© Copyright Fortinet Inc. All rights reserved. © Copyright Fortinet Inc. All rights reserved.
Application Security
FortiMail, FortiWeb, FortiADC, FortiDDoS
Solution Overview Data Center Security AppSec
2 2
Application Security At-a-Glance
Virtu
al
Physic
al
FortiGuard (IP Rep, WAF, AV)
FortiADC
Virtu
al
Physic
al
FortiWeb
Virtu
al
Physic
al
FortiMail
FortiDB
Physic
al
FortiDDoS
Physic
al
3 3
Mid-sized (mid-market), Enterprise, and MSPs/Carriers
» Generally 200 or more employees (or 1,000+ “users”)
» Top three verticals: Finance, Healthcare, Education
Application user size is best barometer of need rather than
number of employees; however it can be challenging to identify
Decision makers:
» Business: IT Directors+ (directors, CIOs)
» Tech: Network Security Managers+ (managers, directors)
» Tech: Application Architects
Target Market
4 4
IT Changes and Market Growth
Application weaknesses create numerous breach points
Compliance is a big driver; only 29% remain compliant after one year1
Top five investment priority for IT leaders in 20142
AppSec awareness on par with NGFW at 18% for enterprise IT leaders3
Sources:
1, Veracode State of Software Security Volume 6 (June 2015). 2, Gartner 2014 Planned Investment
for Security Technology Survey. 3, Ponemon 2015 Global Megatrends in Cybersecurity (February
2015). 4, Verizon 2015 Data Breach Report. 5, Gartner Magic Quadrant for Web Application Firewalls
2015. 6, Arbor Networks Worldwide Infrastructure Security Report (WISR) 2014. 7, Sandvine
Encrypted Traffic Report 2015
38% of data breaches caused
by application
vulnerabilities4
<1Gbps
Most successful DDoS
attacks <1 Gbps that
target applications6
50%↑
Encrypted traffic (SSL)
30% in 2015 to 50% in
20167
80% of enterprises to have
Web Application Firewalls
by 20185
5 5
Application Security Products
FortiWeb Web Application
Firewalls
FortiADC Application Delivery
Controllers
FortiDDoS DDoS Protection
Appliances
FortiMail Email Security
Appliances
Protect application vulnerabilities
Meet PCI Compliance
Vulnerability scanning
Bulk volumetric protection
Layer 7 DDoS protection
Behavior-based detection
Email threat scanning
Filter malicious contents
Junk email removal
Scale applications
Redundancy and Disaster Recovery
Application Performance
Additional Products
Data Center Security AppSec
FortiDB
Database security and
compliance
FortiCache
Web application
caching and security
6 6
Two Quick Qualifiers
Do they have Email?
Hosted server
Third-party server
Cloud
Do they host applications?
Exchange, SharePoint, Lync
ERP, Intranet
E-commerce, Website
Common Challenges:
Capacity and Scale
Code-based vulnerabilities
DDoS attacks
Common Challenges:
Phishing
Viruses
Malware
7 7
5 Key Problems to Focus On
1. Protect applications from code-based attacks
2. Protect users from email-based threats
3. Scale applications for capacity (HTTP/HTTPS)
4. Increase application reliability and performance
5. Prevent application layer DDoS service disruptions
8 8
FortiGuard
FortiGate as the Foundation
FortiGate-based Network Security
Management, analytics, sandboxing
Wireless, switching
FortiGuard Services
9 9
Mail Server
FortiGuard
Protect from Email-based Threats
Primary Challenges
Email common entry point for attackers
Users main contributing factor
Spam, phishing, attachments
10 10
Mail Server
FortiGuard
Protect from Email-based Threats
Primary Challenges
Email common entry point for attackers
Users main contributing factor
Spam, phishing, attachments
Solution
FortiMail Email Security
Inbound and outbound threat protection
Data leakage prevention
FortiSandbox integration
Advantages
37 consecutive VBSpam Awards
40 VB100 awards
Highest performance in industry
11 11
Mail Server
Web Server 1
FortiGuard
Protect a Hosted Application
Primary Challenges
Protect code-based vulnerabilities
SQL Injection, Cross Site Scripting, etc.
Meet PCI compliance
12 12
Mail Server
Web Server 1
FortiGuard
Protect a Hosted Application
Primary Challenges
Protect code-based vulnerabilities
SQL Injection, Cross Site Scripting, etc.
Meet PCI compliance
Solution
FortiWeb Web Application Firewall
Multiple, correlated attack protection
Behavior-based application profiling
Integration with FortiGate, FortiSandbox, 3rd Party
Advantages
Fastest WAF in Industry (20 Gbps)
FortiGuard WAF, IP Reputation Security, AV
Lowest TCO in market for enterprise WAF
13 13
Mail Server
Web Server 1
Web Server 3
Web Server 2
FortiGuard
Add Scale and Reliability to a Hosted Application
Primary Challenges
Expand application from one server
Protect from server outages
Improve responsiveness
14 14
Mail Server
Web Server 1
Web Server 3
Web Server 2
FortiGuard
Add Scale and Reliability to a Hosted Application
Primary Challenges
Expand application from one server
Protect from server outages
Improve responsiveness
Solution
FortiADC Application Delivery Controller
Scale with Server Load Balancing
Reliability with Health Checking
SSL Offloading for Secure Applications
Advantages
Up to 50 Gbps of Throughputs
FortiGuard WAF and IP Reputation Security
Lowest TCO in market for ADCs
15 15
Mail Server
Web Server 1
Web Server 3
Web Server 2
FortiGuard
Protect Applications from DDoS Threats
Primary Challenges
Application services vulnerable
Layer 7 DDoS attacks small (<50 Mbps)
Can be as disruptive as multi-gigabit attacks
16 16
Mail Server
Web Server 1
Web Server 3
Web Server 2
FortiGuard
Protect Applications from DDoS Threats
Primary Challenges
Application services vulnerable
Layer 7 DDoS attacks small (<50 Mbps)
Can be as disruptive as multi-gigabit attacks
Solution
FortiDDoS Attack Mitigation Appliances
100% Behavior-based
100% Hardware-based
Complete Layer 3, 4 and 7 protection
Advantages
Fastest detection and mitigation response
No signatures required
Minimized risk of false positives
17 17
Mail Server
Web Server 1
Web Server 3
Web Server 2
FortiGuard
A Complete End-to-End Solution
One vendor
Integrated Security
Only from Fortinet
Data Center Security AppSec
18 18
Pricing/Licensing
FortiGuard
Antivirus
Antispam
WAF Signatures
IP Reputation
FortiSandbox Cloud
Database Security
Web Filtering
FortiCare
8x5 Enhanced
24x7 Comprehensive
Professional Services
FortiGuard Bundles
Low Medium High
Segment Mid-size Enterprise Large Enterprise MSSP/Carrier
Typical Components FortiMail, FortiWeb,
ForiADC
FortiMail, FortiWeb,
ForiADC, FortiDB,
FortiDDoS, FortiCache
FortiMail, FortiWeb,
ForiADC, FortiDB,
FortiDDoS, FortiCache
Form Factors HW HW, VMs, AWS, Azure HW, VMs
Typical Price Range $50K-500K $500K-$1M $1M+
19 19
Competitive Comparison
COMPETITOR SEGMENT WAF MAIL ADC DDOS DB NGFW SBOX
Fortinet SMB, Mid,
Enterprise, Carrier
✔ ✔ ✔ ✔ ✔ ✔ ✔
F5 Mid, Enterprise,
Carrier
✔ ✔ ✔ ✔ ✔
A10 Mid, Enterprise,
Carrier
✔ ✔ ✔
Imperva Mid, Enterprise,
Carrier
✔ ✔
Arbor Enterprise, Carrier,
MSSP
✔
Radware Mid, Enterprise,
Carrier
✔ ✔ ✔
Barracuda SMB, Mid ✔ ✔ ✔
Kemp Technologies SMB, Mid ✔
INTEGRATION
20 20
Competitive Advantages Summary
Complete Performance Integrated Validated
$ Value
Data Center Application Security
21 21
Insertion Points
• Great solution to add up to 150% extra revenue
• Most key components integrated with FortiGate and FortiSandbox
• Expansion of Fortinet ecosystem
Follow up to FortiGate (Expand)
• Can get foot in the door with one or more products (WAF, ADC, etc.)
• Numerous cases of Application Security products opening door to FortiGate and
other Fortinet products
Entry Point for Fortinet (Land)
22 22
Vertical Strategy – Financial Services
UNIQUE CHALLENGES
• Most lucrative targets
• 47% of all CTAP attacks
targeted at FinServ
• Must provide secure and
reliable online access for
customers
• High number of legacy
applications
FINSERV POSITIONING
• FortiWeb protects online
banking systems and legacy
applications
• FortiADC can expand secure
application capacities
• FortiDB can protect sensitive
customer and financial records
• FortiGate/FortiSandbox
integration for APTs
23 23
Vertical Strategy – Healthcare
UNIQUE CHALLENGES
• 40%+ of ALL breaches
occur in healthcare
• Regulatory compliance
(HIPAA)
• Vast amounts of personal
information
• 110M patient records
breached in 2015
HEALTHCARE POSITIONING
• FortiWeb protects record
system vulnerabilities
• FortiDB can secure HC
databases for HIPAA
• FortiMail can prevent malware
from opening breach points
• FortiGate and FortiSandbox
integration for APTs
24 24
Objection Handling
Point solutions perform
better and don’t lock
me into to a single
vendor for flexibility
and better pricing.
•Point Solutions:
oSome may perform better
oUsually more expensive in total
oVendor management
oSecurity gaps
•Fortinet AppSec:
oHigh performance across the board
oProven effectiveness
oAward winning technology
o Integrated to close gaps
oLow TCO for complete solution
25 25
Objection Handling
I have an NGFW and
IPS, so my applications
are already protected.
•NGFW/IPS
oSignature-based
oRequires deep packet inspection with
performance degradation
oVulnerable to zero-day attacks
oNo layer 7 DDoS protection
•Fortinet AppSec:
oOptimized for application threat detection
oBehavior-based for zero-day detection
o Integrated with FortiGate for off loading
oComplete DDoS protection (L3/4/7)
26 26
Objection Handling
Fortinet isn’t known for
its Application Security
expertise.
•Fortinet AppSec:
oNSS Labs Recommended
oUsed by 1,000s of companies
worldwide
oFortiWeb fastest WAF in industry
oFortiMail fastest email security
platform
oOver 35 consecutive VBSpam and
VB100 awards
oGartner MQ recognition for WAF
and Secure Email Gateway
27 27
Large Municipal Government
• A major European capital
• 2.6 million residents
• RFP for citizen access portal
• Needed a complete infrastructure refresh
• Competition
• Cisco, McAfee, CheckPoint, Websense, Radware
• Fortinet is now core of Network and
Application Security infrastructure
FortiADC
FortiWeb
FortiMail
FortiGate
FortiManager
FortiAnalyzer
28 28
Global Phosphate Manufacturer
• Food, Pharmaceutical, and Industrial
phosphate products
• 1,500 employees
• Needed integrated APT protection for
users
• Competition
• FireEye
• Fortinet offers complete solution with
Sandbox integration
FortiWeb
FortiMail
FortiGate
FortiAnalyzer
FortiSandbox
29 29
Quantifying the Opportunity
Products Revenue
FortiGate 3700D 100% (baseline)
FortiMail 1000D +20%
FortiWeb 1000D +20%
FortiADC 1500D +25%
FortiDDoS 1000B +90%
Up to an additional 155% in incremental revenue
FortiGuard WAF Signatures
» FortiWeb
» FortiADC
30 30
We’re Here to Help
Solution Guides
Sales Presentations
NSE Training
Webinars
Liaison with Product Management
Fuse
» Product Communities
» Sales Tools
» Solution Guides/Resources
» Assets
Enhanced
Technologies
Data Center Security AppSec
31 31
WHO: Mid-market, Enterprise, MSP, and Carrier Organizations
NEED: End-to end AppSec with WAFs, Email Security, ADCs, and DDoS
PAIN: Threats and attacks target mission-critical web applications
WHAT: Fortinet Application Security Solution
INCLUDES: FortiWeb, FortiMail, FortiADC, FortiDDoS,
FortiDB, FortiCache
WHY FORTINET:
» Single vendor, complete solution for AppSec
» High-performance, secure solutions with third-party validations
» Integrated into Fortinet Network Security Platform
Key Points
Top Related