Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Take Control of End User Security
1. 603.766.5924
www.daystarinc.com
TAKE CONTROL OF
END USER SECURITY!
How to minimize the risks end users inflict on your network.
Presented by:
Keith Bamford
CEO, Daystar, Inc.
James Cabe
Systems Engineer II,
Advanced Technology
1 CONFIDENTIAL – INTERNAL ONLY
2. 603.766.5924
www.daystarinc.com
DAYSTAR: Your Technology Partner
Serving ME, NH, & MA since 2000
Long-term, partnership approach
Hardware and service offerings:
• Procurement
• Project-based IT services
• Outsourced/Augmented IT
support
Onsite
Remote
2 CONFIDENTIAL – INTERNAL ONLY
3. 603.766.5924
www.daystarinc.com
DAYSTAR provides
Consultation Data Backup
Infrastructure Design E-mail Solutions
Network Hosting
Implementation &
Mobile Integration
Administration
Hardware
Network Maintenance
Procurement
Security
Application
Cloud Integration Development
3
Network Monitoring
CONFIDENTIAL – INTERNAL ONLY
4. 603.766.5924
www.daystarinc.com
End user threats to your
network security
Mobile device access / BYOD
Spyware / Malware
Bandwidth and data access
Unauthorized access
Unauthorized downloads
4 CONFIDENTIAL – INTERNAL ONLY
5. 603.766.5924
www.daystarinc.com
More control…simplified.
Powerful security coupled with enhanced
user access
Increase awareness / knowledge
Micro-control access and users
Manageable, easy, simplified
The solution? security solutions
featuring FortiOS 5.
5 CONFIDENTIAL – INTERNAL ONLY
6. Fortinet for the future:
More Security, More Control, More Intelligence
January 28, 2013
6 CONFIDENTIAL – INTERNAL ONLY
Fortinet Confidential
7. Fortinet Corporate Overview
Fortinet Revenue ($MM)
• Founded in 2000
• Global presence with 30+ offices
worldwide & 1,900+ employees $325
– 5,000+ channel partners
$252
– 100,000+ customers $212
– Majority of the Fortune Global 100 $155
$123
• IPO Nov 2009
$80
• NASDAQ: FTNT $39
$13
• 2011 revenue of $423 Million
– 34% YoY growth 2004 2006 2008
2010
• World class management team
7 CONFIDENTIAL – INTERNAL ONLY
7
8. Clear, Continuous Focus Since 2000
• Proven Leadership
» Technology consolidation
» Industry-leading performance
» Simplified security
• Vision That Drives Us Today
» Anticipate & innovate
» Push the performance envelope
» Make the competition follow our lead
8 CONFIDENTIAL – INTERNAL ONLY
8
9. We Pioneered a New Approach
Traditional Network Security Solutions The Fortinet Solution
• Stand-alone, non-integrated security • Real-time, integrated security intelligence
• Mix of off the shelf systems and applications • ASIC-accelerated performance
• Higher total cost of ownership • Lower total cost of ownership
• Difficult to deploy / manage / use • Easy to deploy / manage / use
9 CONFIDENTIAL – INTERNAL ONLY
9
10. Fortinet’s Growth Strategy
$9.5 Billion
GROWTH STRATEGY
1. Extend UTM leadership VPN
with new technology
2. Continue our security
focus in the broader $7.5 Billion
network security market
IDP
VPN
IDP Firewall / VPN
Firewall / VPN
UTM
FortiGate UTM
2010 2014
10 CONFIDENTIAL – INTERNAL ONLY
11. Consolidated Security
The Evolution of the Firewall
Fortinet Delivers Complete Protection
Real-Time
SSL
Threat
Inspection
Updates
Endpoint
Antispam/ Data Loss
Protection/
Antivirus Prevention
Virtual NAC
Appliance/ Web Vulnerability
Virtual VPN Mgmt
Filtering
Domains
Application
Firewall IPS
Control
Wireless WAN
Controller/ Optimization
Wireless / Traffic
LAN Shaping
SSL IPv6, Dyna
VoIP
Inspection mic Routing
11 CONFIDENTIAL – INTERNAL ONLY
11
12. Market Leadership Across the Board
Worldwide UTM Market Share Magic Quadrant for Unified UTM Market Competitive
Q4 2010 (1) Threat Management (2) Landscape, 2009(3)
Market
Rank Company
Share (%)
1 16.2 High
2 Check Point 11.8
Ability
3 Juniper 8.4 to
Deliver
4 Cisco 6.6
5 SonicWALL 7.8
6 McAfee 6.3
Low
7 WatchGuard 5.2
Low Market Penetration High
8 Crossbeam 2.6
9 Other 35.1
Contender Market Leader
Total 100.0 Niche Participant
Specialist Challenger
Notes
(1) IDC Worldwide Security Appliances Tracker, March 2011 (market share based on factory revenue)
CONFIDENTIAL – INTERNAL ONLY
12 Gartner, Inc., “Magic Quadrant for Unified Threat Management”, October 2010
(2)
(3) Frost & Sullivan, “World Unified Threat Management, Products Market 2009”, 2010
12
13. Results of Singular Focus
• Delivering Effective, Consolidated
Security
» Best in class protection in a single device
» Complete content protection
• Leading the Market
» Performance
» Depth of services
• Ensuring Flexibility
» Integrated technologies
» Simple pricing model
• Protecting All Segments
» From carrier to SOHO
13CONFIDENTIAL – INTERNAL ONLY
13
14. Do More with Less
• Increase access to data and systems
• Decrease risk of unauthorized access
• Increase effectiveness of existing resources and investments
• Reduce complexity of security infrastructure
• Lower operating and capital costs
14CONFIDENTIAL – INTERNAL ONLY
14
15. Background
Network Trends
Wired Connectivity Moving Beyond 10G
Ubiquitous Wireless Connectivity
Mobile Devices Everywhere
Video and Audio Content
IPv6 a Reality
15 CONFIDENTIAL – INTERNAL ONLY
16. Background
Security Trends
Visibility of Traffic
Accuracy of Detection
Policy Explosion
Log Explosion
Threats Scale
16 CONFIDENTIAL – INTERNAL ONLY
17. Background
No Change
Budget
Department Size
17 CONFIDENTIAL – INTERNAL ONLY
18. FortiOS 5
18 CONFIDENTIAL – INTERNAL ONLY
Fortinet Confidential
19. FortiOS 5
More Security
More Control
More Intelligence
19 FORTIN– T CONFIDE
CONFIDENTIAL E INTERNAL ONLY N T I A L
20. FortiOS 5 Highlights
More
Control
Fighting Advanced Threats Securing Mobile Devices Making Smart Policies
-------------------------------------- ------------------------------------ -------------------------------------
Client Reputation Device Identification -
Advanced Anti-malware Device Based Policy Identity Centric Enforcement
Protection Endpoint Control Secured Guest Access
Visibility & reporting
More
More Security Intelligence
Over 150 New Features & Enhancements
20 CONFIDENTIAL – INTERNAL ONLY
21. More Security
Fighting Advanced
Threats
Client Reputation
Advanced Anti-malware Protection
21 CONFIDENTIAL – INTERNAL ONLY
22. Zero Day Attack Detection
Identify potential
… zero-day attacks
Client Reputation
Reputation by Activity Threat Status
Real Time, Relative,
Multiple Scoring Vectors
Drill-down, Correlated
Policy Score
Identification Ranking
Enforcement Computatio
n
22 CONFIDENTIAL – INTERNAL ONLY
23. Advanced Anti-Malware Protection
Multi-pass Filters
Hardware Accelerated Local Lightweight FortiGuard Botnet IP
& Code optimized Sandboxing Reputation DB
Real time updated, Behavior / Attribute Based Cloud Based
3rd party validated Heuristic Detection Sandboxing
Signature DB
Application Control –
Botnet Category
Improves threat
…. … detection
In-box Enhanced AV Engine Cloud Based AV Service
23 CONFIDENTIAL – INTERNAL ONLY
24. More Security
Client Reputation
Threat profiling to quickly identify most suspicious clients
Effective zero-day attacks detection
!
Advanced Anti-malware Protection
Mutilayered: Combines best-in class local AV Engine with
additional cloud based detection system
Detects and block Botnet clients and activities
Improves malware detection capabilities
24 CONFIDENTIAL – INTERNAL ONLY
25. More Control
Securing Mobile Devices
Device Identification
Device Based Policy
Endpoint Control
25 CONFIDENTIAL – INTERNAL ONLY
26. BYOD – Device Identity & Policies
See It… Control IT
Awareness
Security
Device Identification Access Control
Application
Agentless Device Based UTM Profiles
Agent based Identity Policies Seamless
integration!
26 CONFIDENTIAL – INTERNAL ONLY
27. More Control
✔ DMZ ✔ INTERNET
Authorized Device
✗DMZ ✔ INTERNET
Personal Device
Device Based Policy
Securely adopt BYOD
Setup different security and network usage policies based on device
types
27 CONFIDENTIAL – INTERNAL ONLY
28. Endpoint Control: FortiClient 5
“Off-Net” Protection
•
1 Client enrolls into the
FortiGate and then receives
its end point policy. It will
receive any updates when LAN
connected again.
ON
2• Client uses last known
security policies and
VPN configurations.
INTERNET
OFF
28 CONFIDENTIAL – INTERNAL ONLY
29. Endpoint Control: FortiClient 5
Securing Remote Devices
Protect mobile hosts against malicious external threats
Enforce consistent end point security policies, anywhere all the time
Simplified host security and remote VPN management
29 CONFIDENTIAL – INTERNAL ONLY
30. More Intelligence
Making Smart Policies
Identity Centric Enforcement
Secured Guest Access
Visibility & Reporting
30 CONFIDENTIAL – INTERNAL ONLY
31. Identity-Centric Enforcement
Users
assigned to
their policies
Identity = Policy
Captive Portal
= M.Jones =
802.1x
FortiClient = S.Lim =
External Radius Service
Windows AD
= V.Baker = DMZ
Citrix Environment
= J.Jackson = DMZ
FSSO Users identified Identity based Policies
without additional logins
31 CONFIDENTIAL – INTERNAL ONLY
32. Identity-Centric Enforcement
✔ CMS ✔ INTERNET
SSID: MGMT
M.Jones Marketing, Management
SSID: STAFF
✗CMS ✔ INTERNET
S.Lim Operation, Staff
Single Sign-On and Role Based Policies
Authorized network access based on user credentials secure network
right at entry point
Reuse captured information for security policies unifies security
configurations and offers better user experience.
Reduce administrative tasks & configuration errors
32 CONFIDENTIAL – INTERNAL ONLY
33. Integrated Guest Access
Temporary Network
Access
Guest Administration Portal
Credential Generation & Delivery
Time Quota
Ad hoc access without
compromising security
Identify and track guest activities
Time limits prevent unnecessary exposure to exploits
33 CONFIDENTIAL – INTERNAL ONLY
34. Visibility & Reporting
Network & Threat Status
Knowledge is Power !
Drill-Down Statistics
Filter & Sorting
Object Details
Contextual Information
34 CONFIDENTIAL – INTERNAL ONLY
35. Visibility & Reporting
Deep Insights
New PDF Formatting
Drill-downs
Per User Summary
FortiManager
FortiCloud
Comprehensive
reports
35 CONFIDENTIAL – INTERNAL ONLY
36. Visibility & Reporting
{ URL
Visibility Widgets & Reports
Gain real time knowledge of current network & threat for appropriate
actions
Identify network usage trends to optimize infrastructure and resources
36 CONFIDENTIAL – INTERNAL ONLY
38. 603.766.5924
www.daystarinc.com
DAYSTAR
121 Shattuck Way, Suite 10 info@daystarinc.com
Newington, NH 03801 www.daystarinc.com
P. 603.766.5924
F. 603.766.5925
38 CONFIDENTIAL – INTERNAL ONLY
Hinweis der Redaktion
First, a brief overview of Fortinet.
Our focus has always been on consolidating stand-alone security and networking technologies to improve performance, increase protection, and reduce costs
Now let’s look at our broader market opportunity and Growth strategies.
As firewalls have evolved, additional technologies have been added to the core firewall technology to provide additional functionality and protect against new threats.FortiGate consolidated security platforms have been at the forefront of this evolutionary process. We have led the market with our ability to anticipate changes to the threat landscape by adding new functionality and technologies into our UTM platform. For example, FortiGate platforms have had the ability to identify applications independent of port or protocol since FortiOS 3.0, well ahead of other vendors. There has been a lot of noise in the market around ‘next generation’ firewalls. NGFWs are a subset of UTM, as they provide a limited feature set compared with the FortiGate UTM platform. This slide highlights the difference between the limited feature-set of NGFWs and the FortiGate UTM platform.
We continue to focus on leading the market with advanced technology and products.Currently have 50+ patents awarded; 100+ pending
We know that on a daily basis, you’re having make hard choices on how to do more without spending more. You are under pressure to open up more of your data to employees, customers, partners, and vendors; at the same time you’re expected to reduce the potential of unauthorized access to your data and backend systems. You’re also expected to make your existing staff and security technologies more effective, and to do it while spending lessAnd, we know you’re expected to lower your expenses
Benefits of FortiOS 5.0 center around improved security, improved control and more intelligence.
Tackle today’s challenges:The need for more control – how do I control devices – as they may be personal or belongs to the organizationThe need to protect against new threats – How do I protect the network against zero-day attacks and goes beyond using Signatures …The need to effectively enforce security with more complex network environment and requirements – How do I simplify the management and implementation, so that I as the weakness link – do it correctly! Also, How can I better understand what is going on my networkWe also take our customers feedback seriously and have adopt a number of enhancement that improves our functionalities, our deliverables and user experience
FortiOS 5.0 lets you secure mobile devices and BYOD environments by identifying devices and applying specific access policies as well as security profiles, according to the device type or device group, location and usage.So what what are we doing to make it work?Device Identification – by using 3 different technologies, and user can choose all of them or either, depending on their network setupOnce a device is identified, admin can apply specific access policy as well as security profile, according to the device type or device group. We will work through a use case soon.What is a huge advantage here is that it al work seamlessly in the box.Does it work with user Authentication to create even more gradual policies – yes! Thus, giving the ability to tell who does what on which device.
One of the improvements in FortiClient 5.0 allows for off-net protection. The similar security policies can be applied even when the user is not connected to the corporate network. For example, policies can sent to the FortiClient that block access to malicious websites. When that user is no longer connected to the corporate network, they would still be denied access to those websites.
FortiOS provides automatic adjustment of role-based policies for users and guests based on location, data and application profile