Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook -...
Transcript of Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook -...
![Page 1: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/1.jpg)
Welcome to the Advanced Threat Protection Playbook
GET STARTED
![Page 2: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/2.jpg)
Advanced Threat Protection Playbook - Internal Use Only
START DRIVING DEMAND
Fortinet Advanced Threat Protection
Fortinet Advanced Threat Protection enables customers to establish a security fabric- across their entire organization and all attack vectors- to combat advanced persistent threats (APTs) and avoid data breaches. Specifically, FortiGuard Labs global threat intelligence and FortiSandbox local intelligence is rapidly shared among Fortinet and non-Fortinet security components to quickly and effectively prevent, detect and respond to known and unknown attacks.
OVERVIEW
1
MARKET ENABLE PROMOTE SELLSOLUTION
GlobalIntelligence
LocalIntelligence
FortiGate
FortiClient
FortiWeb
FortiMail
Current Market Situation
• Data breaches continue to make headlines and 55% of surveyed organizations reported more than 6 incidents (Forrester ATP Thought Leadership Survey, October 2015)
• Dealing with APTs/Data Breaches is the #1 Enterprise security priority in 2016 (IDG, CSO Survey)
• 99% of malware is seen for 58 seconds or less and 99.5% of malware found by Verizon during data breach investigations was unique to the organization (Verizon, 2016 DBIR)
Sell More FortiSandbox, FortiGate, FortiMail, FortiWeb, FortiClient By:
• Establishing the need among customers and prospects for sandboxing as part of most Enterprise Firewall (NGFW, ISFW, DEFW) projects
• Describing our unique approach to Advanced Threat Protection, based on (but bigger than) FortiSandbox in the context of the Fortinet Security Fabric
• Identifying the proper components of an on-site evaluation (CTAP, Email Audit and/or Endpoint PoC all with sandboxing)
![Page 3: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/3.jpg)
Advanced Threat Protection Playbook - Internal Use Only
What are Customers Saying?• 79% of IT executives consider protection from advanced persistent threats a
critical or high priority IT initiative with NGFW close behind at 71% (IDG, CSO Survey)
• Ransomware has emerged as a top concern in 2016 (Fortinet Deal Flows)
• “despite all of the security products we've deployed, I can't confidently say we won't get compromised because those product don't work together- leaving potential gaps for malware to enter and making it difficult for us to detect and respond if it does.”
What is the Market Opportunity?• $1.6bn in 2017 for sandboxing to deal with advanced threats, $20bn for
associated pieces-NGFW, SEG, SWG, WAF, EPP (IDC, 2015)
• 90% of new enterprise edge firewall purchases will be NGFWs by 2018 and 85% of new sandbox deals will be packaged with firewall and content security platforms (Gartner 2016)
• Ancillary services like targeted attack protection (and data loss prevention or “DLP”/encryption) are driving secure email gateway projects (Gartner, 2015)
• Sandboxing is a key evaluation criteria in the Gartner Endpoint Protection Platform MQ (Gartner 2015)
MARKETOVERVIEW
confirmed data breaches in 2015*2260
2
START DRIVING DEMAND
ENABLE PROMOTE SELLSOLUTION
malware samples leading to breaches are unique to the compromised organization*
58secondsOn average, 99% of malware is seen for only 58 seconds or less*
1There is at least 1 new ransomware variant every day**
* 2016 Verizon** FortiGuard Threat Intelligence newsletter
![Page 4: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/4.jpg)
Advanced Threat Protection Playbook - Internal Use Only
Rapidly Share Global and Local Threat Intelligence With infrastructure change- driven by IoT and cloud services- dissolving the enterprise perimeter at a time that the threat landscape is more sophisticated than ever, it is no surprise that cyber threats slip in. While it’s critical to prevent as many attacks as possible with global threat intelligence, it is now essential to continue to detect and respond to previously unknown threats and the resulting incidents that occur with local intelligence. Most importantly, prevention, detection and response components must all work together for a coordinated defense rather than independently in silos.
Fortinet Advanced Threat Protection is:
• Scalable: covers the entire organization and all attack vectors
• Aware: coordinates across top-rated prevention, detection and response components
• Actionable: rapidly shares global and local intelligence for assisted and automated response
Useful Links
• ATP Solution
• ATP Solution FUSE Community
• ATP Account Manager Sales Presentation
• ATP Recorded Demo
• NSE L2 ATP Module
SOLUTION
3
SOLUTION PRODUCTS SERVICES
START DRIVING DEMAND
MARKETOVERVIEW ENABLE PROMOTE SELL
COMPETITORS
![Page 5: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/5.jpg)
Advanced Threat Protection Playbook - Internal Use Only
Useful Links
• ATP SE Presentation to Security Architects
SOLUTION
4
START DRIVING DEMAND
MARKETOVERVIEW ENABLE PROMOTE SELL
SOLUTION PRODUCTS SERVICES
FortiGateNEXT GENERATION FIREWALLS
• Segments the network, controls access and blocks threats
• Hands off unknown items to FortiSandbox
• Offers assisted and automated response based on FortiSandbox intelligence
FortiSandbox ADVANCED THREAT PROTECTION
• Detects attacks that slip past traditional defenses
• Dynamically generates and distributs local threat intelligence
• Reduces risk & impact of breaches
FortiWebWEB APPLICATION FIREWALLS
• Shields web servers and applications from being exploited
• Applies sandboxing to external submissions
• Closes off a common attack vector
FortiMailEMAIL SECURITY
• Stops email threats with top rated protections
• Prevents data loss with integrated DLP, encryption and archiving
• Designed to hold messages for analysis including sandboxing, closing off the #1 attack vector
FortiClientENDPOINT SECURITY
• Protects endpoints on and off network with top rated threat protection
• Submits objects to FortiSandbox and acts on results/local intelligence
• Secures the ultimate point of attack, the endpoint
COMPETITORS
• Enables third party products to leverage FortiSandbox
• Submit objects, receive ratings and consume intelligence updates via JSON and ICAP
• Integrates existing security components within the Fortinet Security Fabric
• Online Demos • NSE L3/L6 FortiSandbox, FortiMail, FortiClient, FortiWeb, FortiGate Modules
• NSE L7- ATP Workshop
![Page 6: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/6.jpg)
Advanced Threat Protection Playbook - Internal Use Only
SOLUTION
5
START DRIVING DEMAND
MARKETOVERVIEW ENABLE PROMOTE SELL
SOLUTION PRODUCTS SERVICES
FortiGuard Subscription Services send constant updates to our Security Products, providing customers continuously updated threat protection. The table below shows which FortiGuard Subscription Services are associated with products.
APP
ControlIPS AV
IP Rep./
Anti-bot
Web
Filtering
Anti-
Spam
Vuln.
Scan
Web
Security
FortiGate √ √ √ √ √ √ √
FortiSandbox √ √ √ √
FortiClient √ √ √ √ √
FortiWeb √ √ √
FortiMail √ √
Fortinet Services
FortiGuardYour security partner should have deep understanding and visibility into the dynamic threat landscape, and the ability to respond in real-time at multiple levels in your network. For more than 10 years, Fortinet’s dedicated in-house threat research team, FortiGuard Labs, has led the industry while developing and constantly updating all of Fortinet’s security services. Fortinet’s superior and consistent effectiveness at stopping advanced threats has been independently validated by NSS Labs, VirusBulletin, AV Comparatives and other certification and testing organizations.
Useful Links
• FortiGuard security services brochure
• FortiGuard web site
• NSE Training on FortiGuard Labs
COMPETITORS
![Page 7: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/7.jpg)
Advanced Threat Protection Playbook - Internal Use Only
SOLUTION
6
START DRIVING DEMAND
MARKETOVERVIEW ENABLE PROMOTE SELL
SOLUTION PRODUCTS SERVICES COMPETITORS
FireEye
• Covers all vectors with sandboxing
• Demonstrated good (95%) effectiveness in NSS BDS testing but rated neutral for excessive cost
• Shares intelligence well among its own components but operates as a silo
Palo Alto Networks
• Does not scale up or down well (no desktop model, chassis is expensive for limited performance)
• Only NGFW earned top ratings, and Traps has not been tested
• Can't coordinate with WAF, SEG sharing requires ProofPoint
• Overall, Palo Alto can't fully scale, leaves gaps in vectors and shows inconsistent effectiveness in testing
Cisco
• Does not scale up or down well (requires Meraki, ASA and Sourcefire)
• Only NGFW and BDS earned top ratings, SEG is unrated and no EPP is offered
• Multiple, acquired products don't work well as a solution
Capability Fortinet Fire Eye Cisco Palo Alto
Scale- device to cloud √- All sizes, all vectors√- All sizes all vectors (sandbox only)
W- Limited (3 FW product lines, no WAF, poor email effectiveness)
W- Limited (no small boxes, chassis does not scale)
Top-rated Intelligence√- NSS NGFW, WAF, EPP, BDS, VB SEG
W- Neutral in NSS BDS √- NGFW and BDS only W- NSS NGFW, Caution for BDS, no WAF or SEG
Awareness√- Topology view, bidirectional sharing
√- CMS, bidirectional sharing
√- Bidirectional sharing (no single view)
√- Limited view (no SEG), sharing (EPP)
Useful Links
• Competitive Community on Fuse • NSE L2 ATP Module
![Page 8: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/8.jpg)
Advanced Threat Protection Playbook - Internal Use Only
START DRIVING DEMAND
7
MARKETOVERVIEW ENABLE PROMOTE SELLSOLUTION
This sales play is designed to move organizations who understand the Fortinet Security Fabric Vision to a formal assessment on the value of adding Fortinet Advanced Threat Protection Components to improve their security posture against today’s threats.
According to CSO online, 79% of IT executives consider protection from advanced persistent threats a critical or high priority IT initiative with NGFW close behind at 71% (IDG, CSO Survey.)
What are you doing to reduce the risk of an advanced attack via email?
• #1 cybercrime attack vector (Verizon 2016 DBIR)
• Primary ransomware delivery method today (FortiGuard Labs)
• Targeted attack protection is a key driver of email security today (Gartner 2015 SEG MQ)
What are you using for Email Security today?
• Cisco Ironport: customers like Sterlite found 9 ransomware attacks passing Ironport in the first two days of an audit
• Microsoft Exchange Online Protection/Office 365: during a month PoC customers generally find 15% of email passing MSFT is still spam, plus 70-90 known pieces of malware and thousands more identified by sandboxing
Call to Action: Deploy FortiMail and FortiSandbox behind your current email security and see how well your current security is really doing
Do you have a sandboxing (or next generation firewall or secure web gateway) project to stop ad-vanced attacks delivered via the web?
• The most common way ($1.4bn of $2bn) organizations address advanced threats (IDC 2016)
• #2 cybercrime attack vector (Verizon 2016 DBIR)
• 90% of new enterprise edge firewall purchases will be NGFWs in 2018 and 85% of new sandbox deals will be packaged with firewall and content security platforms (Gartner 2016)
What are you using for Edge Firewall today?
• Cisco or other Legacy Firewall: on average Cyber Threat Assessment found that users visited 1 malicious web site every other day and had 4 active pieces or malware.
• Palo Alto, Check Point or other NGFW: customers like the visibility but as network bandwidth increases their box struggle to keep up, especially as more security services (like AV or SSL). Mention ISFW if not up for renewal.
Call to Action: Deploy FortiGate and FortiSandbox behind your current firewall and measure the number of unknown threats are slipping through.
NETWORK
Do you have a lot of mobile or remote workers?
• On or off the network, regardless of attack vector, all attacks try to reach an endpoint
• With the current severe and growing shortage of InfoSec talent, automated remediation is a must for endpoint security (IDC WW STAP Forecast 2015-2019)
• Sandboxing is a key evaluation criteria in the Gartner Endpoint Protection Platform MQ (Gartner 2015)
What are you using for Endpoint Security today?
• Top enterprise AV vendors have been successfully compromised, according to 44% of customers surveyed. (Gartner 2016 MQ EPP)
• In a recent head-to-head comparison in a healthcare POC, it was observed that SCEP let thousands of malware and riskware files slip through.
• 80% of emerging vendors acquired, merge or disappear by 2020. (Gartner’s Real Value of a Non-Signature Anti-Malware Solution)
Call to Action: Deploy FortiClient and FortiSandbox on a pilot group of users
ENDPOINT
Key Resources • ATP Solution Community on Fuse • Video Demos for SEs • NSE Training Modules
![Page 9: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/9.jpg)
Advanced Threat Protection Playbook - Internal Use Only
START DRIVING DEMAND
Promote the SolutionThe following resources are part of an ongoing outbound marketing effort and available for local lead generation activities.
8
MARKETOVERVIEW ENABLE PROMOTE SELLSOLUTION
Awareness Engagement Consideration
3rd Party Paper: Forrester Sandbox Technology Exec Summary
Whitepaper: Building a Natural Immunity Against Advanced Threats
3rd Party Paper:
ESG Lab Validation Report on ATP
NSS Labs 2016 BDS PARs
ICSA Labs ATD Report
Video: Unique Benefits of Fortinet ATPVideo: ATP recorded demo video
Webcast: Insights Before Your Next Sandbox Investment
Webinar: Insights from NSS Labs before your Next Investment in Sandbox
Infographic: How Sandboxing Breaks the Cyber Attack Kill Chain
Solution Brief: Defending Against the Undetected
Fortinet Paper: ATP Buyers Guide and Checklist
![Page 10: Welcome to the Advanced Threat Protection Playbook€¦ · Advanced Threat Protection Playbook - Internal Use Only START DRIVING DEMAND Promote the Solution The following resources](https://reader030.fdocuments.us/reader030/viewer/2022040409/5ec63a50c4135647de3cb62a/html5/thumbnails/10.jpg)
Advanced Threat Protection Playbook - Internal Use Only
START DRIVING DEMAND
READY TO FOLLOW UP?
9
There are a range of resources available to help you generate meetings to discuss advanced threats and advanced threat protection, prepare you to have and guide you through those discussions and create projects by demonstrating the critical need to improve their security.
MARKETOVERVIEW ENABLE PROMOTE SELLSOLUTION
1Generate Meetings by Sharing the Following
Forrester Sandbox Technology Exec Summary: Fortinet commissioned Forrester to survey 150 enterprises who had practical
experience using sandbox technology. Key findings included:
• 87% of users found the information provided by sandboxes useful in identifying advanced attacks
• Top concerns about sandboxes were the cost, complexity and work they generated
• Not surprisingly, they wanted sandboxes to integrate with (on average) 6 other security tools and most (58%) wished for a high degree of automation
in their sandbox
Video on What Makes Fortinet ATP Unique:
Fortinet shares this “whiteboard” video about our unique approach to stopping
advanced threats. It’s a short 3 minute summary.
Webcast: Insights Before Your Next Sandbox Investment
NSS Labs and Fortinet discuss the key trends and general findings from the
latest NSS Labs Breach Detection Systems Group Test.
2Prepare for Discussions by Staying NSE Certified
NSE 2- Advanced Threat Protection
NSE 3- FortiSandbox
NSE 3- FortiMail
NSE 3- FortiClient
3Guidance Through the Discussion
All ATP Assets can be found within the ATP Solution Community on Fuse
4Create Projects
CTAP with Sandbox
FortiMail/FortiSandbox PoC
FortiClient/FortiSandbox PoC