FORTINET - Consolidated Secured Application Delivery Adrian DANCIU – Executive Director - Distribuitor FORTINET in Romania & Europa de Est
Agenda
Fortinet Overview
Network Consolidation
Fortinet Advantage
Company Overview •
First Multi-Layered Security Platform provider that leverages ASIC technology
•
Silicon Valley based with offices worldwide
•
1,200+ employees / 700+ engineers
More than 450,000+ FortiGate devices WW
Founded in 2000
Largest Privately Held Security Company
Global Operations in U.S., EMEA & Asia Pac
Independent certifications
8 ICSA certifications (first and only security vendor)
Government Certifications (FIPS-2, Common Criteria EAL4+)
100+ industry awards
Virus Bulletin 100 approved (2005, 2006, 2007) and NSS Certifications
Fortinet Confidential
Broad Product Portfolio Database Vulnerability & Monitoring Web app firewalling & XML security
Core, Data Center & Large Enterprise CPE
Secure Messaging
Management & Reporting Enterprise CPE Client Software
SMB & Remote Office CPE
Security Market Evolution Unified Threat Management Firewall Antivirus IPS Antispam Content Filtering VPN
Firewall + VPN
Intrusion Detection & Prevention
First for UTM.
Secure Content Management
Firewall
Intrusion detection system
Antivirus
Web filtering
Virtual private network (IPSec and SSL)
Intrusion prevention system
Antispyware
Messaging security
Fortinet Confidential
Fortinet Leads Across UTM Market
“Fortinet is the leading vendor in the UTM security appliance market”
“Fortinet’s UTM product portfolio is seeing success across all price bands, including the high end, which has been the hardest sell for many vendors” Fortinet Confidential
Leadership in Gartner Magic Quadrant Source: “Magic Quadrant for SMB Multifunction Firewalls” by dam Hils & Greg Young, 10 July 2009. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Fortinet.
© 2009 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.
Fortinet Confidential
Romanian Customers Romanian Customers
Agenda
Fortinet Overview
Network Consolidation
Fortinet Advantage
Consolidation is all Around Us Just a few examples: • Mobile Phones • Companies • Telecommunications / Video And most importantly: • Network Security
Consolidation & Virtualization Market Drivers Consolidation of Physical Resources Reduction in Power Consumption & foot print Slowing growth of IT Budgets Simplify System Maintenance Optimize Resource Utilization
Reducing Footprint “96% of data centers will run out of capacity by 2011” — Emerson Network Power
http://www.liebert.com/information_pages/NewsRelease.aspx?id=2386
A New Security Architecture is Required • Firewall
Prevent unauthorized access
• VPN
Secure remote access
• IPS
Eliminate network-based threats
• Gateway Antivirus
Eliminate malware threats
• Web Filtering
Prevent Phishing Prevent Losses in Productivity
• Antispam
Reduce unwanted email
Fortinet Consolidated Network Security Reduces number of vendors and appliances Provides complete security Minimizes down-time from individual threats Simplifies security management Coordinates security alerting, logging, and reporting Improves detection capabilities
The New Generation of Security Gateway FortiGate appliances offer • Multi-Threat protection Comprehensive security solution
•
High-Performance security Custom ASICs for real-time, high perormance network protection 9
Agenda
Fortinet Overview
Network Consolidation
Fortinet Advantage
Next Generation UTM Services: Application Acceleration, Visibility & Control
New features in FortiGate • FortiOS 4.0 introduces four major new technologies into the existing comprehensive network security offering: WAN Optimization • Accelerate applications over WAN connections while ensuring multi-threat security enforcement
Application Control • Recognize traffic based on the application generating it, instead of port or protocol
SSL Inspection • Increase security and policy control among encrypted traffic streams
Data Leakage Prevention (DLP) • to identify and prevent the communication of sensitive information outside of the network boundaries
WAN Optimization Increases network performance by reducing the amount of communication and data transmitted between applications and servers across a WAN • • • • •
Increases network performance Reduces data transmitted across a WAN Reduces bandwidth and server resource requirements Improves user productivity Reduces networking costs
WAN Optimization in Action Integrated caching Bi-directional Integrated with VDOMs
Common applications File Sharing (CIFS, FTP) Email (MAPI with MS Exchange / MS Outlook) Web (HTTP / HTTPS) Generic (TCP)
FortiClient Integration Remote / mobile users without local FortiGate
Application Control Enforces security policy for over 1000 applications, regardless of port or protocol used for communication • • • •
Facilitates inspection for evasive applications using non-standard ports, port-hopping, or tunneling within trusted applications More flexible and fine-grained policy control Increased security Deeper visibility into network traffic
Categories and Apps
Thousands of Applications Supported
SSL Traffic Inspection Proxies SSL encrypted traffic, inspecting for threats and applying policy to traffic that is invisible to other security devices. • Inspect otherwise hidden communication • Increased protection for secure web/app servers • Improved visibility into network traffic • Supports HTTPS, POP3S, SMTPS, and IMAPS protocols
Filtering HTTPS Traffic Apply traditional Web Filtering policies to HTTPS traffic Client initiates connection to HTTPS server Intercepted by FortiGate
Corporate LAN
FGT establishes connection to the server and proxies the communication Web Filtering is applied on the decrypted traffic stream
Protecting SSL Servers Filter SSL-encrypted traffic to prevent intrusions / attacks Client
Uses the same mechanism to intercept & decrypt the SSL traffic streams
Apply standard protection profile on encrypted traffic
(POP3S, IMAPS, SMTPS) Web (HTTPS)
Corporate LAN
Data Leakage Prevention Keep sensitive, confidential, and proprietary data from escaping defined network perimeter
• Integrates with Application Control and SSL Inspection • Works across any application and encrypted traffic • Configurable actions (block / log) • Provides audit trails for data and files • Aides in legislative compliance • Protects an organization’s sensitive information
DLP Rules
Protocol Specific Configuration
Rules can be created using Regular Expression or ASCII.
Competitive Landscape FW/ VPN
IPS
AV
Web filtering
Antispam
Access Control
WAN Opt.
Neoteris
Perabit
FortiGate NetScreen
OneSecure
SSG (Trend, Kaspersky, Symantec, SurfControl) 65xx blade IronPort
ASA (Trend for AV)
MARS
VPNVPN-1 with SmartDefense Zone Labs
UTMUTM-1 TZ & PRO appliances McAfee
“Homegrown” Homegrown” products
Acquired / OEM products
Websense
E-mail security
Consolidate with Fortinet Protect Your Network · · ·
Network and content-level protection Data integrity-level protection Enterprise-level strength
Preserve Your Investment · Lower CapEx with fewer hardware requirements · Lower OpEx with reduced management complexity · Increase functionality without increasing hardware
Reduce Your Footprint · More robust security capabilities with less hardware · More powerful protection with less power consumption · More network defense with less cost of ownership
Thank you! adrian.danciu@netsafesolutions.ro
CONFIDENTIAL