© Copyright Fortinet Inc. All rights reserved.

Security Beyond the Perimeter: Shrinking the Attack Surface with FortiGate, FortiSandbox, and FortClient

Shaun Carriveau Channel Systems Engineer

3/8/2017

4

Fortinet

» Who we are and what we do

FortiGuard

» The “Secret Sauce”

FortiGate

» Perimeter security

FortiSandbox

» Identifying the unknown

FortiClient

» Protecting the endpoint

Agenda

Fortinet

Company Overview

6

Fortinet Facts

#1 UNIT SHARE WORLDWIDE

In Network Security (IDC)

$ 1.3B REVENUE

FOUNDED

2000 OVER

3 DEVICES SHIPPED

30%+ GROWTH

EMPLOYEES

4,650+

300,000+ CUSTOMERS

MARKET LEADING

TECHNOLOGY

358+ PATENTS

292+ PENDING

100+ OFFICES WORLDWIDE

SUNNYVALE, CA

HQ

IPO

2009

7

Fortinet: Global Network Security Leader

Fortune Companies

in America

of the

TOP 7 10

Fortune Companies

in EMEA

of the

TOP 8 10

Fortune Companies

in APAC

of the

TOP 9 10

Fortune

Telecommunications

Companies

10 of the

TOP 10

Fortune Retail and Commercial

Banks

9 of the

TOP 10

Aerospace and

Defense

7 of the

TOP 10

FortiGuard Labs

The “Secret Sauce”

9

The FortiGuard Minute

Per Minute

21,000 Spam emails intercepted

470,000 Network Intrusion Attempts resisted

95,000 Malware programs neutralized

160,000 Malicious Website accesses blocked

32,000 Botnet C&C attempts thwarted

43 million Website categorization requests

Per Week

46 million New & updated spam rules

1,000 Intrusion prevention rules

108 million New & updated AV definitions

1.4 million New URL ratings

8,000 Hours of threat research globally

Total Database

290 Terabytes of threat samples

18,000 Intrusion Prevention rules

5,800 Application Control rules

250 million Rated websites in 78 categories

312 Zero-day threats discovered

Based on Q2 2016 data

Image: threatmap.FortiGuard.com

FortiGate

Perimeter Security

12

What is a FortiGate?

Fortinets Award Winning Security Appliance

Perimeter security

Internal segmentation

Cloud

Data center

Distributed and small business

deployments

13

Hardware Acceleration Technologies S

tate

ful

Inspecti

on

Flo

w

based

Inspection

Pro

xy

Ba

sed

Sca

nnin

g

IPv6 SP3

NP4

CP7

• NP ASICs to offer Firewall

acceleration for both IPv4 &

IPv6 traffic NP6

• CP ASICs to offer

UTM Acceleration &

SSL Offloading

CP8

14

Parallel Path Processing (PPP)

Packet

Processing

Content

Inspection

Policy

Management

Why ASICs Matter?

CPU Only

Policy Management

Packet Processing

Deep Inspection

More Performance

Less Latency

Less Power

Less Space

CPU

Optimised

SoC

Security for the Network

15

FortiGate Product Range

Personality,

Performance

and

Scalability

CCFW

DCFW

ISFW

CFW/VMF

W

NGFW / NGIPS

DEFW

UTM

Software &

Services

Product

Range Entry Level Mid Range High End

Virtual

Appliances

FortiGuard

Security Services

FortiOS

Operating System

FortiCare

Support Services

100-500

Series

30-50

Series

600-900

Series

1000-2000

Series

3000

Series

5000

Series

VM

Series

SoC CPU

CP

Multi

Core

CPU NP

Multi

Core

CPU NP CP

Multi

Core

CPU

H/W Dependent 1 Gbps 10 Gbps 10 Gbps - 50 Gbps

Chassis

System

50 Gbps - 1 Tbps

60-90

Series

16

FortiGate Entry Level Series

FG/FWF-

30E/50E

Series

FG/FWF-

60E Series

FG/FWF-70

& 90D Series

Feature-rich Security Appliances For Small/Home Offices & Small

Branch Offices

FG-80D

FG/FWF-92D FG-94 & 98D-POE

Primary Benefits:

✔ Easy to deploy and manage with initiative GUI

✔ Purpose-built hardware yields high performance

✔ Large selection of models including variants with PoE ports,

integrated WiFi Interface allows most appropriate devices for

different environments.

✔ Application control plus identity and device-based policy

enforcement provides more granular protection

✔ Cost-efficient solution with comprehensive and extensive UTM

features

SoC CPU

17

FortiGate Mid-Range Series

High Performance, Top Rated Network Security for Mid-Sized

Enterprises

FG-900D

FG-800D

FG-600D

FG-500D

FG-400D

FG-300D

FG-200D

Series

FG-100D

Series

Primary Benefits:

✔ 5x faster hardware accelerated next generation firewall offers

best-in-class price/performance ratio

✔ Integrated High port density delivers maximum flexibility and

scalability

✔ NSS Labs Recommended NGFW and NGIPS with

consolidated security delivers top-rated protection

✔ Application control plus identity and device-based policy

enforcement provides more granular protection

✔ Intuitive management interface enables broad and deep

visibility that scales from a single FortiGate to thousands

CP

Multi

Core

CPU NP

Multi

Core

CPU NP CP

18

FortiGate High End Series

Data Center Firewall / Large Enterprise NGFW with High Speed

Interfaces

FG-1000D Series

FG-2000E Series

FG-3000D Series

Primary Benefits:

✔ Industry leading 10x data center firewall offers exceptional

throughput and ultra-low latency

✔ Highly available and Virtual Domain (VDOM) support for multi-

tenant data center environment

✔ Integrated High-Speed 10 GE/40 GE/100 GE ports deliver

maximum flexibility and scalability

✔ Intuitive management interface enables broad and deep

visibility and control

✔ NSS Labs Recommended consolidated security delivers top-

rated protection

Multi

Core

CPU NP CP

19

FortiGate Virtual Appliance Series

FG-VM

Primary Benefits:

✔ Increased visibility and security within virtualized infrastructure

better protect critical resources

✔ Ability to manage virtual appliances and physical appliances from

a single pane of glass management platform reduces TCO

✔ Comprehensive Hypervisor support

✔ Feature-rich security and virtual networking support facilitate

wide deployment and requirement options

Agile Security for Virtual Environments

VMware

ESXi

Citrix

Xen Xen KVM MS

Hyper-V

Amazon

AWS

MS

Azure

20

FortiGate Deployments

Data Center / Private Cloud / SDN

Carrier Class Firewall

(CCFW)

Distributed Enterprise

& Small Business

Mobile Users

Cloud

Firewall

(CFW)

Managed Endpoint

Internal

Segmentation

Firewall

(ISFW)

Carrier/MSSP

Boun

dary

1

Internal Network

Next Gen Firewall

+ Advanced

Threat Protection /

Next Gen IPS

(NGFW + ATP) /

NGIPS

Unified Threat Management

(UTM)

Public Cloud

3

4

7

8

Enterprise Campus

Or Branch Office

Core Network

Internet / WAN

Data Center Firewall

(DCFW)

5

Virtual Machine

Firewall 6

2 Distributed Enterprise Firewall

(DEFW)

21

SSL Inspection Modes

Certificate Inspection

» Only inspects the header information

» Certificates are used to verify server

identity

» Used to ensure that HTTPS isn’t used as a

backdoor method to gain access to filtered

websites

» Certificate errors not presented

Full Inspection

» ForitGate acts as a proxy

» Decrypts and inspects the content

» Re-encrypts and opens a new SSL

connection

» Also known as Man-in-the-Middle

FortiSandbox

Identifying the Unknown

23

Advanced Threat Protection • Multi-layered filtering with Code Emulator, AV engine, Cloud

query and Virtual OS sandbox

• Handles multiple file types, includes files that are encrypted or

obfuscated

• Examine files from various protocols, included those that uses

SSL encryption

Flexible Operation Modes • Receives file sample using integration with FortiGate/FortiMail,

sniffer mode and manual file uploads

• Capture files from remote locations using deployed FortiGates

Monitoring and Reporting • Detailed analysis reports and real-time monitoring and alerting

Introducing FortiSandbox

File Submission

Malicious

Analysis

output

Latest AV Signature Update

2

3

4

Centralized File Analysis 1

?

Advanced Threat Protection solution designed to identify and

thwart the highly targeted and tailored attacks

24

KEY SANDBOX COMPONENTS

Call Back Detection

Full Virtual Sandbox

Code Emulation

Cloud File Query

AV Prefilter

• Quickly simulate intended activity

• OS independent and immune to evasion/obfuscation

• Apply top-rated anti-malware engine

• Examine real-time, full lifecycle activity to get the

threat to expose itself

• Check FortiSandbox community intelligence & file reputation

• Identify the ultimate aim, call back & exfiltration

• Mitigate w/FortiGuard updates

Intelligence Sharing • Distribute real-time updates

• Feed global systems

25

FortiGate, FortiMail, FortiWeb, FortiClient » Block as many threats as possible

» Submit at risk objects for additional analysis

» Mitigate previously unknown threats

Sandbox for Payload Analysis » Accept at risk objects for additional analysis

» Execute objects to assess and rate risk

» Provide intelligence and generate updates for

prevention products

Identify more, previously unknown, threats

Minimize the cost of comprehensive coverage

Speed and simplify response

ADVANCED THREAT PROTECTION IN ACTION

Network

FortiGate, FortiMail, FortiWeb

FortiSandbox

Callback

Detection

Cloud

File Query

AV

Prefilter

Code

Emulation Full

Sandbox

FortiClient

FortiClient

Protecting the endpoint

27

Introducing FortiClient

FortiClient is a unified endpoint protection platform that integrates into the overall

security architecture, automates threat protection and provides secure remote access

i.e. VPN, in a small and lightweight package supporting a multitude of devices (PC, Mac,

Linux, Chromebook, Apple and Android) either on- or off-premise.

28

Unified Endpoint Security Platform

S ecurity Fabric Integration

Endpoint awareness, compliance, and enforcement by sharing

telemetry with Fortinet’s Security Fabric architecture

A dvanced Threat Protection

Automated prevention of known and unknown threats through built-

in, host-based security and integration with FortiSandbox

S ecure Remote Access and Mobility

Authorized and secured external access to corporate assets via VPN with

native two-factor authentication coupled with single sign on (SSO)

29

Security Fabric Integration

Fortinet

Security Fabric

Block non-compliant devices Real-time prevention of cyber threats

Aware

Secure

Actionable

Scalable

Open

Fortinet

Security Fabric

? X X

30

Security Fabric Integration Automated Threat Protection

An enterprise security

strategy…acceptable

endpoint security tools must

plug into a broader security

architecture rather than

operate in an endpoint

security vacuum.

Enterprise Security Group (ESG)*

FortiClient FortiGate

FortiGuard Labs

FortiSandbox

Register > Validate > Enforce > Contain

Global Intel

Update

Submit > Result

Global Intel

Update

Global Intel

Update

Submit > Result Fortinet

Security Fabric

31

Advanced Threat Protection

Real-time Host

Protection

Updates Every

Hour

Scheduled

Scanning

Antivirus

Network Activity

Detection

Application

Categories

Individual

Application

Granularity

Cloud based URL

rating

Safe Search Option

Exclusion List

Up-to-date

Applications

Automated

Patching

Scheduled

Scanning

Application

Firewall Web Filter Vulnerability

Scanning

Prevent Malware Reduce Attack Surface Prevent Drive-by

download Prevent Exploit

“Fortinet rarely misses

a VB100 comparative,

and a strong record of

passes,

complemented by a

steady improvement in

detection over the last

couple of years, have

put it well up with the

leaders… ”

32

FortiClient Proven Effectiveness

33

Advanced Threat Protection Use-case: Prevent Drive-by-Downloads

?

Antivirus

Web Filter

Application

Firewall

Vulnerability

Scanning

X P

Antivirus

Web Filter

Application

Firewall

Vulnerability

Scanning

? X

34

Advanced Threat Protection Use-case: Prevent Known and Unknown Malware

DOC

XLS

PDF

Antivirus

Web Filter

Application

Firewall

Vulnerability

Scanning

PDF X Updates

Antivirus

Web Filter

Application

Firewall

Vulnerability

Scanning

Automated

Patching

Application Vendor

DOC X PDF X

PDF X Dynamic

Signature

Submit

Object

FortiSandbox

Antivirus

Web Filter

Application

Firewall

Vulnerability

Scanning

35

Secure Remote Access and Mobility

Finance Intranet

Finance

Admin

Use-case #3: SSL/IPSec VPN with 2FA

and SSO

SSO

Finance Database

FortiGate

Use-case #1: SSL/IPSec VPN

VPN

Internet

Use-case #2: SSL/IPSec VPN with 2FA

FortiToken

FortiAuthtenticator

LDAP/

Active

Directory

36

FortiClient Deployment

VPN

DataCenter

Headquarters Cafe Branch

FortiClient

FortiClient

EMS FortiGate FortiGate

37

Provision

Enterprise Management

System (EMS)

Deploy, provision and

manage FortiClient

Integrate with LDAP and

other enterprise systems

Real-Time Monitoring

Remote Scan +

Quarantine

Scale to hundreds of

thousands of devices

FortiClient Portfolio FortiClient Management with EMS

FortiClient EMS

Transformation

Management

38

FortiGate

View Endpoint

Status/Topology

Enforce Endpoint

Compliance

Endpoint Quarantine

FortiClient Portfolio FortiClient Compliance and Telemetry with FortiGate

FortiClient EMS

Awareness/Enforcement

Fortinet

Security Fabric

Ready

FortiGate

Transformation

Register

Monitor and apply

Actions