Title: Development Trends of New Generation Network Security Technology ?????????????? Michael Xie, Vice President, Fortinet, Inc. AVAR Nov 2005 ???: ??Fortinet????? ? ?
1Development Trends of New Generation Network
Security Technology ??????????????Michael
Xie, Vice President, Fortinet, Inc. AVAR Nov
2005??? ??Fortinet????? ? ?
2Development Trends of New Generation Network
Security Technology
-
Guideline - Introduction of Fortinet and FortiGate Series
- A New Generation of Security Platform
- Development Trends of Network Security Technology
- Unified Threat Management (UTM) System
- Advantage Detection Technology
- FortiGate Functionality Overview
- Services, Reporting, Management
- Conclusion
3??????????????
-
- ????
- Fortinet ????FortiGate ????
- ???????????
- ??????????
- ????????(UTM)??
- ???????
- FortiGate????
- ??,??,??
- ???
4Brief Introduction of Fortinet, Inc. and
FortiGate Series
Introduction of Fortinet and FortiGate Series
5What Fortinet Does
- Fortinet provides of ASIC accelerated security
systems Fortigate system. - FortiGate system provides UTM (Unified Threat
Management) solutions to our customers. It
integrates the following functions into one
device organically - Firewall
- VPN
- Anti-virus (including anti-spyware)
- IPS
- URL filtering
- Anti-spam
- Fortinet provides the FortiGuard family of
automated and fully managed security services to
extend defenses
6UTMs Value Proposition
- Lowest cost of ownership - per chassis licensing,
incremental service deployment, and consistent
product features across entire product family - Network based automated update system can update
FortiGates with virus/attach patterns in
real-time. - Multiple vendor approach
- Security functions achieved with different
appliances or servers
7A New Generation of Security Platform
A New Generation of Security Platform
8Thread attacks increase rapidly
9Concept Consideration
- Questions --
- Can traditional firewall protect network?
- Traditional vs Innovation
- Network vs Content
- What is best Implementation ?
- Hardware vs Software
- Unified vs Seperated
10Traditional Multi-layered Security- Approach to
Complete Content Protection
- Disadvantage
- Requires multiple products
- Increases network complexity and operational cost
- Does not defend against blended threats
- Advantage
- Provides comprehensive security approach
- Minimizes down-time from individual threats
11Single vendor Multi-layered Security
- Advantages
- Provides comprehensive security approach
- Minimizes down-time from individual threats
- Reduces number of vendors and appliances
- Simplifies security management
- Coordinates security alerting, logging, and
reporting - Improves detection capabilities
12Development Trend of Network Security Maeket
Development Trend of Network Security Market
13Development Trends of Network Security Technology
Hardware Software General Purpose CPUs Proxy
Stateful Inspection Nokia / Checkpoint Sidewind
er Gauntlet Cisco PIX
Hardware Appliance ASIC Acceleration Stateful
Inspection NetScreen
Software Only General Purpose CPUs Stateful
Inspection CheckPoint
ASIC Accelerated Full Content Level Security with
Activity Inspection
2nd Generation
Next Generation
1st Generation
3rd Generation
14Growth Rate of China Firewall market
15Prediction of UTM Growth 2003-2008
Globle Firewall/VPN and UTM Market Prediction,
2003-2008
16 Global Security Market Prediction , 2004-2008
By 2008, UTM products will overpass single
firewall/VPN. ?????????????,UTM????????UTM
??????????VPN???????????????????. -- IDC, 2004
Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M)
2003 2004 2005 2006 2007 2008 2003 ??? () CAGR () 2008 ??? ()
Firewall/VPN 1,479.1 1,667.7 1,791.6 1,804.4 1,623.5 1,462.3 93.4 -0.2 42.4
UTM Security 104.9 225.0 517.5 828.0 1,324.8 1,987.2 6.6 80.1 57.6
Total 1,584.0 1,892.7 2,309.1 2,632.4 2,948.3 3,449.5 16.8
17 - Unified Threat Management (UTM) System
18IDC Reports Fortinets Market Leadership!
The UTM market is being created because it is
quickly catching on with customers and vendors.
UTM incorporates firewall, intrusion detection
and prevention, and AV in one high-performance
appliance. -- IDC, 2004 Fortinet, with the
only ASIC based AV accelerated UTM appliances,
led this UTM market in 2003, with 30.9 million
in revenue and a 29.5 share of the worldwide
market. -- IDC, 2004 The UTM market is being
created because it is quickly catching on with
customers and vendors. UTM incorporates
firewall, intrusion detection and prevention, and
AV in one high-performance appliance. -- IDC,
2004
- UTM market revenue in 2005 estimated at 515
million - Over next 4 years, UTM sales will exceed firewall
/ VPNs - Firewall/VPN segment 2005 revenue of nearly
1.8 billion - UTM market estimated at nearly 2 billion by
2008
19UTM Solutions for the Small Medium Business
20UTM Solutions for the Enterprise
21UTM Solutions for the Managed Security Service
Provider
22Advanced Detection Technology
Advanced Detection Technology
23Fortinets Evolution of Detection Methods
- Combination of Multiple Detection Technologies
- 1. Stateful Inspection 2. Application
Inspection - 3. Deep Packet Inspection 4. Signatures,
Heuristics, Anomaly - 5. Full Content Inspection 6. Activity
Inspection
24 - FortiGate Functionality Overview
25Fortinet Product Family Strengths
- Fortinet provides a complete security solution
for true 360 security defenses - Wide range of security products for market
segments of all sizes - Tightly integrated security products from a
single vendor - Unmatched detection rate with leading-edge
technology
26Fortinets Complete Product Family
Product range
SOHO
BO
Medium Enterprise
Large Enterprise
Service Provider
FG5140
FG5050
FG5020
FG3600
FG3000
Redundant PS
FG800
Gigabit perf
FG500A
High port density
Gigabit Ethernet
FG300A FG400A
Integrated Logging
FG200A
FG100A
FG60 FortiWifi
High Availability, VLAN support
FG50A
27FortiGate Antivirus Firewall Security Systems
- Family of 15 hardware devices to fit all business
needs - Hardened security appliance for perimeter or
network core - Integrated security functionality based on
granular firewall policies - Stateful Firewall
- Antivirus/Spyware
- Intrusion Detection Prevention
- IPSec VPN / SSL VPN (v3.0)
- Web Content Filtering
- Antispam Filtering
- Bandwidth Shaping
- Consistent functionality across product family
- Per chassis licensing
28Network-based Content Protection with FortiGate
- Content protection for multiple applications
FortiGate reassembles content (before reaching
clients)
Content request (malicious content)
File fragmented into multiple packets (evades
traditional defenses)
Multiple detection engines detects and discards
attack
X
Content Server
29FortiGate Antivirus Firewalls
A New Generation of Security Platforms
Hacker
Email Spam
X
Viruses worms
X
FortiGate
Internet
X
Intrusions
X
Banned content
www.find_a_new_job.com www.free_music.com www.porn
ography.com
Real-Time Content Security at the Network Edge
30 - Services, Reporting, Management
31Proactive Defense With FortiGuard Services
- FortiGuard Antivirus
- Automated antivirus spyware signature and
detection engine updates for FortiGate and
FortiMail platforms - FortiGuard Intrusion Detection Prevention
- Automated intrusion attack signature and
detection engine updates for FortiGate platforms - FortiGuard Web Filtering
- Centrally managed web content filtering service
for FortiGate platforms - FortiGuard Antispam
- Centrally managed antispam filtering service for
FortiGate and FortiMail platforms
Automatic AV IPS updates can reach all
FortiGate units worldwide in under 5 Minutes
32High-Availability 24x7 Global Coverage
Global Threat Response Team and Update
Distribution Servers guarantee customer access
FortiProtect Web Portal Weekly Email Bulletins
provides key security information
Proactive protection with unmatched update
capabilities through both push and pull
technologies
33Fortinet Advantage Award Winning Products
- Numerous industry awards and recognition for
technology, usability, and product vision
34Worldwide Customer Base In All Markets
- Over 90,000 units sold and growing rapidly
- Customer validation in all market types and sizes
35Thank you, questions???