Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fortinet Real Time Network Protection ComputerLinks University

Published byErnő Gulyás Modified over 5 years ago

Similar presentations

Presentation on theme: "Fortinet Real Time Network Protection ComputerLinks University"— Presentation transcript:

1 Fortinet Real Time Network Protection ComputerLinks University
Joe Sarno Channel Sales Manager – South EMEA

2 The Company

3 Fortinet Company Overview
Founded October, 2000 by Ken Xie Founder, former Pres. & CEO of NetScreen (Now JNPR) Global Sales & Service Presence – HQ Sunnyvale, CA Over 600 employees 30 Offices throughout Americas, Asia, EMEA More than 100,000 FortiGate units shipped to 2,000 customers Creators of world’s only ASIC-powered antivirus systems Addressing the need for real-time network protection Ranked #1 by IDC in Unified Threat Management Security Appliance category Continued strong financial performance Among the fastest growing network security companies in history Total equity raised $93 million CONFIDENTIAL

4 IDC Vision

5 IDC Reports Fortinet’s Market Leadership!
New! Unified Threat Management (UTM) Security Appliance Market = unification of firewall, gateway anti-virus & IDP into a single platform Fortinet ranked #1 UTM market revenue in 2005 estimated at $515 million Over the next 4 years, UTM appliance sales will exceed that of standard firewall/VPNs Firewall/VPN segment – 2005 revenue of nearly $1.8 billion UTM market – estimated at nearly $2 billion by 2008

6 IDC UTM Leadership Over Point Solutions
“Fortinet, with the only ASIC based AV accelerated UTM appliances, led this UTM market in 2003, with $30.9 million in revenue and a 29.5% share of the worldwide market.” -- IDC, 2004 WW Unified Threat Management Appliance Revenue by Vendor, 2003 ($M) Vendor Revenue Units Revenue Share Average Vendor Revenue Fortinet (#1) 30.9 21496 29.5% $ 1,437.48 Symantec 24.0 13790 22.9% $ 1,740.39 Secure Computing 22.8 5050 21.7% $ ServGate 12.0 11743 11.4% $ 1,021.89 Netscreen (acquired by Juniper) 5.2 6601 5.9% $ eSoft 4.0 3162 3.8% $ 1,265.00 Pyramid Computer 1.3 509 1.2% $ 2,554.03 Others 4.7 3680 4.5% $ 1,227.12 Total 104.9 66031 100.0% $ 1,588.84 Source: IDC, 2004

7 UTM Products Will Overtake Standalone VPN/Firewalls by 2008
“The UTM market is being created because it is quickly catching on with customers and vendors. UTM incorporates firewall, intrusion detection and prevention, and AV in one high-performance appliance.” -- IDC, 2004 Worldwide Threat Management Security Appliances Forecast, ($M) 2003 2004 2005 2006 2007 2008 2003 Share (%) CAGR (%) 2008 Share (%) Firewall/VPN $1,479.1 $1,667.7 $1,791.6 $1,804.4 $1,623.5 $1,462.3 93.4% -0.2% 42.4% UTM Security Appliance $104.9 $225.0 $517.5 $828.0 $1,324.8 $1,987.2 6.6% 80.1% 57.6% Total TM Security Appliance $1,584.0 $1,892.7 $ 2,309.1 $2,632.4 $2,948.3 $3,449.5 16.8%

8 Fortinet Story Unfolding

9 First Generation: Stateful Inspection Firewall
In point solution configurations, Stateful Inspection firewall delivers network level security services Firewall / VPN Content Filter IDS/IDP IDS/IDP Antivirus Let’s shift gears now and look a bit at the evolutions of firewall technology. Majority of point-solution firewalls in place use stateful inspection A stateful inspection firewall accepts or denies traffic based on the source IP address, destination IP address, source port, destination port and protocol. 10 yrs Typically provide security at network layer Has done as excellent job of balancing performance and throughput, but has limited capability beyond access rights In point solution configuration, (general explanation) Firewall interoperates w/ compilation of other security products After checking policy and access right, packets are distributed in-line, in this example through through other standalone devices such as IDP, AV, CF

10 Firewalls Don’t Analyze Contents so they Miss Content Attacks
DATA PACKETS STATEFUL INSPECTION FIREWALL Inspects packet headers only – i.e. looks at the envelope, but not at what’s contained inside OK Four score and BAD CONTENT our forefathers brou OK OK ght forth upon this continent a new nation, OK n liberty, and dedicated to the proposition that all Not Scanned Basic packet processing, which is what firewalls do, won’t detect the key threats. Some vendors talk about doing “packet-level” scanning for viruses and worms, but that makes no sense! There’s no reason to believe that a virus will be contained completely within one packet – it will probably be chopped up and spread across multiple packets. Simply looking at the network-level contents of a single packet won’t catch most threats. The only way to effectively do network-based scanning for viruses and banned content is to first re-assemble the packets back into the original APPLICATION-level objects from which they were derived – i.e. the files, programs, etc. THEN, once the original content has been re-created, you can scan it for viruses, worms, bad URLs, bad words, etc. But conventional network devices can’t do this. Packet “headers” (TO, FROM, TYPE OF DATA, etc.) Packet “payload” (data) CONFIDENTIAL

11 Second Generation: Deep Packet Inspection
Deep Packet Inspection typically combines functionality of IDS/IDP system with Stateful Inspection firewall Firewall / VPN Content Filter IDS/IDP IDS/IDP Antivirus In the past couple of years, there has been a lot of discussion around the next generation of Firewall technology, “Deep Packet” Inspection. In a general sense, deep packet inspection firewalls combine the functionality of stateful inspection firewall and Intrusion detection/prevention system capabilities Combines firewall access control with IDP heuristics and attack signatures. This moves the security service from network to the application layer and therefore better secures against content threats such as malware and protocol attacks Requires specialized ASIC that deliver wire speed throughput As shown above, after passing the deep packet firewall, depending an policy assigned to the packet stream, the content would then be parsed to AV and content filtering

12 Some Firewalls Claim to do “Deep Packet Inspection” – But They Still Miss a Lot
Performs a packet-by-packet inspection of contents – but can easily miss complex attacks that span multiple packets Undetected OK Four score and BAD CONTENT our forefathers brou ! Basic packet processing, which is what firewalls do, won’t detect the key threats. Some vendors talk about doing “packet-level” scanning for viruses and worms, but that makes no sense! There’s no reason to believe that a virus will be contained completely within one packet – it will probably be chopped up and spread across multiple packets. Simply looking at the network-level contents of a single packet won’t catch most threats. The only way to effectively do network-based scanning for viruses and banned content is to first re-assemble the packets back into the original APPLICATION-level objects from which they were derived – i.e. the files, programs, etc. THEN, once the original content has been re-created, you can scan it for viruses, worms, bad URLs, bad words, etc. But conventional network devices can’t do this. OK ght forth upon this continent a new nation, OK n liberty, and dedicated to the proposition that all CONFIDENTIAL

13 Next Generation: Complete Content Protection
Combines the capabilities of Firewall, IDS/IDP, AV, CF Firewall / VPN Content Filter IDS/IDP IDS/IDP Antivirus Complete content protection is a further stage in of firewalls and content protection evolution Unifies the capability of stateful inspection, deep packet inspection and adds antivirus scanning and content filtering capabilities Able to scan at file level, not just application level Through consolidation CCP offers better performance, security, and management Requires highly specialized platform high throughput packets only need to be scanned once

14 To Stop Content-Based Threats Requires More than Deep Packet Inspection
COMPLETE CONTENT PROTECTION 1. Reassemble packets into content Four score and BAD CONTENT our forefathers brou ght forth upon this continent a new nation, n liberty, and dedicated to the proposition that all BAD CONTENT NASTY THINGS NASTIER THINGS DISALLOWED CONTENT Four score and seven years ago our forefathers brought forth upon this BAD CONTENT a new liberty, and dedicated to the proposition that all… Basic packet processing, which is what firewalls do, won’t detect the key threats. Some vendors talk about doing “packet-level” scanning for viruses and worms, but that makes no sense! There’s no reason to believe that a virus will be contained completely within one packet – it will probably be chopped up and spread across multiple packets. Simply looking at the network-level contents of a single packet won’t catch most threats. The only way to effectively do network-based scanning for viruses and banned content is to first re-assemble the packets back into the original APPLICATION-level objects from which they were derived – i.e. the files, programs, etc. THEN, once the original content has been re-created, you can scan it for viruses, worms, bad URLs, bad words, etc. But conventional network devices can’t do this. ATTACK SIGNATURES !! !! 2. Compare against disallowed content and attack lists CONFIDENTIAL

15 Complete Content Protection Requires Enormous Processing Power
PROCESSING POWER REQUIRED Complete Content Protection Spam 1000 Inappropriate Web Content Worms 100 Trojans Viruses Sophisticated Intrusions 10 Deep Packet Inspection So what does it take to achieve CCP? Complete Content Protection requires massive processing power and a highly specialized ASIC/OS driven architecture For example, Stateful inspection firewalls, typically run on standard server platforms and are do not require large amounts of processing power, here shown with a vector on 1 Deep packet requires much higher processing power, somewhere in the magnitude of 10x the power of stateful inspection, and as result has evolved out of a new family of purpose built ASIC accelerated platforms CCP, with a broader range of application layer content security capabilities, requires much higher processing power, somewhere in the order 100 or even a 1000 x higher than stateful inspection Denial of Service Attacks Stateful Inspection Simple Intrusions 1 1990 1995 2000 2005

16 Fortinet Developed a Unique Technology for Complete, Real Time Network Protection
CORE TECHNOLOGY Proprietary Fortinet Chip Hardware scanning engine Hardware encryption Real-time content analysis No other company has successfully developed a hardware (ASIC)-based system for high-performance antivirus scanning. The FortiASIC Content Processor chip and the FortiOS operating system provide the core of Fortinet’s unique technology. The FortiASIC chip has an intelligent, proprietary content scanning engine that accelerates the compute-intensive portions of content scanning that make AV, CF and related processes perform very slowly on general purpose computer or network processor chips. It also contains acceleration for encryption and enables the FortiGate AV Firewalls to perform AV scanning on VPN tunnels. Of course, the virus and attack definitions (“signatures”) are not in hardware – they’re stored in software databases that are periodically downloaded to FortiGate units automatically when a new outbreak occurs. In fact, even the virus scanning algorithms (i.e. the “engine”) can be updated simultaneously with the signature databases to deal with new kinds of attacks. The FortiOS operating system was designed by Fortinet. Its inherently secure (because it isn’t a public operating system) and its very high performance because its been designed from the ground up to support high-speed networking applications. Real-time networking OS High performance Robust, reliable

17 Fortinet Developed Products for Complete Real Time Network Protection
Best-in-Class Applications Included in Every FortiGate FortiOS Operating System The FortiOS is designed to support multiple applications. Today, all FortiGate units are shipped with FW, VPN, NIDS, IDP, AV, CF, and Traffic Shaping capabilities. The platform also supports the ability to upgrade to support new applications. In the near future, Fortinet plan to offer additional capabilities, including: -Anti-spam protection, to reduce the burden of unwanted s. -Virtual system support, which enables a single FortiGate unit to appear as if its actually multiple, independent FortiGate units with different sets of policies and different administrators (FG 3000 and up, for additional cost) -All of the new capabilities that have been added to the FortiGate platforms will run on any FortiGate unit that’s been shipped – no hardware upgrades are necessary. This provides additional proof of the power of the FortiGate architecture.

18 There’s a FortiGate Model for Every Customer Environment
FortiGate Product Family SOHO Branch Office Medium Enterprise Large Enterprise Service Provider/Telco FGT-2000 4G FortiGate-3600 (March 2003) Industry-Leading Price/Performance FortiGate-3000 2G 500 Gigabit, Redundant power FortiGate 500 Multi-Zone (12 ports) 300 FortiGate-400 Performance (Mbps) High Availability 200 FortiGate-300 FortiGate systems are always “right-sized” for any customer environment. Enhanced remote client capacity 120 FortiGate-200 FortiGate-100 Integrated Logging (20 Gbyte) 95 DMZ port, traffic shaping FortiGate-50 30 Virus/Worm Scanning, Firewall, VPN, Intrusion Detection, Content Filtering Capabilities

19 The FortiGate Family Scales from SOHO to Service Provider

20 Fortinet product line Product range SOHO BO Medium Enterprise
Large Enterprise Service Provider FortiClient FortiMail 2000 FortiMail 400 FortiLog 400 FortiLog 100 FortiLog 800 FortiReporter FortiManager 400 FortiManager 3000

21 Services – FortiGuard Automatic AV & IPS updates can reach all FortiGate units worldwide in under 5 Minutes

22 Fortinet FortiGuard Applications Key Advantages
Fortinet has developed all of its security applications from the ground up: Antivirus – 100% coverage of the virus WildList ( Intrusion Detection and Prevention – signatures Antispam – Bayesian and Heuristics filtering, RBL, ORDBL servers URL Filtering – 56 Categories, 27+million rated websites, Daily updates to the URL database Integrated application security delivers a better defense against blended threats which use multiple methods of propagation No reliance on OEM agreements with 3rd party vendors! Common Criteria EAL4+ certification just earned! Fortinet offers simplified pricing and reduces security costs by licensing security applications per device instead of per user which is practiced by many competitors reliant on 3rd party licensing of AV, IPS, Antispam, and URL filtering. Footnote

23 World Class Services and Support

24 World Class AV updates – Signature Response Times Betters Many Competitors
Source: AVtest.org

25 New Network Based Spyware and Grayware Detection and Prevention
Protection categories include: Adware Toolbar Editors Browser Helper Objects Dialers Web Page Hijacker Download Programs Games Browser Plugins Keystroke Loggers Jokes Network Management Tools Peer2Peer Spyware Remote Administration Tools Grayware executable program detection new in FortiOS, leverages FortiASIC High degree of customization to Grayware categories for both scanning and blocking

26 FortiClient v 2.0: FW+AV+VPN
Software implementation of Fortinet’s Antivirus engine Real-time protection for and web traffic Scheduled and real time file system monitoring Virus quarantine Registry startup monitor Auto-Update via FortiProtect FortiProtect access for VPN users can get updates from Internet. No need to connect to corporate network

27 FortiGate deployments – Variety of options
VPN Client AV client Mobile Access Antivirus Transparent mode Corporate Headquarters IDS VPN Antivirus Transparent mode Antivirus Content Filtering Antispam Firewall VPN IDS/IDP Telecommuter & Home Office Regional Office

28 Many Awards and Industry Certifications

29 Vendors of Conventional Systems are Scrambling to Address the Market
Anti-Virus McAfee, Trend Application-Layer Content Filtering WebSense Symantec (5X00) ISS (Proventia) Network Associates (Intruvert) IDS/IDP ISS Network-Layer The FortiGate systems are the first and only solution with ASIC-based application-level (content) security as well as network-level security. No other systems can match Fortinet for completeness of coverage, raw throughput, or price/performance. VPN NetScreen SonicWall, Watchguard CheckPoint Cisco Firewall Software-Based ASIC-Based CONFIDENTIAL

30 Vendors of Conventional Systems are Scrambling to Address the Market
Anti-Virus McAfee, Trend Application-Layer Content Filtering WebSense Symantec (5X00) ISS (Proventia) Network Associates (Intruvert) IDS/IDP ISS Network-Layer The FortiGate systems are the first and only solution with ASIC-based application-level (content) security as well as network-level security. No other systems can match Fortinet for completeness of coverage, raw throughput, or price/performance. VPN NetScreen SonicWall, Watchguard CheckPoint Cisco Firewall Software-Based ASIC-Based CONFIDENTIAL

31 Fortinet Differentiators - Products, Technology, Service & Support
Only ASIC accelerated Antivirus system in the world Most scalable family of UTM platforms All models include integrated security applications Services Infrastructure to ensure rapid threat response FortiGuard Subscription, FortiCare Support, FortiProtect Network Lowest TCO – priced per unit, not per user And Lowest Total Cost of Ownership

32 The First and Only Company to Address All the Security Market Needs – and at Lowest Total Cost

33 For more information: www.fortinet.com
Thank You! For more information: Fortinet Online Knowledge Base: FortiGuard Center: FortiPartner Extranet:

Download ppt "Fortinet Real Time Network Protection ComputerLinks University"

Similar presentations

Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.

1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
True Unified Threat Management

True Unified Threat Management
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.

1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,

PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,
Market Analysis Decision Group.

Market Analysis Decision Group.
Fortinet An Introduction

Fortinet An Introduction
Vantage Report 3.0 Product Sales Guide

Vantage Report 3.0 Product Sales Guide
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

Similar presentations

Ads by Google