Download to read offline
Uploaded byLan & Wan Solutions
Evento 15 aprile
This document summarizes an event hosted by Lan & Wan Solutions and Fortinet Italy to discuss innovating businesses and network security. The agenda includes presentations on Fortinet's security solutions and a free cyber threat assessment program. It promotes Fortinet's integrated security platform and threat intelligence from FortiGuard Labs. The event also includes a network assessment report and lunch at the Zonin winery.
More Related Content
More from Lan & Wan Solutions
Evento 15 aprile
- 1. © Copyright FortinetInc. All rights reserved. Innovare la tua azienda, la nostra sfida Luigi Pedrotta CEO Lan & Wan Solutions Casa Vinicola Zonin, Gambellara (Vicenza) 15 Aprile 2016
- 2. 2 Agenda Evento 10.00 LuigiPedrotta – AU Lan & Wan Solutions: “Innovare la tua azienda la nostra sfida” 10.15 Giorgio D’Armento – CAM Fortinet Italia: “Security for a New World” 10.30 Alessandro Berta – SE Specialist Fortinet Italia Secure Access Architecture Sicurezza completa e semplificata per l’accesso di rete Cloud Wireless, Integrated Wireless, Infrastructure Wireless e strumenti di discovery dei punti “scoperti” Cyber Threats Assesment Program: Lan & Wan Solutions con Fortinet Enforcement per l’analisi della tua rete FortiSandbox e l’approccio di protezione multilivello: la necessità di una soluzione integrata per prevenire, rilevare, mitigare 12.30 Pranzo 14.00 Visite Cantine Zonin 15.00 Fine
- 3.
- 4. 4 BONUS EVENTO : CYBERTHREATS ASSESSMENT FREE ! » Efficacia della tua soluzione di Network Security » Vulnerabilità delle Applicazioni » Scoperta di Malware/botnets » I devices “A rischio” all’ interno della rete » Utilizzo di Applicazioni e delle risorse web all’ interno del network » La quota di utilizzo della rete per connessioni Peer to peer, social media, instant messaging » Utilizzo delle applicazioni client-server e web-based in allineamento con le politiche aziendali » Area di miglioramento delle prestazioni del Network » Requisiti di Throughput, sessioni e banda durante le ore di punta » Dimensionamento e ottimizzazione della soluzione di Security per il proprio utilizzo
- 5. 5 CTAP REPORT :ANALISI E SUGGERIMENTI DEI PROFESSIONISTI FORTIGUARD LAB FORTINET Deployment details and methodology Executive summary Recommended actions Security and Threat Prevention Security and Threat Prevention – Part 2 User productivity Web usage Network Utilization FortiGuard services
- 6. 6 Perchè Fortinet ?La scelta di Lan & Wan Solutions di IERI : Set di Tecnologie di Security intrgrate nel FortiOS aggiornato da FortiGuard Labs Threat Intelligence Firewall VPN Application Control IPS Web Filtering Anti-malware WAN Acceleration Data Leakage Protection Wi-Fi Controller Advanced Threat Protection SaaS Gateway Software Enabled Security Modules App Control Antivirus Anti-spam IPS Web App Database Web Filtering Vulnerability Management IP Reputation Mobile Security Deploy what you need, where you need it
- 7. 7 Perchè Fortinet ?La conferma della scelta di OGGI : Vasto e Complementare Portfolio di Soluzioni di Sicurezza. FortiDB Database Protectio n FortiClient Endpoint Protection, VPN FortiToken Two Factor Authentication FortiSandbox Advanced Threat Protection FortiClient Endpoint Protection FortiGate NGFW FortiAuthenticator User Identity Management FortiManager Centralized Management FortiAnalyzer Logging, Analysis, Reporting FortiADC Application Delivery Control FortiWeb Web Application Firewall FortiGate DCFW FortiGate Internal NGFW FortiDDoS DDoS Protection FortiMail Email Security FortiGateVMX SDN, Virtual Firewall FortiAP Secure Access Point DATA CENTER BRANCH OFFICE CAMPUS FortiGate Cloud FortiWiFi UTM FortiGate Top-of- Rack FortiCamera IP Video Security FortiVoice IP PBX Phone System FortiGate Next Gen IPS FortiExtender LTE Extension Secure Wireless Switching Advanced Threat Protection Authentication & Tokens Application Security Application Delivery/SLB Endpoint Security IP PBX and Phones IP Video Surveillance More…
- 8. © Copyright FortinetInc. All rights reserved. Security for a New World Giorgio D’ Armento Channel Account Manager
- 9. 9 SECURITY HAS CHANGED 3.2BILLION INTERNET USERS1.3 BILLION SMARTPHONES SHIPPED WORLDWIDE 3 BILLION NEW DEVICES PER YEAR THROUGH 2020 INCREASE IN CYBER THREATS 10,000x PUBLIC CLOUD MARKET IS ESTIMATED TO REACH $191BILLION
- 10. 10 FONTE: HACKMAGEDDON Information SecurityTimelines and Statistics
- 11.
- 12. 12 SO HAVE THERISKS $11.56 $12.69 $15.42 2013 2014 2015 Average Cost of Cybercrime in the U.S. Dollars (Millions), per incident Sony security spends $22M per year. Sony Breach…direct cost of $35M for one year….cost to reputation $100B+ Kowsik Guruswamy, CTO of Menlo Security “ “
- 13. 13 Fortinet Facts #1UNIT SHARE WORLDWID EInNetwork Security (IDC) $1.17B CASH FOUNDED 2000 OVER 2MILLION DEVICES SHIPPED 40% GROWTH EMPLOYEES 3,900+ 255,000+ CUSTOMERS MARKET LEADING TECHNOLOGY257 PATENTS 228 PENDING 100+OFFICES WORLDWIDE SUNNYVALE, CA HQ IPO 2009
- 14. 14 Magic Quadrant 2015– UTM -
- 15. 15 Fortinet Customers Fortune Companies inAmerica of the TOP7 10 Fortune Companies in EMEA of the TOP8 10 Fortune Companies in APAC of the TOP9 10 Fortune Telecommunications Companies 10 of the TOP 10 Fortune Retail and Commercial Banks 9of the TOP 10 Aerospace and Defense 7of the TOP 10
- 16. 16 RULE #1 COMPLEXITY IS THEENEMY OF SECURITY
- 17. 17 Complexity is the Enemyof Security SDN
- 18. 18 Global Intelligence &Control FortiGuard Labs FortiGuard Sensors FortiGuard Services Global Threat Intelligence Full Visibility Single Pane of Glass
- 19. 19 Global Intelligence &Control Global Threat Intelligence Full Visibility Single Pane of Glass http://threatmap.fortiguard.co m
- 20. 20 Global Threat Intelligence FullVisibility Single Pane of Glass Global Intelligence & Control
- 21. 21 TODAY’S STANDARDAPPROACHES NO LONGERWORK TOO MUCH FOCUS ON COMPLIANCE Enterprises spend too much on checking boxes down a list. TOO RISK BASED Taking a reactive approach only addresses known threats, not the new unknowns. TOO MANY POINT SOLUTIONS Too many different security vendors whose products do not communicate with one another.
- 22.
- 23. 23 Borderless Attack Surface BranchOffice Campus Data Center Remote Office Mobile PoS IoT There’s more ways in More ways out
- 24.
- 25. 25 Slow is Broken InfrastructureSpeedBusiness Security
- 26. 26 A NEW WORLD CALLSFOR A NEW APPROACH Today’s world demands security without compromise.
- 27. 27 Advanced Security Network Performance SECURITY FOR ANEW WORLD IS SECURITY WITHOUT COMPROMISE
- 28. 28 Advanced Security Network Performance Our customers canhave both SECURITY FOR A NEW WORLD IS SECURITY WITHOUT COMPROMISE
- 29. 29 SECURE WI-FI COMPLETE APPROACH Today’s worlddemands of Secure Wi-Fi without compromise.
- 30. 30 La piramide deibisogni in chiave moderna...
- 31. 31 Accesso alla retee...ai Dati. WiFi Sicuro.
- 32. 32 SEAMLESS Consistent threat posture end-to-end,across the expanding attack surface Security Without Compromise Seamless Security Across the Entire Attack Surface POWERFUL Unrivaled network performance for today – and the power to take on the future INTELLIGENT Threat intelligence and advanced threat protection from the inside out for full visibility and control Secure Access Network Security Application Security FortiGuard Threat Intelligence & Services FortiGate Client Security Cloud Security
- 33. 33 FortiCare Fortinet’s Global Serviceand Support Team Enhanced Support 24x7Comprehensive Support Premium Services Professional Services 8x5 Assigned TAM Enhanced SLA Extended sw support Priority escalation Onsite visits, more… Global or regional Architecture/Design Implementation Deployment Operations
- 34. 34 LAN&WAN as FortinetSecurity Expert Step Level Objective NSE 1 Develop a foundational understanding of network security concepts. NSE 2 Develop the knowledge and skills to sell Fortinet gateway solutions. (For Fortinet employees and partners only) NSE 3 Sales Associate Develop the knowledge and skills to sell Fortinet Advanced Security solutions. (For Fortinet employees and partners only) NSE 4 Professional Develop the knowledge and skills of how to configure and maintain a FortiGate Unified Threat Management (UTM) appliance. NSE 5 Analyst Develop a detailed understanding of how to implement network security management and analytics. NSE 6 Specialist Develop an understanding of advanced security technologies beyond the firewall. NSE 7 Troubleshooter Demonstrate the ability to troubleshoot internet security issues. NSE 8 Expert Demonstrate the ability to design, configure, install and troubleshoot a comprehensive network security solution in a live environment. Validate your Security Experience Demonstrate Value Accelerate Sales SalesTechnical
- 35. 35 Lan & WanSolution è GOLD PARTNER FORTINET SalesTechnical Step Level Objective NSE 1 Develop a foundational understanding of network security concepts. NSE 2 Develop the knowledge and skills to sell Fortinet gateway solutions. (For Fortinet employees and partners only) NSE 3 Sales Associate Develop the knowledge and skills to sell Fortinet Advanced Security solutions. (For Fortinet employees and partners only) NSE 4 Professional Develop the knowledge and skills of how to configure and maintain a FortiGate Unified Threat Management (UTM) appliance. NSE 5 Analyst Develop a detailed understanding of how to implement network security management and analytics. NSE 6 Specialist Develop an understanding of advanced security technologies beyond the firewall. NSE 7 Troubleshooter Demonstrate the ability to troubleshoot internet security issues. NSE 8 Expert Demonstrate the ability to design, configure, install and troubleshoot a comprehensive network security solution in a live environment. Richieste 2 2 2 1 Non richiesto 1 Conseguite 3 3 3 2 1 3 Wifi,Fweb, FMail Ongoing
- 36. © Copyright FortinetInc. All rights reserved. Questions? Giorgio D’ Armento Channel Account Manager
Editor's Notes
- #7 The other element of SECURITY that is vital is to have a comprehensive set of tools/technologies available to fight the complex advanced threats of today. Some vendors outsource some or all of their threat intel, use open source, or simply lack key tools needed to break the chain of an attack at any given link. This means they fail to stop the threat, or they react too slow to new threat information. ……Fortinet has a comprehensive set of IN-HOUSE tools that can be brought to bear against the threat lifecycle/kill chain. We control and own all these technologies, allowing us to respond quickly and in a coordinated manner to new information and threat behavior. Integrating them together inside FortiOS also allows for a more coordination and rapid response to threats, with less admin burden. No more point solution sprawl when it comes to security technologies. FortiGuard is Fortinet’s threat research and intelligence services team. They are an experienced team (over 10 years in place) of nearly 200 strong (researchers + Supporting roles)… ~120 researchers estimated This team discovers new threats, creates the intelligence that informs all Fortinet products, and pushes out dynamic updates many times a day via a dedicated Distribution Network of nodes/servers strategically located around the world, to ensure the updates reach the devices as soon as possible. Distinct services have been created to push specific types of threat intelligence to Fortinet devices, based on the deployment scenario and activated features of that device. Fortinet’s FortiGuard team also participates in all major industry threat sharing initiatives. We even founded the Cyber Threat Alliance (with PAN), to share more advanced threat behavioral/pattern information. US President Barack Obama mentioned the CTA in his speech at the recent White House Cyber Security Summit in Stanford, California.
- #8 Highlight the general solution categories as listed in the gray box on the right Fortinet offers a broad complementary solution portfolio to complement the core FortiGate FW offering… Complementary security and network offerings for the data center, cloud, campus/core network, branch/remote site, mobile worker… Customers can simplify their networks further by using these complementary solutions.
- #10 These are an interesting group of statistics but what do they really mean? Quite simply they mean that the threat facing all networks, whether SME or large Enterprise, has and continues to increase exponentially. The combination of the growth of threats with the dramatic increase of the number of devices that can be used to access the network means the job of protecting an enterprise network will continue to be more and more difficult.
- #13 That difficulty is readily seen from the number of high profile data breaches over the past several years. However, while the headlines of each new data breach grab our attention, particularly the number of identities or credit cards compromised, what is frequently overlooked in the long term impact to the organization, both from a reputational and financial point of view. What was overlooked in the Sony Pictures data breach was the direct and indirect costs to the organization, estimated at over $100B.
- #14 Not everyone has heard of Fortinet, yet, we have built a successful, profitable billion dollar company over the last 15 years based on solid business fundamentals and great technology. The fact is, once customers put us to the test, we deliver hands down. As a result, we are one of the fastest growing public cyber security companies in the world and serve over a quarter of a million customers globally. We have the strongest international footprint of any of our competitors and the most amount of units deployed of any other vendor, including Cisco.
- #16 We have a large footprint in small to mid-sized companies but our carrier grade technology is also used in 50 of the 60 worlds largest most important companies in the world.
- #17 Rule number one is to Keep It Simple: the more complex your network is, the harder it is to secure it.
- #18 Here is the problem with the typical approach of the Point Product approach – while individually the products may work to specification and expectation but each one is an island, isolated from the rest of the solution. You have connectivity but no security continuity between each of the islands. More importantly is the lack of consistency in the necessary threat intelligence to keep these solutions up to date – inevitable gaps in the quality of the intelligence and the frequency of the updates between the different products opens up an enormous gap to be exploited by the hacker. Malware that might be stopped by the firewall could pass undetected by email or web application. Dealing with these issues and trying harmonize the differences between the different products is left to the enterprise, further complicating an already complex task. This is particularly true in the mid size enterprise who doesn’t have the resources to effectively manage this complexity.
- #19 But physical security, like internal segmentation, must be complemented with higher level security such as that provided through the different services that can run on the different elements of the solution. Those services can only be effective if they are kept up to date throughout the lifecycle of the solution. This is the role of FortiGuard. FortiGuard is not just one thing, it is an intrinsic combination of leading edge research and real time input from millions of deployed sensors and trusted external sources leading to continuous and automatic updates being fed back to those sensors. But why are these updates so important?
- #20 FortiGuard is so important because of the threats that networks are constantly facing. It’s only when you have a clear and visible view of the problem can you begin to provide protection against it.
- #21 And that clear view must extend into the solution itself. FortiOS provides a single and consistent interface that simplifies the day to day management of the solution and enables a rapid response and remediation to events in the network. FortiOS 5.4 in particular provides a tight integration with Fortinet’s overall Advanced Threat Protection capability.
- #22 So in light of all of the evidence it’s clear some new ideas are needed. But enterprises today are still relying on the same old strategies. Just look at the news: it seems that almost daily we’re reading about another attack, another breach, another massive loss of data. Why aren’t these strategies working anymore? It could be a number of reasons but there are three key areas that we can point to. The first is being too focused on compliance: just checking all the boxes on a list isn’t enough. How many massive retail breaches have we seen where the company was recently audited and found to be fully PCI-compliant? Attackers don’t care that you passed your last audit. They’re also too risk based and reactive. While yes, it is important to protect against the low-hanging, already-seen fruit, it’s the new unknowns that are critical to detect. An annual risk assessment is obsolete the moment it’s done in today’s threat landscape. Finally, they’re far too focused on ‘best of breed’ solutions. A firewall from one vendor, a sandbox from another, a spam solution from a third. None of these tools were ever designed to work together, leaving your network with potential protection gaps. What does an organization do to avoid becoming the next headline?
- #23 The second rule is that the definition of a network has changed and the number of potential attack vectors has multiplied. What was the boundary of your network yesterday no longer exists today.
- #24 There used to be a clearly defined perimeter and security strategies evolved to protect it. The evolution of technology however brought in changes that these strategies couldn’t deal with; the Internet, Cloud technologies and the onslaught of wireless all contribute to a massive increase in the attack surface. Combined with the fact that most networks are architected to be flat once inside of the perimeter, once the network is breached the intruder can easily move laterally throughout the network. This is a key concern for the larger enterprise. But we’re also concerned about how data can leave the network. Shadow IT, the use of unauthorized applications such as Hightail or Dropbox also means that there is any number of ways that data can leave your network without your knowing, making it easy to exfiltrate data following a network intrusion.
- #25 And finally, rule number 3. Slowing down the network to implement security is not, never has been nor will it ever be a satisfactory strategy.
- #26 The enterprise IT staff is faced with what has been an unsolvable problem. The enterprise depends on the network to ensure the continuity of the business and depending upon the business model, the network may be at the center of its strategy. Injecting security into this model has traditionally meant slow downing the network, sometimes to the point of affecting application performance resulting in complaints. The organization is then forced to find a middle ground between the two, a compromise that pleases no one. But until now, this has been compromise that enterprises have been forced to make.
- #27 Until now.
- #28 It’s a long held belief that delivering advanced and effective security is diametrically opposed to building a network with maximum throughput and performance. Over the years companies offering security solutions have evolved from either a security software with networking features added in background or networking with security bolted on. Both approaches were the classic examples of a square peg in a round hole. You could make it work but not the ideal solution.
- #29 But Fortinet was built from the ground up to brings these two worlds together seamlessly; to make sure that the network’s security layer was fully integrated into the network infrastructure layer, eliminating the gaps and handoffs that traditionally existed between them. This could only be done with a platform that has been purpose built to perform both functions; FortiGate and FortiOS.
- #30 Until now.
- #33 But Fortinet goes beyond just the FortiGate, regardless of how powerful it is. FortiGate is complemented by a range of solutions to deal with the changes that I just described. The core network - from the branch to the data center to the cloud; end point protection for the desktop, mobile and wireless devices and specific solutions for the different applications in the network, web or email, are all brought together seamlessly for end to end protection. And to ensure that the solution is able to provide protection through the threat lifecycle, all of the elements of the solution rely on the continuous and automatic updates provided by FortiGuard Labs, ensuring their continued security efficacy into the future. All of this provides protection that is both from the outside in and the inside out.