Fortinet Overview Real Time Network Protection. Stefano Chiccarelli Consultant Engineer EMEA schiccarelli@fortinet.com



Similar documents
Unified Threat Management, Managed Security, and the Cloud Services Model

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Fortigate Features & Demo

Networking for Caribbean Development

Cisco Small Business ISA500 Series Integrated Security Appliances

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

High Performance NGFW Extended

Astaro Gateway Software Applications

Network Intrusion Prevention Systems (IPS) Frequently Asked Questions FAQ

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

WHITE PAPER. Understanding How File Size Affects Malware Detection

The Cisco ASA 5500 as a Superior Firewall Solution

Next-Generation Firewalls: Fact and Fiction Frequently Asked Questions FAQ

Network protection and UTM Buyers Guide

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Firewall and UTM Solutions Guide

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

Chapter 9 Firewalls and Intrusion Prevention Systems

inlife Managed Security Service (MSS)

Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE

Next Gen Firewall and UTM Buyers Guide

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

NetDefend Firewall UTM Services

INTRODUCTION TO FIREWALL SECURITY

FortiMail Filtering Course 221-v2.2 Course Overview

Advantages of Managed Security Services

Virtual Private Networks Secured Connectivity for the Distributed Organization

NetDefend Firewall UTM Services

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

SonicWALL Unified Threat Management. Alvin Mann April 2009

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

FortiMail Comprehensive Security System for Enterprises and Service Providers

Cyberoam Next-Generation Security. 11 de Setembro de 2015

WHITE PAPER SECURING DISTRIBUTED ENTERPRISE NETWORKS FOR PCI DSS 3.0 COMPLIANCE

Integrated Protection for Systems. João Batista Territory Manager

High performance security for low-latency networks

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Solution Brief FortiMail for Service Providers. Nathalie Rivat

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Simple security is better security Or: How complexity became the biggest security threat

FortiGuard Web Content Filtering versus Websense March 2005

WHITE PAPER. Next-Generation Security for Enterprise Networks

Network Security. Protective and Dependable. Pioneer of IP Innovation

Dell SonicWALL Next Generation Firewall(Gen6) and Integrated Solution. Colin Wu / 吳 炳 東 Colin_Wu1@dell.com

Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Global Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER

Fortinet Certified Network Security Administrator

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Content Security Gateway Series Real-time Gateway Web Security Against Spyware and Viruses

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Secure Cloud-Ready Data Centers Juniper Networks

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Microsoft TMG Replacement. How FORTINET integrated secuity platforms Help Protect the Perimeter in a Microsoft Infrastructure Environment

Barracuda Intrusion Detection and Prevention System

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

FortiGate /FortiWiFi -80 Series Enterprise-Class Protection for Branch Offices

SonicWALL Advantages Over WatchGuard

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

QUOTATION FOR UTM 4/26(1)/2009/EDP-HO 06/08/2015

Cisco IOS Advanced Firewall

FortiMail Filtering. Course for FortiMail v4.0. Course Overview

Section 12 MUST BE COMPLETED BY: 4/22

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

Huawei Eudemon200E-N Next-Generation Firewall

Automate your IT Security Services

PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS

Content-ID. Content-ID URLS THREATS DATA

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

Gateway Security at Stateful Inspection/Application Proxy

PRODUCT CATEGORY BROCHURE. Juniper Networks Integrated

How To Ensure Security In Pc Ds 3.0

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800, 2900, 3800 and 3900 Series Integrated Services Routers

Deploying Firewalls Throughout Your Organization

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

WATCHGUARD FIREBOX VCLASS

Next Generation Firewalls and Sandboxing

Jort Kollerie SonicWALL

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Cisco ASA 5500 Series Content Security Edition for the Enterprise

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

Cisco ASA 5500 Series Business Edition

SonicOS 5.9 One Touch Configuration Guide

Transcription:

Fortinet Overview Real Time Network Protection Stefano Chiccarelli Consultant Engineer EMEA schiccarelli@fortinet.com

Company Overview First and only maker of ASIC-accelerated Multi-Threat Security Solutions Fortine t Unit Shipm e nts Company Stats: 120000 Founded in 2000 Silicon Valley based with offices worldwide Seasoned executive management team 650+ employees, 300+ R&D & 100+ SE Nearly 150,000 FortiGate devices WW Independent certifications/3 party 100000 80000 60000 rd Seven ICSA certifications (only security vendor) 40000 Government Certifications (FIPS-2, Common Criteria EAL4+) 20000 Virus Bulletin 100 approved 50+ Industry Awards 0 2002 2003 2004 Actual 2005 Estimated 2006

Increasing Industry Recognition Overall Security Appliance Market Growth No. 1 in UTM Gartner Visionary Latest Gartner Firewall Magic Quadrant Fastest growing Network security appliance vendor with in Q3 (IDC) No. 1 in high end Unit shipment leader in high-end UTM systems (>$50K) for Q305 (IDC) $5,000 in millions WW UTM leader in 2003 & 2004, fastest growing network security segment (IDC) $6,000 $4,000 $3,000 $2,000 $1,000 $0 2004 2005 2006 FW/VPN 2007 ID&P 2008 2009 UTM Company Rating: Threatening Fortinet has established itself as a strong competitive threat. -- CurrentAnalysis

Threat Evolution Malicious code exposing confidential data has increased significantly Multi and Blended attacks are now a common practice. Email is the most common delivery mechanism. The motive and intent is changing Moving from notoriety to financial gain. Theft of financial and personal information. Traditional security isn't enough

Blended Threats Blended Combines the Threat functionality of worms, viruses, trojans, malicious mobile code, more Example: Zotob, NetSky, Sobig.F, NIMDA, MyDOOM Vector Email with.pif or.scp attachment Function Harvest email addresses Propagation Send email using spoofed source address with built-in SMTP engine Payload At pre-designated time, ping one of 20 sites to retrieve URL. Download file referenced in URL. Execute the downloaded program.

New Generation Attacks - Grayware Grayware or Spyware Unsolicited programs installed without customer s knowledge (drive-by download) Developed to perform a host of operations Record user activity, keystrokes, web surfing patterns Advertising, pop-ups, web redirection, browser manipulation Searching computer resources to steal information and files Techniques used by Spyware are now being used to load other malicious code for backdoor access, theft of financial information, etc. Infection Can Happen Through Email attachments, Adware popup s Clicking on a malicious web site Downloading malicious files and trojan applications Mousing over web page links and icons US Congress and individual states have begun to create policy to outlaw malicious Spyware, Phishing & Pharming activity

Trends Driving New Security Requirements Fortinet Incorporate multiple security features Firewall + IPS + AV + VPN + Web filtering + Antispam/spyware Maximum performance ASIC accelerated to meet deployment requirements Scalable product line Deployable at offices of all sizes Central management, reporting and auditing Central provisioning, data correlation and pre-defined reports No complex licensing schemes No per-seat pricing or user limitations on hardware Subscription updates for all services Ensures protections against the latest threats Certified security offering Security claims backed by trusted third party firms Other vendor

A New Security Architecture Approach Is Required Antispam Firewall Defend against intrusions Web filters Antivirus Protect email from virus infection Eliminated unproductive web-browsing VPN IPS Reduce unwanted email Protect against malicious attacks Delivering secure remote access VPN IPS Firewall Servers Antivirus Antispam Users URL Filters

Multiple Point Solutions Add Complexity Real Disadvantages Perceived Advantages Requires multiple products that don t talk to each other Increases network complexity and operational cost Non optimal security implementation Comprehensive security approach Quickly react to individual threats VPN IPS Firewall Servers Antivirus Antispam Users URL Filters

Multi-Threat Security With Fortinet Fortinet Advantages Provides comprehensive security approach Minimizes down-time from individual threats Reduces number of vendors and appliances Simplifies security management Coordinates security alerting, logging, and reporting Improves detection capabilities VPN IPS Firewall Servers Antivirus Antispam Users URL Filters

Scalable Solutions Deployable Throughout the Enterprise Perimeter, DMZ, remote office Data center / core network Host-based security Internal outbreak prevention New applications Wireless, Voice-over-IP

Range of Security Systems and Management

Fortinet Developed a Unique Technology for Complete, Real Time Network Protection CORE TECHNOLOGY Real-time networking OS High performance Robust, reliable Proprietary Fortinet Chip Hardware scanning engine Hardware encryption Real-time content analysis

Comprehensive, Multi-Threat Protection Best-in-Class Applications Included in Every FortiGate FortiOS Operating System

Global Infrastructure Ensures Rapid Response to New Threats More than 10 Fortinet Threat Response Teams and FortiGuard Distribution Servers - Automatic AV & IDP Updates Can Reach All FortiGate Units Worldwide in Under 5 Minutes - Real Time Protection for Antispam & Web Content Filtering Services FortiGuard Center Web Portal & Email Bulletins

Services FortiGuard Center Automatic AV & IPS updates can reach all FortiGate units worldwide in under 5 Minutes

Criteria for Network Security Deployments Fortinet Bi-directional AV / IPS inspection Tighter security for internal and external attacks Signature and virus updates pushed to devices Faster updates; eliminates scripts for pulls Transparent mode deployments Easy integration into the network; stealth-mode security Sophisticated VPN Split tunneling, routing, content inspection Multiple high availability methods Ensures resiliency; available from low to high end Security segmentation / virtualization across all products Available for smallest to largest deployments Control of signature deployment Verify in lab or operate own distribution server Other vendor

FortiOS Security & Inspection Engines Stateful Firewall Antivirus Granular security policies Authentication enforcement Quality of Service HTTP, FTP, SMTP, POP3, IMAP Signatures, Heuristics, Activity Intrusion Detection & Prevention Signature, Anomaly, Activity Inspection Antispam Web Filtering Static list, FortiGuard Web Filtering Encryption Static list, FortiGuard Antispam, RBL IPSec, SSL Traffic Shaping Guaranteed rate, Max rate, Traffic priority

Advanced Detection Techniques Fortinet s detection technology has evolved past Stateful Inspection Application Inspection Deep Packet Inspection Innovators of Full Content Inspection & Activity Inspection with full Content Reassembly

Antivirus Detection With Advanced Heuristics Fortinet s advanced antivirus scanning techniques include: File Analysis Worm Inspection File Type Analysis Signature Inspection Heuristic Inspection Content Reassembly

Why Traditional Firewalls Miss The Latest Attacks STATEFUL INSPECTION FIREWALL Inspects packet headers only i.e. looks at the envelope, but not at what s contained inside DATA PACKETS http://www.freesurf.com/downloads/gettysburg Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all Packet headers (TO, FROM, TYPE OF DATA, etc.) OK OK OK OK Not Scanned Packet payload (data) Weaknesses Includes: No Deep Packet Inspection capabilities to spot malicious payloads Per-Packet forwarding with no packet reassembly Malicious applications can be tunneled through trusted ports Traditionally deployed only at the perimeter and can t defend against internal threats

Today s Firewall Configurations -21 FTP -80 P T HT B -313 e c i f i r acko 37 P-25 T M S

How Traditional IDS/IPS Are Missing Modern Attacks DEEP PACKET INSPECTION Performs a packet-by-packet inspection of contents but can easily miss complex attacks that span multiple packets or fragmented http://www.freesurf.com/downloads/gettysburg Undetected OK Four score and BAD CONTENT our forefathers brou! ght forth upon this continent a new nation, OK n liberty, and dedicated to the proposition that all OK Weaknesses Includes: Mirrored traffic analysis, not inline with network flow Alert only, will not proactively block attack traffic Damage is done before alert can be responded to Deep Packet Inspection IDS/IPS systems may be overrun by GB links Traditionally deployed at the perimeter

Protection With Content Reassembly COMPLETE CONTENT PROTECTION 1. Reassemble packets into content http://www.freesurf.com/downloads/gettysburg Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all DISALLOWED CONTENT Four score and seven years ago our BAD CONTENT forefathers brought forth upon this BAD CONTENT NASTY THINGS NASTIER THINGS!! BAD CONTENT a new liberty, and dedicated to the proposition that all!! ATTACK SIGNATURES 2. Compare against disallowed content and attack lists

Application-Level Threats Require Complete Content Protection Type of Threat Examples Detected By Connectionbased intrusions Telnet attacks Stateful inspection Protocol attacks SYN flood, ICMP flood Protocol analysis Packet-level content Buffer-overflow, probe attacks phase of some worms Deep Packet inspection File-level content attacks Viruses, most worms, Trojans Complete Content Protection File-level content threats Inappropriate webcontent Complete Content Protection

Complete Content Protection Requires Enormous Processing Power Complete Content Protection PROCESSING POWER REQUIRED 1000 Email Spam Inappropriate Web Content Worms 100 Trojans Viruses Deep Packet Inspection 10 1 Stateful Inspection 1990 1995 2000 Sophisticated Intrusions Denial of Service Attacks Simple Intrusions 2006

Fortinet s Complete Product Family SOHO/Branch Medium Enterprise Service Provider Large Enterprise FG5140 FG5050 FG5020 FG3600 FG3000 FG1000A Redundant PS FG800 Gigabit perf FG500A High port density FG300A FG400A FG200A FG60 FortiWifi FG50A Gigabit Ethernet Integrated Logging FG100A High Availability, VLAN support

Fortinet product line SOHO BO Medium Enterprise Service Provider Large Enterprise FortiClient FortiMail 2000 FortiMail 400 FortiAnalyzer 800 FortiAnalyzer 2000 FortiAnalyzer 100a FortiManager 400 FortiManager 3000

Italian References SCV

FortiClient v.2.0: VPN+AV+ASpy+PFW+WF Available for Windows, Windows Mobile and Symbian Real-time protection for email and web traffic Virus quarantine Scheduled and real time file system monitoring Registry startup monitor Auto-Update via FortiProtect Central Managment via FortiManager

FortiClient Mobile Antivirus File Scanning Real Time Agent, include protection of air/wifi/bluetooth Scans entire file system including additional storage cards Antivirus Updates Client specific Updates can be scheduled, on demand, via SMS or any other interface (air/wifi/pc) SMS Antispam Black / White list Additional SPAM folder created Optionally linked to address book, i.e. only permit SMS from entries in contact database Address Book Protection Control application level address to the address book Prevent unauthorized use of address book entries Firewall and IPSec VPN Allow the creation of VPN connections directly from the client Firewall is an intrinsic part of VPN component

Case Studies

Case Studies Barclays Capital Hi Performing Multicast FW Deployment

Barclays Capital - UK #5 Largest private bank in the world, #1 in UK With offices in 26 countries, and over 9,000 people and has the global reach and distribution power to meet the needs of issuers and investors. Barclays Capital has the support of an AA rated parent bank with a balance sheet of over 924 billion.

Requirements Hi Performances FW requirement Up to 4Gbps Small packet handling capabilities Multicast Support HA functionality. Centralized Management, Monitoring and Reporting Limited budget or not the requirement for dual skin architecture.

The Solution 16 x FortiGate 3600 in HA on HQ and big sites 40 x FortiGate 800 in HA in branches Multicast implementation FortiManager & FortiAnalyzer Intranet HQ

Benefits of Fortinet Solutions Competition was Juniper, Nokia and Cisco Check Point eventually moved over to Secure Platform at the expense of Nokia due to the latter s poor performance figures. Worth approximately $1,2M to us thus far. We have saved Barclays Capital in excess of 1M should they have elected to use Juniper or Nokia

Grazie!