Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Fabric Salon MedIT 2017

Published byEgbert Baldric Moore Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Fabric Salon MedIT 2017"— Presentation transcript:

1 Security Fabric Salon MedIT 2017
Hello and thank you for making time for us today to discuss. The latest release of our flagship network security operating system, FOS5.6, which includes many new and enhanced features to expand the Fortinet Security Fabric, our vision for enterprise security going forward.

2 Agenda Three Security Challenges Driving Security Fabric Vision Today
How This Vision is Being Realized Recap & Discussion We will cover the security challenges faced by our customers that driving our vision of a Security Fabric, then explain exactly how this vision is being realized with our Fortinet FortiGate network security at its foundation, especially with the most recent release of it’s firmware FortiOS 5.6. There will be time for a brief recap and discussion at the end.

3 Volume Advanced Commercial Regulatory Industry Certification
Cybersecurity is expanding to become Digital Security Volume Advanced Commercial Security Speed Cloud IoT Regulatory Industry Certification Infrastructure Compliance So, the three most common challenges that we find our enterprise customers wrestling with as they enable their business to be much more digital, are: An evolving security landscape comprised of both high attack volumes and sophistication as a result of an increasingly commercial cybercrime ecosystem; A changing Compliance Landscape with many new, existing and modified regulations; and Enterprise Infrastructure which now includes Internet of Things devices, public and private cloud services, as well as ever faster networks connecting everything And the Goal is to ensure cybersecurity at the “new edge” (as well as points in between) of this infrastructure, demonstrate leadership and governance to meet compliance obligations and reduce the risk posed by the today’s threats.

4 Threats (and Technologies To Counter Them) Constantly Evolve
Machine to Machine Attacks Integrated Fabric Generation 3 INFRASTRUCTURE Advanced Targeted Attacks Advanced Threat Protection Malicious Apps Application Control Botnets IP Reputation Malicious Sites URL Filtering Secure Gateway Generation 2 CONTENT Spam Performance Degradation Intrusion & Worms Intrusion Prevention Exploits Vulnerability Management Looking at these challenges more closely, it is of course no surprise that the threat landscape continues to evolve. For more than a decade we, as an industry have played cat and mouse with Cybercriminals- matching every new threat class (from viruses & spyware, to spam & phishing to compromised web sites & internet applications) with a corresponding security control. However, with the rise of even more sophisticated advanced targeted attacks and the volume potential of machine-to-machine attacks we believe organizations need to look beyond individual technologies to integrated solutions and a seamless security infrastructure. This is the promise of the Fortinet Security Fabric. Viruses & Spyware Layer 5-7: Antimalware Generation 1 CONNECTION Layer 3-4: Firewall Hardware Theft Layer 1-2: Physical 1980s Today

5 Security Life Cycle Management NIST CYBERSECURITY FRAMEWORK
1 Identify ie. Topology View 2 Protect ie. Access Control 3 Detect ie. IPS, AV 4 Respond At the same time, our customers need to comply with many country-specific laws and industry-specific regulations that guide or govern practices to protect certain types of data. With so many standards, its very difficult to build and maintain solutions for each one. Fortunately, most all regulatory bodies acknowledge that IT Systems are a standard set of tools used to conduct business and many required IT system controls fall into 5 categories: Secure network & endpoints Control access Log and monitor activity Enforce policies Report on compliance So being able to define, deploy and demonstrate controls in these 5 areas will take you a long way (very efficiently) towards compliance. ie. Mitigate 5 Recover ie. Topology View

6 Both of which are compounded by today’s infrastructure
No Trust Mac Campus Private Windows Access Core Mobile Public WAN And these challenges of security and compliance are complicated by the dynamic and dissolving network perimeter, as a result of the rise of Internet of Things and Cloud-based infrastructure. Perimeter change (dynamic change) IoT, BYOD Access, campus, core, WAN Private and Public Cloud Borderless Network. There used to be a clearly defined perimeter and security strategies evolved to protect it. The evolution of technology however brought in changes that these strategies couldn’t deal with; the Internet, Cloud technologies and the onslaught of wireless all contribute to today’s borderless network- and a massive increase in the attack surface. Combined with the fact that most networks are architected to be flat once inside of the perimeter, if the network is breached, the intruder can easily move laterally throughout the network. This is a key concern for the larger enterprise. But we’re also concerned about how data can leave the network. Shadow IT, the use of unauthorized applications such as Hightail or Dropbox also means that there is any number of ways that data can leave your network without your knowing, making it easy to exfiltrate data following a network intrusion. To address the issue of a borderless network and an expanded attack surface, the new strategy calls for intelligent security that can provide visibility into all aspects of the infrastructure, and the wisdom needed to segment the network by trust level. IoT Trusted

7 New Vision: Protecting the Borderless Network with a Strong, Segmented Security Fabric
Advanced Threat Intelligence Access Client Cloud Partner API NOC/SOC Network Application BROAD POWERFUL AUTOMATED This is why Fortinet’s vision is to enable organization to establish strong, segmented security fabric to protect their borderless networks which is BROAD enough to cover the entire attack surface, POWERFUL enough to keep up with the pace of business AND AUTOMATED enough combat fast-moving threats. It needs to span from client and access to the network edge and core, all the way to applications and cloud services. And as mentioned earlier, while the Security Fabric starts with the Fortinet FortiGate and can be extended with other Fortinet components, APIs allow customers to include non-Fortinet products within their Security Fabric.

8 BROAD BROAD Deeper visibility and control throughout the Security Fabric to reduce the attack surface from IoT to Cloud The value of the Fortinet Security Fabric starts with visibility and control across the breadth of attack surface. There are many important new and enhanced features with FortiOS 5.6.

9 Enhanced Protection Across the Entire Attack Surface
BROAD Enhanced Protection Across the Entire Attack Surface MANAGEMENT SECURITY WINDOWS MAC METER PUBLIC ANALYTICS SANDBOX IoT CASB MOBILE PRIVATE Network SWITCH These enhancements span the entire organization, from End Point to Access onto the Network and in the applications and Cloud. We will not cover all of them but will focus on the most important 6 areas: EP: Window & MAC IOT Network with Segmentation SD-WAN Cloud Fabric Ready Partners ACCESS POINTS API’s WAF

10 More Security Device Visibility Leads to Improved Segmentation
BROAD Physical Logical Threat Score Now 5 M 1H 24H 7D Public Cloud Sandbox Analytics 500MB AWSFW.1 Internet NGFW.1 ISFW.1 Switch.1 50MB ACI.1 ISFW.2 Switch.2 300MB One of the key values of the Fortinet Security Fabric is a comprehensive view of your network and security infrastructure. With FortiOS 5.4 this included network security from the edge NGFW to core ISFW all the way to cloud firewalls, as well as network switches and general identification of endpoints. With FortiOS 5.6 new security devices have been added to the overall Security Fabric view. These include new wireless APs, more granular detail about endpoints and new global services for logging and sandbox inspection. For this view historic trending has been added to the initial real-time view. You can also click through to an aggregate list of FortiGates for more detail and controls at each point, including the ability to quarantine endpoints connected to any downstream FortiGate. This is the most important view to define and implement greater segmentation, improved security posture and bounded compliance scope. Private Cloud New Devices and Status Visibility New Historic Trending New Aggregate FortiGate View New Downstream Device Quarantine

11 Better Endpoint Control via the Network for Increased Security
BROAD Preventive Security Controls Anti-malware App FW, Web Filtering Single Sign-on 4 Advanced Persistent Threats Zero-day, Advanced Malware Detection and Remediation 3 Secure Remote Access SSL & IPSec VPN Two-factor Authentication 2 Fabric Agent Fabric Telemetry Endpoint Compliance Vulnerability Scan/Remediation 1 That more detailed endpoint visibility in the Security Fabric view comes from our FortiClient endpoint software which is now highly modular. Of course in some cases, it’s not possible to install agents on IoT devices, but we still provide baseline visibility view network techniques. But when possible we recommend at least our lightweight Fabric agent that adds additional information about the device, including known vulnerabilities and other configurations that drive a Threat Score. We can extend that agent with a VPN client for secure remote access and/or an Advanced Threat Protection (or ATP agent) that adds the ability to send new files reaching the endpoint for sandbox analysis as well as receive updated protections as a result of that analysis. And these options can be used as a complement to existing endpoint security software. Alternatively organizations can add the full “Endpoint Protection Platform” stack of FortiClient as desired. This modular approach to endpoint security controlled via the network makes it easy to strengthen existing protection at the individual device, on or off network. No Agent IoT

12 New IoT Learn and Manage Capabilities to Reduce the Attack Surface
BROAD Learn - IoT Manage - IoT Headless Device Auto Detection 20+ new categories and new devices added continually and classified Applied Protections online Android Android/OS 7.0 “Nougat” Untrusted Segmentation Policy online Apple TV Apple TV/iOS modified (Model 10.0) Untrusted As mentioned, sometimes it’s not possible to enhance protection on the device, in the case of IoT, which is where granular segmentation to ensure the right controls around such devices is critical. New IoT LEARN and MANAGE capabilities help you not only identify but also categorize and protect the devices you have in your environment. Specifically, you can now quickly make a determination about whether an IoT device should be trusted or untrusted, define what segments of the network it should be allowed to access and/or can access it and further lock down segments and communications to industrial IoT with new protocol and application controls. This enables organizations to leverage IoT as a business enabler while protecting such devices (and the organization from them) even when they are not inherently secure. offline Siemens PLC Siemens PLC/S7 Trusted Trusted or Not Trusted online Qardio Qardio/OS Version Trusted

13 New CASB API Service for Off-network Cloud Visibility and Control
BROAD On Network Protects data and files stored on SaaS Provides visibility for on-and off-network users Compliance tools for SaaS applications DLP for data stored in cloud API SaaS Off Network Certainly, IoT is one of the key areas of Infrastructure change. The other area is Cloud: IaaS, PaaS and SaaS. Organizations are using file sharing application (Dropbox), customer relationship management application (Salesforce), productivity suite (Office 365) -- all in the cloud. It is very important to extend protection all the way to these SaaS applications, including the data within them. A new Cloud Access Security Broker capability brings much needed visibility and control to SaaS applications, via their official APIs, as part of the Security Fabric. Now organizations can start bringing appropriate security oversight and policy enforcement to dynamic SaaS applications. Cloud Access Security Broker

14 SD-WAN Functionality Integrated with Threat Protection and SSL Inspection
BROAD Security Management Centralized Management Orchestration (Service Chaining) Zero-touch Deployment DC SaaS Internet IaaS Destination Link Load Balancing and Health Monitoring Dynamic SaaS Application Database IPSec VPN Tunneling Prioritized Business Applications (Traffic Shaping) VPN MPLS Broad band LTE Transport Given these infrastructure changes we talked about, we do hear that customers are looking into what the right/best connectivity that are based on cost and bandwidth between end users, cloud, and the network and are interested in SD-WAN. And while security is priority #1, we know that financial improvement is always important. That’s why FortiOS 5.6 includes important SD-WAN controls now integrated with our existing security, to optimize both connectivity and security between devices, offices and the cloud. This makes it easier for organization to not only choose the most cost effective and reliable path for traffic, but also ensure it is a secure one. Security Processor-powered Appliance Hybrid Appliance Virtual Machine

15 Partner Ecosystem to Extend Control Across Your Infrastructure
BROAD Fabric-ready API’s Management (FNDN) Vulnerability Management SIEM Virtualization/SDN Of note, in some cases enterprises may have already made an SD-WAN (or other) vendor selection. That’s why the Fortinet Security Fabric includes six defined APIs that support integration of strategic vendors, including a growing number of pre-certified Fabric-ready partners including a number of key SD-WAN and Cloud partners (e.g. Velo Cloud). Their inclusion not only enables broader Security Fabric coverage but helps organizations get full value out of their current security investments. Endpoint Cloud

16 POWERFUL POWERFUL Accelerated cloud-scale and security processor-based appliances with coordinated logging to enable maximum threat protection without affecting performance Ok, we spent quite a bit of time talking about how FOS 5.6 offers even more visibility and enhanced protection across the breath of the attack surface. However to get the benefit of that enhanced protection you need to be able to turn on all the security functions you need for the different places (with different performance requirements) of your network. For this you need Powerful network security. That’s why FortiOS 5.6 accelerates both virtual, cloud scale and physical high performance security-processor based security to enable those enhanced protections anywhere throughout the organization without affecting the performance.

17 Scaling Security Applications into Multiple Clouds
POWERFUL PLATFORMS PERFORMANCE MANAGEMENT ON-DEMAND ORCHESTRATION New Updated 1-32+ vCPU vSphere Hyper-V NSX XenServer v – series (No VDOM) ACI METERING New Coming Updated 1-32+ vCPU In addition to SaaS, we find many organizations leveraging a range of public and private cloud infrastructures. As you can see, the Fortinet Security Fabric stretches into both in order to secure workloads anywhere they may go. Of note, with FortiOS 5.6 platform optimizations customers can now enable the use of up to 32+ virtual CPUs for the highest cloud-scale performance in the industry. Further, integrations into the Microsoft Azure Security Center and on-demand marketplace complement existing (and now enhanced) capabilities utilized by Amazon Web Services customers to seamlessly extend security into these clouds. As a result, organizations can confidently leverage agile and dynamic cloud infrastructure while maintaining a consistent security posture to protect applications and data. SECURITY COMPETENCY MARKET PLACE AUTOSCALING New New New Coming 1-8 vCPU SECURITY CENTER ON-DEMAND AUTOSCALING

18 Accelerated Entry/Mid-range Appliances Enable Maximum Security at Branch and Campus
POWERFUL FortiGate 30 – 90 Series FortiGate 100 – 900 Series Content Processor System on a Chip CPU Network Processor At the same time, FortiOS 5.6 supports the very latest FortiGate physical appliances leveraging our proprietary security processors such as the 80E, optimized for SD-WAN at the branch, as well as the 100 and 200E series appliances that round out the midrange FortiGate line for next generation firewall at the campus. This enables organizations to extend the Security Fabric to the smallest office and implement deep inspection, including over SSL encrypted traffic, especially at the campus. FortiGate 80E Series with High IPsec VPN and SSL Performance FortiGate 100E & 200E Series with High Threat Protection and SSL Performance Entry-level FortiGate Optimized for Branch Office & SD-WAN Mid-range FortiGate Optimized for NGFW at the Campus 

19 Accelerated High-end and Chassis-based Appliances Enable Maximum Security at the Core and Data Center POWERFUL FortiGate 1000, 2000 and 3000 Series FortiGate 7000 Series CPU CPU Interface Cards Processor Cards FortiOS also runs on the high end FortiGate line including the new 3980E which delivers 1Tbps firewalling (Industry-First) in a compact appliance form factor, ideal for segmentation in the largest data centers, and the new 7060E chassis system that is capable of providing 100Gbps+ of deeper NGFW inspection in the network core. Truly, the power of the FortiGate line enables strong, segmented security from branch office and campus to data center and cloud. FOS5.6 gives the cloud scale, and the high performance with different form factors so that you can scale your security fabric from small branches to campus network into your data center and core and into the pubic and private cloud environment. FG-3980E 1 Terabit FW FG-3960E FG-7060E 100 Gbps NGFW High-end FortiGate Optimized for the Data Center with up to 1 Tbps of Firewall Performance Chassis-based FortiGate Optimized for Gbps of NGFW Performance in the Core Network

20 Coordinated Logging Allows Deep Visibility and Better Performance
POWERFUL Uncoordinated Coordinated Fabric Logging Full Logging Full Logging Security Fabric Full Logging Full Logging One of the enhancements in FortiOS 5.6 that makes such deep security inspection possible at high speeds is a small tweak to the way we do logging. When you have full logs on each physical and virtual appliance, it requires space, memory and CPU that can cause a measurable impact on performance. Now we have introduced coordinated logging across the Fortinet Security Fabric that avoids duplicated storage and handling of logs to reduce the impact on the individual devices and speed performance. Manual setting for each device for logging Each device sends full logging to FortiAnalyzer Automatic setting of all devices for logging Topology aware – log only what’s needed

21 AUTOMATED AUTOMATED More efficient operations with new Security Fabric audit/recommendations, intelligence sharing, and NOC views We talked about covering the breath of the organization and being powerful to run the security functions you need. Now, let’s talk about how we automate the security operation to make it more efficient with the help of Security Fabric.

22 New Security Fabric Audit for Automated Compliances and Best Practices
Visual Audit Indicator Run Fabric Audit (Priority-based) Apply Recommendations Common Compliance Areas Secure the network Secure the endpoints Control access Log and monitor activity Enforce policy Security Best Practices Strong administrative access Current firmware & subscriptions 1 ISFW.2 Low 1. 2. 3. 4. Critical Priority ISFW.1 7 High 1 NGFW.1 AWSFW.1 Element Severity No. Severity Level Critical High Medium Low Passed One major and most important new capability is an intelligent Security Fabric Audit that automatically assesses your security posture for both security and compliance best practices, identifying critical areas for improvement and actually recommending actions to redress them remotely. In automatic fashion, we run an audit for the infrastructure in the fabric from end point to IoT to your network and applications and to the cloud. This will help you understand your very latest security posture (with clear identification of risk areas and severity levels) and include recommendations to improve it. These recommendations can be easily and remotely implemented as part of the audit process.

23 Rapid Sharing of Global and Local Threat Intelligence
AUTOMATED FortiGuard (Global) FortiSandbox (Local) FortiAnalyzer IoCs IoCs FortiWeb Security Fabric FortiMail Security Fabric intelligence is also increased by now applying the global indicators of compromise from FortiGuard Labs to your Security Fabric logs to new malware that may have slipped into the organization. There is also sharing of locally generated IoCs between your clustered and regional FortiSandbox deployments for distribution throughout your entire Security Fabric. Both areas of enhancement speed your ability to detect and respond to new, often more targeted, attacks. FortiGate FortiClient FortiGate Clustered Local Intelligence distributed throughout the Security Fabric speeds mitigation Correlation of Global IoCs and networking logs pinpoints new threats

24 Single Pane of Glass with New NOC Functionality
AUTOMATED Unified Management & Analytics/Reporting in Appliance, Virtual Machine and Cloud format Management of Endpoint, Access Points and Switching added Upgrades to VPN Manager (Topology View), FortiView, Event Management and Reporting  FortiManager FortiAnalyzer FortiGuard Device Manager FortiAP Manager FortiSwitch Manager FortiClient Manager Finally, all the intelligence and control for Fortinet Security Fabric elements can now be found in an updated central management system including new NOC-style views for faster problem identification and more controls from a single pane of glass for quicker remediation and improvement. The single Security Fabric view is now available in FortiManager, as are more controls with new AP manager, switch manager and client manager. This enhanced single pane of glass from a central control point reduces the time needed to keep the Fortinet Security Fabric and its components updated and properly configured. VPN Manager FortiView Log View Event Management Reports

25 Summary Security Fabric Broad Powerful Automated
Deeper visibility and control throughout the Security Fabric to enhance protection across the entire attack surface Accelerated cloud-scale and security processor-based appliances with coordinated logging to enable maximum threat protection without affecting performance More efficient operations with new Security Fabric audit/recommendations, intelligence sharing, and NOC views

26

Download ppt "Security Fabric Salon MedIT 2017"

Similar presentations

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Clouding with Microsoft Azure

Clouding with Microsoft Azure
Azure Stack Foundation

Azure Stack Foundation
READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.

READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.
Barracuda NG Firewall ™

Barracuda NG Firewall ™
2017 Security Predictions from FortiGuard Labs

2017 Security Predictions from FortiGuard Labs
Unit 3 Virtualization.

Unit 3 Virtualization.
Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Similar presentations

Ads by Google