La sécurité Globale de votre SI du Poste de Travail au Cloud BOULEIMEN Kamel Manager System Engineer
In Network Security (IDC) Fortinet Facts SUNNYVALE, CA HQ FOUNDED 2000 OVER 2.4 MILLION 100+ OFFICES WORLDWIDE DEVICES SHIPPED IPO 2009 #1 UNIT SHARE WORLDWIDE In Network Security (IDC) $ 1B REVENUE EMPLOYEES 4,500+ Not everyone has heard of Fortinet, yet, we have built a successful, profitable billion dollar company over the last 15 years based on solid business fundamentals and great technology. The fact is, once customers put us to the test, we deliver hands down. As a result, we are one of the fastest growing public cyber security companies in the world and serve over a quarter of a million customers globally. We have the strongest international footprint of any of our competitors and the most amount of units deployed of any other vendor, including Cisco. MARKET LEADING TECHNOLOGY 278 PATENTS 236 PENDING 285,000+ CUSTOMERS 30%+ GROWTH
2015: Another Record Year of Security Breaches IRS 100,000 + Taxpayer personal information V-Tech 4.3 M exposed Anthem One-thirAmricans affected US Federal Government OPM 21.5M + British Gas 2,000 customer data Hacking Team Talk Talk 157,000 customers, 21,000 bank details stolen T-Mobile 15M customers at risk for personal and social security data Twitter Scottrade 4.6M customers Carphone Warehouse 2.4M Users - 4% of UK Population Ashley Madison 37M Innocent Cheaters It was another record year of high profile security breaches and maybe even more sophisticated and prolific than in 2014 Global Issue - OPM in the US, to Talk Talk in the UK, to V-Tech in China and they aren’t going away. All types of companies – Banks, Gov’t, Technology, Healthcare In a recent global survey, 45% of US CEOs and 21% globally say they are extremely concerned about cyber threats and lack of data security Hello Kitty Personal information for 3.3 million accounts Excellus BlueCross BlueShield 10M Patient Records UCLA Health Source: DataBreaches.net
$1T % 1 TOP FOUR of GDP Cybercrime is Now One of the Economic Crimes in the World $1T The likely annual cost to the global economy from cybercrime is more than $600B Here’s an eye popper, Cybercrime is now valued to cost up to $1Trillion dollars a year. High income countries lost as much as 1% of GDP on average and as much as 15% to 20% of the value created by the Internet Economy. The G20 countries suffered the bulk of the losses from cybercrime as countries like Brazil, Mexico and others increase their digital economies, But as emerging market countries grow their Internet-based economies, their costs will rise also. 1% loss stifles the economy and inhibits global growth – it hits innovation, lost jobs, ruined reputations and brands – and the smallest get hit the hardest It’s a big deal % 1 of GDP
Cybercriminal Ecosystem CRIME SERVICES ENABLERS Hosting Infections / Drop Zones Management Quality Assurance Crypters / Packers Scanners Botnet Rentals Installs / Spam / SEO / DDoS Money Mules Accounts Receivable Consulting COMPOUNDED CYBERCRIME Bank Accounts Victims Credentials & Data Digital Real Estate Criminal Organizations Sales, Licensing, Maintenance Affiliates Partnerships This diagram illustrates the complexity yet sophistication of the Cybercriminal Ecosystem. Sadly they are hellva lot more organized then most Enterprise are, even compared to most nation states. Affiliate Programs FakeAV / Ransomware / Botnets CRIMEWARE PRODUCERS Copy & paste Exploits Packers Special Platforms Mobile Senior Developers Junior Developers Source Code
Infrastructure. Constant Change. Green Google’s 13 data centers use 0.01% of global power SaaS On average, companies have 10+ applications running via the Cloud IoT 35B devices, mostly headless attaching to the network 5G Wireless SDN/NFV Software-defined everything. SD WAN IaaS Security still the No.1 inhibitor Analytics Big Data FUTURE Social Bandwidth ever increasing Internet 2 100 Gbps and UHDTV 100G Virtualization 80% of data center apps are virtualized Mobile No control of endpoints (BYOD) Bandwidth Wi-Fi speeds rival LANs. 100G networks here 6
CLOUD IoT SPEED 4X 20 Billion 82% Infrastructure. Constant Change. Growth in 100G ports 82% of Enterprises have a multi-cloud strategy 20 Billion IoT devices connected by 2020 Infrastructure is changing in many ways. There is the onset of more cloud services enterprises are using as part of their daily business IoT has come into the spotlight recently with the Dyn DNS attacks. Underlying infrastructure is always being upgraded to the latest speed ports There is even continuing issues in BYOD
VOLUME ADVANCED COMMERCIAL Security. Moving Landscape. VOLUME ADVANCED COMMERCIAL Kill Chain Item Cost Zero Day $5K - $50K Exploit Kit $1K - $20K Botnet Rental 10 cents Spam 100,000 $120 500,000 IPS Attacks Per Minute Infiltration Vector 1 2 3 Reconnaissance Host Infection The threat landscape is ever changing The contstantly increasing volume of attacks. This statistic is from our own FortiGuard Labs which monitors the data coming back from our devices. Over 500 thousand attacks per minute. If we’re seeing just 1/10 of the total volume, that’s a lot of attacks! Advanced Threats and zero days are out there, but fortunately we have multiple ways of stopping them by breaking the kill chain Another major reason the threat landscape has changed is because criminals have found a way to monetize breaching security. These methods are for sale to anyone who is buying. 6 5 4 Further Exploitation Exfiltration Vector Malware Action
Threats. Huge Volumes. Per Minute Per Week Total Database 35,000 Threat events 21,000 Spam emails intercepted 545,000 Network intrusions resisted 95,000 Malware programs neutralized 170,000 Malicious websites blocked 310,000 Botnet C&C attempts thwarted 43M Website categorization requests 46M New & updated spam rules 100 Intrusion prevention rules generated 1.8M New & updated AV definitions 1.4M New URL ratings 8,000 Hours of threat research globally 290 Terabytes of threat samples 18,000 Intrusion prevention rules 5,800 Application control rules 250M Rated websites in 78 categories 312 Zero-day threats discovered A Minute in the life of FortiGuard: 35,000 Threat Events 32,000 Botnet C&C Attempts Thwarted 95,000 Malware Programs Neutralized 160,000 Malicious Websites Blocked 470,000 Network Intrusions Resisted 1,000 intrusion prevention rules generated Every Week 416,000 Hours of Threat Research Dedicated in 2015 FortiGuard Researchers have Discovered 262 Zero Day Threats
REGULATORY GOVERNMENT CERTFICATION Regulatory Compliance. Evolving Requirements REGULATORY GOVERNMENT CERTFICATION Compliance is also a driver for security. Whether it’s regulatory like SoX, PCI, or HiPPA Governmental - The recent UK national cybersecurity strategy is officially endorsed by the government. As well as other initiatives like National Cyber security strategies for the EU and CS-CAP for APAC 3rd party certification has also become the norm. Working with independent test houses like NSS labs or ICSA labs has been something we have done at Fortinet for a long time 10
Accidental Architecture NETWORK TEAM OS TEAM MESSAGING TEAM SECURITY TEAM Firewall IPS Web Application Routers Switches Wireless Access Desktop OS Antivirus Mobile Device Mgmt Email Instant Messaging Voice Unified Communication Many Isolated Point Solutions
Time to Detect Essential Time to Compromise Time to Discover 100% 75% 67% 56% 55% 61% 67% 62% 67% 89% 62% 76% 62% 84% % where days or less 50% 25% 0% 2005 2007 2009 2011 2013 2015
The attack surface has increased dramatically, everywhere, inside and out. Mobile Endpoint Campus Data Center SaaS NGFW Internet Branch Office DCFW UTM Internet Cloud PoS SaaS IoT Internal External
End-to-End Segmentation Internal Data Center External SDN Orchestration Mobile Endpoint Campus Data Center SaaS NGFW Internet Branch Office DCFW UTM Cloud Internet Cloud PoS SaaS IoT
Fortinet Security Fabric – Protecting from IoT to Cloud Global Intelligence Client Security Alliance Partners IoT Cloud Security Fortinet Security Fabric Local Intelligence Application Security Secure LAN Access Secure WLAN Access Network Security
Fortinet Security Fabric Advanced Threat Intelligence NOC/SOC Scalable Aware Secure Actionable Open Endpoint Access Network Application Cloud Fabric Ready
Fabric Attributes – Phase 1 - Awareness Automated Operation Security Audit Visibility Segmentation Recommendations based on security posture Policy Audit Vulnerability awareness All Elements Visualization Interaction Performance Discovery Co-operation Fabric wide policy control Synchronized configuration Single Pane of Glass
Scalable - The Fabric covers the entire network attack surface (From IoT to Cloud) CPU Only Parallel Path Processing (PPP) More Performance Packet Processing Policy Management Content Inspection Optimized Policy Management Packet Processing Deep Inspection CPU SoC Less Latency For the Networking element Fortinet have developed a Parallel Path Processing Architecture to give the best combination of Performance and Security. Customer ASIC’s accelerate different type traffic based on Policy. For Example the Network Processor NP 6 accelerates Firewall (Packet Processing Traffic) Content Processor Less Space CP 9 SoC 3 Less Power Slow is Broken
Scalable - The Fabric scales from IoT to Cloud 1 Tbit/s Private & Public Cloud Security Email & Web Security 1 Gbit/s Carrier Class Firewall We also need to have scalability in types of coverage. The fabric covers components which are from the endpoints, to secure access like Aps and switches, to many sized appliances up to full chassis deployments. Data Center Firewall NGFW Distributed Firewall Access Point Endpoint Switch
Scalable - The Fabric scales from IoT to Cloud You are Here (Hybrid) Private Cloud SaaS Cloud IaaS Cloud On Network (NGFW) Off Network (CASB) Then there are multiple options for working with public and private cloud infrastructures that allow the security fabric to scale from IoT to the Cloud The Fabric works with Vmware and Cisco ACS On the software as a service side our CASB integration has a number of supported services that enterprises are using more and more on a daily basis With infrastructure as a service we have many fortigate products available in AWS, and azure Connector API NGFW WAF East – West SDN Orchestration SaaS Visibility & Compliance IaaS Visibility & Compliance
Aware - The Fabric gives you complete visibility enabling network segmentation Automated Operation Visibility Segmentation The Security fabric is aware. Which comes in some different pieces. Visibility – Being able to see all the components of the network, as well as the devices which are using the network. Segmentation – Once you have the full visiblity of the network, you can see a lot of the places which logical segmentation should take place And finally automated operation. Taking all of these pieces and automatically making policy choices, or segmentation, any other network actions you can imagine. All Elements Connectivity Discovery Data Flow Fabric wide policy control Synchronized configuration
Aware – Visualization of the Security Architecture Real-Time Network Topology and Interaction (Physical/Functional) Endpoint Access Point Data Center FW Internal Segmentation FW Cloud Firewall Access Point Endpoint Internal Segmentation FW NGFW We’re in the first stages of awareness today. Trying to provide as much visibility and visualization of the network as we can. We’re going to be adding automatic segmentation and automated operations as we move forward But let’s see what it looks like today. Endpoint Switch Global Management Internal Segmentation FW Distributed Firewall
Aware - The Fabric gives you complete visibility
Aware - The Fabric gives you complete visibility
Secure – The Fabric shares Global and Local Threat Intelligence and Mitigation Information Cooperation The fabric has to be secure. Obviously it’s the security fabric and we’re a security company. We will put the best pieces we have: The Global threat intelligence from Fortiguard Labs, to the local threat intelligence provided by our security appliances. But we won’t stop there. We need to make sure every device is able to benefit from the global and local threat intelligence to react as quickly as possible to new threats. Known Threats Unknown Threats Rapid Communication
Secure - Rapid Cooperation to Stop Threats across the Entire Attack Surface Global Intelligence Local Intelligence FortiGate (Firewall) FortiWeb (Web Application) All of these devices can now communicate to share threat information. The Fortigate, Forticlient, FortiWeb, FortiMail, Fortisandbox, Aps, switches, the list just keeps going. By weaving this thread of threat sharing between all of our devices, as well as making 3rd parties be able to participate, we make the security fabric stronger. FortiClient (Endpoint Security) FortiMail (Email Security)
Packet and Content Processor ASIC Secure – The Fabric cover all the possible attack vectors such as Network, Endpoint Access, Web, Email and Cloud Security Updates FW VPN IPS APP AV Device Access Network Cloud Endpoint/IoT WLAN / LAN Rugged Distributed Enterprise Edge Segmentation Branch Data Center North-South Carrier Class SDN/NFV Application Security Private Cloud IaaS/SaaS Chassis >Terabit Appliance >300G Appliance >30G Appliance >5G Device >1G Virtual Machine SDN/NFV Virtual Machine On Demand FLOW Client Embedded System on a Chip Appliance Virtual Cloud Packet and Content Processor ASIC Hardware Dependent
Actionable – The Fabric provides real time Security Alerts, Recommendations and Audit Reports Rank Severity Recommendation Fabric Element Alert 5 Critical Zero Day Vulnerability 5 4 Critical Not connected to Fabric 3 Critical Logging Disabled Regulatory Template The security fabric is actionable. Because we present all of this summarized, relevant and timely information, the next thing you want to do is take some sort of action based on it. this can be in the form of immediate security actions like a quarantine, a regular infrastructure audit with automated actions to correct problems, or a compliance template to tell you when you’re not meeting some of your regulatory compliance requirements.
Actionable – The Fabric cuts Time to Protect from hours to seconds App Control Antivirus Anti-spam Vulnerability Management Web Filtering Cloud Sandbox Partner FortiWeb IPS Web App Database Deep App Control Mobile Security Botnet FortiMail Global and Local Security FortiGuard provides Global Updates. With an Advanced Threat Research team and a comprehensive network of threat exchange partners all of FortiGuard Threat Intelligence is developed in House. IPS, App Control, Antivirus, Sandboxing, Botnet is added to Advanced Threat Protection FortiGate Appliance Virtual Cloud FortiClient
Continuous Monitoring and Analytics Prepare Segmentation Processes Training Prevent Harden Isolate Network Application Endpoint 1 2 Visibility Respond Contain Remediate Clean Detect ATP SIEM TIS 4 3
End-to-End Security Operations Respond Sandbox to SIEM FortiGuard Global CTI Value- Added Services Global CTI Database Customers Restful API Global Context CTI Platform SOC / MSS 001001 101100 100011 Automation Custom Feed 50B+ Daily Events QA SIEM Telemetry Flow 2M+ Sensors Security Analysts FP Reduction Samples Sent for Automated Extraction Sandbox IOC Extraction Do not delete dot – for animation
Actionable – The Fabric provides real time Security Audits and Recommendations This is what our fabric audit looks like today. It will give you recommendations on things to change, policies to turn on in order to be more secure, or list vulnerabilities of things it finds on the network. Recommendations based on security posture Policy Audit Vulnerability awareness
Open – The Fabric allows integration of existing security solutions SIEM Management Private Cloud (SDN) Endpoint The Fabric allows integration of Partners who are part of the Eco system Vulnerability Public Cloud
Open – The Fabric allows integration of other security technologies SDN/NFV Cloud Endpoint Management Systems Integrator SIEM Lastly the security fabric is open. while it is great that all of the Fortinet components work together and share information, we cannot expect our customers to only have fortinet products. We have to interoperate with other vendors in any enterprise network. We can see that we have a number of fabric ready partners which can either consume or generate fabric information and allow them to be a part of the larger security fabric that will protect our customers. Alliances Partners 34
THE FORTINET SECURITY FABRIC REALIZED
FORTINET SECURITY FABRIC Sandbox DATA CENTER/PRIVATE CLOUD Endpoint Protection Secure Access Point NGFW Virtual Firewall Top-of-Rack Switching Cloud-IaaS SDN, Virtual Firewall Database Protection Internal Segmentation FW Internal Segmentation FW Web Servers Application Delivery Controller IP Video Security Web Application Firewall PUBLIC CLOUD Internal Segmentation FW CAMPUS Email Server DCFW/ NGFW Distributed Ent FW Here we have a typical Enterprise deployment, with a set of business critical and customer-facing applications housed in the private cloud or datacenter, along with campus, branch and public cloud, as well as remote employees, providing additional connectivity to all employees, partners and customers. Email Security Cloud-SaaS Client Devices Internal Segmentation FW Client Devices LTE Extension DDoS Protection FortiCloud Sandbox BRANCH OFFICE OPERATIONS CENTER
FORTINET SECURITY FABRIC ENTERPRISE FIREWALL Sandbox DATA CENTER/PRIVATE CLOUD Endpoint Protection Secure Access Point FortiGate NGFW Virtual Firewall Top-of-Rack Switching Cloud-IaaS SDN, Virtual Firewall Database Protection FortiGate Internal Segmentation FW FortiGate Internal Segmentation FW Web Servers Application Delivery Controller IP Video Security Web Application Firewall PUBLIC CLOUD FortiGate Internal Segmentation FW CAMPUS Email Server FortiGate DCFW/ NGFW FortiGate/FortiWiFi Distributed Ent FW A common starting point for most Enterprises in realizing the vision of the Fortinet Security Fabric is Fortinet’s Enterprise Firewall solution. If you’ll recall, one of the key aspects of a modern security strategy is to be powerful- and Fortinet’s Enterprise firewall solution is the most powerful solution on the market. Next generation and segmentation firewall capabilities can be scaled from the Branch, to the Campus, and into the Datacenter or Private Cloud deployments, providing the industry’s highest performing, most secure defense against known threats leveraging Fortinet’s FortiGuard threat intelligence research capabilities. Additionally, the Enterprise Firewall solution allows segmentation of network elements- providing separation and better control within the network based on trust level- and as threats become known, Fortinet’s world-class security operations solutions dynamically update all firewalls in the environment to protect against those threats. No other firewall solution today can deliver this powerful and intelligent combination like Fortinet can. Email Security Cloud-SaaS Client Devices FortiGate Internal Segmentation FW Client Devices LTE Extension FortiAnalyzer DDoS Protection FortiCloud Sandbox BRANCH OFFICE FortiManager FortiSIEM OPERATIONS CENTER
FORTINET SECURITY FABRIC ENTERPRISE FIREWALL CLOUD SECURITY Sandbox DATA CENTER/PRIVATE CLOUD Endpoint Protection Secure Access Point FortiGate NGFW Fortinet Virtual Firewall Top-of-Rack Switching Cloud-IaaS FortiGate VMX SDN, Virtual Firewall Database Protection FortiGate Internal Segmentation FW FortiGate Internal Segmentation FW Web Servers Application Delivery Controller IP Video Security Web Application Firewall PUBLIC CLOUD FortiGate Internal Segmentation FW CAMPUS Email Server FortiGate DCFW/ NGFW FortiGate/FortiWiFi Distributed Ent FW As additional security capabilities are desired- such as those necessary to protect public and private cloud deployments- Fortinet can scale with the Cloud Security solution. Virtual firewalls can be deployed in both the top of rack on-premise private cloud as well as within public cloud IaaS providers. Coupling Fortinet’s Cloud Security Solution with the existing Enterprise Firewall deployment seamlessly extends the same powerful security at scale, as well as the same intelligence and dynamic risk mitigation to applications in the cloud or on-prem. Email Security Cloud-SaaS Client Devices FortiGate Internal Segmentation FW Client Devices LTE Extension FortiAnalyzer DDoS Protection FortiCloud Sandbox BRANCH OFFICE FortiManager FortiSIEM OPERATIONS CENTER
FORTINET SECURITY FABRIC ADVANCED THREAT PROTECTION CLOUD SECURITY ENTERPRISE FIREWALL FortiSandbox DATA CENTER/PRIVATE CLOUD FortiClient Secure Access Point FortiGate NGFW Fortinet Virtual Firewall Top-of-Rack Switching Cloud-IaaS FortiGate VMX SDN, Virtual Firewall Database Protection FortiGate Internal Segmentation FW FortiGate Internal Segmentation FW Web Servers Application Delivery Controller IP Video Security FortiWeb Web Application Firewall PUBLIC CLOUD FortiGate Internal Segmentation FW CAMPUS Email Server FortiGate DCFW/ NGFW FortiCloud Sandboxing FortiGate/FortiWiFi Distributed Ent FW Detecting known threats is only half the battle- Fortinet’s Advanced Threat Protection solution enables Enterprises to detect and mitigate against unknown threats as well, and then share that information locally to deliver a coordinated defense. Fortinet Advanced Threat Protection solution relies on multiple types of security technologies, products, and research applied from the network edge through to endpoint devices. To deliver the most effective protection, they are integrated with the other security elements from the Enterprise Firewall and Cloud solutions- to all work together automatically, continuously handing off data from one to the next to identify, evaluate and respond to attacks across the entire environment. The Fortinet ATP Framework delivers end-to end protection across the attack chain and consists of three elements: prevention, detection and mitigation, with continuous threat monitoring and analytics from FortiGuard Labs. FortiMail Email Security Cloud-SaaS FortiClient FortiGate Internal Segmentation FW FortiClient LTE Extension FortiAnalyzer DDoS Protection FortiCloud FortiSandbox BRANCH OFFICE FortiManager FortiSIEM OPERATIONS CENTER
FORTINET SECURITY FABRIC APPLICATION SECURITY ENTERPRISE FIREWALL ADVANCED THREAT PROTECTION CLOUD SECURITY FortiSandbox DATA CENTER/PRIVATE CLOUD FortiClient Secure Access Point FortiGate NGFW Fortinet Virtual Firewall Top-of-Rack Switching Cloud-IaaS FortiGate VMX SDN, Virtual Firewall FortiDB Database Protection FortiGate Internal Segmentation FW FortiGate Internal Segmentation FW FortiADC Application Delivery Controller Web Servers IP Video Security FortiWeb Web Application Firewall PUBLIC CLOUD FortiGate Internal Segmentation FW CAMPUS Email Server FortiGate DCFW/ NGFW FortiCloud Sandboxing FortiGate/FortiWiFi Distributed Ent FW Another area to consider securing is web applications and email systems- both have long been favorite targets of hackers because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences including financial loss, damage to brand reputation, and loss of customer trust. Most organizations do not recover from a major security breach, making it absolutely critical to protect your users and customers from threats that target applications and email systems. Fortinet’s Application Security is a robust and integrated solution to protect against these specific attacks. We are the only company that delivers a complete single-vendor solution with the proven performance and security effectiveness to meet the increasing demands of today’s applications. In addition, our application security solution can be integrated with FortiGate next generation firewalls and FortiSandbox sandbox for extra defenses against advanced persistent threats (APTs). Fortinet's Data Center Application Security Solution includes: Web application protection and database security Email security Encryption/decryption DDoS attack mitigation FortiMail Email Security Cloud-SaaS FortiClient FortiGate Internal Segmentation FW FortiClient LTE Extension FortiAnalyzer FortiDDoS Protection FortiCloud FortiSandbox BRANCH OFFICE FortiManager FortiSIEM OPERATIONS CENTER
FORTINET SECURITY FABRIC SECURE ACCESS APPLICATION SECURITY ENTERPRISE FIREWALL ADVANCED THREAT PROTECTION CLOUD SECURITY FortiSandbox DATA CENTER/PRIVATE CLOUD FortiClient Secure Access Point FortiGate NGFW Fortinet Virtual Firewall Top-of-Rack Cloud-IaaS FortiSwitch Switching FortiGate VMX SDN, Virtual Firewall FortiDB Database Protection FortiGate Internal Segmentation FW FortiGate Internal Segmentation FW FortiADC Application Delivery Controller Web Servers IP Video Security FortiWeb Web Application Firewall PUBLIC CLOUD FortiSwitch Switching FortiGate Internal Segmentation FW CAMPUS Email Server FortiCloud AP Management FortiGate DCFW/ NGFW FortiCloud Sandboxing FortiGate/FortiWiFi Distributed Ent FW Last but not least, Fortinet is the only company with security solutions for network, endpoint, application, data center, cloud, and access designed to work together as an integrated security fabric to provide true end-to-end protection. Our Secure Access Architecture extends the coordinated security policies to the very edge of the network where most vulnerabilities are targeted. FortiAP and FortiSwitch communicate to the rest of the network, with FortiGate at the core. With one operating system across the entire network, you get better visibility and awareness with simplified management. FortiMail Email Security Cloud-SaaS FortiClient FortiGate Internal Segmentation FW FortiClient FortiExtender LTE Extension FortiAnalyzer FortiDDoS Protection FortiCloud FortiSandbox BRANCH OFFICE FortiManager FortiSIEM OPERATIONS CENTER