© Copyright Fortinet Inc. All rights reserved.

建置安全防禦織網 -- Security Fabric

Jim Liu 劉 乙 / Fortinet 北亞技術協理

jliu02@fortinet.com

Jim Huang 黃琦文 / Fortinet 資深技術顧問

jimhuang@fortinet.com

TAIWAN, 15 NOVEMBER 2018

2

[Digital Transformation]

2

3

5G

寛

AI

4.0

AIOT

FinTech

AI 理財

行動支付

4

三國控股集團

資訊長 – 留備

5

今日所面臨日益複雜的網路

ICS/SCADA

Internet/Cloud

6

[Hacker Transformation]

6

7

駭客轉型 – 企業面臨的是多維的聯合作戰

ICS/SCADA

Internet/Cloud

NGFW

8

三國控股集團

首席資安顧問 –

孔明 CallMe

9

[Security Transformation]

是時候資安該做進化了

9

10

錦囊妙計

安全織網 （Security Fabric）

11

自動化

FORTINET

SECURITY

FABRIC 2018

2018

新世代的防護方案需提供高可視度與防護性已涵蓋來自多面

向的資訊威脅

整合多樣化的技術用以防護偵測進階威脅的入侵攻擊

整合式的智能系統，經由持續性的自動化檢測評估，確保資安系

統自身維持最優化配置

新世代安全架構框架

NETWORK

MULTI-CLOUD PARTNER API

EMAIL UNIFIED ACCESS

IOT-ENDPOINT WEB APPS

ADVANCED THREAT PROTECTION

MANAGEMENT-ANALYTICS

覆蓋性 整合性

12

Q1:如何面對惱人的內網資安威脅？

13

Security Fabric Deployments

Data Center / Private Cloud / SDN

Distributed Enterprise

& Small Business

Mobile Users

Cloud

Firewall

(CFW)

Managed Endpoint

Internal

Segmentation

Firewall

(ISFW)

Boun

dary

Internal Network

Next Gen Firewall

+ Advanced

Threat Protection /

Next Gen IPS

(NGFW + ATP) /

NGIPS

Unified Threat Management

(UTM)

Public Cloud

Enterprise Campus

Or Branch Office

Core Network

Internet / WAN

Data Center Firewall

(DCFW)

Virtual Machine

Firewall

Secure SD-WAN

14

基礎網路的安全防護

FortiSwitch

FortiSwitch

FortiGate

FortiGate

FortiGate

FortiAP

15

Security Fabric-Compromised Host Security

16

Automation Stitch

User Defined Automation Security Fabric Integration Platform

If

Then

Where

Security

17

Q2:但是現存的交換器和AP？

18

FortiNAC 端點網路存取管理 （Agentless Data Collection）

19

Q3:如何面對隱形的未知威脅？

20

Advanced Threat Protection is…

FortiSandbox Advanced Threat Protection Appliance Virtual

Machine

Hosted Cloud

Products and services that continue

inspecting for malware and other

signs that cyber criminals have

gained entry despite traditional

threat prevention products

(NGFW, SEG, EPP, WAF, etc)

防堵未知威脅的武器

沙箱

21

FORTINET SECURITY FABRIC

DDoS Protection

Database

Protection

Application

Delivery

Controller

Top-of-Rack

BRANCH

OFFICE

LTE Extension

CAMPUS

FortiClient Secure Access

Point

IP Video

Security

Switching

FortiGate

NGFW

FortiGate

DCFW/

NGFW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate VMX

SDN, Virtual

Firewall

DATA CENTER/PRIVATE CLOUD

Web Servers

ENTERPRISE

FIREWALL

FortiClient

FortiClient

Email

Server

FortiWeb

Web Application

Firewall

OPERATIONS CENTER

FortiManager

FortiAnalyzer

FortiSIEM

Fortinet

Virtual Firewall

PUBLIC CLOUD

FortiCloud Sandboxing

FortiGate/FortiWiFi

Distributed Ent FW FortiMail

Email Security

22

FORTINET SECURITY FABRIC

DDoS Protection

Database

Protection

Application

Delivery

Controller

Top-of-Rack

BRANCH

OFFICE

LTE Extension

CAMPUS

FortiClient Secure Access

Point

IP Video

Security

Switching

FortiGate

NGFW

FortiGate

DCFW/

NGFW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate VMX

SDN, Virtual

Firewall

DATA CENTER/PRIVATE CLOUD

Web Servers

CLOUD SECURITY ENTERPRISE

FIREWALL

FortiClient

FortiClient

Email

Server

FortiWeb

Web Application

Firewall

OPERATIONS CENTER

FortiManager

FortiAnalyzer

FortiSIEM

Fortinet

Virtual Firewall

FortiCloud

PUBLIC CLOUD

FortiCloud Sandboxing

FortiGate/FortiWiFi

Distributed Ent FW FortiMail

Email Security

23

FORTINET SECURITY FABRIC

DDoS Protection

Database

Protection

Application

Delivery

Controller

Top-of-Rack

BRANCH

OFFICE

LTE Extension

CAMPUS

FortiClient Secure Access

Point

IP Video

Security

Switching

FortiGate

NGFW

FortiGate

DCFW/

NGFW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

FortiGate Internal

Segmentation FW

DATA CENTER/PRIVATE CLOUD

Web Servers

CLOUD SECURITY ADVANCED THREAT

PROTECTION

ENTERPRISE

FIREWALL

FortiClient

FortiSandbox

FortiClient

FortiSandbox

Email

Server

FortiWeb

Web Application

Firewall

OPERATIONS CENTER

FortiManager

FortiAnalyzer

FortiSIEM

Fortinet

Virtual Firewall

FortiCloud

PUBLIC CLOUD

FortiCloud Sandboxing

FortiGate/FortiWiFi

Distributed Ent FW FortiMail

Email Security

FortiGate VMX

SDN, Virtual

Firewall

24

Q4:智慧型端點安全?

25

Protect customers’ business-critical data against the insider threat

Monitor user/entity behaviour and data flow » Visibility of activities around the data

» Detect and Alert of anomalous or malicious activities

Benefits: » Strengthen security posture,

» Protect business-critical and sensitive information

» Support compliance – GDPR, HIPAA, etc.

USER & ENTITY BEHAVIOR ANALYTICS (UEBA)

智慧型用戶設備行為威脅分析防治工具

26

Why

Fortinet ??

26

27

Core Fabric Technologies

Fabric

Connectors

Automation

API

Use Cases

CASB Orchestration

Fabric Agent

FORTIOS

28

Security Fabric Rating

1 Analyze Security Fabric Rating 2 Audit 3 Easy Apply All Results 500

22

Critical

31

High

65

Medium

25

Low

354

Passed

9,564 Passed

6 Critical

569 Low

126 Medium

27 High

Security Rating

29

Core Fabric Technologies

Fabric

Connectors

Automation

API

Use Cases

CASB Orchestration

Fabric Agent

FORTIOS

Intrusion Prevention Antivirus

FortiSandbox

Cloud Web Filtering

Application Control IP Reputation

Security Rating Threat Intelligence

FORTIGUARD

30

Security Fabric Secured by FortiGuard

App Control Antivirus Anti-spam

IPS Web App Database

Web

Filtering

Vulnerability

Management

IP

Reputation

Firewall

VPN

Application Control

IPS

Web Filtering

Anti-malware

WAN Acceleration

Data Leakage Protection

Wi-Fi Controller

Advanced Threat Protection

31

Core Fabric Technologies

Accelerates

Network

Traffic

Accelerates

Content

Inspection Flexible

Policy

Optimized for entry-level

form factors

CPU

Less Latency

Less Space

More Performance

Less Power

PARALLEL PROCESSING

SPU

Fabric

Connectors

Automation

API

Use Cases

CASB Orchestration

Fabric Agent

FORTIOS

Intrusion Prevention Antivirus

FortiSandbox

Cloud Web Filtering

Application Control IP Reputation

Security Rating Threat Intelligence

FORTIGUARD

32

NSS Labs 3rd-Party Certifications

11 Cisco 4

Check Point 4

Palo Alto Networks 2

11 Recommendations

DCIPS AEP WAF NGFW NGFW BDS NGIPS BPS DCSG DCSG DCIPS

2017 & 2018 Certs

33

Fortinet Lead the Industry in Innovation 4x AS MANY PATENTS ISSUED THAN OUR COMPETITORS

44 WatchGuard

#1 Security Innovator

Based on patents issued as listed by the US Patent and Trademark Office

441

127 SonicWall

56 Sophos

41 Barracuda

119 FireEye

70 Check Point

119 Palo Alto Networks

34

自動化

FORTINET

SECURITY

FABRIC 2018

2018

新世代的防護方案需提供高可視度與防護性已涵蓋來自多面

向的資訊威脅

整合多樣化的技術用以防護偵測進階威脅的入侵攻擊

整合式的智能系統，經由持續性的自動化檢測評估，確保資安系

統自身維持最優化配置

新世代安全架構框架

NETWORK

MULTI-CLOUD

PARTNER API

EMAIL UNIFIED ACCESS

IOT-ENDPOINT

WEB APPS

ADVANCED THREAT PROTECTION

MANAGEMENT-ANALYTICS

覆蓋性 整合性

35

2018 Fortinet Solutions

Network

Security

FortiGate

Enterprise Firewall

SWG

SD-WAN

IPS

Management

- Analytics

FortiAnalyzer Central Logging /Reporting

FortiManager Central Security Management

FortiSIEM Security Information &

Event Management

Endpoint

Security

FortiClient

ZoneFox

EPP

Secure

Unified Access

FortiAP

Wireless

Infrastructure

FortiSwitch

Switching

Infrastructure

Multi-Cloud

Security

FortiGate

Cloud Firewall

Network Security

FortiGate

Virtual Firewall

Network Security

Advanced

Threat Protection

FortiSandbox

Advanced Threat

Protection

Web Application

Security

FortiWeb

Web Application

Firewall

Email

Security

FortiMail

Secure Email

Gateway

FortiNAC Network Access Control