Security Consolidation

The way to unmatched performance, visibility & control

Franck Bernard Country Manager Fortinet, Inc.

October 7, 2013

Fortinet Corporate Overview

Founded in 2000 Fortinet Revenue ($MM)

Global presence with 30+ offices worldwide & 1,300+ employees

5,000+ channel partners 100,000+ customers
Majority of the Fortune Global 100
$155 $123

$252

$212

IPO Nov 2009, NASDAQ: FTNT 2010 revenue of $325 Million

29% YoY growth
$13
2003

$80 $39

Q3 2011: 37% YoY growth Dedicated MSS team

2

2005

2007

2009

Agenda

1. 2. 3. 4. 5.

Evolution of the Firewall Market Market Analysts View Enterprise Unified Threat Management Security Consolidation WLAN Security

Evolution of the Firewall Market

Can You Keep Up?

Intelligence
Reduce emphasis on human intervention

Consolidation of gateway functions

Simplification

End-to-end protection
Policy compliance for all devices, including mobile

Enterprise-class features available for all segments

Not limited to large appliances

Virtualization
Virtual appliances Multi-tenant environments

Growth of WLANs
Mobile enterprise

Firewall Market Evolution

Firewalls developed over 25 years ago
Initial protection by blocking traffic by port, protocol, or IP address
From packet filtering to circuit level to proxy to deep packet inspection

Threat landscape evolved from primitive to more sophisticated

Able to pose as legitimate traffic & bypass policies Business processes evolved as well
Firewall policies disabled over time to allow critical applications to pass through

The Early Days

Performance / Damage

VPN

Connection-Based
Firewall Hardware Theft 1980s 7 1990s 2000s

Physical
Today

Lock & Key

Vendors Followed The Threats

Performance / Damage

Spyware

Anti-Spyware

Worms
Spam Banned Content Trojans
Antivirus Antispam

Web Filter

Viruses Intrusions
IPS

Content-Based
VPN

Connection-Based
Firewall Hardware Theft 1980s 8 1990s 2000s

Physical
Today

Lock & Key

Result: Multiple Devices, Consoles, Vendors

Problems Created
Stand-alone, nonintegrated security Created gaps in security strategy Mix of off-the-shelf systems and applications Difficult to deploy / manage / use High cost of ownership

Consolidation
Factors driving consolidation
Threats
Blended threats, multi-vector attacks exploiting blind spots

Evolution of network/security technologies

Ability to integrate stand-alone technologies and deliver performance Greater accuracy of detection capabilities

User behavior
Growth of remote workforce

Applications behavior
Webification

Costs

10

The Market Analysts View

11

IDCs View
Unified Threat Management
The evolution of the traditional firewall into an all-inclusive security product:
Network firewalling Network intrusion prevention Gateway antivirus (AV)/antispam (AS) VPN Content filtering Optional technologies, such as Load balancing On-appliance reporting
VPN Firewall IPS
Web Filtering

AV/AS

Gartners View
Next Generation Firewall
Standard firewall features
Network address translation, stateful inspection, and VPN and suited for the large enterprise

IPS is "truly integrated" with the firewall. "Application-awareness" capability to recognize/control applications Extra-firewall" intelligence
Reputation analysis, integration with Active Directory, or useful blocking or vulnerability lists
VPN Firewall IPS
Web Filtering App Control

Enterprise Unified Threat Management

Fortinet's Approach to Consolidated Security

Complete Content Protection
Antispam Antivirus/ Antispyware VPN Firewall Wireless LAN Vulnerability Mgmt IPv6, Dynamic Routing IPS SSL Inspection VoIP Data Loss Prevention Web Filtering App Control WAN Optimization Endpoint Protection/ NAC

VLANs, VDOMs, Virtual Appliances

Strong Authentication

15

Enterprise Unified Threat Management

Convert stand-alone products into features
Simplify the network and improve visibility

Deliver comprehensive solutions for the largest global networks and organizations
Improve performance Increase protection Reduce complexity

Continually raising the performance bar with purpose-built hardware and software
Rely on custom processors and latest generation general purpose processors

Visibility and Control

Single pane of glass management console Single OS for all security devices Deployment Ease & Flexibility
Ability to deploy technologies where needed

17

Consolidated Security with Real Time Updates

Application Control: Unwanted Services and P2P Limiting
Botnet command channel, compromised Facebook applications, independent of port or protocol

Intrusion Prevention: Vulnerabilities and Exploits

Browser and website attack code crafted by hackers and criminal gangs.

Web Filtering: Multiple categories and Malicious sites

Botnet command, phishing, search poisoning, inappropriate content

Vulnerability Management: Real time exploit updates

Multiple scanning points FortiGate, FortiAnalyzer, FortiWeb, FortiDB, and FortiScan

Antispam: Unsolicited messages Phishing, Malware, Social Engineering and Junk

Antivirus: All malicious code Documents, macros, scripts, executables Delivered via Web, Email, USB, Instant messaging, social networks, etc

18

Integrated Threat Protection in Action

Problem:

Innocent Video Link: Redirects to malicious Website

Error message: Drops copy of itself on system and attempts to propagate Out of date Flash player error: Download malware file

Solution:
Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm

19

The Zeus Attack vs. Complete Content Protection

Email Sent Contains link to compromised site
.
ANTISPAM

Mail message detected as spam (phishing)

End user accesses phishing site, enters credentials, and criminals now have their details
..
WEB FILTER

Access to phishing website is blocked

Phishing site sends BOT infection to user disguised as Security Update application
Content scanning prevents malicious content from being downloaded
ANTIVIRUS

End user executes BOT application, is infected and now all their data is compromised
Botnet command channel is blocked, no compromised data can be sent. Security administrator is alerted to existed of an infected system.
INTRUSION DETECTION

20

Can You Keep Up?

Intelligence
Reduce emphasis on human intervention

Enterprise-class features available for all segments

Not limited to large appliances

End-to-end protection
Policy compliance for all devices, including mobile

Growth of WLANs
Mobile enterprise

Virtualization
Virtual appliances Multi-tenant environments

Security Consolidation

Consolidation
Gateway features unification Integrated security appliance
Block network & content threats

Accelerated performance
10 GbE Up to 160 Gbps

23

Security Consolidation

Consolidation
Virtual Security Domains, Virtual Management & Reporting

Virtual Domains (VDOMs) Enable a single Firewall, Management and Reporting system to function as multiple independent virtual systems

24

Security Consolidation

Consolidation
Choice of form factor: run it all on physical appliances or as virtual software
DMZ/Private Zone

Virtualized Data Center

Servers / DMZ Desktops / Private

Public Zone

Server
Hardware Appliances

Virtual Appliances

25

Can You Keep Up?

Intelligence
Reduce emphasis on human intervention

Enterprise-class features available for all segments

Not limited to large appliances

End-to-end protection
Policy compliance for all devices, including mobile

Growth of WLANs
Mobile enterprise

Virtualization
Virtual appliances Multi-tenant environments

FortiGate WLAN
Ready for Prime Time

Revenue Opportunity
Enterprise Wireless LAN Market Size Forecast
$3,500.00 $3,180 $3,000.00 $2,707 $2,500.00 $2,415 $2,098 $1,801 $1,500.00 $1,706 North America EMEA Asia/Pacific Latin America Worldwide $1,000.00 $2,975

iPad usage in enterprise increases TAM to $4.5B

$2,000.00

$500.00

$2008 2009 2010 2011 2012 2013 2014

Building Blocks of Secured Wireless LAN Solution

Secure Wireless Access Points

Multi-Threat Security with Integrated Wireless Controller

Fortified Wireless Space

29

FortiGate Secure WLAN

New Security Paradigm in WLAN Firewall

Encryption
Antivirus IPS UTM

What Do Customers Want?

Mobility Reduced TCO

Security

Scalability

Guest Access Mesh Networking

Planning/De ployment Mgmt/ Monitoring

Application Priority

VoWLAN

FortiOS

FortiOS

FortiOS 4.3

FortiOS 4.4

Application Control/Prioritization
WLAN is a Shared Medium Cloud means all applications

FortiGate

are HTTP
L7 Identification Required Unique to Fortinet
FortiOS

FortiOS 4.3

Rogue AP Detection
PCI Compliance requires Rogue Access Point detection and Wireless IPS at Retail locations FortiGate Rogue AP Detection and Suppression
Simultaneous Rogue Detection and background scan Simultaneous Rogue Detection and full-time scan

On-wire Rogue detection and suppression

Wireless IPS
FortiOS

FortiOS 4.3

Guest Access

-Guest Manager -Guest Manager

Receptionist can create a single account for visitor Following fields are customizable. Admin can force certain fields to be mandatory Expiration time can be edited by receptionist if Admin allows

FortiOS

Email accounts can be printed out or sent to visitors smart phone via SMS or Email

FortiOS 4.4

FortiPlanner - Planning/Deployment
Create floor plan
Shape, walls, windows, doors etc

Place APs
Automatic or manual

Propagation Prediction

FortiOS

FortiOS 4.3

Management & Reporting

FortiManager
Global management of all wireless controllers and settings

FortiAnalyzer
Central logging/reporting Wireless PCI compliance reports

FortiOS

FortiOS 4.4

Summary
Consolidate Gateway features
Layered security Simplification

Virtualize where reasonable

Optimization Mitigate the enhanced security risk

Armorize your WLANs

Reverse engineering

Single Pane of Glass

Consolidated view of all activity

See, analyze, remediate

37

Thank You
Franck Bernard fbernard@fortinet.com

FortiGate as a Sales Platform

Fortinet Product Portfolio - Security

Unified Threat Management
FortiGate Network Security Platform FortiAP Secure Wireless Access

Centralized Management
FortiManager Centralized Device Management FortiAnalyzer
Centralized Logging and Reporting

Application Security
FortiMail
Messaging Security

FortiWeb
Web Application Firewall

Security Services
FortiGuard Real time
Security Services

Endpoint Security
FortiClient
Endpoint Security

Data & System Security

FortiDB
Database Security

FortiAuthenticator
Remote Access Management

FortiScan
Vulnerability Management

Fortinet Product Portfolio Network

Failover Protection
FortiBridge
Fail-to-Wire Bypass

Application Load Balancing

FortiBalancer
Application Delivery Controllers

Web Caching
FortiCache
ISP & EnterpriseClass Content Caching

VoIP & Analog Telephony

Ethernet Switches
FortiSwitch
Gigabit Ethernet Switches

FortiVoice
IP PBX & Phones

VPN Strong Authentication

Open VPN Fortinet VPN

FortiGate

FortiGate

FortiAuthenticator

Web Application Availability/Security

Standard Customer

Advanced Customer

Web

FortiGate FortiGate FortiBalancer

FortiWeb

FortiWeb

Users, Complexity, Availability, Security, Speed

Web App Servers Web App Servers

High Performance AD Integration

Mass Email Encryption Content Filtering, AppControl
AD Cluster

Web
FortiAuthenticator

FortiAuthenticator FortiGate

FortiMail

FortiGate

Email Servers

Total Web Content Filtering

Public Access HQ Access

FortiGuard

FortiGate

FortiClient

FortiManager