Application Security · • Great solution to add up to 150% extra revenue • Most key components...

© Copyright Fortinet Inc. All rights reserved. © Copyright Fortinet Inc. All rights reserved.

Application Security

FortiMail, FortiWeb, FortiADC, FortiDDoS

Solution Overview Data Center Security AppSec

2 2

Application Security At-a-Glance

Virtu

al

Physic

al

FortiGuard (IP Rep, WAF, AV)

FortiADC

Virtu

al

Physic

al

FortiWeb

Virtu

al

Physic

al

FortiMail

FortiDB

Physic

al

FortiDDoS

Physic

al

3 3

Mid-sized (mid-market), Enterprise, and MSPs/Carriers

» Generally 200 or more employees (or 1,000+ “users”)

» Top three verticals: Finance, Healthcare, Education

Application user size is best barometer of need rather than

number of employees; however it can be challenging to identify

Decision makers:

» Business: IT Directors+ (directors, CIOs)

» Tech: Network Security Managers+ (managers, directors)

» Tech: Application Architects

Target Market

4 4

IT Changes and Market Growth

Application weaknesses create numerous breach points

Compliance is a big driver; only 29% remain compliant after one year1

Top five investment priority for IT leaders in 20142

AppSec awareness on par with NGFW at 18% for enterprise IT leaders3

Sources:

1, Veracode State of Software Security Volume 6 (June 2015). 2, Gartner 2014 Planned Investment

for Security Technology Survey. 3, Ponemon 2015 Global Megatrends in Cybersecurity (February

2015). 4, Verizon 2015 Data Breach Report. 5, Gartner Magic Quadrant for Web Application Firewalls

2015. 6, Arbor Networks Worldwide Infrastructure Security Report (WISR) 2014. 7, Sandvine

Encrypted Traffic Report 2015

38% of data breaches caused

by application

vulnerabilities4

<1Gbps

Most successful DDoS

attacks <1 Gbps that

target applications6

50%↑

Encrypted traffic (SSL)

30% in 2015 to 50% in

20167

80% of enterprises to have

Web Application Firewalls

by 20185

5 5

Application Security Products

FortiWeb Web Application

Firewalls

FortiADC Application Delivery

Controllers

FortiDDoS DDoS Protection

Appliances

FortiMail Email Security

Appliances

Protect application vulnerabilities

Meet PCI Compliance

Vulnerability scanning

Bulk volumetric protection

Layer 7 DDoS protection

Behavior-based detection

Email threat scanning

Filter malicious contents

Junk email removal

Scale applications

Redundancy and Disaster Recovery

Application Performance

Additional Products

Data Center Security AppSec

FortiDB

Database security and

compliance

FortiCache

Web application

caching and security

6 6

Two Quick Qualifiers

Do they have Email?

Hosted server

Third-party server

Cloud

Do they host applications?

Exchange, SharePoint, Lync

ERP, Intranet

E-commerce, Website

Common Challenges:

Capacity and Scale

Code-based vulnerabilities

DDoS attacks

Common Challenges:

Phishing

Viruses

Malware

7 7

5 Key Problems to Focus On

1. Protect applications from code-based attacks

2. Protect users from email-based threats

3. Scale applications for capacity (HTTP/HTTPS)

4. Increase application reliability and performance

5. Prevent application layer DDoS service disruptions

8 8

FortiGuard

FortiGate as the Foundation

FortiGate-based Network Security

Management, analytics, sandboxing

Wireless, switching

FortiGuard Services

9 9

Mail Server

FortiGuard

Protect from Email-based Threats

Primary Challenges

Email common entry point for attackers

Users main contributing factor

Spam, phishing, attachments

10 10

Mail Server

FortiGuard

Protect from Email-based Threats

Primary Challenges

Email common entry point for attackers

Users main contributing factor

Spam, phishing, attachments

Solution

FortiMail Email Security

Inbound and outbound threat protection

Data leakage prevention

FortiSandbox integration

Advantages

37 consecutive VBSpam Awards

40 VB100 awards

Highest performance in industry

11 11

Mail Server

Web Server 1

FortiGuard

Protect a Hosted Application

Primary Challenges

Protect code-based vulnerabilities

SQL Injection, Cross Site Scripting, etc.

Meet PCI compliance

12 12

Mail Server

Web Server 1

FortiGuard

Protect a Hosted Application

Primary Challenges

Protect code-based vulnerabilities

SQL Injection, Cross Site Scripting, etc.

Meet PCI compliance

Solution

FortiWeb Web Application Firewall

Multiple, correlated attack protection

Behavior-based application profiling

Integration with FortiGate, FortiSandbox, 3rd Party

Advantages

Fastest WAF in Industry (20 Gbps)

FortiGuard WAF, IP Reputation Security, AV

Lowest TCO in market for enterprise WAF

13 13

Mail Server

Web Server 1

Web Server 3

Web Server 2

FortiGuard

Add Scale and Reliability to a Hosted Application

Primary Challenges

Expand application from one server

Protect from server outages

Improve responsiveness

14 14

Mail Server

Web Server 1

Web Server 3

Web Server 2

FortiGuard

Add Scale and Reliability to a Hosted Application

Primary Challenges

Expand application from one server

Protect from server outages

Improve responsiveness

Solution

FortiADC Application Delivery Controller

Scale with Server Load Balancing

Reliability with Health Checking

SSL Offloading for Secure Applications

Advantages

Up to 50 Gbps of Throughputs

FortiGuard WAF and IP Reputation Security

Lowest TCO in market for ADCs

15 15

Mail Server

Web Server 1

Web Server 3

Web Server 2

FortiGuard

Protect Applications from DDoS Threats

Primary Challenges

Application services vulnerable

Layer 7 DDoS attacks small (<50 Mbps)

Can be as disruptive as multi-gigabit attacks

16 16

Mail Server

Web Server 1

Web Server 3

Web Server 2

FortiGuard

Protect Applications from DDoS Threats

Primary Challenges

Application services vulnerable

Layer 7 DDoS attacks small (<50 Mbps)

Can be as disruptive as multi-gigabit attacks

Solution

FortiDDoS Attack Mitigation Appliances

100% Behavior-based

100% Hardware-based

Complete Layer 3, 4 and 7 protection

Advantages

Fastest detection and mitigation response

No signatures required

Minimized risk of false positives

17 17

Mail Server

Web Server 1

Web Server 3

Web Server 2

FortiGuard

A Complete End-to-End Solution

One vendor

Integrated Security

Only from Fortinet


18 18

Pricing/Licensing

FortiGuard

Antivirus

Antispam

WAF Signatures

IP Reputation

FortiSandbox Cloud

Database Security

Web Filtering

FortiCare

8x5 Enhanced

24x7 Comprehensive

Professional Services

FortiGuard Bundles

Low Medium High

Segment Mid-size Enterprise Large Enterprise MSSP/Carrier

Typical Components FortiMail, FortiWeb,

ForiADC

FortiMail, FortiWeb,

ForiADC, FortiDB,

FortiDDoS, FortiCache

FortiMail, FortiWeb,

ForiADC, FortiDB,

FortiDDoS, FortiCache

Form Factors HW HW, VMs, AWS, Azure HW, VMs

Typical Price Range $50K-500K $500K-$1M $1M+

19 19

Competitive Comparison

COMPETITOR SEGMENT WAF MAIL ADC DDOS DB NGFW SBOX

Fortinet SMB, Mid,

Enterprise, Carrier

✔ ✔ ✔ ✔ ✔ ✔ ✔

F5 Mid, Enterprise,

Carrier

✔ ✔ ✔ ✔ ✔

A10 Mid, Enterprise,

Carrier

✔ ✔ ✔

Imperva Mid, Enterprise,

Carrier

✔ ✔

Arbor Enterprise, Carrier,

MSSP

✔

Radware Mid, Enterprise,

Carrier

✔ ✔ ✔

Barracuda SMB, Mid ✔ ✔ ✔

Kemp Technologies SMB, Mid ✔

INTEGRATION

20 20

Competitive Advantages Summary

Complete Performance Integrated Validated

$ Value

Data Center Application Security

21 21

Insertion Points

• Great solution to add up to 150% extra revenue

• Most key components integrated with FortiGate and FortiSandbox

• Expansion of Fortinet ecosystem

Follow up to FortiGate (Expand)

• Can get foot in the door with one or more products (WAF, ADC, etc.)

• Numerous cases of Application Security products opening door to FortiGate and

other Fortinet products

Entry Point for Fortinet (Land)

22 22

Vertical Strategy – Financial Services

UNIQUE CHALLENGES

• Most lucrative targets

• 47% of all CTAP attacks

targeted at FinServ

• Must provide secure and

reliable online access for

customers

• High number of legacy

applications

FINSERV POSITIONING

• FortiWeb protects online

banking systems and legacy

applications

• FortiADC can expand secure

application capacities

• FortiDB can protect sensitive

customer and financial records

• FortiGate/FortiSandbox

integration for APTs

23 23

Vertical Strategy – Healthcare

UNIQUE CHALLENGES

• 40%+ of ALL breaches

occur in healthcare

• Regulatory compliance

(HIPAA)

• Vast amounts of personal

information

• 110M patient records

breached in 2015

HEALTHCARE POSITIONING

• FortiWeb protects record

system vulnerabilities

• FortiDB can secure HC

databases for HIPAA

• FortiMail can prevent malware

from opening breach points

• FortiGate and FortiSandbox

integration for APTs

24 24

Objection Handling

Point solutions perform

better and don’t lock

me into to a single

vendor for flexibility

and better pricing.

•Point Solutions:

oSome may perform better

oUsually more expensive in total

oVendor management

oSecurity gaps

•Fortinet AppSec:

oHigh performance across the board

oProven effectiveness

oAward winning technology

o Integrated to close gaps

oLow TCO for complete solution

25 25

Objection Handling

I have an NGFW and

IPS, so my applications

are already protected.

•NGFW/IPS

oSignature-based

oRequires deep packet inspection with

performance degradation

oVulnerable to zero-day attacks

oNo layer 7 DDoS protection

•Fortinet AppSec:

oOptimized for application threat detection

oBehavior-based for zero-day detection

o Integrated with FortiGate for off loading

oComplete DDoS protection (L3/4/7)

26 26

Objection Handling

Fortinet isn’t known for

its Application Security

expertise.

•Fortinet AppSec:

oNSS Labs Recommended

oUsed by 1,000s of companies

worldwide

oFortiWeb fastest WAF in industry

oFortiMail fastest email security

platform

oOver 35 consecutive VBSpam and

VB100 awards

oGartner MQ recognition for WAF

and Secure Email Gateway

27 27

Large Municipal Government

• A major European capital

• 2.6 million residents

• RFP for citizen access portal

• Needed a complete infrastructure refresh

• Competition

• Cisco, McAfee, CheckPoint, Websense, Radware

• Fortinet is now core of Network and

Application Security infrastructure

FortiADC

FortiWeb

FortiMail

FortiGate

FortiManager

FortiAnalyzer

28 28

Global Phosphate Manufacturer

• Food, Pharmaceutical, and Industrial

phosphate products

• 1,500 employees

• Needed integrated APT protection for

users

• Competition

• FireEye

• Fortinet offers complete solution with

Sandbox integration

FortiWeb

FortiMail

FortiGate

FortiAnalyzer

FortiSandbox

29 29

Quantifying the Opportunity

Products Revenue

FortiGate 3700D 100% (baseline)

FortiMail 1000D +20%

FortiWeb 1000D +20%

FortiADC 1500D +25%

FortiDDoS 1000B +90%

Up to an additional 155% in incremental revenue

FortiGuard WAF Signatures

» FortiWeb

» FortiADC

30 30

We’re Here to Help

Solution Guides

Sales Presentations

NSE Training

Webinars

Liaison with Product Management

Fuse

» Product Communities

» Sales Tools

» Solution Guides/Resources

» Assets

Enhanced

Technologies


31 31

WHO: Mid-market, Enterprise, MSP, and Carrier Organizations

NEED: End-to end AppSec with WAFs, Email Security, ADCs, and DDoS

PAIN: Threats and attacks target mission-critical web applications

WHAT: Fortinet Application Security Solution

INCLUDES: FortiWeb, FortiMail, FortiADC, FortiDDoS,

FortiDB, FortiCache

WHY FORTINET:

» Single vendor, complete solution for AppSec

» High-performance, secure solutions with third-party validations

» Integrated into Fortinet Network Security Platform

Key Points

Application Security · • Great solution to add up to 150% extra revenue • Most key components...

Documents

Transcript of Application Security · • Great solution to add up to 150% extra revenue • Most key components...