Development Trends of New Generation Network Security Technology ?????????????? Michael Xie, Vice President, Fortinet, Inc. AVAR Nov 2005 ???: ??Fortinet????? ? ?

1
Development Trends of New Generation Network
Security Technology ??????????????Michael
Xie, Vice President, Fortinet, Inc. AVAR Nov
2005??? ??Fortinet????? ? ?
2
Development Trends of New Generation Network
Security Technology

• 
  Guideline
• Introduction of Fortinet and FortiGate Series
• A New Generation of Security Platform
• Development Trends of Network Security Technology
  
• Unified Threat Management (UTM) System
• Advantage Detection Technology
• FortiGate Functionality Overview
• Services, Reporting, Management
• Conclusion

3
??????????????

• ????
• Fortinet ????FortiGate ????
• ???????????
• ??????????
• ????????(UTM)??
• ???????
• FortiGate????
• ??,??,??
• ???

4
Brief Introduction of Fortinet, Inc. and
FortiGate Series

Introduction of Fortinet and FortiGate Series
5
What Fortinet Does

• Fortinet provides of ASIC accelerated security
  systems Fortigate system.
• FortiGate system provides UTM (Unified Threat
  Management) solutions to our customers. It
  integrates the following functions into one
  device organically
• Firewall
• VPN
• Anti-virus (including anti-spyware)
• IPS
• URL filtering
• Anti-spam
• Fortinet provides the FortiGuard family of
  automated and fully managed security services to
  extend defenses

6
UTMs Value Proposition

• Lowest cost of ownership - per chassis licensing,
  incremental service deployment, and consistent
  product features across entire product family
• Network based automated update system can update
  FortiGates with virus/attach patterns in
  real-time.
• Multiple vendor approach
• Security functions achieved with different
  appliances or servers

7
A New Generation of Security Platform

A New Generation of Security Platform
8
Thread attacks increase rapidly
9
Concept Consideration

• Questions --
• Can traditional firewall protect network?
• Traditional vs Innovation
• Network vs Content
• What is best Implementation ?
• Hardware vs Software
• Unified vs Seperated

10
Traditional Multi-layered Security- Approach to
Complete Content Protection

• Disadvantage
• Requires multiple products
• Increases network complexity and operational cost
• Does not defend against blended threats

• Advantage
• Provides comprehensive security approach
• Minimizes down-time from individual threats

11
Single vendor Multi-layered Security

• Advantages
• Provides comprehensive security approach
• Minimizes down-time from individual threats
• Reduces number of vendors and appliances

• Simplifies security management
• Coordinates security alerting, logging, and
  reporting
• Improves detection capabilities

12
Development Trend of Network Security Maeket
Development Trend of Network Security Market
13
Development Trends of Network Security Technology
Hardware Software General Purpose CPUs Proxy
Stateful Inspection Nokia / Checkpoint Sidewind
er Gauntlet Cisco PIX
Hardware Appliance ASIC Acceleration Stateful
Inspection NetScreen
Software Only General Purpose CPUs Stateful
Inspection CheckPoint
ASIC Accelerated Full Content Level Security with
Activity Inspection
2nd Generation
Next Generation
1st Generation
3rd Generation
14
Growth Rate of China Firewall market
15
Prediction of UTM Growth 2003-2008
Globle Firewall/VPN and UTM Market Prediction,
2003-2008

16
Global Security Market Prediction , 2004-2008
By 2008, UTM products will overpass single
firewall/VPN. ?????????????,UTM????????UTM
??????????VPN???????????????????. -- IDC, 2004
Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M) Global Security Market Prediction, 2004-2008 (M)
2003 2004 2005 2006 2007 2008 2003 ??? () CAGR () 2008 ??? ()
Firewall/VPN 1,479.1 1,667.7 1,791.6 1,804.4 1,623.5 1,462.3 93.4 -0.2 42.4
UTM Security 104.9 225.0 517.5 828.0 1,324.8 1,987.2 6.6 80.1 57.6
Total 1,584.0 1,892.7 2,309.1 2,632.4 2,948.3 3,449.5 16.8
17

• Unified Threat Management (UTM) System

18
IDC Reports Fortinets Market Leadership!
The UTM market is being created because it is
quickly catching on with customers and vendors.
UTM incorporates firewall, intrusion detection
and prevention, and AV in one high-performance
appliance. -- IDC, 2004 Fortinet, with the
only ASIC based AV accelerated UTM appliances,
led this UTM market in 2003, with 30.9 million
in revenue and a 29.5 share of the worldwide
market. -- IDC, 2004 The UTM market is being
created because it is quickly catching on with
customers and vendors. UTM incorporates
firewall, intrusion detection and prevention, and
AV in one high-performance appliance. -- IDC,
2004

• UTM market revenue in 2005 estimated at 515
  million
• Over next 4 years, UTM sales will exceed firewall
  / VPNs
• Firewall/VPN segment 2005 revenue of nearly
  1.8 billion
• UTM market estimated at nearly 2 billion by
  2008

19
UTM Solutions for the Small Medium Business
20
UTM Solutions for the Enterprise
21
UTM Solutions for the Managed Security Service
Provider
22
Advanced Detection Technology

Advanced Detection Technology
23
Fortinets Evolution of Detection Methods

• Combination of Multiple Detection Technologies
• 1. Stateful Inspection 2. Application
  Inspection
• 3. Deep Packet Inspection 4. Signatures,
  Heuristics, Anomaly
• 5. Full Content Inspection 6. Activity
  Inspection

24

• FortiGate Functionality Overview

25
Fortinet Product Family Strengths

• Fortinet provides a complete security solution
  for true 360 security defenses
• Wide range of security products for market
  segments of all sizes
• Tightly integrated security products from a
  single vendor
• Unmatched detection rate with leading-edge
  technology

26
Fortinets Complete Product Family
Product range
SOHO
BO
Medium Enterprise
Large Enterprise
Service Provider
FG5140
FG5050
FG5020
FG3600
FG3000
Redundant PS
FG800
Gigabit perf
FG500A
High port density
Gigabit Ethernet
FG300A FG400A
Integrated Logging
FG200A
FG100A
FG60 FortiWifi
High Availability, VLAN support
FG50A
27
FortiGate Antivirus Firewall Security Systems

• Family of 15 hardware devices to fit all business
  needs
• Hardened security appliance for perimeter or
  network core
• Integrated security functionality based on
  granular firewall policies
• Stateful Firewall
• Antivirus/Spyware
• Intrusion Detection Prevention
• IPSec VPN / SSL VPN (v3.0)
• Web Content Filtering
• Antispam Filtering
• Bandwidth Shaping
• Consistent functionality across product family
• Per chassis licensing

28
Network-based Content Protection with FortiGate

• Content protection for multiple applications

FortiGate reassembles content (before reaching
clients)
Content request (malicious content)
File fragmented into multiple packets (evades
traditional defenses)
Multiple detection engines detects and discards
attack
X
Content Server
29
FortiGate Antivirus Firewalls
A New Generation of Security Platforms
Hacker
Email Spam
X
Viruses worms
X
FortiGate
Internet
X
Intrusions
X
Banned content
www.find_a_new_job.com www.free_music.com www.porn
ography.com
Real-Time Content Security at the Network Edge
30

• Services, Reporting, Management

31
Proactive Defense With FortiGuard Services

• FortiGuard Antivirus
• Automated antivirus spyware signature and
  detection engine updates for FortiGate and
  FortiMail platforms
• FortiGuard Intrusion Detection Prevention
• Automated intrusion attack signature and
  detection engine updates for FortiGate platforms
• FortiGuard Web Filtering
• Centrally managed web content filtering service
  for FortiGate platforms
• FortiGuard Antispam
• Centrally managed antispam filtering service for
  FortiGate and FortiMail platforms

Automatic AV IPS updates can reach all
FortiGate units worldwide in under 5 Minutes
32
High-Availability 24x7 Global Coverage
Global Threat Response Team and Update
Distribution Servers guarantee customer access
FortiProtect Web Portal Weekly Email Bulletins
provides key security information
Proactive protection with unmatched update
capabilities through both push and pull
technologies
33
Fortinet Advantage Award Winning Products

• Numerous industry awards and recognition for
  technology, usability, and product vision

34
Worldwide Customer Base In All Markets

• Over 90,000 units sold and growing rapidly
• Customer validation in all market types and sizes

35
Thank you, questions???