Take Control of End User Security


Published on

Daystar - Fortinet 01/23/2013 & 01/29/2013

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • First, a brief overview of Fortinet.
  • Our focus has always been on consolidating stand-alone security and networking technologies to improve performance, increase protection, and reduce costs
  • Now let’s look at our broader market opportunity and Growth strategies.
  • As firewalls have evolved, additional technologies have been added to the core firewall technology to provide additional functionality and protect against new threats.FortiGate consolidated security platforms have been at the forefront of this evolutionary process. We have led the market with our ability to anticipate changes to the threat landscape by adding new functionality and technologies into our UTM platform. For example, FortiGate platforms have had the ability to identify applications independent of port or protocol since FortiOS 3.0, well ahead of other vendors. There has been a lot of noise in the market around ‘next generation’ firewalls. NGFWs are a subset of UTM, as they provide a limited feature set compared with the FortiGate UTM platform. This slide highlights the difference between the limited feature-set of NGFWs and the FortiGate UTM platform.
  • We continue to focus on leading the market with advanced technology and products.Currently have 50+ patents awarded; 100+ pending
  • We know that on a daily basis, you’re having make hard choices on how to do more without spending more. You are under pressure to open up more of your data to employees, customers, partners, and vendors; at the same time you’re expected to reduce the potential of unauthorized access to your data and backend systems. You’re also expected to make your existing staff and security technologies more effective, and to do it while spending lessAnd, we know you’re expected to lower your expenses
  • Benefits of FortiOS 5.0 center around improved security, improved control and more intelligence.
  • Tackle today’s challenges:The need for more control – how do I control devices – as they may be personal or belongs to the organizationThe need to protect against new threats – How do I protect the network against zero-day attacks and goes beyond using Signatures …The need to effectively enforce security with more complex network environment and requirements – How do I simplify the management and implementation, so that I as the weakness link – do it correctly! Also, How can I better understand what is going on my networkWe also take our customers feedback seriously and have adopt a number of enhancement that improves our functionalities, our deliverables and user experience
  • FortiOS 5.0 lets you secure mobile devices and BYOD environments by identifying devices and applying specific access policies as well as security profiles, according to the device type or device group, location and usage.So what what are we doing to make it work?Device Identification – by using 3 different technologies, and user can choose all of them or either, depending on their network setupOnce a device is identified, admin can apply specific access policy as well as security profile, according to the device type or device group. We will work through a use case soon.What is a huge advantage here is that it al work seamlessly in the box.Does it work with user Authentication to create even more gradual policies – yes! Thus, giving the ability to tell who does what on which device.
  • One of the improvements in FortiClient 5.0 allows for off-net protection. The similar security policies can be applied even when the user is not connected to the corporate network. For example, policies can sent to the FortiClient that block access to malicious websites. When that user is no longer connected to the corporate network, they would still be denied access to those websites.
  • FortiOS provides automatic adjustment of role-based policies for users and guests based on location, data and application profile
  • We
  • Take Control of End User Security

    1. 1. 603.766.5924 www.daystarinc.comTAKE CONTROL OFEND USER SECURITY! How to minimize the risks end users inflict on your network. Presented by: Keith Bamford CEO, Daystar, Inc. James Cabe Systems Engineer II, Advanced Technology1 CONFIDENTIAL – INTERNAL ONLY
    2. 2. 603.766.5924 www.daystarinc.comDAYSTAR: Your Technology Partner Serving ME, NH, & MA since 2000 Long-term, partnership approach Hardware and service offerings: • Procurement • Project-based IT services • Outsourced/Augmented IT support  Onsite  Remote2 CONFIDENTIAL – INTERNAL ONLY
    3. 3. 603.766.5924 www.daystarinc.comDAYSTAR provides Consultation Data Backup Infrastructure Design E-mail Solutions Network Hosting Implementation & Mobile Integration Administration Hardware Network Maintenance Procurement Security Application Cloud Integration Development3 Network Monitoring CONFIDENTIAL – INTERNAL ONLY
    4. 4. 603.766.5924 www.daystarinc.comEnd user threats to yournetwork security Mobile device access / BYOD Spyware / Malware Bandwidth and data access Unauthorized access Unauthorized downloads4 CONFIDENTIAL – INTERNAL ONLY
    5. 5. 603.766.5924 www.daystarinc.comMore control…simplified. Powerful security coupled with enhanced user access Increase awareness / knowledge Micro-control access and users Manageable, easy, simplifiedThe solution? security solutions featuring FortiOS 5.5 CONFIDENTIAL – INTERNAL ONLY
    6. 6. Fortinet for the future:More Security, More Control, More Intelligence January 28, 20136 CONFIDENTIAL – INTERNAL ONLY Fortinet Confidential
    7. 7. Fortinet Corporate Overview Fortinet Revenue ($MM) • Founded in 2000 • Global presence with 30+ offices worldwide & 1,900+ employees $325 – 5,000+ channel partners $252 – 100,000+ customers $212 – Majority of the Fortune Global 100 $155 $123 • IPO Nov 2009 $80 • NASDAQ: FTNT $39 $13 • 2011 revenue of $423 Million – 34% YoY growth 2004 2006 2008 2010 • World class management team7 CONFIDENTIAL – INTERNAL ONLY7
    8. 8. Clear, Continuous Focus Since 2000 • Proven Leadership » Technology consolidation » Industry-leading performance » Simplified security • Vision That Drives Us Today » Anticipate & innovate » Push the performance envelope » Make the competition follow our lead8 CONFIDENTIAL – INTERNAL ONLY8
    9. 9. We Pioneered a New Approach Traditional Network Security Solutions The Fortinet Solution• Stand-alone, non-integrated security • Real-time, integrated security intelligence• Mix of off the shelf systems and applications • ASIC-accelerated performance• Higher total cost of ownership • Lower total cost of ownership• Difficult to deploy / manage / use • Easy to deploy / manage / use 9 CONFIDENTIAL – INTERNAL ONLY 9
    10. 10. Fortinet’s Growth Strategy $9.5 Billion GROWTH STRATEGY1. Extend UTM leadership VPN with new technology2. Continue our security focus in the broader $7.5 Billion network security market IDP VPN IDP Firewall / VPN Firewall / VPN UTM FortiGate UTM 2010 201410 CONFIDENTIAL – INTERNAL ONLY
    11. 11. Consolidated Security The Evolution of the Firewall Fortinet Delivers Complete Protection Real-Time SSL Threat Inspection Updates Endpoint Antispam/ Data Loss Protection/ Antivirus Prevention Virtual NACAppliance/ Web Vulnerability Virtual VPN Mgmt Filtering Domains Application Firewall IPS Control Wireless WAN Controller/ Optimization Wireless / Traffic LAN Shaping SSL IPv6, Dyna VoIP Inspection mic Routing11 CONFIDENTIAL – INTERNAL ONLY11
    12. 12. Market Leadership Across the Board Worldwide UTM Market Share Magic Quadrant for Unified UTM Market Competitive Q4 2010 (1) Threat Management (2) Landscape, 2009(3) Market Rank Company Share (%) 1 16.2 High 2 Check Point 11.8 Ability 3 Juniper 8.4 to Deliver 4 Cisco 6.6 5 SonicWALL 7.8 6 McAfee 6.3 Low 7 WatchGuard 5.2 Low Market Penetration High 8 Crossbeam 2.6 9 Other 35.1 Contender Market Leader Total 100.0 Niche Participant Specialist ChallengerNotes(1) IDC Worldwide Security Appliances Tracker, March 2011 (market share based on factory revenue) CONFIDENTIAL – INTERNAL ONLY 12 Gartner, Inc., “Magic Quadrant for Unified Threat Management”, October 2010(2)(3) Frost & Sullivan, “World Unified Threat Management, Products Market 2009”, 2010 12
    13. 13. Results of Singular Focus • Delivering Effective, Consolidated Security » Best in class protection in a single device » Complete content protection • Leading the Market » Performance » Depth of services • Ensuring Flexibility » Integrated technologies » Simple pricing model • Protecting All Segments » From carrier to SOHO13CONFIDENTIAL – INTERNAL ONLY13
    14. 14. Do More with Less • Increase access to data and systems • Decrease risk of unauthorized access • Increase effectiveness of existing resources and investments • Reduce complexity of security infrastructure • Lower operating and capital costs14CONFIDENTIAL – INTERNAL ONLY14
    15. 15. Background Network Trends Wired Connectivity Moving Beyond 10G Ubiquitous Wireless Connectivity Mobile Devices Everywhere Video and Audio Content IPv6 a Reality15 CONFIDENTIAL – INTERNAL ONLY
    16. 16. Background Security Trends Visibility of Traffic Accuracy of Detection Policy Explosion Log Explosion Threats Scale16 CONFIDENTIAL – INTERNAL ONLY
    17. 17. Background No Change Budget Department Size17 CONFIDENTIAL – INTERNAL ONLY
    18. 18. FortiOS 518 CONFIDENTIAL – INTERNAL ONLY Fortinet Confidential
    19. 19. FortiOS 5 More Security More Control More Intelligence19 FORTIN– T CONFIDE CONFIDENTIAL E INTERNAL ONLY N T I A L
    20. 20. FortiOS 5 Highlights More ControlFighting Advanced Threats Securing Mobile Devices Making Smart Policies-------------------------------------- ------------------------------------ ------------------------------------- Client Reputation  Device Identification - Advanced Anti-malware  Device Based Policy  Identity Centric Enforcement Protection  Endpoint Control  Secured Guest Access  Visibility & reporting More More Security Intelligence Over 150 New Features & Enhancements20 CONFIDENTIAL – INTERNAL ONLY
    21. 21. More Security Fighting Advanced Threats Client Reputation Advanced Anti-malware Protection21 CONFIDENTIAL – INTERNAL ONLY
    22. 22. Zero Day Attack Detection Identify potential … zero-day attacks Client Reputation Reputation by Activity Threat Status Real Time, Relative, Multiple Scoring Vectors Drill-down, Correlated Policy ScoreIdentification Ranking Enforcement Computatio n22 CONFIDENTIAL – INTERNAL ONLY
    23. 23. Advanced Anti-Malware Protection Multi-pass Filters Hardware Accelerated Local Lightweight FortiGuard Botnet IP & Code optimized Sandboxing Reputation DB Real time updated, Behavior / Attribute Based Cloud Based 3rd party validated Heuristic Detection Sandboxing Signature DB Application Control – Botnet Category Improves threat …. … detection In-box Enhanced AV Engine Cloud Based AV Service23 CONFIDENTIAL – INTERNAL ONLY
    24. 24. More Security Client Reputation  Threat profiling to quickly identify most suspicious clients  Effective zero-day attacks detection ! Advanced Anti-malware Protection  Mutilayered: Combines best-in class local AV Engine with additional cloud based detection system  Detects and block Botnet clients and activities  Improves malware detection capabilities24 CONFIDENTIAL – INTERNAL ONLY
    25. 25. More Control Securing Mobile Devices Device Identification Device Based Policy Endpoint Control25 CONFIDENTIAL – INTERNAL ONLY
    26. 26. BYOD – Device Identity & Policies See It… Control IT Awareness Security Device Identification Access Control Application Agentless Device Based UTM Profiles Agent based Identity Policies Seamless integration!26 CONFIDENTIAL – INTERNAL ONLY
    27. 27. More Control ✔ DMZ ✔ INTERNET Authorized Device ✗DMZ ✔ INTERNET Personal Device Device Based Policy  Securely adopt BYOD  Setup different security and network usage policies based on device types27 CONFIDENTIAL – INTERNAL ONLY
    28. 28. Endpoint Control: FortiClient 5 “Off-Net” Protection • 1 Client enrolls into the FortiGate and then receives its end point policy. It will receive any updates when LAN connected again. ON 2• Client uses last known security policies and VPN configurations. INTERNET OFF28 CONFIDENTIAL – INTERNAL ONLY
    29. 29. Endpoint Control: FortiClient 5 Securing Remote Devices  Protect mobile hosts against malicious external threats  Enforce consistent end point security policies, anywhere all the time  Simplified host security and remote VPN management29 CONFIDENTIAL – INTERNAL ONLY
    30. 30. More Intelligence Making Smart Policies Identity Centric Enforcement Secured Guest Access Visibility & Reporting30 CONFIDENTIAL – INTERNAL ONLY
    31. 31. Identity-Centric Enforcement Users assigned to their policies Identity = Policy Captive Portal = M.Jones = 802.1x FortiClient = S.Lim = External Radius Service Windows AD = V.Baker = DMZ Citrix Environment = J.Jackson = DMZ FSSO Users identified Identity based Policies without additional logins31 CONFIDENTIAL – INTERNAL ONLY
    32. 32. Identity-Centric Enforcement ✔ CMS ✔ INTERNET SSID: MGMT M.Jones Marketing, Management SSID: STAFF ✗CMS ✔ INTERNET S.Lim Operation, Staff Single Sign-On and Role Based Policies  Authorized network access based on user credentials secure network right at entry point  Reuse captured information for security policies unifies security configurations and offers better user experience.  Reduce administrative tasks & configuration errors32 CONFIDENTIAL – INTERNAL ONLY
    33. 33. Integrated Guest Access Temporary Network Access Guest Administration Portal Credential Generation & Delivery Time Quota Ad hoc access without compromising security  Identify and track guest activities  Time limits prevent unnecessary exposure to exploits33 CONFIDENTIAL – INTERNAL ONLY
    34. 34. Visibility & Reporting Network & Threat Status Knowledge is Power ! Drill-Down Statistics Filter & Sorting Object Details Contextual Information34 CONFIDENTIAL – INTERNAL ONLY
    35. 35. Visibility & Reporting Deep Insights New PDF Formatting Drill-downs Per User Summary FortiManager FortiCloud Comprehensive reports35 CONFIDENTIAL – INTERNAL ONLY
    36. 36. Visibility & Reporting { URL Visibility Widgets & Reports  Gain real time knowledge of current network & threat for appropriate actions  Identify network usage trends to optimize infrastructure and resources36 CONFIDENTIAL – INTERNAL ONLY
    38. 38. 603.766.5924 www.daystarinc.com DAYSTAR 121 Shattuck Way, Suite 10 info@daystarinc.com Newington, NH 03801 www.daystarinc.com P. 603.766.5924 F. 603.766.592538 CONFIDENTIAL – INTERNAL ONLY