Fortinet Advanced Threat Protection- Part 3 Upgrading Your Endpoint Security to Meet Advanced Threats Copyright Fortinet Inc. All rights reserved.
Agenda Brief Recap on Breaches and the Need for Advanced Threat Protection Gartner Endpoint Protection Platform (EPP) Requirements Overview of FortiClient (EPP) Introduction to FortiClient Enterprise Management Server (EMS) Final Thoughts 2
Brief Recap
The Problem: Breaches, Breaches and More Breaches 2014: 79,790 security incidents 2015: CEOs, CIOs and CISOs who resigned All organizations should now assume that they are in a state of continuous compromise. Gartner, 2/14/14 Sources: Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks. February 2014. IDG Media. IT Security Priorities and Next-Generation Firewall Deployment. January 2016. 4
This is Fortinet Advanced Threat Protection (ATP) Known Threats Reduce Attack Surface Inspect & Block Known Threats FortiGate & everything that can enforce a security policy Hand off : High risk items FortiSandbox & everything that is behavior based Unknown Threats Identify Unknown Threats Assess Behavior & Identify Trends Response Identify scope Mitigate impact Hand off : Creating a fix & update prevention Hand off : Provide ratings & results FortiGuard teams and automation 5
The $20bn Opportunity Endpoint ($4.6bn) WAF ($800m) SEG ($2bn) NGFW/UTM ($8.5bn) SWG ($2bn) Sandbox ($2bn) 6
How To Move From Detection/Response To Prevention? IMPACT DURATION Random Detection (average 229 days, prior to response) Sandbox Only Detection & Response (days) Sandbox + NGFW/WAF Detect & Respond (minutes) Sandbox + SEG/EPP Prevention (0-second) 7
Integrating Endpoint Protection + Sandbox 1. Secure the ultimate destination of attack 2. See all attack vectors 3. Sandbox intelligence at the endpoint speeds mitigation and improves protection 8
Sales Motion: Net New Sandbox + Client Full featured client reduces agents Caught thousands of malwares missed by SCEP Stops zero-days with FSA 9
Poll Question #1: How Satisfied are Customers with EPP? (answer on a scale of 1-5 with 5 being the most satisfied) 5- Most customers love their EPP- effective, easy, affordable 4- Most customers are reasonable happy with their EPP 3- Most customers are indifferent to their EPP- its ok, but would switch 2- Most customers are not so happy with their EPP 1- Most customers hate their EPP- ineffective, tough to manage and expensive 10
Gartner Endpoint Protection Requirements
Gartner: Endpoint Protection Platform Functions DLP 12
Gartner: Endpoint Protection Platform Functions Not all products in this analysis provide the same collection of features. Here, we focus primarily on Anti-malware effectiveness and performance, Management capability, Protection for Windows and non-windows platforms, Application control and Vulnerability assessment, Emerging detection and response capabilities. DLP, EMM and vulnerability assessment are also evaluated in their own Magic Quadrant analyses (see the Gartner Recommended Reading section). DLP 13
Overview of FortiClient Endpoint Protection
Fortinet s FortiClient Endpoint Protection Platform Unified Client Antivirus Web Filter Application Firewall 2-Factor Authentication WAN Optimization Vulnerability Scanning Remote VPN Part of Fortinet s ATP Solution Top rated protection Independent Validation Easy deployment Low TCO 15
Requirement #1: Effective Antimalware Antivirus Engine Real-time Host Protection Updates Every 4 Hours Scheduled Scanning Application Firewall Network Activity Detection Application Categories Individual Application Granularity Web Filter Cloud based URL rating Safe Search Option Exclusion List 16
Requirement #1: Effective Antimalware 17
Requirement #2: Protection for Windows/Non-Windows 18
Requirement #3: Vulnerability Management Vulnerability Scan System Vulnerability scan agent Central scheduling of scans Optionally report via FAZ/FMG VPN/2FA IPSec & SSL Tunnel VPN Fast VPN Configuration Hard and Soft Token Options 19
Requirement #4: Emerging Detection and Response NSS Labs Recommended Sandbox Analysis Hold For or Act Upon Result Dynamic, Local Threat Intelligence 20
Requirement #5a: Central Management- FortiGate Enforce Endpoint Compliance Manage Client Registration Set & Distribute Endpoint Profiles View Status 21
Requirement #5b: Central Management- Enterprise Management Server AD Servers Deploy & Provision Remotely deploy, configure and manage FortiClient Integrate with LDAP and other enterprise systems Scale to hundreds of thousands of devices EMS Register & Monitor Endpoints 22
Requirement 5c: Central Management FortiGate + EMS Import Endpoint Profile from FortiGate FortiClient EMS 23
FortiClient Enterprise Management Server
FortiClient EMS Overview Central Large Scale Provisioning Security Profiles (Similar to FortiGate) Group-based Management (incl. Directory-integrated) Real-time Visibility & Monitoring Central Reporting (with FortiAnalyzer) 25
FortiClient EMS Central Large Scale Provisioning Install Options Tab Select installer for deployment AD credentials that will be used for deployment 26
FortiClient EMS Security Profiles Policy Type AV Configuration FortiClient Settings AV Configure Profile List 27
FortiClient EMS Group-based Management- Active Directory AD Server Server Farm Client Registration Policy Deployment FortiClient EMS Import & Sync User Group Info from AD 28
FortiClient EMS Group-based Management- Non-AD Networks Workgroup Sync FortiClient EMS Devices on Windows Workgroup Discover & Import Workgroups on Local Subnet 29
FortiClient EMS Real-time Visibility & Monitoring Status Summary Client Summary & Monitoring Devices by OS 30
FortiClient Reporting FortiAnalyzer Reports Endpoint Summary Threat Summary Antivirus Report Web Filter Report Threat Report by Time Threat Report by Device/User VPN Report 31
FortiClient EMS Other Features Centrally Manage Certificates Control Security Update Infrastructure Remotely Trigger Antivirus Scans Increased Visibility For Each Client» View feature status, OS, hostname, IP address, and other system info» View online/offline status for each host Push advanced XML configuration to clients Supported by FortiClient v5.2+ 32
Additional Resources Partner Portal: https://partners.fortinet.com/fortipartnerportal/fortipp/login.jsp FortiClient Product Page: http://www.fortinet.com/products/endpoint/index.html NSS Labs EPP Test Report: http://www.fortinet.com/resource_center/analyst_reports/nss-labs-2015-enterprise-endpoint-testing.html FortiClient Software: http://www.fortinet.com/resource_center/product_downloads.html NSE Training: http://www.fortinet.com/training/certifications/ Join us for subsequent webcasts on the Fortinet ATP components- FortiMail and FortiWeb. 33
Final Thoughts Top-rated Anti-malware Effectiveness Protection for Windows/non-Windows App Control/Vulnerability Assessment Emerging Detection and Response Large Scale Central Management 34
Thank you.