The document outlines the challenges and threats related to application security in the context of Web 2.0 and the growing sophistication of cyber threats. It emphasizes the need for an integrated security strategy, leveraging Fortinet's solutions, such as application-aware firewalls and threat analysis tools to enhance security posture and reduce complexity. The document also highlights the financial aspect of security management, advocating for cost-effective solutions that consolidate security measures while improving overall protection against threats.

1. Kanwal Sohal – SE Manager UK&I [email_address] Richard Holmes – Technical Director [email_address] WEB 2.0 & APPLICATION SECURITY CHALLENGE

2. Agenda Application Security Fortinet Protection Visibility and Control Summary & Proof of Concept

3. Application Security Challenge Freedom of choice – who’s in control.

4. Web 2.0 & Application Security Challenge . . . . . . Shrinking DEFENCE budgets Viruses, Worms, Identity theft . . . . Expanding attack and threat surfaces

5. Challenges facing Organisations Social networking sites and the blogosphere have become an integral part of many peoples lives (FortiGuard) * Companies increasingly realise that their people, while their greatest asset, can be their greatest vulnerability, and so need to be educated on security risks. (BERR)* HTTP traffic now is not just web browsing but an “application tunnel” Majority of this traffic bypasses traditional security controls or uses inefficient proxies that slow down infrastructures & still misses content 30% of companies are using Voice over IP telephony (BERR)* Web 2.0 targeted by spam. Throughout the 12 months we witnessed a barrage of attacks on these sites: malicious social applications, Spam 2.0, worms such as Koobface, Secret Crush, and various phishing campaigns (FortiGuard ) * *BERR: Department for Business Enterprise & Regulatory Reform * FortiGuard: Fortinet Global Security Research Team

6. Applications, Applications & Applications Evasive applications using non-standard ports, port-hopping, or tunneling within trusted applications Drive by infections on the increase – personal use vs. business use. Security posture needs to be enhanced – business enablement. Intelligent firewall with “ Application control ” a must – regain control of your network.

7. Fortinet FortiGuard Threat Analysis User activity exposes internal network to threat/s. Infection vectors: Instant Messaging P2P networks Web Browsing Web 2.0 Social Networking Sites Email This month only Severity Number of Vulnerabilities Active Exploitation Critical 15 7 High 15 7 Medium 6 3 Low 2 - Info - n/a Total 38 17 Application Name Apple ITunes, QuickTime Microsoft AD, Direct show, Excel, IE, Office, Publisher, Office, PowerPoint Citrix Presentation Server Adobe Flash Player Oracle Secure Backup, BEA Weblogic RIM Blackberry Enterprise Server EMC Alpha Store Mozilla Memory Corruption Sun Java Runtime

8. Web 2.0 - Secret Crush Malicious Facebook Widget - prompts users to install the infamous "Zango" adware/spyware. * Propagates by requesting other users to be added. URL = http://static.zangocash.com/Setup/46/Zango/Setup.exe Installs Exe * Source: FortiGuard (Fortinet Global Security Research Team)

9. Web Browsing – How Safe is it? There is always a way into your network. Even when at first glance all looks safe. * Obfuscated script that embeds links to malicious PDF file and malicious FLASH file. * Source: FortiGuard (Fortinet Global Security Research Team)

10. Layers of protection Requires an integrated security strategy Allow but don’t trust any application Examine all application content Comprehensive, integrated inspection Overlapping, complementary layers of protection

11. Agenda Application Security Fortinet Protection Visibility and Control Summary & Proof of Concept

12. FortiGate - Application Aware Firewall Industry first Tier 1 “Application Aware Firewall” identifying 1,000+ applications. Instant Messaging Peer-to-peer Voice over IP File Transfer Video/Audio Streaming Internet Proxy Remote Access Connection Games Web Browser Toolbar Database Web-based email Web Protocol Command Internet Protocol Network Services Enterprise Applications System Update Network Backup

13. FortiGate Application Management Create granular policies for authorised applications. Identify/control rogue application – allow or block Add new applications.

14. FortiAnalyzer - Seeing is Believing

15. SSL Traffic Inspection SSL content scanning and inspection. Apply antivirus scanning, web filtering, spam filtering & data leak prevention (DLP). Re-encrypts the sessions and forwards them to their destinations.

16. DLP Control – HTTP, EMAIL & Instant Messaging DLP Sensor Used to define data detection rule sets. Sensor applied in protection profile. DLP Actions Log, block, archive (to FortiAnalyzer) Ban or quarantine user.

17. Agenda Application Security Fortinet Protection Visibility and Control Summary & Proof of Concept

18. Today’s Budget - Financial “Belt Tightening” Shrinking IT budgets driving higher demands for ROI. Rising complexity and cost of managing and maintaining multiple security solutions. Increased pressure to improve security service while reducing TCO. ROI = Return on Investment TCO = Total Cost of Ownership

19. Impact on today's Security Multiple ‘pain' products. Tactical purchases have led to reactive environments. Costly implementations/renewals. Lack of innovative expenditure due to reactive spending. Too many suppliers, too many vendors. Threat Landscape has changed. Bandwidth congestion. Compliance & Risk Greater risk of breach/infection.

20. Fortinet Security Simplification Industry Evolution Towards Security Simplification Cost =£+£+£+£+£+£ Budget =£+£+£ FortiGate Appliance Technologies Benefits of Multi-Layered Security Platforms Complements legacy point products. Lower Cap Ex and Op Ex. Ease of management. Better risk mitigation capabilities against blended threats

21. Getting More for Less $ Security Consolidation Reducing costs. Improving security posture & hardware consolidation. $ Reducing Cost Improving Security Posture & Consolidation + FW, VPN, SSL Inspection URL,IPS,AV,AS Current Deployment

22. Fortinet End-2-End Security Network Security Host Security Data Security Application Security Management FortiGate Network Security Platform FortiManager Centralized Mgmt FortiAnalyzer Log & Reporting FortiMail Email Security FortiClient Host Security Solution FortiDB Database Security Security Services FortiGuard Real time Security Services FortiWeb XML and Web Application Security FortiScan Asset Vulnerability Mgmt

23. Agenda Application Security Fortinet Protection Visibility and Control Summary & Proof of Concept

24. Fortinet EMEA: Success in All Verticals Telco/MSSP Industry Public Sector Finance Oxford University

25. Making Security Scalable Lowering the cost of security & consolidation of hardware. 200 User Network Savings over Standalone Products - $28,562 Security Service Fortinet Competitor App Aware Firewall / VPN $14,495 $10,899 Intrusion Prevention Included $16,569 Antivirus Included $7,736 Web Filtering Included $7,853 Totals $14,495 $43,057

26. Fortinet Positioned In The Leaders Quadrant – Magic Quadrant for Multifunction Firewalls Source: Gartner, Inc., “Magic Quadrant for SMB Multifunction Firewalls” by G. Young and A. Hils, July 10, 2009.

27. Proof of Concept - seeing is believing … All evals to date have proved 30 – 50% of HTTP traffic escapes inspection. One eval demonstrated over 2 terabytes of unaccountable traffic on the network (downloading films etc). 85,000 IM connections in a week when the client said all IM was banned. QQ – the Chinese ‘IM’ service rife in a secure & partitioned off hedge fund environment. DLP – customer identified 800 Meg customer database file leaving network . To book a POC contact Richard Holmes(richard.holmes@zymbian.co.uk)

28. Thank You