Fortinet Overview Real Time Network Protection. Stefano Chiccarelli Consultant Engineer EMEA schiccarelli@fortinet.com

Fortinet Overview Real Time Network Protection Stefano Chiccarelli Consultant Engineer EMEA schiccarelli@fortinet.com

Company Overview First and only maker of ASIC-accelerated Multi-Threat Security Solutions Fortine t Unit Shipm e nts Company Stats: 120000 Founded in 2000 Silicon Valley based with offices worldwide Seasoned executive management team 650+ employees, 300+ R&D & 100+ SE Nearly 150,000 FortiGate devices WW Independent certifications/3 party 100000 80000 60000 rd Seven ICSA certifications (only security vendor) 40000 Government Certifications (FIPS-2, Common Criteria EAL4+) 20000 Virus Bulletin 100 approved 50+ Industry Awards 0 2002 2003 2004 Actual 2005 Estimated 2006

Increasing Industry Recognition Overall Security Appliance Market Growth No. 1 in UTM Gartner Visionary Latest Gartner Firewall Magic Quadrant Fastest growing Network security appliance vendor with in Q3 (IDC) No. 1 in high end Unit shipment leader in high-end UTM systems (>$50K) for Q305 (IDC) $5,000 in millions WW UTM leader in 2003 & 2004, fastest growing network security segment (IDC) $6,000 $4,000 $3,000 $2,000 $1,000 $0 2004 2005 2006 FW/VPN 2007 ID&P 2008 2009 UTM Company Rating: Threatening Fortinet has established itself as a strong competitive threat. -- CurrentAnalysis

Threat Evolution Malicious code exposing confidential data has increased significantly Multi and Blended attacks are now a common practice. Email is the most common delivery mechanism. The motive and intent is changing Moving from notoriety to financial gain. Theft of financial and personal information. Traditional security isn't enough

Blended Threats Blended Combines the Threat functionality of worms, viruses, trojans, malicious mobile code, more Example: Zotob, NetSky, Sobig.F, NIMDA, MyDOOM Vector Email with.pif or.scp attachment Function Harvest email addresses Propagation Send email using spoofed source address with built-in SMTP engine Payload At pre-designated time, ping one of 20 sites to retrieve URL. Download file referenced in URL. Execute the downloaded program.

New Generation Attacks - Grayware Grayware or Spyware Unsolicited programs installed without customer s knowledge (drive-by download) Developed to perform a host of operations Record user activity, keystrokes, web surfing patterns Advertising, pop-ups, web redirection, browser manipulation Searching computer resources to steal information and files Techniques used by Spyware are now being used to load other malicious code for backdoor access, theft of financial information, etc. Infection Can Happen Through Email attachments, Adware popup s Clicking on a malicious web site Downloading malicious files and trojan applications Mousing over web page links and icons US Congress and individual states have begun to create policy to outlaw malicious Spyware, Phishing & Pharming activity

Trends Driving New Security Requirements Fortinet Incorporate multiple security features Firewall + IPS + AV + VPN + Web filtering + Antispam/spyware Maximum performance ASIC accelerated to meet deployment requirements Scalable product line Deployable at offices of all sizes Central management, reporting and auditing Central provisioning, data correlation and pre-defined reports No complex licensing schemes No per-seat pricing or user limitations on hardware Subscription updates for all services Ensures protections against the latest threats Certified security offering Security claims backed by trusted third party firms Other vendor

A New Security Architecture Approach Is Required Antispam Firewall Defend against intrusions Web filters Antivirus Protect email from virus infection Eliminated unproductive web-browsing VPN IPS Reduce unwanted email Protect against malicious attacks Delivering secure remote access VPN IPS Firewall Servers Antivirus Antispam Users URL Filters

Multiple Point Solutions Add Complexity Real Disadvantages Perceived Advantages Requires multiple products that don t talk to each other Increases network complexity and operational cost Non optimal security implementation Comprehensive security approach Quickly react to individual threats VPN IPS Firewall Servers Antivirus Antispam Users URL Filters

Multi-Threat Security With Fortinet Fortinet Advantages Provides comprehensive security approach Minimizes down-time from individual threats Reduces number of vendors and appliances Simplifies security management Coordinates security alerting, logging, and reporting Improves detection capabilities VPN IPS Firewall Servers Antivirus Antispam Users URL Filters

Scalable Solutions Deployable Throughout the Enterprise Perimeter, DMZ, remote office Data center / core network Host-based security Internal outbreak prevention New applications Wireless, Voice-over-IP

Range of Security Systems and Management

Fortinet Developed a Unique Technology for Complete, Real Time Network Protection CORE TECHNOLOGY Real-time networking OS High performance Robust, reliable Proprietary Fortinet Chip Hardware scanning engine Hardware encryption Real-time content analysis

Comprehensive, Multi-Threat Protection Best-in-Class Applications Included in Every FortiGate FortiOS Operating System

Global Infrastructure Ensures Rapid Response to New Threats More than 10 Fortinet Threat Response Teams and FortiGuard Distribution Servers - Automatic AV & IDP Updates Can Reach All FortiGate Units Worldwide in Under 5 Minutes - Real Time Protection for Antispam & Web Content Filtering Services FortiGuard Center Web Portal & Email Bulletins

Services FortiGuard Center Automatic AV & IPS updates can reach all FortiGate units worldwide in under 5 Minutes

Criteria for Network Security Deployments Fortinet Bi-directional AV / IPS inspection Tighter security for internal and external attacks Signature and virus updates pushed to devices Faster updates; eliminates scripts for pulls Transparent mode deployments Easy integration into the network; stealth-mode security Sophisticated VPN Split tunneling, routing, content inspection Multiple high availability methods Ensures resiliency; available from low to high end Security segmentation / virtualization across all products Available for smallest to largest deployments Control of signature deployment Verify in lab or operate own distribution server Other vendor

FortiOS Security & Inspection Engines Stateful Firewall Antivirus Granular security policies Authentication enforcement Quality of Service HTTP, FTP, SMTP, POP3, IMAP Signatures, Heuristics, Activity Intrusion Detection & Prevention Signature, Anomaly, Activity Inspection Antispam Web Filtering Static list, FortiGuard Web Filtering Encryption Static list, FortiGuard Antispam, RBL IPSec, SSL Traffic Shaping Guaranteed rate, Max rate, Traffic priority

Advanced Detection Techniques Fortinet s detection technology has evolved past Stateful Inspection Application Inspection Deep Packet Inspection Innovators of Full Content Inspection & Activity Inspection with full Content Reassembly

Antivirus Detection With Advanced Heuristics Fortinet s advanced antivirus scanning techniques include: File Analysis Worm Inspection File Type Analysis Signature Inspection Heuristic Inspection Content Reassembly

Why Traditional Firewalls Miss The Latest Attacks STATEFUL INSPECTION FIREWALL Inspects packet headers only i.e. looks at the envelope, but not at what s contained inside DATA PACKETS http://www.freesurf.com/downloads/gettysburg Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all Packet headers (TO, FROM, TYPE OF DATA, etc.) OK OK OK OK Not Scanned Packet payload (data) Weaknesses Includes: No Deep Packet Inspection capabilities to spot malicious payloads Per-Packet forwarding with no packet reassembly Malicious applications can be tunneled through trusted ports Traditionally deployed only at the perimeter and can t defend against internal threats

Today s Firewall Configurations -21 FTP -80 P T HT B -313 e c i f i r acko 37 P-25 T M S

How Traditional IDS/IPS Are Missing Modern Attacks DEEP PACKET INSPECTION Performs a packet-by-packet inspection of contents but can easily miss complex attacks that span multiple packets or fragmented http://www.freesurf.com/downloads/gettysburg Undetected OK Four score and BAD CONTENT our forefathers brou! ght forth upon this continent a new nation, OK n liberty, and dedicated to the proposition that all OK Weaknesses Includes: Mirrored traffic analysis, not inline with network flow Alert only, will not proactively block attack traffic Damage is done before alert can be responded to Deep Packet Inspection IDS/IPS systems may be overrun by GB links Traditionally deployed at the perimeter

Protection With Content Reassembly COMPLETE CONTENT PROTECTION 1. Reassemble packets into content http://www.freesurf.com/downloads/gettysburg Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all DISALLOWED CONTENT Four score and seven years ago our BAD CONTENT forefathers brought forth upon this BAD CONTENT NASTY THINGS NASTIER THINGS!! BAD CONTENT a new liberty, and dedicated to the proposition that all!! ATTACK SIGNATURES 2. Compare against disallowed content and attack lists

Application-Level Threats Require Complete Content Protection Type of Threat Examples Detected By Connectionbased intrusions Telnet attacks Stateful inspection Protocol attacks SYN flood, ICMP flood Protocol analysis Packet-level content Buffer-overflow, probe attacks phase of some worms Deep Packet inspection File-level content attacks Viruses, most worms, Trojans Complete Content Protection File-level content threats Inappropriate webcontent Complete Content Protection

Complete Content Protection Requires Enormous Processing Power Complete Content Protection PROCESSING POWER REQUIRED 1000 Email Spam Inappropriate Web Content Worms 100 Trojans Viruses Deep Packet Inspection 10 1 Stateful Inspection 1990 1995 2000 Sophisticated Intrusions Denial of Service Attacks Simple Intrusions 2006

Fortinet s Complete Product Family SOHO/Branch Medium Enterprise Service Provider Large Enterprise FG5140 FG5050 FG5020 FG3600 FG3000 FG1000A Redundant PS FG800 Gigabit perf FG500A High port density FG300A FG400A FG200A FG60 FortiWifi FG50A Gigabit Ethernet Integrated Logging FG100A High Availability, VLAN support

Fortinet product line SOHO BO Medium Enterprise Service Provider Large Enterprise FortiClient FortiMail 2000 FortiMail 400 FortiAnalyzer 800 FortiAnalyzer 2000 FortiAnalyzer 100a FortiManager 400 FortiManager 3000

Italian References SCV

FortiClient v.2.0: VPN+AV+ASpy+PFW+WF Available for Windows, Windows Mobile and Symbian Real-time protection for email and web traffic Virus quarantine Scheduled and real time file system monitoring Registry startup monitor Auto-Update via FortiProtect Central Managment via FortiManager

FortiClient Mobile Antivirus File Scanning Real Time Agent, include protection of air/wifi/bluetooth Scans entire file system including additional storage cards Antivirus Updates Client specific Updates can be scheduled, on demand, via SMS or any other interface (air/wifi/pc) SMS Antispam Black / White list Additional SPAM folder created Optionally linked to address book, i.e. only permit SMS from entries in contact database Address Book Protection Control application level address to the address book Prevent unauthorized use of address book entries Firewall and IPSec VPN Allow the creation of VPN connections directly from the client Firewall is an intrinsic part of VPN component

Case Studies

Case Studies Barclays Capital Hi Performing Multicast FW Deployment

Barclays Capital - UK #5 Largest private bank in the world, #1 in UK With offices in 26 countries, and over 9,000 people and has the global reach and distribution power to meet the needs of issuers and investors. Barclays Capital has the support of an AA rated parent bank with a balance sheet of over 924 billion.

Requirements Hi Performances FW requirement Up to 4Gbps Small packet handling capabilities Multicast Support HA functionality. Centralized Management, Monitoring and Reporting Limited budget or not the requirement for dual skin architecture.

The Solution 16 x FortiGate 3600 in HA on HQ and big sites 40 x FortiGate 800 in HA in branches Multicast implementation FortiManager & FortiAnalyzer Intranet HQ

Benefits of Fortinet Solutions Competition was Juniper, Nokia and Cisco Check Point eventually moved over to Secure Platform at the expense of Nokia due to the latter s poor performance figures. Worth approximately $1,2M to us thus far. We have saved Barclays Capital in excess of 1M should they have elected to use Juniper or Nokia

Grazie!