Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1What’s Next in Next-GenFirewalls and Testing?Ottawa. June 20th, 2013
2AGENDA11:30 am Lunch12:00 pm Welcome12:10 pm Video: John Pescatore (SANS) –NGFW and ATAs12:25 pm Fortinet / Ixia Live Dem...
3Fortinet’s Evolution: Comprehensive & Integrated SecurityLayer 1-2:PHYSICALLayer 3-4:CONNECTIONLayer 5-7:CONTENT & APPLIC...
4June 24, 2013ELIMINATE GUESSWORKSecurity Exposed
5Video
6June 24, 2013
7Demonstration
8Demonstration EquipmentFortiGate-3600C Next Generation FirewallIxia BreakingPoint FireStorm ONE
9Demo Set: Physical and Logical ViewPhysicalLogical1x 10Gbps FibreInboundtrafficOutboundtraffic
10Live Demonstrations• Test 1NGFW Bandwidth Throughput• Test 2NGFW BW + Attacks-Same throughput as Test 1Bidirectional att...
11Test Lab and Certification ResultsSeparate 3rd Party Facts from Vendor Claims
12Fortinet Competitive Advantages12
13Over 150 New Features & EnhancementsSecuring Mobile Devices------------------------------------ Device Identification ...
14What’s Next in Next-GenFirewalls and Testing?
15Fortinet’s Answer to What’s Next - FortiOS 5The World’s Most Powerful Network Security OS just got even better!Advanced ...
16Feature Select: Enabling Flexible, Optimized Configurations• Deploy specific security functions per network location req...
17Feature Select Presets - Flexible ConfigurationAllow administratorsto easily set up GUIthat is relevant to theunit’s dep...
18Context Visibility - Network ActivitiesNAT’ed IP and PortApplications andtheir usageDevice & User InfoConcurrent Session...
19Context Visibility – Threat StatusDRILL DOWNDisplay top clientsthat is associatedwith most threats
20Advanced Targeted Attacks• Advanced Targeted Attacks (ATA)» Target specific organizations» Infiltrate from multiple vect...
21Fortinet Advanced Threat ProtectionOnce compromised,systems can becontrolled remotelyBotnetsInfection via webdownloads, ...
22Capacity&PerformanceFG-100-800 Series FG-1000-3000 SeriesFG-5000Chassis SystemEnterprise Branch Enterprise CoreDataCente...
23THE CURRENT THREAT LANDSCAPEIS CHANGING EVERYTHING
24TestEvaluate Next-Gen TechnologiesRightsize Technology InvestmentsReduce Deployment RiskOptimize PerformanceAssessCertif...
25NETWORK PERFORMANCE MONITORINTRUSION DETECTION SYSTEMAPP PERFORMANCE MONITORNETWORK DATA RECORDERNETWORK ANALYZERIXIA AN...
26SIMULATIONAND TESTINGAPLICATION & THREATINTELLIGENCEBreakingPoint:Performance & SecurityEvaluate Next-GenTechnologiesRig...
27ACTIONABLE SECURITY INTELLIGENCEUnprecedented Performance• 120 Gbps blended application traffic• 90M concurrent TCP sess...
28SecuritySOLUTIONS
29Storage SANHOLDING YOURVENDORS ACCOUNTABLEMETRICTransactionsConcurrent FlowsAverage Latency(microseconds)Attacks Blocked...
30APP FLOODSYN FLOODUSERSRouter Firewall LoadBalancerApp Server Switch DatabaseServerAPPLICATION RESILIENCYNETWORK RESILIE...
31Best-in-class solutions to test, assess andoptimize networks and data centersComplete visibility into your network, data...
32Questions?
Upcoming SlideShare
Loading in …5
×

Fortinet ixia ottawa, june 2013

1,167 views

Published on

What's next in next generation firewalls and testing. Fortinet / Ixia presentation, Ottawa, June 20, 2013.

Published in: Technology
  • Be the first to comment

Fortinet ixia ottawa, june 2013

  1. 1. 1What’s Next in Next-GenFirewalls and Testing?Ottawa. June 20th, 2013
  2. 2. 2AGENDA11:30 am Lunch12:00 pm Welcome12:10 pm Video: John Pescatore (SANS) –NGFW and ATAs12:25 pm Fortinet / Ixia Live Demonstrations1:00 pm Wrap Up / Q+AWhat’s Next in Next-GenFirewalls and Testing?
  3. 3. 3Fortinet’s Evolution: Comprehensive & Integrated SecurityLayer 1-2:PHYSICALLayer 3-4:CONNECTIONLayer 5-7:CONTENT & APPLICATIONANTI-SPYWAREANTISPAMWEB FILTERANTIVIRUSVPNIPSFIREWALLLOCK & KEYSPYWAREWORMSSPAMBANNED CONTENTTROJANSVIRUSESINTRUSIONSHARDWARE THEFT1980s 1990s 2000s TodayPerformance-DamageLayer 8:USERENHANCED USEREXPERIENCE
  4. 4. 4June 24, 2013ELIMINATE GUESSWORKSecurity Exposed
  5. 5. 5Video
  6. 6. 6June 24, 2013
  7. 7. 7Demonstration
  8. 8. 8Demonstration EquipmentFortiGate-3600C Next Generation FirewallIxia BreakingPoint FireStorm ONE
  9. 9. 9Demo Set: Physical and Logical ViewPhysicalLogical1x 10Gbps FibreInboundtrafficOutboundtraffic
  10. 10. 10Live Demonstrations• Test 1NGFW Bandwidth Throughput• Test 2NGFW BW + Attacks-Same throughput as Test 1Bidirectional attacks added (1757 in each direction)Standard BP strike level 4Blocked strikes retry and retransmit• Test 3NGFW BW + Attacks (but no detection)Still same throughput as beforeBidirectional attacks go through FW only rules (no IPS or App control)
  11. 11. 11Test Lab and Certification ResultsSeparate 3rd Party Facts from Vendor Claims
  12. 12. 12Fortinet Competitive Advantages12
  13. 13. 13Over 150 New Features & EnhancementsSecuring Mobile Devices------------------------------------ Device Identification Device Based Policy Endpoint ControlMaking Smart Policies------------------------------------- Secured Guest Access Visibility & Reporting Identity-CentricEnforcementMoreIntelligenceFighting Advanced Threats-------------------------------------- Client Reputation Advanced Anti-malwareProtectionFortiOS 5 - The World’s Most Powerful NetworkSecurity Operating SystemMore SecurityMoreControl
  14. 14. 14What’s Next in Next-GenFirewalls and Testing?
  15. 15. 15Fortinet’s Answer to What’s Next - FortiOS 5The World’s Most Powerful Network Security OS just got even better!Advanced SecurityAdvanced Threat Protection and Remediation Technologies tobreak the Threat life CycleContextual VisibilityEmpowering organization to gain deep insights to real-time andhistorical network use by Application, by User and by Device(BYOD)Feature SelectInstantly fine-tune Fortigate based on desired deploymentneeds using feature presets
  16. 16. 16Feature Select: Enabling Flexible, Optimized Configurations• Deploy specific security functions per network location requirementsHQ(Enterprise Core)Branch Office(Distributed Enterprise)NGFW+ATPNGFW+ATPWFATPNGFWNGFWINTERNETRetail Outlet /Kiosk(Distributed Enterprise)Data CenterFWNGFWUTMManagementEndpoint Control
  17. 17. 17Feature Select Presets - Flexible ConfigurationAllow administratorsto easily set up GUIthat is relevant to theunit’s deploymentFurthercustomizations
  18. 18. 18Context Visibility - Network ActivitiesNAT’ed IP and PortApplications andtheir usageDevice & User InfoConcurrent Session &New session per secGeo IP InfoFortiGuard EncyclopediaIntegration
  19. 19. 19Context Visibility – Threat StatusDRILL DOWNDisplay top clientsthat is associatedwith most threats
  20. 20. 20Advanced Targeted Attacks• Advanced Targeted Attacks (ATA)» Target specific organizations» Infiltrate from multiple vectors» Remain stealthy for lengthy periods oftime before exfiltrating data• ATA is the accepted term for viruses» Advanced Persistent Threats (APT) also used• Modified Infection Lifecycle» Zero day vulnerabilities» Fresh Malware» Phishing emails» Password hacks
  21. 21. 21Fortinet Advanced Threat ProtectionOnce compromised,systems can becontrolled remotelyBotnetsInfection via webdownloads, phishingor watering holeattacksMaliciousWebsitesViruses and othermalware evolve toavoid detectionPolymorphicMalwareHost machines canbecome infected byviruses, trojans, etc.TraditionalViruses, etc.Identifies andblocks suspiciouswebsitesIdentifies zero-daymalware viacloud-based AVsandboxingPrevents commandand control fromremote systemsthroughIP reputationWeb Filtering Malware Sandboxing Botnet DB BlacklistFortinetATPAdvanced AV EngineUses heuristictechniques and OSindependent localsandboxingInfected hosts takeorders from theInternetPotential initial hostinfection vectorAvoids traditionalsignature-based AVdetectionDestructive behavioror backdoorinstallation
  22. 22. 22Capacity&PerformanceFG-100-800 Series FG-1000-3000 SeriesFG-5000Chassis SystemEnterprise Branch Enterprise CoreDataCenterEnterprise Product OfferingATP NGFW NGFW+ATP10G InterfacesDual power suppliesMulti-gigabit NGFW performanceHighly scalableWFNGFW NGFW+ATPCompact 1 RUNGFWFW
  23. 23. 23THE CURRENT THREAT LANDSCAPEIS CHANGING EVERYTHING
  24. 24. 24TestEvaluate Next-Gen TechnologiesRightsize Technology InvestmentsReduce Deployment RiskOptimize PerformanceAssessCertify Security PosturePredict Impact of ChangeEvaluate Threat of New AttacksMeasure Wi-Fi CoverageOptimize Scalability and ReliabilityACCELERATE & SECUREAPPLICATIONDELIVERYOptimizeDeliver Packets toMonitoring ToolsEliminate BottlenecksFilter Application TrafficDe-duplicate PacketsIdentify Security Threats
  25. 25. 25NETWORK PERFORMANCE MONITORINTRUSION DETECTION SYSTEMAPP PERFORMANCE MONITORNETWORK DATA RECORDERNETWORK ANALYZERIXIA ANUENET TOOL OPTIMIZER (NTO)ANUE: Complete Visibility
  26. 26. 26SIMULATIONAND TESTINGAPLICATION & THREATINTELLIGENCEBreakingPoint:Performance & SecurityEvaluate Next-GenTechnologiesRightsize TechnologyInvestmentsReduce DeploymentRiskOptimize PerformanceNetworkSurveillanceStrategicRelationshipsCarrierFeedsResearch
  27. 27. 27ACTIONABLE SECURITY INTELLIGENCEUnprecedented Performance• 120 Gbps blended application traffic• 90M concurrent TCP sessions• 3M TCP sessions/second• 640K concurrent SSL sessionsReal World Applications• 200+ application protocols• Social media, peer-to-peer, voice, video• Web and enterprise applications, gaming• Custom applications• Frequent updatesReal Attacks• 5,000+ live security attacks• 30,000+ pieces of live Malware• 100+ evasions• DDoS and Botnet simulation• Custom attacks• Research and frequent updatesNEWEVERY2WEEKS26 NEWbiweekly updates Applications DDoS/APT attacks
  28. 28. 28SecuritySOLUTIONS
  29. 29. 29Storage SANHOLDING YOURVENDORS ACCOUNTABLEMETRICTransactionsConcurrent FlowsAverage Latency(microseconds)Attacks Blocked(Ixia Security Level 1)GOAL10,00030,0005,00080%FIREWALL A12,24332,6845,11447%FIREWALL B8,83257,9081,30891%FIREWALL CN/A14,618235,64878%Met Specification Missed Specification by 5% or less Missed Specification by more than 5%Key:Wireless Wi-FiNext-Gen Security DevicesMassive Performance RoutingPort Density SwitchingEthernet 100GDEVICEEVALUATION
  30. 30. 30APP FLOODSYN FLOODUSERSRouter Firewall LoadBalancerApp Server Switch DatabaseServerAPPLICATION RESILIENCYNETWORK RESILIENCY DATA CENTER RESILIENCYDDOS RESILIENCYTESTING
  31. 31. 31Best-in-class solutions to test, assess andoptimize networks and data centersComplete visibility into your network, data center,and the applications that fuel your businessFrom the lab to the network to the cloud, Ixia solutionsoptimize networks and data centers to accelerate,secure, and scale the delivery of your applications.Actionable insight to eliminate guesswork for optimaland predictable application & service deliveryOnly Ixia Provides
  32. 32. 32Questions?

×