Guest Wi-Fi is a standard offering for growing numbers of organizations from cafes to businesses. But do you have any idea how your guests are using your Wi-Fi? VectorUSA and Fortinet have the answers.

1. Next Generation Network Security and
why you need it for your business!
Patrick Luce, CISSP, CISM
Director of Consultative Services, VectorUSA
August 18, 2016

2. What is Next Generation Security?
Why is it important for your organization?
How is Next Generation Security evolving?
How does Fortinet approach protecting customers from emerging threats?
Agenda

3. Next Generation Security - History
To have a next generation, there needs to be a previous generation.

4. OUTSIDE (INTERNET)
INSIDE
Inside Computer
10.0.X.X (Internal)
150.151.X.X (Internet)
www.yahoo.com
206.190.36.105
Port 80
Network Address
Translation (NAT)
Stateful Packet Inspection Outside Computer
Virtual Private Networking (VPN)
“First Generation” Firewalls – Three Features
www.yahoo.com
206.190.36.105
Port 80
Outside Computer
OUTSIDE (INTERNET)
Inside Computer
INSIDE
10.0.X.X (Internal)
150.151.X.X (Internet)

5. Hackers expose all kinds of security flaws…
Application port designations become unreliable.
No control over where inside computers choose to connect to the outside world.
No control over the payload that outside computers deliver.
Weak security practices when configuring inside workstations and servers.

6. INSIDE
OUTSIDE (INTERNET)
Inside Computer
www.yahoo.com
206.190.36.105
Port 80
Here comes the calvary…

7. New technologies require upkeep of signatures.
- This costs money…forever…
Traffic delays from processing packet streams multiple times.
- When life was web, file transfer and mail, no problem.
- With live video and audio, big problem.
Questions about real need, compliance, etc.
Now we have new problems…

8. Enter, Unified Threat Management (UTM)
FortiGate UTM
Application Control
Antivirus
AntiSpam
Web Filtering
Next Generation Firewall
WAN Acceleration
Traffic Optimization
VPN
IPS
DLP
WiFi Controller
↑↑↑↑↑↑↑↑↑↑↑

9. According to Gartner…(sigh)…
“Non-disruptive in-line bump-in-the-wire configuration”
“Standard first-generation firewall capabilities, e.g., network-address translation
(NAT), stateful protocol inspection (SPI) and virtual private networking (VPN), etc.”
“Integrated signature-based IPS engine”
Enter, Next Generation Firewall NGFW??

10. “Application awareness, full stack visibility and granular control”
“Capability to incorporate information from outside the firewall, e.g., directory-based
policy, blacklists, white lists, etc.”
“Upgrade path to include future information feeds and security threats”
“SSL decryption to enable identifying undesirable encrypted applications”
Now we had new problems continued …

11. What’s the difference?
Brilliant marketing.
(image via https://blog.anitian.com.)

12. Security Control NGFW/UTM
Feature
PCI-DSS
Requirement
HIPAA Requirement California Civil
Code
Install and maintain a stateful
inspection firewall
Firewall 1.1 (All),
1.3.6,1.4
Implement Perimeter Intrusion
Prevention
IPS 11.4A § 164.312(c)(1)
Implement Antivirus/Antimalware Antivirus 5.1-5.4 § 164.308(a)(5)(ii)(B)
Explicitly authorize outbound traffic to
Internet
Web Filtering 1.3.5 § 164.312(c)(1)
Enforce encryption of sensitive data DLP 4.1 § 164.312(e)(2)(ii)
§ 164.312(a)(2)(iv)
1798:29
FIPS 140-2
Secure end user messaging
technologies
Application
Control
4.1.1 1798:29
Retain and review audit logs Logging/
Reporting
10 (all) § 164.308(a)(1)(ii)(D)
Current Compliance Requirement and NGFW/UTM

13. Common Sense NGFW Applications

14. Sandbox Inspection
- Code emulation, OS sandboxing
Reputation Analysis
- IP and Domain
Mobile Security
Embedded Vulnerability Assessment
Coming to a NGFW near you (or already here)

15. Talk to Patrick Luce about your Network Security
Pluce@vectorusa.com
310-436-1000