Title: The Future of Network Security: How security platforms will transform networking
1The Future of Network Security How security
platforms will transform networking
-
- Richard Stiennon CMO
- Fortinet, Inc.
2- DOE, Lawrence Livermore National Laboratory
- Fortinets ASIC-based Unified Threat management
solutions provide Lawrence Livermore National
Laboratory with line rate performance and
protection from attacks not picked up by
traditional point products all with a
dramatically reduced operational cost. - -Arien Seghetti
- Security Network Engineer
3A new concept Secure Networks
- No bad traffic. No viruses, no worms, no spam, no
attacks, no bad guys, no inappropriate use. - At the carrier level Clean Pipes, a competitive
advantage - At the enterprise level no worm or virus spread
through the network, no unauthorized access to
resources. - At the remote office simple device, set and
forget. - Lessons learned from the Pentagon
4Its not just UTM
- UTM is inherent in content processing platforms.
- Multiple functions does not mean better security.
- Deep packet inspection is not content filtering
5Security Market Evolution
Unified Threat Management
Firewall ? Antivirus ? IPS ? Antispam ? Content
Filtering ? VPN
Firewall VPN
Firewall
Virtual private network (IPSec and SSL)
6Network Securitys Evolution
Industry Evolution Towards Multi-Layered Security
Platforms
- Benefits of Multi-Layered Security Platforms
- Complements legacy point products
- Lower Cap Ex and Op Ex
- Better risk mitigation capabilities against
blended threats
7Network Security Convergence
Router
Firewall/VPN
IPS/AV/AS/WCF
Switch
8Network Security Convergence
Router
Firewall/VPN
IPS/AV/AS/WCF
Switch
9Who is going to own Secure Networks?
- The router companies?
- Cisco
- Juniper
- The switch companies?
- Extreme
- Force10
- HP Procurve
- The firewall companies?
- Check Point Software
- Secure Computing
- The UTM vendors?
- Sonicwall
- Barracuda
- Watchguard
10Requirements
- Just as every switch uses ASICs to provide
throughput the future of security devices is in
ASICs. - IPv6 parity
- NIAP, ICSA, FIPS, EAL4
- Consistent code across multiple form factors
- Full stateful firewalling
- VPN (IPSEC/SSL)
- BGP, OSPF, RIP, NAT/PAT, Transparent mode
- Virtualization, load balancing, HA
- Organic research for WCF, AS, AV, IPS
- Layer 2 switching. VLANs, tagging,
11What does the future look like?
- More network security vendors emerging from the
UTM start-ups. - Less traction from the legacy networking
companies. - Security devices deployed through out the
network. - Lower total cap-ex
- Lower total Op-ex (No user based licensing,
vendor consolidation) - BETTER SECURITY
12Questions?
- rstiennon_at_fortinet.com
13Fortinet Background
- Leading provider of ASIC-accelerated Unified
Threat Management Security Solutions - Company Stats
- Founded in 2000
- Silicon Valley based with offices worldwide
- Seasoned executive management team
- 800 employees / 500 engineers
- 250,000 FortiGate devices shipped worldwide
- Strong, validated technologies and products
- Fourteen patents 75 pending
- UNH / JITC MoonV6 Tested
- Eight ICSA certifications (first and only
security vendor) - Government Certifications (FIPS-2, Common
Criteria EAL4) - Virus Bulletin 100 approved (2005, 2006)
- 100 Industry Awards
- DOE ICPT Contract (gvTechSolutions)
14Broad Product Scale
15True Security Integration Key
- Combining Best of Breed Technologies
- Worlds Fastest Antivirus
- Powerful Multi-Gig IPS (IDS/IDP)
- Real-Time Web Content Filtering
- Stateful Inspection / Proxy Hybrid Firewall
- IPSec VPN SSL Capabilities
- Scalable Real World Solutions
- Spy-ware Grayware Protection
- Instant Messaging Control
- Dynamic VoIP Security
- Anti-Spam Defense
- Bandwidth Shaping
- Route capable Multicast
- Jumbo Frames
- Active-Active Active-Passive HA with HA
clustering - Advanced Feature Set
Increases ARPU
Reduces CAPEX
Reduces OPEX
16ATCA Carrier Class Systems Appliances
Agency Level Deployments
Data Center NOC SOC Distributed
Enterprise Service Provider Transport
Services Secure VoIP Multi-Cast IPv6 10G
AMC / ATCA and appliance based Tactical
Tactical Network Centric
C4I Tactical Vehicle Airborne Shipboard Satellite
Secure Wireless
Enclave Perimeter Deployments
Traditional Perimeter
Command Tenant Application COIP Insider
Threat Client
17Fortinet Large Global Installed Base
Federal Agencies U.S. Army U.S. Navy U.S. Marine
CorpsU.S. Air Force NSA Joint U.S. Department of
Energy U.S. Senate DOE IRS FAA National
Guard NOAA OSD
Systems Integrators Lockheed Martin Rockwell
Collins GvTech (ICPT Contract) Boeing Smartronix G
eneral Dynamics CSC BAH BAE Systems Raytheon EDS
Large Enterprise Harley Davidson Polycom Honda Pi
zza Hut CNBC Golds Gym Coca Cola General
Motors Vodafone Lockheed Martin Rockwell
Collins Boston Globe Hughes Genentech Sony
Pictures KitchenAid Kelly Blue Book Burger
King Disney Samsung Valvoline Countrywide
Financial
Service Providers Unisys (Federal) Qwest
(Federal) SAIC Megapath British Telecom Global
Crossing Telcom Italia
18FortiGuard Security Subscription
SLA Response Time 24x7 Global Threat Research Lab
Source FortiGuard Subscription Service
19AV-Test Results March 2005
Fortinet Confidential
20Malware Detection Accuracy
Fortinet Confidential
213000 Series Typical Transparent, Route or NAT
Mode Application supporting individual
transparent security features or entire
defense-in-depth security stack
Traditional Federal Agency Use
Integrated security appliance extends existing
perimeter security architecture for one or more
of the following functions
Legacy CPU Firewall / VPN
Gateway Antivirus Transparent-mode
Firewall Intrusion Detection and Prevention VPN
connectivity Email and Web Content
Filtering Traffic Shaping
22FortiGate-5140 - ATCA Investment Protection
- 14 slot chassis for high-density deployments
- - Scales to 112 GE ports
- High-Performance Platform
- 70 Gbps Firewall,
- 8.4 Gbps 3DES VPN,
- 3.5 Gbps AV
- 11.2 Gbps IPS throughput
- Support full chassis and system redundancy with
FS-5003 Switch fabric module - FG-5001/5005 boards can be used in HA or
Transparent mode for maximum flexibility
Up to 12 FG-5001/5002 Security modules and 2
FS-5003 Switch fabric modules for full HA and
redundant configurations
Performance Figures assumes external load
balancers
23Fortinet Simple Agency Value
- Increase Security
- Lower Cost
- Network enabled remote policy enforcement
- Enable Situational Awareness and Control with
(Theater Operational Management) - Provide low cost, simplified moves, adds
changes - Provide real IPv6 protection with IPv4 parity
- DoD PKI CAC enabled user authentication to
automate access management - True best-of-breed ASIC Accelerated IA stack
functionality - Hybrid Proxy Stateful Inspection Firewall
- SSL IPSec VPN,
- Anti-virus,
- Anti-grayware
- Web Content filtering
- IM Protection
24True Network Security Vendor
Fortinet powerful solution
Security Multi-Layered
Performance Scalable Line Speed
Cost Low Cap and Op Ex
1
2
3
Flexibility Broad Hardware Offering Security
Software Modules Security Subscription
4
to help you win the business