You are on page 1of 45

Security Consolidation

The way to unmatched performance, visibility & control

Franck Bernard Country Manager Fortinet, Inc.
October 7, 2013

Fortinet Corporate Overview
• Founded in 2000 Fortinet Revenue ($MM)

» Global presence with 30+ offices worldwide & 1,300+ employees
– 5,000+ channel partners – 100,000+ customers
– Majority of the Fortune Global 100
$155 $123



• IPO Nov 2009, NASDAQ: FTNT • 2010 revenue of $325 Million
– 29% YoY growth

$80 $39

• Q3 2011: 37% YoY growth • Dedicated MSS team





1. 2. 3. 4. 5.

Evolution of the Firewall Market Market Analysts’ View Enterprise Unified Threat Management Security Consolidation³ WLAN Security

Evolution of the Firewall Market

Can You Keep Up? • Intelligence » Reduce emphasis on human intervention • Consolidation of gateway functions » Simplification • End-to-end protection » Policy compliance for all devices. including mobile • Enterprise-class features available for all segments » Not limited to large appliances • Virtualization » Virtual appliances » Multi-tenant environments • Growth of WLANs » Mobile enterprise .

Firewall Market Evolution • Firewalls developed over 25 years ago » Initial protection by blocking traffic by port. protocol. or IP address • From packet filtering to circuit level to proxy to deep packet inspection… • Threat landscape evolved from primitive to more sophisticated » Able to pose as legitimate traffic & bypass policies » Business processes evolved as well • Firewall policies disabled over time to allow critical applications to pass through .

The Early Days Performance / Damage VPN Connection-Based Firewall Hardware Theft 1980s 7 1990s 2000s Physical Today Lock & Key .

Vendors Followed The Threats Performance / Damage Spyware Anti-Spyware Worms Spam Banned Content Trojans Antivirus Antispam Web Filter Viruses Intrusions IPS Content-Based VPN Connection-Based Firewall Hardware Theft 1980s 8 1990s 2000s Physical Today Lock & Key .

nonintegrated security » Created gaps in security strategy » Mix of off-the-shelf systems and applications » Difficult to deploy / manage / use » High cost of ownership 9 .Result: Multiple Devices. Vendors • Problems Created » Stand-alone. Consoles.

Consolidation • Factors driving consolidation » Threats • Blended threats. multi-vector attacks exploiting blind spots » Evolution of network/security technologies • Ability to integrate stand-alone technologies and deliver performance • Greater accuracy of detection capabilities » User behavior • Growth of remote workforce » Applications behavior • “Webification” » Costs 10 .

The Market Analysts’ View 11 .

IDC’s View • Unified Threat Management » The evolution of the traditional firewall into an all-inclusive security product: • Network firewalling • Network intrusion prevention • Gateway antivirus (AV)/antispam (AS) • VPN • Content filtering • Optional technologies. such as » Load balancing » On-appliance reporting VPN Firewall IPS Web Filtering AV/AS .

Gartner’s View • Next Generation Firewall » Standard firewall features • Network address translation. or useful blocking or vulnerability lists VPN Firewall IPS Web Filtering App Control . integration with Active Directory. » "Application-awareness" capability to recognize/control applications » “Extra-firewall" intelligence • Reputation analysis. and VPN and suited for the large enterprise » IPS is "truly integrated" with the firewall. stateful inspection.

Enterprise Unified Threat Management .

Virtual Appliances Strong Authentication 15 . Dynamic Routing IPS SSL Inspection VoIP Data Loss Prevention Web Filtering App Control WAN Optimization Endpoint Protection/ NAC VLANs. VDOMs.Fortinet's Approach to Consolidated Security Complete Content Protection Antispam Antivirus/ Antispyware VPN Firewall Wireless LAN Vulnerability Mgmt IPv6.

Enterprise Unified Threat Management • Convert stand-alone products into features » Simplify the network and improve visibility • Deliver comprehensive solutions for the largest global networks and organizations » Improve performance » Increase protection » Reduce complexity • Continually raising the performance bar with purpose-built hardware and software » Rely on custom processors and latest generation general purpose processors .

Visibility and Control • Single “pane of glass” management console • Single OS for all security devices • Deployment Ease & Flexibility » Ability to deploy technologies where needed 17 .

scripts. and FortiScan • Antispam: Unsolicited messages Phishing. • Web Filtering: Multiple categories and Malicious sites Botnet command. search poisoning. social networks. independent of port or protocol • Intrusion Prevention: Vulnerabilities and Exploits Browser and website attack code crafted by hackers and criminal gangs. compromised Facebook applications. macros. executables Delivered via Web. Instant messaging. FortiWeb. Malware. USB. FortiDB. FortiAnalyzer. phishing. Email.Consolidated Security with Real Time Updates • Application Control: Unwanted Services and P2P Limiting Botnet command channel. Social Engineering and Junk • Antivirus: All malicious code Documents. inappropriate content • Vulnerability Management: Real time exploit updates Multiple scanning points FortiGate. etc 18 .

Integrated Threat Protection in Action Problem: “Innocent” Video Link: Redirects to malicious Website Error message: “Drops” copy of itself on system and attempts to propagate “Out of date” Flash player error: “Download” malware file Solution: Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm 19 .

is infected and now all their data is compromised Botnet command channel is blocked.The Zeus Attack vs.. and criminals now have their details . Complete Content Protection • Email Sent – Contains link to compromised site . INTRUSION DETECTION 20 . Security administrator is alerted to existed of an infected system. enters credentials. no compromised data can be sent. ANTISPAM Mail message detected as spam (phishing) • End user accesses phishing site. WEB FILTER Access to phishing website is blocked • Phishing site sends BOT infection to user disguised as ‘Security Update’ application Content scanning prevents malicious content from being downloaded ANTIVIRUS • End user executes BOT application.


including mobile • Growth of WLANs » Mobile enterprise • Virtualization » Virtual appliances » Multi-tenant environments .Can You Keep Up? • Intelligence » Reduce emphasis on human intervention • Enterprise-class features available for all segments » Not limited to large appliances • End-to-end protection » Policy compliance for all devices.

Security Consolidation³ • Consolidation − Gateway features unification • Integrated security appliance − Block network & content threats • Accelerated performance − 10 GbE − Up to 160 Gbps 23 .

Management and Reporting system to function as multiple independent virtual systems 24 .Security Consolidation³ • Consolidation² − Virtual Security Domains. Virtual Management & Reporting • Virtual Domains (VDOMs) • Enable a single Firewall.

Security Consolidation³ • Consolidation³ − Choice of form factor: run it all on physical appliances or as virtual software DMZ/Private Zone Virtualized Data Center Servers / DMZ Desktops / Private Public Zone Server Hardware Appliances Virtual Appliances 25 .

Can You Keep Up? • Intelligence » Reduce emphasis on human intervention • Enterprise-class features available for all segments » Not limited to large appliances • End-to-end protection » Policy compliance for all devices. including mobile • Growth of WLANs » Mobile enterprise • Virtualization » Virtual appliances » Multi-tenant environments .

a b g n FortiGate WLAN Ready for Prime Time .

098 $1.5B $2.180 $3.975 iPad usage in enterprise increases TAM to $4.801 $1.00 $2.00 $1.Revenue Opportunity Enterprise Wireless LAN Market Size Forecast $3.00 $2008 2009 2010 2011 2012 2013 2014 .00 $500.500.415 $2.500.000.000.00 $2.00 $3.000.00 $2.706 North America EMEA Asia/Pacific Latin America Worldwide $1.500.707 $2.

Building Blocks of Secured Wireless LAN Solution Secure Wireless Access Points Multi-Threat Security with Integrated Wireless Controller Fortified Wireless Space 29 .

FortiGate Secure WLAN • New Security Paradigm in WLAN »Firewall »Encryption »Antivirus »IPS »UTM .

3 FortiOS 4.What Do Customers Want? Mobility Reduced TCO Security Scalability Guest Access Mesh Networking Planning/De ployment Mgmt/ Monitoring Application Priority VoWLAN FortiOS FortiOS FortiOS 4.4 .

3 .Application Control/Prioritization • WLAN is a Shared Medium • Cloud means all applications FortiGate are HTTP • L7 Identification Required • Unique to Fortinet FortiOS FortiOS 4.

3 .Rogue AP Detection • PCI Compliance requires Rogue Access Point detection and Wireless IPS at Retail locations • FortiGate Rogue AP Detection and Suppression » Simultaneous Rogue Detection and background scan » Simultaneous Rogue Detection and full-time scan » On-wire Rogue detection and suppression • Wireless IPS FortiOS FortiOS 4.

Guest Access -Guest Manager -Guest Manager Receptionist can create a single account for visitor Following fields are customizable. Admin can force certain fields to be mandatory Expiration time can be edited by receptionist if Admin allows FortiOS Email accounts can be printed out or sent to visitors smart phone via SMS or Email FortiOS 4.4 .

3 .FortiPlanner .Planning/Deployment • Create floor plan » Shape. windows. walls. doors etc • Place APs » Automatic or manual • Propagation Prediction FortiOS FortiOS 4.

Management & Reporting • FortiManager − Global management of all wireless controllers and settings • FortiAnalyzer − Central logging/reporting − Wireless PCI compliance reports FortiOS FortiOS 4.4 .

Summary • Consolidate Gateway features − Layered security − Simplification • Virtualize where reasonable − Optimization − Mitigate the enhanced security risk • Armorize your WLANs − Reverse engineering • “Single Pane of Glass” − Consolidated view of all activity − See. analyze. remediate 37 .

Thank You Franck Bernard .

FortiGate as a Sales Platform .

Fortinet Product Portfolio .Security Unified Threat Management FortiGate Network Security Platform FortiAP Secure Wireless Access Centralized Management FortiManager Centralized Device Management FortiAnalyzer Centralized Logging and Reporting Application Security FortiMail Messaging Security FortiWeb Web Application Firewall Security Services FortiGuard Real time Security Services Endpoint Security FortiClient Endpoint Security Data & System Security FortiDB Database Security FortiAuthenticator Remote Access Management FortiScan Vulnerability Management .

Fortinet Product Portfolio – Network Failover Protection FortiBridge Fail-to-Wire Bypass Application Load Balancing FortiBalancer Application Delivery Controllers Web Caching FortiCache ISP & EnterpriseClass Content Caching VoIP & Analog Telephony Ethernet Switches FortiSwitch Gigabit Ethernet Switches FortiVoice IP PBX & Phones .

VPN Strong Authentication Open VPN Fortinet VPN FortiGate FortiGate FortiAuthenticator .

Complexity.Web Application Availability/Security Standard Customer Advanced Customer Web FortiGate FortiGate FortiBalancer FortiWeb FortiWeb Users. Security. Speed Web App Servers Web App Servers . Availability.

AppControl AD Cluster Web FortiAuthenticator FortiAuthenticator FortiGate FortiMail FortiGate Email Servers .High Performance AD Integration Mass Email Encryption Content Filtering.

Total Web Content Filtering Public Access HQ Access FortiGuard FortiGate FortiClient FortiManager .