Security Beyond the Perimeter: Shrinking the Attack ......Firewall (CFW) Managed Endpoint Internal...
Transcript of Security Beyond the Perimeter: Shrinking the Attack ......Firewall (CFW) Managed Endpoint Internal...
© Copyright Fortinet Inc. All rights reserved.
Security Beyond the Perimeter: Shrinking the Attack Surface with FortiGate, FortiSandbox, and FortClient
Shaun Carriveau Channel Systems Engineer
3/8/2017
4
Fortinet
» Who we are and what we do
FortiGuard
» The “Secret Sauce”
FortiGate
» Perimeter security
FortiSandbox
» Identifying the unknown
FortiClient
» Protecting the endpoint
Agenda
Fortinet
Company Overview
6
Fortinet Facts
#1 UNIT SHARE WORLDWIDE
In Network Security (IDC)
$ 1.3B REVENUE
FOUNDED
2000 OVER
3 DEVICES SHIPPED
30%+ GROWTH
EMPLOYEES
4,650+
300,000+ CUSTOMERS
MARKET LEADING
TECHNOLOGY
358+ PATENTS
292+ PENDING
100+ OFFICES WORLDWIDE
SUNNYVALE, CA
HQ
IPO
2009
7
Fortinet: Global Network Security Leader
Fortune Companies
in America
of the
TOP 7 10
Fortune Companies
in EMEA
of the
TOP 8 10
Fortune Companies
in APAC
of the
TOP 9 10
Fortune
Telecommunications
Companies
10 of the
TOP 10
Fortune Retail and Commercial
Banks
9 of the
TOP 10
Aerospace and
Defense
7 of the
TOP 10
FortiGuard Labs
The “Secret Sauce”
9
The FortiGuard Minute
Per Minute
21,000 Spam emails intercepted
470,000 Network Intrusion Attempts resisted
95,000 Malware programs neutralized
160,000 Malicious Website accesses blocked
32,000 Botnet C&C attempts thwarted
43 million Website categorization requests
Per Week
46 million New & updated spam rules
1,000 Intrusion prevention rules
108 million New & updated AV definitions
1.4 million New URL ratings
8,000 Hours of threat research globally
Total Database
290 Terabytes of threat samples
18,000 Intrusion Prevention rules
5,800 Application Control rules
250 million Rated websites in 78 categories
312 Zero-day threats discovered
Based on Q2 2016 data
Image: threatmap.FortiGuard.com
FortiGate
Perimeter Security
12
What is a FortiGate?
Fortinets Award Winning Security Appliance
Perimeter security
Internal segmentation
Cloud
Data center
Distributed and small business
deployments
13
Hardware Acceleration Technologies S
tate
ful
Inspecti
on
Flo
w
based
Inspection
Pro
xy
Ba
sed
Sca
nnin
g
IPv6 SP3
NP4
CP7
• NP ASICs to offer Firewall
acceleration for both IPv4 &
IPv6 traffic NP6
• CP ASICs to offer
UTM Acceleration &
SSL Offloading
CP8
14
Parallel Path Processing (PPP)
Packet
Processing
Content
Inspection
Policy
Management
Why ASICs Matter?
CPU Only
Policy Management
Packet Processing
Deep Inspection
More Performance
Less Latency
Less Power
Less Space
CPU
Optimised
SoC
Security for the Network
15
FortiGate Product Range
Personality,
Performance
and
Scalability
CCFW
DCFW
ISFW
CFW/VMF
W
NGFW / NGIPS
DEFW
UTM
Software &
Services
Product
Range Entry Level Mid Range High End
Virtual
Appliances
FortiGuard
Security Services
FortiOS
Operating System
FortiCare
Support Services
100-500
Series
30-50
Series
600-900
Series
1000-2000
Series
3000
Series
5000
Series
VM
Series
SoC CPU
CP
Multi
Core
CPU NP
Multi
Core
CPU NP CP
Multi
Core
CPU
H/W Dependent 1 Gbps 10 Gbps 10 Gbps - 50 Gbps
Chassis
System
50 Gbps - 1 Tbps
60-90
Series
16
FortiGate Entry Level Series
FG/FWF-
30E/50E
Series
FG/FWF-
60E Series
FG/FWF-70
& 90D Series
Feature-rich Security Appliances For Small/Home Offices & Small
Branch Offices
FG-80D
FG/FWF-92D FG-94 & 98D-POE
Primary Benefits:
✔ Easy to deploy and manage with initiative GUI
✔ Purpose-built hardware yields high performance
✔ Large selection of models including variants with PoE ports,
integrated WiFi Interface allows most appropriate devices for
different environments.
✔ Application control plus identity and device-based policy
enforcement provides more granular protection
✔ Cost-efficient solution with comprehensive and extensive UTM
features
SoC CPU
17
FortiGate Mid-Range Series
High Performance, Top Rated Network Security for Mid-Sized
Enterprises
FG-900D
FG-800D
FG-600D
FG-500D
FG-400D
FG-300D
FG-200D
Series
FG-100D
Series
Primary Benefits:
✔ 5x faster hardware accelerated next generation firewall offers
best-in-class price/performance ratio
✔ Integrated High port density delivers maximum flexibility and
scalability
✔ NSS Labs Recommended NGFW and NGIPS with
consolidated security delivers top-rated protection
✔ Application control plus identity and device-based policy
enforcement provides more granular protection
✔ Intuitive management interface enables broad and deep
visibility that scales from a single FortiGate to thousands
CP
Multi
Core
CPU NP
Multi
Core
CPU NP CP
18
FortiGate High End Series
Data Center Firewall / Large Enterprise NGFW with High Speed
Interfaces
FG-1000D Series
FG-2000E Series
FG-3000D Series
Primary Benefits:
✔ Industry leading 10x data center firewall offers exceptional
throughput and ultra-low latency
✔ Highly available and Virtual Domain (VDOM) support for multi-
tenant data center environment
✔ Integrated High-Speed 10 GE/40 GE/100 GE ports deliver
maximum flexibility and scalability
✔ Intuitive management interface enables broad and deep
visibility and control
✔ NSS Labs Recommended consolidated security delivers top-
rated protection
Multi
Core
CPU NP CP
19
FortiGate Virtual Appliance Series
FG-VM
Primary Benefits:
✔ Increased visibility and security within virtualized infrastructure
better protect critical resources
✔ Ability to manage virtual appliances and physical appliances from
a single pane of glass management platform reduces TCO
✔ Comprehensive Hypervisor support
✔ Feature-rich security and virtual networking support facilitate
wide deployment and requirement options
Agile Security for Virtual Environments
VMware
ESXi
Citrix
Xen Xen KVM MS
Hyper-V
Amazon
AWS
MS
Azure
20
FortiGate Deployments
Data Center / Private Cloud / SDN
Carrier Class Firewall
(CCFW)
Distributed Enterprise
& Small Business
Mobile Users
Cloud
Firewall
(CFW)
Managed Endpoint
Internal
Segmentation
Firewall
(ISFW)
Carrier/MSSP
Boun
dary
1
Internal Network
Next Gen Firewall
+ Advanced
Threat Protection /
Next Gen IPS
(NGFW + ATP) /
NGIPS
Unified Threat Management
(UTM)
Public Cloud
3
4
7
8
Enterprise Campus
Or Branch Office
Core Network
Internet / WAN
Data Center Firewall
(DCFW)
5
Virtual Machine
Firewall 6
2 Distributed Enterprise Firewall
(DEFW)
21
SSL Inspection Modes
Certificate Inspection
» Only inspects the header information
» Certificates are used to verify server
identity
» Used to ensure that HTTPS isn’t used as a
backdoor method to gain access to filtered
websites
» Certificate errors not presented
Full Inspection
» ForitGate acts as a proxy
» Decrypts and inspects the content
» Re-encrypts and opens a new SSL
connection
» Also known as Man-in-the-Middle
FortiSandbox
Identifying the Unknown
23
Advanced Threat Protection • Multi-layered filtering with Code Emulator, AV engine, Cloud
query and Virtual OS sandbox
• Handles multiple file types, includes files that are encrypted or
obfuscated
• Examine files from various protocols, included those that uses
SSL encryption
Flexible Operation Modes • Receives file sample using integration with FortiGate/FortiMail,
sniffer mode and manual file uploads
• Capture files from remote locations using deployed FortiGates
Monitoring and Reporting • Detailed analysis reports and real-time monitoring and alerting
Introducing FortiSandbox
File Submission
Malicious
Analysis
output
Latest AV Signature Update
2
3
4
Centralized File Analysis 1
?
Advanced Threat Protection solution designed to identify and
thwart the highly targeted and tailored attacks
24
KEY SANDBOX COMPONENTS
Call Back Detection
Full Virtual Sandbox
Code Emulation
Cloud File Query
AV Prefilter
• Quickly simulate intended activity
• OS independent and immune to evasion/obfuscation
• Apply top-rated anti-malware engine
• Examine real-time, full lifecycle activity to get the
threat to expose itself
• Check FortiSandbox community intelligence & file reputation
• Identify the ultimate aim, call back & exfiltration
• Mitigate w/FortiGuard updates
Intelligence Sharing • Distribute real-time updates
• Feed global systems
25
FortiGate, FortiMail, FortiWeb, FortiClient » Block as many threats as possible
» Submit at risk objects for additional analysis
» Mitigate previously unknown threats
Sandbox for Payload Analysis » Accept at risk objects for additional analysis
» Execute objects to assess and rate risk
» Provide intelligence and generate updates for
prevention products
Identify more, previously unknown, threats
Minimize the cost of comprehensive coverage
Speed and simplify response
ADVANCED THREAT PROTECTION IN ACTION
Network
FortiGate, FortiMail, FortiWeb
FortiSandbox
Callback
Detection
Cloud
File Query
AV
Prefilter
Code
Emulation Full
Sandbox
FortiClient
FortiClient
Protecting the endpoint
27
Introducing FortiClient
FortiClient is a unified endpoint protection platform that integrates into the overall
security architecture, automates threat protection and provides secure remote access
i.e. VPN, in a small and lightweight package supporting a multitude of devices (PC, Mac,
Linux, Chromebook, Apple and Android) either on- or off-premise.
28
Unified Endpoint Security Platform
S ecurity Fabric Integration
Endpoint awareness, compliance, and enforcement by sharing
telemetry with Fortinet’s Security Fabric architecture
A dvanced Threat Protection
Automated prevention of known and unknown threats through built-
in, host-based security and integration with FortiSandbox
S ecure Remote Access and Mobility
Authorized and secured external access to corporate assets via VPN with
native two-factor authentication coupled with single sign on (SSO)
29
Security Fabric Integration
Fortinet
Security Fabric
Block non-compliant devices Real-time prevention of cyber threats
Aware
Secure
Actionable
Scalable
Open
Fortinet
Security Fabric
? X X
30
Security Fabric Integration Automated Threat Protection
An enterprise security
strategy…acceptable
endpoint security tools must
plug into a broader security
architecture rather than
operate in an endpoint
security vacuum.
Enterprise Security Group (ESG)*
FortiClient FortiGate
FortiGuard Labs
FortiSandbox
Register > Validate > Enforce > Contain
Global Intel
Update
Submit > Result
Global Intel
Update
Global Intel
Update
Submit > Result Fortinet
Security Fabric
31
Advanced Threat Protection
Real-time Host
Protection
Updates Every
Hour
Scheduled
Scanning
Antivirus
Network Activity
Detection
Application
Categories
Individual
Application
Granularity
Cloud based URL
rating
Safe Search Option
Exclusion List
Up-to-date
Applications
Automated
Patching
Scheduled
Scanning
Application
Firewall Web Filter Vulnerability
Scanning
Prevent Malware Reduce Attack Surface Prevent Drive-by
download Prevent Exploit
“Fortinet rarely misses
a VB100 comparative,
and a strong record of
passes,
complemented by a
steady improvement in
detection over the last
couple of years, have
put it well up with the
leaders… ”
32
FortiClient Proven Effectiveness
33
Advanced Threat Protection Use-case: Prevent Drive-by-Downloads
?
Antivirus
Web Filter
Application
Firewall
Vulnerability
Scanning
X P
Antivirus
Web Filter
Application
Firewall
Vulnerability
Scanning
? X
34
Advanced Threat Protection Use-case: Prevent Known and Unknown Malware
DOC
XLS
Antivirus
Web Filter
Application
Firewall
Vulnerability
Scanning
PDF X Updates
Antivirus
Web Filter
Application
Firewall
Vulnerability
Scanning
Automated
Patching
Application Vendor
DOC X PDF X
PDF X Dynamic
Signature
Submit
Object
FortiSandbox
Antivirus
Web Filter
Application
Firewall
Vulnerability
Scanning
35
Secure Remote Access and Mobility
Finance Intranet
Finance
Admin
Use-case #3: SSL/IPSec VPN with 2FA
and SSO
SSO
Finance Database
FortiGate
Use-case #1: SSL/IPSec VPN
VPN
Internet
Use-case #2: SSL/IPSec VPN with 2FA
FortiToken
FortiAuthtenticator
LDAP/
Active
Directory
36
FortiClient Deployment
VPN
DataCenter
Headquarters Cafe Branch
FortiClient
FortiClient
EMS FortiGate FortiGate
37
Provision
Enterprise Management
System (EMS)
Deploy, provision and
manage FortiClient
Integrate with LDAP and
other enterprise systems
Real-Time Monitoring
Remote Scan +
Quarantine
Scale to hundreds of
thousands of devices
FortiClient Portfolio FortiClient Management with EMS
FortiClient EMS
Transformation
Management
38
FortiGate
View Endpoint
Status/Topology
Enforce Endpoint
Compliance
Endpoint Quarantine
FortiClient Portfolio FortiClient Compliance and Telemetry with FortiGate
FortiClient EMS
Awareness/Enforcement
Fortinet
Security Fabric
Ready
FortiGate
Transformation
Register
Monitor and apply
Actions