1

Evolución Fortinet Security FabricRubén Aparicio Márquez

Regional Account Manager

© Fortinet Inc. All Rights Reserved.

Expanding Digital Attack Surface

2

Infrastructure

Risk

Digital

Attack

Surface

Compliance

© Fortinet Inc. All Rights Reserved.

Customer Issues

3

Complexity

Too many security

vendors is costly and

ineffective

Platform

Manual

Operations creates

mistakes and a

slow response

Hybrid

Multiple types of

Networks, Clouds

and Devices

Automation Integration

Measurement

How well is my

Security doing, How

can I improve?

Visibility

© Fortinet Inc. All Rights Reserved.

Fortinet Security Fabric

4

Information Security

InformationSecurity

NetworkOperations

NetworkSecurity

Network Security

Cloud & Apps Security

Multi-CloudSecurity

OpenAPI

FabricConnectors

Infrastructure Security

EndpointProtection

SecureAccess

EmailSecurity

Ecosystem

INTEGRATEDProtection across all devices, networks and applications

AUTOMATEDOperations and continuous trusted assessment

BROAD visibility of the

entire digital attack surface

© Fortinet Inc. All Rights Reserved. 5© Fortinet Inc. All Rights Reserved. 5

Evolution of SECURITY FABRIC

3rd Generation

5.6 6.0 6.2

Visibility &Control

Automation & Incident

Management

Integration & Connectors

Telemetry

5.4

FEATURES

CISO

NOC / SOC

Advanced Malware Policy Awareness & Control

Dynamic Data Protection

Extended Trust & Assurance

1st Gen. Co-ordinated Operations

Reduced time of visibility & management

Self-assessment and automated ops

Managed security state across the topology

6© Fortinet Inc. All Rights Reserved.

HighlightsFortiOS 6.2

EXPANDING

FABRIC FAMILYMULTI-CLOUDSD-WAN

FABRIC

CONNECTORS

AUTOMATION &

DEV-OPS

ADVANCED

THREATSUX / USABILITYCOMPLIANCESOC ADOPTION INDUSTRIAL / OT

Spilt-task VDOM and

FTNT Product Integration

New SDN and Threat

Feed Connectors

VPN setup and rule

definition enhancements

Public Cloud extensions

and FortiMeter Support

Additional Triggers

and Actions

Flow-based Inspection

Improvements

Consolidated risk View on

Topology Map

Linking Fabric Rating

checks with standards

Enhancements to policy

setup and visibility

© Fortinet Inc. All Rights Reserved. 7© Fortinet Inc. All Rights Reserved. 7

SDN | MULTI - CLOUD | IAAS | AUTOMATION | THREAT FEEDS | SSO

SECURITY FABRIC: CONNECTORS

© Fortinet Inc. All Rights Reserved. 8© Fortinet Inc. All Rights Reserved. 8

Types of partner integrations

Fabric Connectors• Fortinet develops specific code in our

products

• Explicitly referenced in our GUI/CLI

• Mainly based on APIs

• Feature development made by FTNT

• Validation might require testing with the partner

Fabric-Ready (Fabric APIs)• Partner developed solutions to

integrate with FTNT products

• Based on existing APIs and/or standard protocols(RADIUS, SYSLOG, SSH, etc)

• (usually) no specific code development from FTNT side

• FTNT tests solution to assure it works as expected

9

FOS 6.2b3 Fabric Connectors

30

FOS 6.2b3 Fabric Connectorsroadm

ap

10© Fortinet Inc. All Rights Reserved.

Fabric Connectors

Threat Feeds Connectors

Extends existing external list integration with new list types and usages

supports username/password authentication while retrieving from external DB

Remote

category on

web filter

profile

Address

object on

firewall policy

/ Domain

Filter

Remote

category on

DNS filter

profile

Virus

Outbreak

Prevention

on AV profile

Authentication Option

11© Fortinet Inc. All Rights Reserved.

Fabric Connectors

Cloud and SDN Connectors

Increase number of connectors to public clouds and SDN components

Multiple fabric connectors of any type to can be defined

12

IDENTITY MGMT. IoT/OT/NAC

Snapshot in 2019; new partners added continuously.

ENDPOINT

SIEM

CLOUDSDN/NFV & VIRTUALIZATION

MANAGEMENT

Fortinet Fabric Technology Alliances

13© Fortinet Inc. All Rights Reserved.

INDUSTRIAL SECURITY | OT |

SECURITY FABRIC: INDUSTRIAL

14

Valve

Fan

Pump

Segmentation and Encrypted

Communication (FortiGate)

Vulnerability and Patch Management

(FortiWeb, FortiClient and FortiGate)

Access Control – Users, Devices,

Applications and Protocols (FortiGate

and FortiAuthenticator)

Secure Access

(FortiSwitch/FortiAP/FortiExtender)

Visibility, behavioral Analytic, tracking

and simplicity: (Fortisiem, FAZ,

Nozomi, FortiClient , Fortiswitch,

FortiAP and FortiGate)

Industria = Hay que securizarlo también

15© Fortinet Inc. All Rights Reserved.

SDWAN | SDBRANCH| FORTIAP | FORTISWITCH |

SECURITY FABRIC: SD-WAN

16

Branch

MPLS

IPSec VPN

Public Cloud

Private Cloud

Aplicaciones críticas son redirigidas

a otro túnel si las condiciones de la

línea bajan de ciertos umbrales.

Acceso directo balanceado a Internet

para SaaS y contenido público

Aplicaciones no

críticas se balancean

para aprovechar

mejor el ancho de

banda

Aplicaciones críticas como

Voz/Vídeo elige el mejor

camino en términos de

latencia, jitter y pérdidas.

Internet

¿Que es SDWAN Segura?

17

Extender SD-WAN a SD-Branch

Data Center

Internet

Multi-Cloud

SaaS

Simplified Management Integrated Security Lower TCO

FortiSwitch

FortiAP

FortiAPFortiLink