The Future of Network Security: How security platforms will transform networking

1
The Future of Network Security How security
platforms will transform networking

• Richard Stiennon CMO
• Fortinet, Inc.

2

• DOE, Lawrence Livermore National Laboratory
• Fortinets ASIC-based Unified Threat management
  solutions provide Lawrence Livermore National
  Laboratory with line rate performance and
  protection from attacks not picked up by
  traditional point products all with a
  dramatically reduced operational cost.
• -Arien Seghetti
• Security Network Engineer

3
A new concept Secure Networks

• No bad traffic. No viruses, no worms, no spam, no
  attacks, no bad guys, no inappropriate use.
• At the carrier level Clean Pipes, a competitive
  advantage
• At the enterprise level no worm or virus spread
  through the network, no unauthorized access to
  resources.
• At the remote office simple device, set and
  forget.
• Lessons learned from the Pentagon

4
Its not just UTM

• UTM is inherent in content processing platforms.
• Multiple functions does not mean better security.
• Deep packet inspection is not content filtering

5
Security Market Evolution
Unified Threat Management
Firewall ? Antivirus ? IPS ? Antispam ? Content
Filtering ? VPN
Firewall VPN
Firewall
Virtual private network (IPSec and SSL)
6
Network Securitys Evolution
Industry Evolution Towards Multi-Layered Security
Platforms

• Benefits of Multi-Layered Security Platforms

• Complements legacy point products
• Lower Cap Ex and Op Ex
• Better risk mitigation capabilities against
  blended threats

7
Network Security Convergence
Router
Firewall/VPN
IPS/AV/AS/WCF
Switch
8
Network Security Convergence
Router
Firewall/VPN
IPS/AV/AS/WCF
Switch
9
Who is going to own Secure Networks?

• The router companies?
• Cisco
• Juniper
• The switch companies?
• Extreme
• Force10
• HP Procurve
• The firewall companies?
• Check Point Software
• Secure Computing
• The UTM vendors?
• Sonicwall
• Barracuda
• Watchguard

10
Requirements

• Just as every switch uses ASICs to provide
  throughput the future of security devices is in
  ASICs.
• IPv6 parity
• NIAP, ICSA, FIPS, EAL4
• Consistent code across multiple form factors
• Full stateful firewalling
• VPN (IPSEC/SSL)
• BGP, OSPF, RIP, NAT/PAT, Transparent mode
• Virtualization, load balancing, HA
• Organic research for WCF, AS, AV, IPS
• Layer 2 switching. VLANs, tagging,

11
What does the future look like?

• More network security vendors emerging from the
  UTM start-ups.
• Less traction from the legacy networking
  companies.
• Security devices deployed through out the
  network.
• Lower total cap-ex
• Lower total Op-ex (No user based licensing,
  vendor consolidation)
• BETTER SECURITY

12
Questions?

• rstiennon_at_fortinet.com

13
Fortinet Background

• Leading provider of ASIC-accelerated Unified
  Threat Management Security Solutions
• Company Stats
• Founded in 2000
• Silicon Valley based with offices worldwide
• Seasoned executive management team
• 800 employees / 500 engineers
• 250,000 FortiGate devices shipped worldwide
• Strong, validated technologies and products
• Fourteen patents 75 pending
• UNH / JITC MoonV6 Tested
• Eight ICSA certifications (first and only
  security vendor)
• Government Certifications (FIPS-2, Common
  Criteria EAL4)
• Virus Bulletin 100 approved (2005, 2006)
• 100 Industry Awards
• DOE ICPT Contract (gvTechSolutions)

14
Broad Product Scale
15
True Security Integration Key

• Combining Best of Breed Technologies
• Worlds Fastest Antivirus
• Powerful Multi-Gig IPS (IDS/IDP)
• Real-Time Web Content Filtering
• Stateful Inspection / Proxy Hybrid Firewall
• IPSec VPN SSL Capabilities
• Scalable Real World Solutions
• Spy-ware Grayware Protection
• Instant Messaging Control
• Dynamic VoIP Security
• Anti-Spam Defense
• Bandwidth Shaping
• Route capable Multicast
• Jumbo Frames
• Active-Active Active-Passive HA with HA
  clustering
• Advanced Feature Set

Increases ARPU
Reduces CAPEX
Reduces OPEX
16
ATCA Carrier Class Systems Appliances
Agency Level Deployments
Data Center NOC SOC Distributed
Enterprise Service Provider Transport
Services Secure VoIP Multi-Cast IPv6 10G
AMC / ATCA and appliance based Tactical
Tactical Network Centric
C4I Tactical Vehicle Airborne Shipboard Satellite
Secure Wireless
Enclave Perimeter Deployments
Traditional Perimeter
Command Tenant Application COIP Insider
Threat Client
17
Fortinet Large Global Installed Base
Federal Agencies U.S. Army U.S. Navy U.S. Marine
CorpsU.S. Air Force NSA Joint U.S. Department of
Energy U.S. Senate DOE IRS FAA National
Guard NOAA OSD
Systems Integrators Lockheed Martin Rockwell
Collins GvTech (ICPT Contract) Boeing Smartronix G
eneral Dynamics CSC BAH BAE Systems Raytheon EDS

























































































































Large Enterprise Harley Davidson Polycom Honda Pi
zza Hut CNBC Golds Gym Coca Cola General
Motors Vodafone Lockheed Martin Rockwell
Collins Boston Globe Hughes Genentech Sony
Pictures KitchenAid Kelly Blue Book Burger
King Disney Samsung Valvoline Countrywide
Financial
Service Providers Unisys (Federal) Qwest
(Federal) SAIC Megapath British Telecom Global
Crossing Telcom Italia
18
FortiGuard Security Subscription
SLA Response Time 24x7 Global Threat Research Lab
Source FortiGuard Subscription Service
19
AV-Test Results March 2005
Fortinet Confidential
20
Malware Detection Accuracy
Fortinet Confidential
21
3000 Series Typical Transparent, Route or NAT
Mode Application supporting individual
transparent security features or entire
defense-in-depth security stack
Traditional Federal Agency Use
Integrated security appliance extends existing
perimeter security architecture for one or more
of the following functions
Legacy CPU Firewall / VPN
Gateway Antivirus Transparent-mode
Firewall Intrusion Detection and Prevention VPN
connectivity Email and Web Content
Filtering Traffic Shaping
22
FortiGate-5140 - ATCA Investment Protection

• 14 slot chassis for high-density deployments
• - Scales to 112 GE ports
• High-Performance Platform
• 70 Gbps Firewall,
• 8.4 Gbps 3DES VPN,
• 3.5 Gbps AV
• 11.2 Gbps IPS throughput
• Support full chassis and system redundancy with
  FS-5003 Switch fabric module
• FG-5001/5005 boards can be used in HA or
  Transparent mode for maximum flexibility

Up to 12 FG-5001/5002 Security modules and 2
FS-5003 Switch fabric modules for full HA and
redundant configurations
Performance Figures assumes external load
balancers
23
Fortinet Simple Agency Value

• Increase Security
• Lower Cost
• Network enabled remote policy enforcement
• Enable Situational Awareness and Control with
  (Theater Operational Management)
• Provide low cost, simplified moves, adds
  changes
• Provide real IPv6 protection with IPv4 parity
• DoD PKI CAC enabled user authentication to
  automate access management
• True best-of-breed ASIC Accelerated IA stack
  functionality
• Hybrid Proxy Stateful Inspection Firewall
• SSL IPSec VPN,
• Anti-virus,
• Anti-grayware
• Web Content filtering
• IM Protection

24
True Network Security Vendor
Fortinet powerful solution
Security Multi-Layered
Performance Scalable Line Speed
Cost Low Cap and Op Ex
1
2
3
Flexibility Broad Hardware Offering Security
Software Modules Security Subscription
4
to help you win the business