Your SlideShare is downloading. ×
Fortinet FortiOS 5 Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Fortinet FortiOS 5 Presentation

878
views

Published on


0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
878
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
99
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Wired Connectivity10G is becoming standard, 40G and 100G deployments starting
    Wireless ConnectivityWireless everywhere, wifi speeds moves to Gbps with 802.11ac
    Mobile Devices EverywhereBring your own device to work
    Video and Audio 48 Hours of content uploaded to YouTube per minute
    IPv6Real for carriers, and even some end users
  • Visibility of TrafficAdmin requirements extends to end users
    Accuracy of detection
    Is that really ‘Skype’ traffic you said you detected?
    Policy Explosion
    The complexity of enterprise security policies grows exponentially
    Log Explosion
    How to keep this relevant, the needle in the haystack problem
    Threats continue to scaleNation state, Stuxnet, Flame - Remember RSA, and Linkedin
  • IT BudgetRemains flat, more with less is the trend
    IT DepartmentSize remains largely the same, or shrinking
    Moore’s Law Arrives
    at the IT Department
    The number of Internet attached devices managed by the IT Department
    doubles every two years
  • Pricing
    FortiGuard Services simple licensing and pricing model maintained
    FortiGate more performance, more features, same aggressive pricing
    No complex feature enablement
    No per user calculations
    No surprises
  • Benefits of FortiOS 5.0 center around improved security, improved control and more intelligence.
  • Tackle today’s challenges:
    The need for more control – how do I control devices – as they may be personal or belongs to the organization
    The need to protect against new threats – How do I protect the network against zero-day attacks and goes beyond using Signatures …
    The need to effectively enforce security with more complex network environment and requirements – How do I simplify the management and implementation, so that I as the weakness link – do it correctly! Also, How can I better understand what is going on my network
    We also take our customers feedback seriously and have adopt a number of enhancement that improves our functionalities, our deliverables and user experience
  • Switch focus, and cover 3 main topics with APT:
    AV Engine – misconceptions and 5.0 extensions
    Cloud-based submission & updates
    Multi-vector analysis (Client Reputation)
  • Client Reputation is a key differentiator with FOS 5.0
    It gives enterprises a cumulative security ranking of each device based on a range of behaviors and provides specific, actionable information that enables organizations to identity compromised systems and potential zero-day attacks in real time.
    Scoring Mechanism
    -- score for different behaviors
    -- enforcement works the same
    Cross Vectors
    -- Blocked apps
    -- Blocked websites
    -- Denied policies
    -- Malware
  • The new advanced anti-malware detection system adds an on-device behavior-based heuristic engine and cloud-based AV services that includes an operating system sandbox and botnet IP reputation database. Together with superior industry-validated AV signatures, FortiOS 5.0 delivers unbeatable multi-layered protection against today’s sophisticated malware.
    Behavior Analysis
    “Attributes” for each sig
    Different degrees of matching
    Java Script Obfuscation
    Common technique to hide malware in JS
    New Emulator
    Object Oriented Ext. for Mobile Malware (Android)
    Cloud Integration for submission & updates
  • This is one of the biggest matter to tackle in today’s IT environment.
    Do you or do you not allow personal devices for organisation’s use? Either way, how can I do that?
    BYOD – D is the keyword here. Device – No longer can we imagine that an IP Address or a user ID explicitly means it can do what is permissible.
    In order to empower the IT dept with the ability to control access and enforce security policies upon devices, we have build a couple of cool features.
    We talk a little on those features a little later but 1ST, let us why the ability to manage devices from a security context is important.
  • FortiOS 5.0 lets you secure mobile devices and BYOD environments by identifying devices and applying specific access policies as well as security profiles, according to the device type or device group, location and usage.
    So what what are we doing to make it work?
    Device Identification – by using 3 different technologies, and user can choose all of them or either, depending on their network setup
    Once a device is identified, admin can apply specific access policy as well as security profile, according to the device type or device group. We will work through a use case soon.
    What is a huge advantage here is that it al work seamlessly in the box.
    Does it work with user Authentication to create even more gradual policies – yes! Thus, giving the ability to tell who does what on which device.
  • One of the improvements in FortiClient 5.0 allows for off-net protection. The similar security policies can be applied even when the user is not connected to the corporate network. For example, policies can sent to the FortiClient that block access to malicious websites. When that user is no longer connected to the corporate network, they would still be denied access to those websites.
  • Making security administration is simpler and more efficient as networks become more complex and larger. Ultimately, these enhancements make security enforcement more accurate hence lower the risk of security beaches as the human is still the weakest link.
  • - Going beyond traditional SSO capabilities
    Take advantage of our capabilities as a wireless controller and new switch controller
    Make it easier for the security device to acquire user ID
    Aslo made improvement to existing SSO feature which makes it easier to implement
  • FortiOS provides automatic adjustment of role-based policies for users and guests based on location, data and application profile
  • Guest access is now part of security. Setting up guest policies is now very easy with the guest administration profile.
  • Enhanced reporting and analysis also provides administrators with more intelligence on the behavior of their network, users, devices, applications and threats.
  • FOS 5.0 provides very rich reporting functions. Comprehensive reports are easily constructed and ideal for generating documents for compliance and auditing
    (Note: Expand these reports to show the level of available detail).
  • Client Reputation
    Reputation built by activityWhat, Where, How
    Compromised client?
    Drill down report created for those with the worst reputations
    Administrator defined thresholds
    New JS emulator in AV engine
    Added native scripting framework
    XDP support to extract PDF file from XML
  • Client Reputation
    Reputation built by activityWhat, Where, How
    Compromised client?
    Drill down report created for those with the worst reputations
    Administrator defined thresholds
    New JS emulator in AV engine
    Added native scripting framework
    XDP support to extract PDF file from XML
  • Client Reputation
    Reputation built by activityWhat, Where, How
    Compromised client?
    Drill down report created for those with the worst reputations
    Administrator defined thresholds
    New JS emulator in AV engine
    Added native scripting framework
    XDP support to extract PDF file from XML
  • Client Reputation
    Reputation built by activityWhat, Where, How
    Compromised client?
    Drill down report created for those with the worst reputations
    Administrator defined thresholds
    New JS emulator in AV engine
    Added native scripting framework
    XDP support to extract PDF file from XML
  • Client Reputation
    Reputation built by activityWhat, Where, How
    Compromised client?
    Drill down report created for those with the worst reputations
    Administrator defined thresholds
    New JS emulator in AV engine
    Added native scripting framework
    XDP support to extract PDF file from XML
  • Transcript

    • 1. 1 CONFIDENTIAL – INTERNAL ONLY1 Fortinet Confidential June 5, 2014 Introducing FortiOS 5 More Security, More Control, More Intelligence
    • 2. 2 CONFIDENTIAL – INTERNAL ONLY Network Trends Wired Connectivity Moving Beyond 10G Ubiquitous Wireless Connectivity Mobile Devices Everywhere Video and Audio Content IPv6 a Reality Background
    • 3. 3 CONFIDENTIAL – INTERNAL ONLY Security Trends Visibility of Traffic Accuracy of Detection Policy Explosion Log Explosion Threats Scale Background
    • 4. 4 CONFIDENTIAL – INTERNAL ONLY No Change Budget Department Size Background
    • 5. 5 CONFIDENTIAL – INTERNAL ONLY5 Fortinet Confidential FortiOS 5
    • 6. 6 CONFIDENTIAL – INTERNAL ONLY6 F O R T I N E T C O N F I D E N T I A L FortiOS 5 More SecurityMore Security More ControlMore Control More IntelligenceMore Intelligence
    • 7. 7 CONFIDENTIAL – INTERNAL ONLY Over 150 New Features & Enhancements Fighting Advanced Threats -------------------------------------- Client Reputation Advanced Anti-malware Protection More Security Securing Mobile Devices ------------------------------------ Device Identification Device Based Policy Endpoint Control More Control Making Smart Policies -------------------------------------- Identity Centric Enforcement Secured Guest Access Visibility & reporting More Intelligence FortiOS 5 Highlights
    • 8. 8 CONFIDENTIAL – INTERNAL ONLY Fighting AdvancedFighting Advanced ThreatsThreats Client Reputation Advanced Anti-malware Protection More Security
    • 9. 9 CONFIDENTIAL – INTERNAL ONLY Ranking Client Reputation Identification Policy Enforcement Multiple Scoring Vectors Reputation by Activity Threat Status Real Time, Relative, Drill-down, Correlated Identify potential … zero-day attacks Score Computatio n Zero Day Attack Detection
    • 10. 10 CONFIDENTIAL – INTERNAL ONLY Multi-pass Filters In-box Enhanced AV Engine Cloud Based AV Service Hardware Accelerated & Code optimized Real time updated, 3rd party validated Signature DB Local Lightweight Sandboxing Behavior / Attribute Based Heuristic Detection Application Control – Botnet Category FortiGuard Botnet IP Reputation DB Cloud Based Sandboxing Improves threat …. … detection Advanced Anti-Malware Protection
    • 11. 11 CONFIDENTIAL – INTERNAL ONLY Client Reputation Threat profiling to quickly identify most suspicious clients Effective zero-day attacks detection ! Advanced Anti-malware Protection Mutilayered: Combines best-in class local AV Engine with additional cloud based detection system Detects and block Botnet clients and activities Improves malware detection capabilities More Security
    • 12. 12 CONFIDENTIAL – INTERNAL ONLY Securing Mobile DevicesSecuring Mobile Devices Device Identification Device Based Policy Endpoint Control More Control
    • 13. 13 CONFIDENTIAL – INTERNAL ONLY See It… Control IT Seamless integration! BYOD – Device Identity & Policies Device Based Identity Policies Agentless Agent based Device Identification Access Control Security Application UTM Profiles Awareness
    • 14. 14 CONFIDENTIAL – INTERNAL ONLY Authorized Device Device Based Policy Securely adopt BYOD Setup different security and network usage policies based on device types Personal Device ✔ DMZ ✔ INTERNET ✗DMZ ✔ INTERNET More Control
    • 15. 15 CONFIDENTIAL – INTERNAL ONLY “Off-Net” Protection Endpoint Control: FortiClient 5 INTERNET LAN OFF ON • Client enrolls into the FortiGate and then receives its end point policy. It will receive any updates when connected again. • Client uses last known security policies and VPN configurations. 11 22
    • 16. 16 CONFIDENTIAL – INTERNAL ONLY Securing Remote Devices Protect mobile hosts against malicious external threats Enforce consistent end point security policies, anywhere all the time Simplified host security and remote VPN management Endpoint Control: FortiClient 5
    • 17. 17 CONFIDENTIAL – INTERNAL ONLY Making Smart PoliciesMaking Smart Policies Identity Centric Enforcement Secured Guest Access Visibility & Reporting More Intelligence
    • 18. 18 CONFIDENTIAL – INTERNAL ONLY Identity = Policy External Radius ServiceExternal Radius Service Windows ADWindows AD Citrix EnvironmentCitrix Environment = M.Jones = = S.Lim = = V.Baker = = J.Jackson = Captive PortalCaptive Portal 802.1x802.1x Users identified without additional logins FortiClientFortiClient DMZ DMZ Users assigned to their policies Identity-Centric Enforcement FSSOFSSO Identity based PoliciesIdentity based Policies
    • 19. 19 CONFIDENTIAL – INTERNAL ONLY Single Sign-On and Role Based Policies Authorized network access based on user credentials secure network right at entry point Reuse captured information for security policies unifies security configurations and offers better user experience. Reduce administrative tasks & configuration errors Marketing, Management Operation, Staff ✔ CMS ✔ INTERNET ✗CMS ✔ INTERNET M.Jones S.Lim SSID: STAFF SSID: MGMT Identity-Centric Enforcement
    • 20. 20 CONFIDENTIAL – INTERNAL ONLY Temporary Network Access Guest Administration Portal Credential Generation & Delivery Time Quota Ad hoc access without compromising security Integrated Guest Access  Identify and track guest activities  Time limits prevent unnecessary exposure to exploits
    • 21. 21 CONFIDENTIAL – INTERNAL ONLY Network & Threat Status Knowledge is Power ! Drill-Down Statistics Filter & Sorting Object Details Contextual Information Visibility & Reporting
    • 22. 22 CONFIDENTIAL – INTERNAL ONLY Deep Insights New PDF Formatting Drill-downs Per User Summary FortiManager FortiCloud Comprehensive reports Visibility & Reporting
    • 23. 23 CONFIDENTIAL – INTERNAL ONLY EnhancementsEnhancements Usability / WebUI IPv6 UTM Wireless FortiGuard Services Highlights
    • 24. 24 CONFIDENTIAL – INTERNAL ONLY Usability Wizards Improved Policy Editor Contextual Pictograms Enhancements
    • 25. 25 CONFIDENTIAL – INTERNAL ONLY IPv6 NAT64 / DNS64 IPS (Forwarding Policy) Explicit Proxy HA Session Pickup DHCP Client Per-IP Traffic Shaping Policy Routing DHCPv6 Relay Enhancements
    • 26. 26 CONFIDENTIAL – INTERNAL ONLY UTM SSL Inspection of IPS & App Control DNS-based Web Filtering CIFS (Flow-AV) & MAPI Scanning SSH proxy DLP Watermarking Enhancements
    • 27. 27 CONFIDENTIAL – INTERNAL ONLY Wireless Wireless IDS Wireless Mesh Local Bridge Mode (Remote sites) SSID & Port Bridging Enhancements
    • 28. 28 CONFIDENTIAL – INTERNAL ONLY User Notification Notify Users in Real-Time • Blocked Applications • Denied Traffic • Quotas • Notifies via FortiClient if Host is Registered Additional Enhancements
    • 29. 29 CONFIDENTIAL – INTERNAL ONLY FortiGuard Services DNS-based Web Filter DB Query DDNS Service NTP Service BYOD Signature Updates Geography Updates USB Modem Updates Vulnerability Scan DB Updates SMS Messaging FDN Real time protection & new services Enhancements
    • 30. 30 CONFIDENTIAL – INTERNAL ONLY Supported Platforms Desktop Mid Range 3000 Series 5000 Series FortiGate-VM * Available on patch release
    • 31. 31 CONFIDENTIAL – INTERNAL ONLY Feature Matrix for Desktop Models * Requires FMG/FAZ, FortiCloud for Monitoring, available in near future
    • 32. 32 CONFIDENTIAL – INTERNAL ONLY Services, Licenses & Subscriptions *Registration Required ** Available on selected Models Included with FortiGate •DNS Service •DDNS Service •NTP Service •2 FortiTokenMobile License* •10 FortiClient Endpoint License* •10 VDOMs License •FortiCloud Service (trial)* FortiCare Subscription Required •Geography Updates •BYOD Signatures Updates •USB Modem DB Updates •Vulnerability Scan Signature Updates •Firmware Update + FortiTokenMobile License + Endpoint License** + VDOM License** + SMS Top-up + FortiCloud Storage Top-up BOLD: New Offerings
    • 33. 33 CONFIDENTIAL – INTERNAL ONLY Services, Licenses & Subscriptions FortiGuard AV Subscription •Botnet IP reputation DB •FortiGuard Analytics Service •Proxy & Flow based AV signatures FortiGuard Web Filter Subscription •Botnet IP reputation DB •FortiGuard Analytics Service •Proxy & Flow based AV signatures FortiGuard IPS Subscription •IPS Signature Updates •Application Control Signature Updates FortiGuard Anti-spam Subscription •Anti-spam Services BOLD: New Offerings