Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC.

Published byShanon Boyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC."— Presentation transcript:

1 Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC

2 Fortinet Confidential Protecting the Service Provider’s Infrastructure MOBILE NETWORK MOBILE NETWORK RADIUS SERVER GGSN SGSN 2 Protecting the customer (Managed Security Service Provider) Subscriber Network 1 Two discrete solutions for Service Providers Security Solutions for Service Providers

3 Fortinet Confidential Managed Security Services

4 Fortinet Confidential MSS Drivers Drivers Domestic Regulation Huge SME uptake Concerns over Confidentiality Reducing cost & fulfilling corporate requirements Inhibitors  Perturbations in Financial Markets  Lack of Investments in Regional SOCs  Localization of Support Key Success Factors Key Success Factors Service Expertise Quality of Service Cost Reduction Relationship window

5 Fortinet Confidential APAC MSS Landscape Integrators Telecommunication/Wan Providers Pure-Play Inclusion Criteria > 150 customer FW/IPS/Web/Mail GW in APAC Or 50 Customers in APAC HQ or Major RO in APAC Channel presence in 2 of 6 APAC Regions 2 reference accounts to Gartner

6 Fortinet Confidential APAC MSS Pointers MarketGrowth Rate in 2009 Number of devices24% Client Base16% Deal SizeAPACEMEA <$150K57%12.5% Between $150K and $750K 30%25% Between $750K and $1.5M _______25% >$1.5M_______37.5% TypeNo of Devices in 2009 CPE ( Customer Premise)20,010 ITC (In The Cloud )2,760 Beyond “Device Management”

7 Fortinet Confidential NOC/SOC CPE / Client Based MSS 7 Internet

8 Fortinet Confidential Cloud Based Services Per Customer Virtual Domain ▪Application Control ▪Web Filtering ▪AntiVirus / AntiSpyware ▪Data Leak Prevention ▪AntiSpam ▪Intrusion Protection ▪VPN (IPSec / SSL) ▪Firewall ▪Dynamic Routing 8

9 Fortinet Confidential Access Layer Virtualization Services Virtualized Secure Remote Access Service to End Users in Public (IPSec / SSL) - Virtualized Firewall catering to Virtual Network - Independent Access Policies - Virtualized IPS Sensor Policies - Added advantage with Application control Protecting VoIP servers and connections from Threat and targeted DoS Attacks ACCESS CONTROL Secure Authentication and Access vUTM services in Select Markets

10 Fortinet Confidential Virtualization in FortiGate Super Admin VDOM Admin FortiGate Hardware FortiOS Firewall VPN(IPSec/SSL) IPS / App Ctrl WCF / G AV Routing VLANs Firewall VPN(IPSec/SSL) IPS / App Ctrl WCF / G AV Routing VLANs Individual VDOMs... Root VDOM MGMT Firewall IPS / App Ctrl WCF / G AV Routing VLANs VPN(IPSec/SSL)

11 Fortinet Confidential Dynamic Security Profiles

12 Fortinet Confidential  Provides an authenticated bypass of the Service Restrictions  Within a domestic environment  Both end-points (users) are behind the same NAT boundary  Clientless solution to differentiate access – no software to ‘hack’  Parental control is maintained DSL Home user 1 (Adult) NAT DSL Home user 2 (Child) Dynamic Security Profiles - In Home Parental Control* DYNAMIC SECURITY PROFILES *FortiOS Carrier 4.1 www.badsite.com

13 Fortinet Confidential Per end-point Black / White List −End points (users, MSISDN) can have their own black white list −No requirement for end user to access FortiGate infrastructure Can be populated on Self Service Portal Dynamically configured on FortiGate as end points attach −RADIUS VSA Extension, no fixed limit for URLs DSL+3G RADIUS Dynamic Security Profiles End-Point customisation DYNAMIC SECURITY PROFILES Self Service Portal *FortiOS Carrier 4.2 www.badsite.com

14 Fortinet Confidential Infrastructure protection

15 Fortinet Confidential Mobile Operator Threat Evolution Pre-IMSIMS voice SMS VOIP Media IPTV IM MMS Rapid Application Deployment Web

16 Fortinet Confidential Security Considerations – What? Interrogating CSCF Serving CSCF Fixed Wireline Wifi WiMax Mobile Wireless Proxy CSCF App Server Presence / IM IP Network App Server Push-to-talk App Server ETC… IP Network SIP IMS SIP Core h.248 DIAMETER PDF RACS RACF Carrier Peer IP Network A-BGFI-BGF I-BCF PSTN Media Gateway h.248 SIP Media FortiGate Access -Voice Security moves all the way to the handset -Encryption/Compression/Authentication (open up payload) -IPS capabilities (msg flood, header tampering) - Network Denial of Service -Antivirus -Same HTTP/SMTP offerings as pre-ims at Internet Egress Applications -Rapid app delivery -Host Attacks Peering -Open Internet (Traffic Anomaly) -IPS (msg flood, proto conformance) -QoS -VPN -Antivirus -Protocol translations (L3 and L4) -NAT ALG services -Overlapping Subnets -Virtualization per peer Handsets -FW/VPN/IPS/AV

17 Fortinet Confidential FortiOS Carrier Security Highlights Dynamic Profiles  Per user services via a RADIUS API  Protection Profile derived from RADIUS record Session Initiation Protocol (SIP) Security  Stateful SIP tracking, Malicious SIP message protection, SIP Rate Limitation  SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing  Geographical Redundancy, SIP Stateful High-Availability Multimedia Message Service (MMS) Security  Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering)  Sender and Admin notification GPRS Tunneling Protocol (GTP) Firewall  3GPP 29.060 version 6.9.0, including Overbilling Protection  Protocol Anomaly Checks, IMSI/APN/IE filtering Dynamic Profiles  Per user services via a RADIUS API  Protection Profile derived from RADIUS record Session Initiation Protocol (SIP) Security  Stateful SIP tracking, Malicious SIP message protection, SIP Rate Limitation  SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing  Geographical Redundancy, SIP Stateful High-Availability Multimedia Message Service (MMS) Security  Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering)  Sender and Admin notification GPRS Tunneling Protocol (GTP) Firewall  3GPP 29.060 version 6.9.0, including Overbilling Protection  Protocol Anomaly Checks, IMSI/APN/IE filtering

18 Fortinet Confidential Global presence with 30+ offices worldwide 5,000+ channel partners 500,000 units shipped worldwide 75,000+ customers (including the majority of the Fortune Global 100) 1,200+ employees IPO Nov 2009 – FTNT Consistently strong sequential growth Profitable: $259+ million cash balance & cash flow positive Fortinet: An Established Security Vendor

19 Fortinet Confidential Security Vendor of The Year in APAC Fortinet awarded 2010 Security Vendor of the Year by Frost & Sullivan for Asia Pacific Competitors: Juniper, Check Point, Cisco […] an achievement that was undoubtedly driven by the foresight of Fortinet in expounding and leveraging on the rapidly emerging trend of technology convergence. The combination of effective go-to-market and product strategies was pivotal in cementing Fortinet’s position as a major player in the network security market in the Asia Pacific region. Edison Yu, Asia Pacific Information & Communication Technologies Practice, Frost & Sullivan ” “ “ ”

20 Fortinet Confidential Fortinet High-End Traction 20 International UTM Revenue Share, 2009 $50,000-99,999 Price Band Source: IDC Worldwide Security Appliance Tracker, Q3 2009 *International = Western Europe + Japan +Asia Pacific Fortinet Secures: 7 of Top 10 Fortune 500 5 of Top 10 Global 500 in EMEA 7 of Top 10 Global 500 in APAC 6 of Top 10 Global 500 Commercial & Savings Banks 7 of Top 10 Global 500 Aerospace & Defense 2 of Top 5 Global 500 in IT Services

21 Fortinet Confidential India 2009 UTM Market – 31.26 M$ 2009 Security Appliances Market – 85.23 M$

22 Fortinet Confidential Fortinet TelCos/xSPs Customers Success …and others rely on Fortinet’s protection

23 Fortinet Confidential Thank You 23

Download ppt "Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC."

Similar presentations

www.itexpo.com October 10-13, 2006 San Diego Convention Center, San Diego California VoIP/SOA Integration Impact on IT Apps, Processes, & Overall Business.

October 10-13, 2006 San Diego Convention Center, San Diego California VoIP/SOA Integration Impact on IT Apps, Processes, & Overall Business.
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.

1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
IMS Workshop- Summary James Rafferty August 10. 2006.

IMS Workshop- Summary James Rafferty August
CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – www.counterpath.com www.counterpath.com –

CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – –
1 © 2006 Avaya Inc. All rights reserved. Avaya – Proprietary & Confidential. Technology Enabling the Avaya Vision Technology Enabling the Avaya Vision.

1 © 2006 Avaya Inc. All rights reserved. Avaya – Proprietary & Confidential. Technology Enabling the Avaya Vision Technology Enabling the Avaya Vision.
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
Blue Coat: Your partner to sales success Nigel Hawthorn VP EMEA Marketing +44 7081 487 987

Blue Coat: Your partner to sales success Nigel Hawthorn VP EMEA Marketing
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Similar presentations

Ads by Google