Fortinet FortiOS 5 Presentation

Click here to load reader

Embed Size (px)

description

 

Transcript of Fortinet FortiOS 5 Presentation

  • 1 CONFIDENTIAL INTERNAL ONLY1 Fortinet Confidential June 5, 2014 Introducing FortiOS 5 More Security, More Control, More Intelligence
  • 2 CONFIDENTIAL INTERNAL ONLY Network Trends Wired Connectivity Moving Beyond 10G Ubiquitous Wireless Connectivity Mobile Devices Everywhere Video and Audio Content IPv6 a Reality Background
  • 3 CONFIDENTIAL INTERNAL ONLY Security Trends Visibility of Traffic Accuracy of Detection Policy Explosion Log Explosion Threats Scale Background
  • 4 CONFIDENTIAL INTERNAL ONLY No Change Budget Department Size Background
  • 5 CONFIDENTIAL INTERNAL ONLY5 Fortinet Confidential FortiOS 5
  • 6 CONFIDENTIAL INTERNAL ONLY6 F O R T I N E T C O N F I D E N T I A L FortiOS 5 More SecurityMore Security More ControlMore Control More IntelligenceMore Intelligence
  • 7 CONFIDENTIAL INTERNAL ONLY Over 150 New Features & Enhancements Fighting Advanced Threats -------------------------------------- Client Reputation Advanced Anti-malware Protection More Security Securing Mobile Devices ------------------------------------ Device Identification Device Based Policy Endpoint Control More Control Making Smart Policies -------------------------------------- Identity Centric Enforcement Secured Guest Access Visibility & reporting More Intelligence FortiOS 5 Highlights
  • 8 CONFIDENTIAL INTERNAL ONLY Fighting AdvancedFighting Advanced ThreatsThreats Client Reputation Advanced Anti-malware Protection More Security
  • 9 CONFIDENTIAL INTERNAL ONLY Ranking Client Reputation Identification Policy Enforcement Multiple Scoring Vectors Reputation by Activity Threat Status Real Time, Relative, Drill-down, Correlated Identify potential zero-day attacks Score Computatio n Zero Day Attack Detection
  • 10 CONFIDENTIAL INTERNAL ONLY Multi-pass Filters In-box Enhanced AV Engine Cloud Based AV Service Hardware Accelerated & Code optimized Real time updated, 3rd party validated Signature DB Local Lightweight Sandboxing Behavior / Attribute Based Heuristic Detection Application Control Botnet Category FortiGuard Botnet IP Reputation DB Cloud Based Sandboxing Improves threat . detection Advanced Anti-Malware Protection
  • 11 CONFIDENTIAL INTERNAL ONLY Client Reputation Threat profiling to quickly identify most suspicious clients Effective zero-day attacks detection ! Advanced Anti-malware Protection Mutilayered: Combines best-in class local AV Engine with additional cloud based detection system Detects and block Botnet clients and activities Improves malware detection capabilities More Security
  • 12 CONFIDENTIAL INTERNAL ONLY Securing Mobile DevicesSecuring Mobile Devices Device Identification Device Based Policy Endpoint Control More Control
  • 13 CONFIDENTIAL INTERNAL ONLY See It Control IT Seamless integration! BYOD Device Identity & Policies Device Based Identity Policies Agentless Agent based Device Identification Access Control Security Application UTM Profiles Awareness
  • 14 CONFIDENTIAL INTERNAL ONLY Authorized Device Device Based Policy Securely adopt BYOD Setup different security and network usage policies based on device types Personal Device DMZ INTERNET DMZ INTERNET More Control
  • 15 CONFIDENTIAL INTERNAL ONLY Off-Net Protection Endpoint Control: FortiClient 5 INTERNET LAN OFF ON Client enrolls into the FortiGate and then receives its end point policy. It will receive any updates when connected again. Client uses last known security policies and VPN configurations. 11 22
  • 16 CONFIDENTIAL INTERNAL ONLY Securing Remote Devices Protect mobile hosts against malicious external threats Enforce consistent end point security policies, anywhere all the time Simplified host security and remote VPN management Endpoint Control: FortiClient 5
  • 17 CONFIDENTIAL INTERNAL ONLY Making Smart PoliciesMaking Smart Policies Identity Centric Enforcement Secured Guest Access Visibility & Reporting More Intelligence
  • 18 CONFIDENTIAL INTERNAL ONLY Identity = Policy External Radius ServiceExternal Radius Service Windows ADWindows AD Citrix EnvironmentCitrix Environment = M.Jones = = S.Lim = = V.Baker = = J.Jackson = Captive PortalCaptive Portal 802.1x802.1x Users identified without additional logins FortiClientFortiClient DMZ DMZ Users assigned to their policies Identity-Centric Enforcement FSSOFSSO Identity based PoliciesIdentity based Policies
  • 19 CONFIDENTIAL INTERNAL ONLY Single Sign-On and Role Based Policies Authorized network access based on user credentials secure network right at entry point Reuse captured information for security policies unifies security configurations and offers better user experience. Reduce administrative tasks & configuration errors Marketing, Management Operation, Staff CMS INTERNET CMS INTERNET M.Jones S.Lim SSID: STAFF SSID: MGMT Identity-Centric Enforcement
  • 20 CONFIDENTIAL INTERNAL ONLY Temporary Network Access Guest Administration Portal Credential Generation & Delivery Time Quota Ad hoc access without compromising security Integrated Guest Access Identify and track guest activities Time limits prevent unnecessary exposure to exploits
  • 21 CONFIDENTIAL INTERNAL ONLY Network & Threat Status Knowledge is Power ! Drill-Down Statistics Filter & Sorting Object Details Contextual Information Visibility & Reporting
  • 22 CONFIDENTIAL INTERNAL ONLY Deep Insights New PDF Formatting Drill-downs Per User Summary FortiManager FortiCloud Comprehensive reports Visibility & Reporting
  • 23 CONFIDENTIAL INTERNAL ONLY EnhancementsEnhancements Usability / WebUI IPv6 UTM Wireless FortiGuard Services Highlights
  • 24 CONFIDENTIAL INTERNAL ONLY Usability Wizards Improved Policy Editor Contextual Pictograms Enhancements
  • 25 CONFIDENTIAL INTERNAL ONLY IPv6 NAT64 / DNS64 IPS (Forwarding Policy) Explicit Proxy HA Session Pickup DHCP Client Per-IP Traffic Shaping Policy Routing DHCPv6 Relay Enhancements
  • 26 CONFIDENTIAL INTERNAL ONLY UTM SSL Inspection of IPS & App Control DNS-based Web Filtering CIFS (Flow-AV) & MAPI Scanning SSH proxy DLP Watermarking Enhancements
  • 27 CONFIDENTIAL INTERNAL ONLY Wireless Wireless IDS Wireless Mesh Local Bridge Mode (Remote sites) SSID & Port Bridging Enhancements
  • 28 CONFIDENTIAL INTERNAL ONLY User Notification Notify Users in Real-Time Blocked Applications Denied Traffic Quotas Notifies via FortiClient if Host is Registered Additional Enhancements
  • 29 CONFIDENTIAL INTERNAL ONLY FortiGuard Services DNS-based Web Filter DB Query DDNS Service NTP Service BYOD Signature Updates Geography Updates USB Modem Updates Vulnerability Scan DB Updates SMS Messaging FDN Real time protection & new services Enhancements
  • 30 CONFIDENTIAL INTERNAL ONLY Supported Platforms Desktop Mid Range 3000 Series 5000 Series FortiGate-VM * Available on patch release
  • 31 CONFIDENTIAL INTERNAL ONLY Feature Matrix for Desktop Models * Requires FMG/FAZ, FortiCloud for Monitoring, available in near future
  • 32 CONFIDENTIAL INTERNAL ONLY Services, Licenses & Subscriptions *Registration Required ** Available on selected Models Included with FortiGate DNS Service DDNS Service NTP Service 2 FortiTokenMobile License* 10 FortiClient Endpoint License* 10 VDOMs License FortiCloud Service (trial)* FortiCare Subscription Required Geography Updates BYOD Signatures Updates USB Modem DB Updates Vulnerability Scan Signature Updates Firmware Update + FortiTokenMobile License + Endpoint License** + VDOM License** + SMS Top-up + FortiCloud Storage Top-up BOLD: New Offerings
  • 33 CONFIDENTIAL INTERNAL ONLY Services, Licenses & Subscriptions FortiGuard AV Subscription Botnet IP reputation DB FortiGuard Analytics Service Proxy & Flow based AV signatures FortiGuard Web Filter Subscription Botnet IP reputation DB FortiGuard Analytics Service Proxy & Flow based AV signatures FortiGuard IPS Subscri