Fortinet Solutions Overview - PowerPoint PPT Presentation

Loading...

PPT – Fortinet Solutions Overview PowerPoint presentation | free to view - id: 56f116-N2M4M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Fortinet Solutions Overview

Description:

Title: Slide 1 Author: Chris Simmons Created Date: 8/27/2008 3:51:14 PM Document presentation format: On-screen Show (4:3) Company: Fortinet, Inc. Other titles – PowerPoint PPT presentation

Number of Views:2452
Avg rating:3.0/5.0
Slides: 59
Provided by: ChrisS206
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Fortinet Solutions Overview


1
Fortinet Solutions Overview
  • Acacio Martín
  • Sales Manager Iberia
  • Q1 2009

2
Agenda
Introduction
FortiGate. Network Security
  • Dedicated Application Level Solutions
  • FortiWeb
  • FortiDB
  • FortiEmail

About Fortinet
3
Threat Evolution
  • Threats have continuously evolved over time
  • The threat / counter threat model is broken
  • Complex threats require increases in security
    device resources

4
First generation Stateful Inspection Firewall
Content Filter
Firewall / VPN
IDS/IDP
Antivirus
IDS/IDP
5
Firewall does not scan content based attacks
  • OK

http//www.freesurf.com/downloads/Gettysburg
Four score and BAD CONTENT our forefathers brou
  • OK
  • OK

ght forth upon this continent a new nation,
  • OK

n liberty, and dedicated to the
proposition that all
Not scanned
Packet headers
Packet payload (data)
6
Second Generation Deep Packet Inspection
Deep Packet Inspection. IDS/IPS Stateful
Inspection Firewall
Content Filter
Firewall / VPN
IDS/IDP
Antivirus
IDS/IDP
7
Some firewall do Deep Packet Inspection
DEEP PACKET INSPECTION
  • OK

http//www.freesurf.com/downloads/Gettysburg
Four score and BAD CONTENT our forefathers brou
!
  • OK

ght forth upon this continent a new nation,
  • OK

n liberty, and dedicated to the
proposition that all
8
New Generation Complete Content Protection
Content Filter
Firewall / VPN
IDS/IDP
Antivirus
IDS/IDP
9
Stopping Content Based Attacks needs more than
Deep Packet Inspection
COMPLETE PACKET INSPECTION
http//www.freesurf.com/downloads/Gettysburg
Four score and BAD CONTENT our forefathers brou
ght forth upon this continent a new nation,

n liberty, and dedicated to the
proposition that all
!!
!!
10
Complete Content Protection requires huge
process capacity
11
Agenda
Introduction
FortiGate. Network Security
  • Dedicated Application Level Solutions
  • FortiWeb
  • FortiDB
  • FortiEmail

About Fortinet
12
FortiGate. Custom ASICs for Unmatched Performance
  • The FortiASIC Family
  • Network ASIC (NP)
  • Firewall acceleration
  • VPN (IPSEC and SSL)
  • IPS anomaly acceleration
  • Application ASIC (CP)
  • Accelerated Antivirus (Antispyware) analysis
  • Web Filtering and Antispam Advantage from
    Accelerated AV scanning
  • Traffic Shaping

13
A New Security Architecture Is Required
  • Antispam
  • Reduce unwanted email
  • Web filters
  • Eliminated unproductive web-browsing
  • VPN
  • Delivering secure remote access
  • Firewall
  • Defend against intrusions
  • Antivirus
  • Protect email and web applications from virus
    infection
  • IPS
  • Protect against malicious attacks

Servers
Users
14
Multiple Point Solutions Add Complexity
  • Perceived Advantages
  • Comprehensive security approach
  • Quickly react to individual threats
  • Real Disadvantages
  • Requires multiple products that dont talk to
    each other
  • Increases network complexity and operational cost
  • Non optimal security implementation

Servers
Users
15
Multi-Threat Security With Fortinet
  • Fortinet Advantages
  • Provides comprehensive security approach
  • Minimizes down-time from individual threats
  • Reduces number of vendors and appliances
  • Simplifies security management
  • Coordinates security alerting, logging, and
    reporting
  • Improves detection capabilities

Servers
Users
16
Flexible, Unified Security Platform
Antivirus
Intrusion Prevention Service
with Antispyware
Web Content Filtering
Antispam
Firewall
VPN
Virtual Domains
Traffic Shaping
17
Anatomy of the FortiGate Solution
FortiOS is the security hardened operating system
that powers all FortiGate multi-threat security
systems.
18
Introducing FortiOS 4.0
With the release of FortiOS 4.0, Fortinet is
redefining network security again by extending
the scope of consolidated security capabilities
within the FortiGate multi-threat security
system.  
4.0
  • Primary Benefits
  • Access to innovative new security technologies,
    once available only as standalone products
  • Improved security through the integration of
    security technologies working together
  • Consolidation simplifies management, saving time
    and money

19
New to FortiOS
  • FortiOS 4.0 introduces four major new
    technologies into the existing comprehensive
    network security offering
  • WAN Optimization
  • Accelerate applications over WAN connections
    while ensuring multi-threat security enforcement
  • Application Control
  • Recognize traffic based on the application
    generating it, instead of port or protocol
  • SSL Inspection
  • to increase security and policy control among
    encrypted traffic streams
  • Data Leakage Prevention (DLP)
  • to identify and prevent the communication of
    sensitive information outside of the network
    boundaries

20
WAN Optimization
  • Increases network performance by reducing the
    amount of communication and data transmitted
    between applications and servers across a WAN
  • Increases network performance
  • Reduces data transmitted across a WAN
  • Reduces bandwidth and server resource
    requirements
  • Improves user productivity
  • Reduces networking costs

21
WAN Optimization in Action
  • Integrated caching
  • Bi-directional
  • Integrated with VDOMs
  • Common applications
  • File Sharing (CIFS, FTP)
  • Email (MAPI with MS Exchange / MS Outlook)
  • Web (HTTP / HTTPS)
  • Generic (TCP)
  • FortiClient Integration
  • Remote / mobile users without local FortiGate

22
Application Control
Enforces security policy for over 1000
applications, regardless of port or protocol used
for communication
  • Facilitates inspection for evasive applications
    using non-standard ports, port-hopping, or
    tunneling within trusted applications
  • More flexible and fine-grained policy control
  • Increased security
  • Deeper visibility into network traffic

23
Application Control List
Multiple Applications can be defined with
different actions and logging options
24
Categories and Apps
Thousands of Applications Supported
25
SSL Traffic Inspection
Proxies SSL encrypted traffic, inspecting for
threats and applying policy to traffic that is
invisible to other security devices.
  • Inspect otherwise hidden communication
  • Increased protection for secure web/app servers
  • Improved visibility into network traffic
  • Supports HTTPS, POP3S, SMTPS, and IMAPS protocols

26
Filtering HTTPS Traffic
  • Apply traditional Web Filtering policies to HTTPS
    traffic

Client initiates connection to HTTPS
server Intercepted by FortiGate FGT establishes
connection to the server and proxies the
communication Web Filtering is applied on the
decrypted traffic stream
Corporate LAN
27
Protecting SSL ServersFilter SSL-encrypted
traffic to prevent intrusions / attacks
  • Uses the same mechanism to intercept decrypt
    the SSL traffic streams
  • Apply standard protection profile on encrypted
    traffic

Client
Email (POP3S, IMAPS, SMTPS)
Web (HTTPS)
Corporate LAN
28
SSL Inspection for Secure Web
New SSL Inspection Options
29
SSL Inspection E-Mail
  • IMAPS
  • POP3S
  • SMTPS

New SSL Inspection Options
30
Data Leakage Prevention
  • Keep sensitive, confidential, and proprietary
    data from escaping defined network perimeter
  • Integrates with Application Control and SSL
    Inspection
  • Works across any application and encrypted
    traffic
  • Configurable actions (block / log)
  • Provides audit trails for data and files
  • Aides in legislative compliance
  • Protects an organizations sensitive information

31
Data Leakage Prevention (DLP)
  • DLP Sensor
  • Used to define data detection rule sets
  • Sensor applied in protection profile
  • DLP Actions
  • Log, block, archive (to FortiAnalyzer)
  • Ban or quarantine user
  • File Types supported
  • Text, PDF, MS Word (up to and including 2007
    versions)
  • Additional types added in future

32
DLP Rules Protocol Specific Configuration
Rules can be created using Regular Expression or
ASCII.
33
Additional FortiOS 4.0 Features
  • Identity-Based Policies
  • FortiOS 4.0 allows administrators the ability to
    define security policy around individual users
    (new), groups of users (new), IP address,
    network, or protocol.
  • Intrusion Prevention Enhancements
  • FortiOS 4.0 enhances the FortiGate systems
    Intrusion Prevention capabilities. With passive
    intrusion detection, IPv6 support, multiple
    blocking actions, and enhanced logging options
    for threat traffic, Fortinet takes the intrusion
    prevention service to a new level of
    effectiveness.
  • Endpoint Compliance and Control
  • FortiOS 4.0 allows the FortiGate multi-threat
    security system to check for the installation of
    FortiClient endpoint security agents. Host
    integrity (AV updated, Firewall enabled, etc.)
    can be checked before allowing the device to the
    trusted network. Quarantine capabilities allow
    for multi-tiered network access so endpoints can
    resolve their compliance issues or continue with
    restricted access on a segregated and restricted
    virtual LAN (VLAN).

34
The Power of Integrated Security
  • Example 1
  • SSL Inspection decrypts HTTPS communications of
    web-based email
  • DLP policy scans outgoing transmissions for email
    text detailing sensitive information
  • DLP policy also scans file attachments,
    potentially blocking files containing credit card
    numbers / social security numbers / other
    sensitive information
  • Identity-based policies can combine with
    Application Control to block the single offending
    user from using web mail applications, but allow
    use of other web applications
  • Example 2
  • DLP could identify and block sensitive
    information being transmitted to specific
    offices, enforcing a need-to-know basis
  • WAN Optimization increases the speed of file
    transmission from corporate to branch offices
  • VPN Module encrypts traffic bound for remote
    location

35
(No Transcript)
36
Backed by Global Services Offerings
Security updates via global update servers
engineering team
and customer support centers located throughout
the world
Fortinet support centers FortiGuard update server
locations
37
Introducing FortiAnalyzer
FortiAnalyzer is an integrated network logging,
analysis, and reporting platform
  • Ideal for
  • Enterprises (Small to Large)
  • Service Providers
  • Telecom Customers
  • Centralizes functions for
  • Security Log Analysis / Forensics
  • Graphical Reporting
  • Content Archiving / Data Mining
  • Network Analysis
  • Malicious File Quarantine
  • Vulnerability Assessment

38
Introducing FortiManager
FortiManager is an integrated management and
monitoring platform for all Fortinet products
  • Ideal for
  • Enterprises (Small to Large)
  • Service Providers
  • Telecom Customers
  • Centralizes functions for
  • Product Deployments
  • Real-time Monitoring
  • Device/Policy Maintenance
  • Device/Security Updates

39
Agenda
Introduction
FortiGate. Network Security
  • Dedicated Application Level Solutions
  • FortiWeb
  • FortiDB
  • FortiEmail

About Fortinet
40
The FortiFamily
WEB SECURITY
DATA BASE SECURITY
NETWORK SECURITY
EMAIL SECURITY
41
The complexity of Web Applications
  • Instead of attempting to secure web application
    code, FortiWeb provides an umbrella of protection
    for web applications and data
  • Web applications are free to change, be added,
    and exist in multiple instances
  • Web applications secured, deployment simplified

Switch
DMZ
Web Application Servers
Databases
42
FortiWeb-1000B
  • FortiWeb-1000B is a web security appliance
    that provides
  • Web Application and XML firewalls
  • Accelerates web applications through XML/SSL
    acceleration and session offloading
  • Load balancing
  • Simplifies deployment and management of web
    applications with a central security appliance
  • Aides compliance with PCI and regulatory mandates

43
DDBB Security
  • Scans for security problems provides advice to
    fix
  • Built-in best practices and/or your own standards
  • Ongoing scan of every DB in your enterprise

FortiPartner Program IPLocks Japan
Assures the confidentiality, integrity and
availability of critical enterprise data
  • Automatically create baselines of normal
    behavior
  • Continuously scan for suspicious end-user
    behavior
  • Alert on suspicious data access patterns
  • Full history of user privilege and object /
    schema design changes, incl. data access / data
    update events
  • Audit/Compliance reports for use by DBA team,
    infosec or audit team

44
Application Security
FortiMail high-performance multi-layered email
security platforms provide maximum protection for
email threats and facilitate regulatory
compliance.
  • Ideal for
  • Small-Medium Businesses (SMBs)
  • Enterprises (Small to Large)
  • Service Providers
  • Primary Benefits
  • Comprehensive protection eliminating threats and
    attacks from Emails
  • Avoids mail system resource consumption
  • Preserves internal network bandwidth
  • Aids compliance with advanced content archiving
  • Increases employee productivity
  • Protect, quarantine and archive all-in-one

45
End Point Security
FortiClient PC
IPSEC VPN
Antivirus/Antimalware
Personal Firewall
Web Filtering
Antispam
Subscription Updates
Centralized Management
46
Agenda
Introduction
FortiGate. Network Security
  • Dedicated Application Level Solutions
  • FortiWeb
  • FortiDB
  • FortiEmail

About Fortinet
47
Fortinet Overview
  • Leading provider of ASIC-accelerated Unified
    Threat Management (UTM) Security Solutions
  • Company Stats
  • Founded in 2000
  • Silicon Valley based with offices worldwide
  • Seasoned executive management team
  • 1,100 employees / 500 engineers
  • 400,000 FortiGate devices shipped worldwide
  • Strong, validated technologies and products
  • 18 patents 80 pending
  • Six ICSA certifications (Firewall, AV, IPS, IPSec
    VPN, SSL VPN, Anti-Spam)
  • Government Certifications (FIPS-2, Common
    Criteria EAL4)
  • Virus Bulletin 100 approved (2005, 2006, 2007,
    2008)

48
Large Global Installed Base
Blue Chip Customers
49
Global 500 Customers
Secures
Seven of Top 10 Fortune 500 Five of
Top 10 Global 500 in EMEA Seven of
Top 10 Global 500 in APAC Six of Top 10
Global 500 Commercial Savings Banks Seven
of Top 10 Global 500 Aerospace Defense Two
of Top 5 Global 500 in IT Services
50
Recent Industry Recognition
  • Top Five Security Appliance Vendor 1 UTM Vendor
    (IDC)
  • Best Practices Award for enabling profitable
    network-based Managed Security Services (Frost
    Sullivan)
  • Top Player in Email Security Quadrant
    (Radacatti Group)
  • Top Ten Most Influential Security Companies by
    Computer Business Review
  • Ingram Micro Best New Vendor of the Year (2008)
  • Deloitte Technology Fast 50 for Silicon Valley
  • Inc. Magazine 5,000 Fastest Growing Companies
  • No. 10 - Silicon Valley Business Journal Fast 50

51
Financial Highlights
  • Consistently strong sequential growth in
    billings, revenue and shipments
  • Strong growth in services and recurring revenues
  • High-end is fastest-growing product segment
  • Balanced global presence revenue well-spread
    across geographies
  • Balanced market presence revenue well-spread
    across market segments
  • Strong deferred revenue stream
  • 100 million VC investment
  • 100 million cash balance cash flow positive
  • Profitable

52
Invoicing growth
53
UTM Leadership Growth
  • By 2011 UTM will be the largest single market
    with a CAGR of 26.2
  • UTM has already surpassed firewall market

In 2008, UTM surpassed firewall market
54
UTM Market Leadership Total
Worldwide UTM Revenue Share by Vendor, Q3 08
Note Market shares are based on IDCs Quarterly
Appliance Tracker. Source IDC, Dec. 2008
55
high-End UTM
Fortinets UTM product portfolio is seeing
success across all price bands, including the
high end, which has been the hardest sell for
many vendors
- Source IDC, March 2008
IDC XTM XTM platforms will take security
appliances beyond traditional boundaries by
incorporating key management and networking
features. Fortinet is in a strong position to
compete in the growing market for XTM - Source
IDC, March 2008
56
Source Frost Sullivan World UTM Report,
November 2008
57
With the release of their new OS and recent
appliances (FortiDB, FortiWeb), Fortinet is now
moving away for pure network security to become
an end-to-end security vendor.

IDC - 2009
58
Obrigado!Questions?
Acacio Martín amartin_at_fortinet.com Sales Manager
Iberia
About PowerShow.com