Présentation Fortinet Welcome Présentation Fortinet 8:00 – 8:30 Café 8:30 – 9:05 Présentation 1 – Fabric Security 9:05 – 9:20 pause 9:20 – 10:00 Présentation 2 Ransomware Protection Wrap up
Fortinet Security Fabric Jonathan Rod Systems engineer, CISSP
Current strategies original marketing => What do we have strategies on firewalling today ? Some strategies rely on marketing or trying to make the box easier to sell. Nice GUI, nice reports, brilliant features. Marketing can do marvelous things ;-) Others go for more features or advanced features but they narrow the target.
What is the “Fortinet Security Fabric” ? Secure Access Network Security Application Security Cloud Security Client Security Mail Server AV WAF AS Wifi EndPpoint MGMT It is a strategy, a vision. Some may say it is pure marketing but it is not. Technically it is a collaboration of products which provides more features for the customer. It is also a collaboration between sales and technical presales to make projects bigger and providing more security Here are the examples for the collaboration between the products. The concept is quite effective as we currently get great wins against competition (+provide examples). The idea is to propose the best global security solution providing highly integrated products : easy to deploy, install, use and analyse. Customers are proposed a higher level of security for the same price. Fortinet customers are more intended to purchase a Fortisandbox than other technologies. It integrates with fortimail, fortiweb, forticlient, … and any new future acquired device can take advantage of the sandbox.
Key Fabric Attributes Scalability Scalable Aware Secure Actionable Open
Scalable from Access to Data Center, IoT to Cloud hardware Cloud Networks come in all shapes and sizes and are never static during their lifetime. Only Fortinet provides such a wide range of products: we provide products in several versions such as VMware, Cloud, hardware, etc, different sizes. Fortinet is the only constructor which provides all home made products. It is really an advantage because there is no agreement with third parties which can be broken. We keep a hand on the technology to make sure it always integrates with others. Finally prices are much more aggressive making the global project fit the initial budget. Fortinet wide range of products helps administrators to change their units and relocate them according to their needs
FortiGate Product Range Personality, Performance and Scalability CCFW DCFW ISFW CFW/VMFW NGFW / NGIPS DEFW UTM Software & Services Product Range Entry Level Mid Range High End Virtual Appliances CPU SoC NP CP Multi Core CPU NP CP Multi Core CPU Multi Core CPU Chassis System 1 Gbps 10 Gbps 10 Gbps - 50 Gbps 50 Gbps - 1 Tbps H/W Dependent 1000-2000 Series 600-900 Series VM Series 100-500 Series 3000 Series 5000 Series 7000 Series 60-90 Series 30-50 Series FortiGuard Security Services FortiOS Operating System FortiCare Support Services
Key Fabric Attributes Scalable Aware Secure Actionable Open
CTI: Cyber Threat Intelligence SOC Feeds CLOUD ANALYZERS IOC SERVICES Collect CTI from worldwide deployments Analyze against worldwide or regional baselines Identify targeted attacks or anomalies IOC Discovery (FortiAnalyzer 5.4.1) Reporting Management Automation Services for Enterprise & MSP SOC
FortiGuard Threat Intelligence Projects CISCP & NCCIC DHS: CISCP – On target for participation after we sign CRADA. Over 45 organizations and 13 ISACS.
Fortinet/NATO NCI Cyber Alliance
Collect, Gather, Analyze different information Mail Server SOC Feeds CLOUD ANALYZERS IOC SERVICES Collect CTI from worldwide deployments Analyze against worldwide or regional baselines Identify targeted attacks or anomalies IOC Discovery (FortiAnalyzer 5.4.1) Reporting Management Automation Services for Enterprise & MSP SOC All solutions spread over the network and building the fabric will bring information from different perspective. Ex: An infected PC connected to the LAN provides a rogue SSID. The attacker uses it to send an email from the local device to the mail server with a zero day virus file as attachment. FortiAP detects the rogue AP, the firewall detects that a packet used the rogue AP to enter the network, the fortimail detects the mail is not legitimate and the sandbox detects the file is a 0-day virus. Fortiview gathers the information and makes it easier to analyze. Fortiview on Fortisandbox and wifi clients (different graphics…)
Learning Mode New learn mode helps admins to configure policy to simply monitor and analyze traffic. A report is available locally as well as the CTAP report.
Key Fabric Attributes Scalable Aware Secure Actionable Open
Enabling the Security Fabric : 1+1=3 more features ! standalone Partner FortiWeb FortiMail FortiClient FortiGate Advanced Threat Protection 1+1=3 When collaborating, the level of security gets much higher because the collaboration provides more features. For example, when in standalone mode, the fortisandbox emulates an environment and test a file. It generates an alert if a virus is discovered. Now let's action the fabric with other products. When in combination with a forticlient or fortimail, more features are added. The virus is kept until a medication is provided to all equipments !!! This is something you can not get if you use other third party products such as Fireye.
Unified Security Across all of the Network FORTIMANAGER FORTISIEM Enabling the Security Fabric provides your network with more security features which you could not get with third party products. You now have a full expert and dedicated product defending your network against all attacks. Fortinet customers are more intended to purchase a Fortisandbox than other technologies because it is full integrated and easy to deploy, maintain, learn, and so on. It integrates with fortimail, fortiweb, forticlient, … and propose a solution with the highest level for security. Security is unified with FortiSiem or forticloud or fortiManager which has no equivalent on the market (unified GUI, ability to configure the products...)
Key Fabric Attributes Access to Data Center, IoT to Cloud Scalable Aware Secure Actionable Open
Fabric Attribute 4: Actionable Threat Intelligence Support Services Migration to Cloud Based Systems FortiCare FortiGuard Plus Security Reporting Service Threat Detection Service Access to FortiGuard Experts for Product and Threat Support Portal Correlating Data From Across the Fabric with geography, industry and size specific intelligence Local Threat Intelligence From FortiGuard Labs Big Data Analytics of consolidated Logs for patterns of activity associated with advanced threats IaaS IoT Mobile The FortiGuard Premier Signature Service provides enhanced virus detection and threat analysis support to help mitigate breaking and advanced persistent threats. With the FortiGuard Premier Signature Service, you can submit requests for custom AV, IPS, or Application Control signatures on a 24x7 basis for prioritized support with guaranteed response times. Updated signatures are initially provided through Fortinet's support site and later included in FortiGuard distribution network's automatic updates. With granularity of level 1, 2 or 3. Access WAN Data Center SaaS PoS Windows
Key Fabric Attributes Access to Data Center, IoT to Cloud Scalable Aware Secure Actionable Open
Multiple Levels of Fabric API’s for Partner Integration Eco System Alliance Partners SIEM Management Fortinet Security Fabric Endpoint SDN No one company can do everything themselves. It takes an extensive eco-system of products and technologies to meet all of the challenges. And as the challenges grow and change so will the eco-system. This eco-system is enabled through the FSF and its series of APIs. Virtual Cloud
Ecosystem Integration Points Cloud SDN Sandbox Test/SSO System Integrator SIEM Management These are just some of the organizations that Fortinet works with to ensure that the FSF is robust to meet the challenges are customers are facing. The extension of the Fabric into the Alliance system is very important. Customers have different infrastructure platforms and Security products which are an essential part of their defense capability. We have developed a variety of API’s to allows Alliance partners to connect to the Fabric. The Integration Points include Hypervisor SDN Orchestration Cloud Sandbox Logging Policy Management Once part of the Fabric Threat Information can be shared along with Mitigation instructions. Obviously the depth of integration will determine the capability.