3. 3
ИЗМЕНИЛИСЬ и риски
Средняя стоимость инцидента в M$
Sony security тратит $22M
ежегодно. Взлом Sony …
наносит урон в $35M….и
стоит более $100B+ для
репутации компании
Kowsik Guruswamy, CTO of Menlo Security
“ “
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
4. 4
ТРАДИЦИОННЫЕ МЕТОДЫ
БОЛЬШЕ НЕ ЗАЩИЩАЮТ
ФОКУС НА
СООТВЕТСТВИЕ
СТАНДАРТАМ
Компании прошедшие аудиты
часто становятся жертвами
БАЗИРУЮТСЯ НА
РИСКАХ
“Реактивный” подход к
противодействию
угрозам
СЛИШКОМ МНОГО
РАЗНОРОДНЫХ
РЕШЕНИЙ
Различные решения по
безопасности не
интегрированы в единое целое
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
9. 9
Атаки не знают границ
Branch Office Campus
Data Center
Remote Office
Mobile
PoS
IoT
Больше
возможностей
для входа
Больше
возможностей
для выхода
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
11. 11
Медленный = взломанный
Скорость инфраструктурыБезопасность бизнеса
Закон Мура – 2х рост производительности каждые 2 года
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
15. 15
ЕДИНОЕ РЕШЕНИЕ
Работающее в ЦОД, филиале,Работающее в ЦОД, филиале,
головном офисе или наголовном офисе или на
мобильном телефонемобильном телефоне
БЕЗОПАСНОСТЬ БЕЗ КОМПРОМИСОВ
НЕПРЕВЗОЙДЁННАЯ
СКОРОСТЬ
выполнения функцийвыполнения функций
безопасностибезопасности
ИНТЕЛЛЕКТ
Полный контроль и визуализацияПолный контроль и визуализация
происходящего в компаниипроисходящего в компании
Secure
Access
Network Security Application
Security
FortiGuard Threat Intelligence & Services
FortiGate
Client Security Cloud
Security
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
16. 16
Безопасность нового мира
Стратегия сегментации может быть реализована и с учётом
высокоскоростных сетей нового мира
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
17. 17
БЕЗОПАСНОСТЬ БЕЗ КОМПРОМИСОВ
#CODEIB
Отправка на
анализ
подозрительных
объектов
FortiSandbox/Эмуляция кода
FortiClient
Карантин
Интеграция с:
FortiGate – межсетевой экран
FortiMail – анти-спам система
FortiWeb – Web Application Firewall
FortiClient – клиентское приложение
Real-time intelligence updates
Блокирование объектов
FortiGuard Labs
Intelligence Sharing
Security Updates
Отправка на
анализ
подозрительных
объектов
FortiGuard Labs
FortiSandbox/Эмуляция кода
FortiClient- клиентское приложение
Fortigate – межсетевой экран
Fortiweb – Web Application Firewall
FortiMail – антиспам система
FortiClient
Как противодействовать таргетированным атакам?
Fortigate
Г. КРАСНОДАР 31 МАРТА 2016
18. 18
Мировой опыт
FortiGuard
Labs
FortiGuard SensorsFortiGuard Services
Мировой опыт
противодействия атакам
Полная прозрачность
Единая консоль управления
Fortinet #1 по количеству устройств безопасности
Более 255,000 заказчиков и 2,300,000 устройств!
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
21. 21
Яркие инновации
Ориентир на рост скорости
Уникальные и совершенные процессоры
Отсутствие аналогов в мире
УНИКАЛЬНАЯ
БЕЗОПАСНОСТЬ
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
22. 22
Fortinet масштабируется вместе с Вами
Advanced Protection
CONNECTED UTM
ENTERPRISE FIREWALL
DATA CENTER SECURTY
ADVANCED THREAT
PROTECTION
Global Intelligence & Services
Mobile Security
NEW
App Control Antivirus
Anti-spam
IPS Web App
Web Filtering
Core Protection
CLOUD SECURITY
SECURE ACCESS
Security Services
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
23. 23
Факты о Fortinet
#1
ПО КОЛИЧЕСТВУ
УСТРОЙСТВ
В МИРЕ
In Network Security (IDC)
$1.17B
CASH
ОСНОВАН
2000 БОЛЕЕ
2МИЛЛИОНОВ
УСТРОЙСТВ
40%РОСТ
СОТРУДНИКОВ
4,100+
255,000+
ЗАКАЗЧИКОВ
ЛИДИРУЮЩИЕ
ТЕХНОЛОГИИ
УЖЕ 257 ПАТЕНТОВ
И 228 ОЖИДАЮТСЯ
100+ОФИСОВ В
МИРЕ
SUNNYVALE, CA
HQ
IPO
2009
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
24. 24
Сертификация ФСТЭК
• FG-40C
• FG-80C
• FG-100D
• FG-300C
• FG-600C
• FG-1000C
• FG-3040B
• FG-3950B
• FG-5001C
Действителен до 30 июня 2017г.
3 класс межсетевого экранирования
4 уровень недекларированных
возможностей
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
25. 25
Заказчики Fortinet
Fortune Компаний в
Америке
Из
топ7 10
Fortune компаний в
Европе
из
топ8 10
Fortune Компаний в
Азии
из
топ9 10
Fortune
телекоммуникационных
компаний
10 из
топ 10
Fortune ритейлеров и коммерческих
банков
9из
топ 10
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
26. Ваши вопросы?
Спасибо за внимание!
С уважением,
Кирилл Ильганаев
#CODEIB Г. КРАСНОДАР 31 МАРТА 2016
Editor's Notes
That difficulty is readily seen from the number of high profile data breaches over the past several years. However, while the headlines of each new data breach grab our attention, particularly the number of identities or credit cards compromised, what is frequently overlooked in the long term impact to the organization, both from a reputational and financial point of view.
What was overlooked in the Sony Pictures data breach was the direct and indirect costs to the organization, estimated at over $100B.
So in light of all of the evidence it’s clear some new ideas are needed. But enterprises today are still relying on the same old strategies. Just look at the news: it seems that almost daily we’re reading about another attack, another breach, another massive loss of data.
Why aren’t these strategies working anymore? It could be a number of reasons but there are three key areas that we can point to.
The first is being too focused on compliance: just checking all the boxes on a list isn’t enough. How many massive retail breaches have we seen where the company was recently audited and found to be fully PCI-compliant? Attackers don’t care that you passed your last audit.
They’re also too risk based and reactive. While yes, it is important to protect against the low-hanging, already-seen fruit, it’s the new unknowns that are critical to detect. An annual risk assessment is obsolete the moment it’s done in today’s threat landscape.
Finally, they’re far too focused on ‘best of breed’ solutions. A firewall from one vendor, a sandbox from another, a spam solution from a third. None of these tools were ever designed to work together, leaving your network with potential protection gaps.
What does an organization do to avoid becoming the next headline?
The solution starts with changing the way the enterprise looks at security. Security must be comprehensive and intelligent with zero trade-offs in network performance. Legacy security approaches have gotten too complex and network traffic has become unmanageable, resulting in too many alerts and not enough clarity on what is important.
At Fortinet, we’ve come up with 3 maxims defining our approach to security today
Rule number one is to Keep It Simple: the more complex your network is, the harder it is to secure it.
Here is the problem with the typical approach of the Point Product approach – while individually the products may work to specification and expectation but each one is an island, isolated from the rest of the solution. You have connectivity but no security continuity between each of the islands.
More importantly is the lack of consistency in the necessary threat intelligence to keep these solutions up to date – inevitable gaps in the quality of the intelligence and the frequency of the updates between the different products opens up an enormous gap to be exploited by the hacker. Malware that might be stopped by the firewall could pass undetected by email or web application.
Dealing with these issues and trying harmonize the differences between the different products is left to the enterprise, further complicating an already complex task. This is particularly true in the mid size enterprise who doesn’t have the resources to effectively manage this complexity.
The second rule is that the definition of a network has changed and the number of potential attack vectors has multiplied. What was the boundary of your network yesterday no longer exists today.
There used to be a clearly defined perimeter and security strategies evolved to protect it. The evolution of technology however brought in changes that these strategies couldn’t deal with; the Internet, Cloud technologies and the onslaught of wireless all contribute to a massive increase in the attack surface. Combined with the fact that most networks are architected to be flat once inside of the perimeter, once the network is breached the intruder can easily move laterally throughout the network. This is a key concern for the larger enterprise.
But we’re also concerned about how data can leave the network. Shadow IT, the use of unauthorized applications such as Hightail or Dropbox also means that there is any number of ways that data can leave your network without your knowing, making it easy to exfiltrate data following a network intrusion.
And finally, rule number 3. Slowing down the network to implement security is not, never has been nor will it ever be a satisfactory strategy.
The enterprise IT staff is faced with what has been an unsolvable problem. The enterprise depends on the network to ensure the continuity of the business and depending upon the business model, the network may be at the center of its strategy.
Injecting security into this model has traditionally meant slow downing the network, sometimes to the point of affecting application performance resulting in complaints. The organization is then forced to find a middle ground between the two, a compromise that pleases no one. But until now, this has been compromise that enterprises have been forced to make.
Until now.
It’s a long held belief that delivering advanced and effective security is diametrically opposed to building a network with maximum throughput and performance.
Over the years companies offering security solutions have evolved from either a security software with networking features added in background or networking with security bolted on. Both approaches were the classic examples of a square peg in a round hole. You could make it work but not the ideal solution.
But Fortinet was built from the ground up to brings these two worlds together seamlessly; to make sure that the network’s security layer was fully integrated into the network infrastructure layer, eliminating the gaps and handoffs that traditionally existed between them. This could only be done with a platform that has been purpose built to perform both functions; FortiGate and FortiOS.
But Fortinet goes beyond just the FortiGate, regardless of how powerful it is. FortiGate is complemented by a range of solutions to deal with the changes that I just described. The core network - from the branch to the data center to the cloud; end point protection for the desktop, mobile and wireless devices and specific solutions for the different applications in the network, web or email, are all brought together seamlessly for end to end protection. And to ensure that the solution is able to provide protection through the threat lifecycle, all of the elements of the solution rely on the continuous and automatic updates provided by FortiGuard Labs, ensuring their continued security efficacy into the future.
All of this provides protection that is both from the outside in and the inside out.
Protecting from the inside out is of particular importance when you consider that a majority of data breaches begin with valid but compromised login credentials. Although segmentation has been in place for decades, it was for networking purposes not security. With a flat and unsecure network interior, an intruder or even a company insider could easily move around looking for sensitive information. With security focused internal segmentation, this movement can be blocked and the intruder contained, accelerating the mitigation process and minimizing the potential damage.
But Fortinet goes beyond just the FortiGate, regardless of how powerful it is. FortiGate is complemented by a range of solutions to deal with the changes that I just described. The core network - from the branch to the data center to the cloud; end point protection for the desktop, mobile and wireless devices and specific solutions for the different applications in the network, web or email, are all brought together seamlessly for end to end protection. And to ensure that the solution is able to provide protection through the threat lifecycle, all of the elements of the solution rely on the continuous and automatic updates provided by FortiGuard Labs, ensuring their continued security efficacy into the future.
All of this provides protection that is both from the outside in and the inside out.
But physical security, like internal segmentation, must be complemented with higher level security such as that provided through the different services that can run on the different elements of the solution. Those services can only be effective if they are kept up to date throughout the lifecycle of the solution. This is the role of FortiGuard.
FortiGuard is not just one thing, it is an intrinsic combination of leading edge research and real time input from millions of deployed sensors and trusted external sources leading to continuous and automatic updates being fed back to those sensors. But why are these updates so important?
FortiGuard is so important because of the threats that networks are constantly facing. It’s only when you have a clear and visible view of the problem can you begin to provide protection against it.
And that clear view must extend into the solution itself. FortiOS provides a single and consistent interface that simplifies the day to day management of the solution and enables a rapid response and remediation to events in the network. FortiOS 5.4 in particular provides a tight integration with Fortinet’s overall Advanced Threat Protection capability.
But all of this only works because of the underlying platform that can deliver peak performance and optimum protection. Fortinet’s reputation in the market has been based on, and continues to be enforced through the strategic decision from day 1 to invest in ASIC technology, a decision that has made the seamless integration of networking and security possible.
Why are Fortinet’s products so fast and effective? A cornerstone of Fortinet’s competitive differentiation lies in our ASIC technology.
Fortinet’s ASICs consistently lead the industry in both throughput and latency. Fortinet has being continuously awarded leadership positions over the last 5 years in independent NSS lab testing which measures levels of security performance. We hold leadership positions in the top 5 out of the 7 categories NSS tests for. No other network security vendor comes close to that.
Beyond that though – the entire Fortinet platform provides a cohesive and integrated fabric that from the outset is designed to embed security across the entire infrastructure from client, to content, to cloud and back.
But it’s not just ASICs: Fortinet’s routing, WiFi and WAN optimization technologies eliminate the traditional barrier between infrastructure and security and remove the risk involved with remote connectivity – no matter where or how your users connect.
Only Fortinet can deliver the power to take on tomorrow. We like to call it “Security that Thrills”.
But the Fortinet solution is more than just ASIC technology and performance. It’s a multi-layer security solution that encompasses all of the network. It’s a solution that meets the specific needs of the different market segments – SME, Enterprise and Carrier. It’s a solution that also includes industry leading threat research and intelligence regardless of the market segment.
Not everyone has heard of Fortinet, yet, we have built a successful, profitable billion dollar company over the last 15 years based on solid business fundamentals and great technology. The fact is, once customers put us to the test, we deliver hands down. As a result, we are one of the fastest growing public cyber security companies in the world and serve over a quarter of a million customers globally. We have the strongest international footprint of any of our competitors and the most amount of units deployed of any other vendor, including Cisco.
We have a large footprint in small to mid-sized companies but our carrier grade technology is also used in 50 of the 60 worlds largest most important companies in the world.