phishing) ANTISPAM • End user accesses phishing site, enters credentials, and criminals now have their details .. Access to phishing website is blocked • Phishing site sends BOT infection to user disguised as ‘Security Update’ application WEB FILTER Content scanning prevents malicious content from being downloaded ANTIVIRUS • End user executes BOT application, is infected and now all their data is compromised Botnet command channel is blocked, no compromised data can be sent.Security administrator is alerted to existed of an infected system. INTRUSIONDETECTION 20

    21. Can You Keep Up? Intelligence Reduce emphasis on human intervention End-to-end protection Policy compliance for all devices, including mobile Virtualization Virtual appliances Multi-tenant environments Enterprise-class features available for all segments Not limited to large appliances Growth of WLANs Mobile enterprise

    22. Security Consolidation³ • Integrated security appliance • Block network & content threats • Accelerated performance • 10 GbE • Up to 160 Gbps 23 • Consolidation • Gateway features unification

    23. Security Consolidation³ • Virtual Domains (VDOMs) • Enable a single Firewall, Management and Reporting system to function as multiple independent virtual systems 24 • Consolidation² • Virtual Security Domains, Virtual Management & Reporting

    24. Security Consolidation³ DMZ/Private Zone Virtualized Data Center Server Desktops / Private Servers / DMZ Public Zone Hardware Appliances Virtual Appliances 25 • Consolidation³ • Choice of form factor: run it all on physical appliances or as virtual software

    25. Can You Keep Up? Intelligence Reduce emphasis on human intervention End-to-end protection Policy compliance for all devices, including mobile Virtualization Virtual appliances Multi-tenant environments Enterprise-class features available for all segments Not limited to large appliances Growth of WLANs Mobile enterprise

    26. FortiGate WLANReady for Prime Time

    27. Revenue Opportunity iPad usage in enterprise increases TAM to $4.5B

    28. Building Blocks of Secured Wireless LAN Solution Multi-Threat Security with Integrated Wireless Controller Fortified Wireless Space Secure Wireless Access Points 29

    29. FortiGate Secure WLAN New Security Paradigm in WLAN Firewall Encryption Antivirus IPS UTM

    30. What Do Customers Want? FortiOS FortiOS Guest Access Security Planning/Deployment Scalability Mobility Reduced TCO Application Priority VoWLAN Mesh Networking Mgmt/ Monitoring FortiOS 4.3 FortiOS 4.4

    31. Application Control/Prioritization WLAN is a Shared Medium Cloud means all applications are HTTP L7 Identification Required Unique to Fortinet FortiOS FortiGate Non-priority Apps Priority Apps FortiOS 4.3

    32. Rogue AP Detection PCI Compliance requires Rogue Access Point detection and Wireless IPS at Retail locations FortiGate Rogue AP Detection and Suppression Simultaneous Rogue Detection and background scan Simultaneous Rogue Detection and full-time scan On-wire Rogue detection and suppression Wireless IPS FortiOS FortiOS 4.3

    33. Guest Access FortiOS Receptionist can create a single account for visitor Following fields are customizable. Admin can force certain fields to be mandatory Expiration time can be edited by receptionist if Admin allows -Guest Manager -Guest Manager Email accounts can be printed out or sent to visitors smart phone via SMS or Email FortiOS 4.4

    34. FortiPlanner - Planning/Deployment Create floor plan Shape, walls, windows, doors etc Place APs Automatic or manual Propagation Prediction FortiOS FortiOS 4.3

    35. Management & Reporting FortiOS FortiOS 4.4 • FortiManager • Global management of all wireless controllers and settings • FortiAnalyzer • Central logging/reporting • Wireless PCI compliance reports

    36. Summary 37 • Consolidate Gateway features • Layered security • Simplification • Virtualize where reasonable • Optimization • Mitigate the enhanced security risk • Armorize your WLANs • Reverse engineering • “Single Pane of Glass” • Consolidated view of all activity • See, analyze, remediate

    37. Thank YouFranck Bernardfbernard@fortinet.com

    38. FortiGate as a Sales Platform

    39. Fortinet Product Portfolio - Security Unified Threat Management Centralized Management Application Security FortiGate Network Security Platform FortiManager Centralized Device Management FortiMail Messaging Security FortiAnalyzer Centralized Logging and Reporting FortiWeb Web Application Firewall FortiAP Secure Wireless Access Data & System Security Security Services Endpoint Security FortiClient Endpoint Security FortiDB Database Security FortiGuard Real time Security Services FortiScan Vulnerability Management FortiAuthenticator Remote Access Management

    40. Fortinet Product Portfolio – Network Failover Protection Application Load Balancing Web Caching FortiBridge Fail-to-Wire Bypass FortiBalancer Application Delivery Controllers FortiCache ISP & Enterprise-Class Content Caching VoIP & Analog Telephony Ethernet Switches FortiSwitch Gigabit Ethernet Switches FortiVoice IP PBX & Phones

    41. VPN Strong Authentication Fortinet VPN Open VPN FortiGate FortiGate FortiAuthenticator

    42. Web Application Availability/Security Standard Customer Advanced Customer Web FortiGate FortiGate FortiBalancer FortiWeb FortiWeb Users, Complexity, Availability, Security, Speed Web App Servers Web App Servers

    43. High Performance AD Integration Content Filtering, AppControl Mass Email Encryption AD Cluster Web FortiAuthenticator FortiAuthenticator FortiGate FortiGate FortiMail Email Servers

    44. Total Web Content Filtering Public Access HQ Access FortiGuard FortiGate FortiClient FortiManager