FortiMail

Multilayer EMAIL Security

Email is *the* critical threat vector

269 Billions Mail x Day 49.7% Spam 135 Billions 2.3 % Malicious Attach 3,1 Billions

Email is still the Number 1 ThreatVector (80%)

30% of phishingmessages wereopened by theirintended target about 12% percent of

recipients went on to click the maliciousattachment or link thatenabled the attack to potentially succeed

Email is *the* critical threat vector

Malware

• Targets unskilled users thereforeoften volumetric attacks

• Use of social engineeringtechniques to get users to open email and execute malware

• Some zero day, mostly a numbersgame

Email Based Threats

Phishing

• Targets an interest group, organization or individuals (spearphishing) within the organization

• Customised content based on userinterests or role

• Often targeted at C-levels (whaling)• Zero day malware or social

engineering to divulge financial or credential information

• 12% users click on maliciousattachments or links in such mails*

Compliance & Data Loss

• Sending of Personally IdentifiableInformation (PII) via Email

• Sending of corporate confidentialinformation out of the organization

• Corporate espionage• Failure to encrypt sensitive emails• Failure to backup/save/archive

emails to comply with corporate standards

• IRS – 7 years• PCI – 1 year• State depts – 3 years• HIPPA – 6 years

All form factors

Hardware Appliances

• 8 models

• Filter 2.7k to 2m Messages Per Hour

• Support for 10GE

SaaS

• Gateway or Server Mode

• Standard or Premium

• Per User Per Year

Virtual Appliances

• 7 VM models

• CPU- and Domain-based

• Perpetual licensing or Marketplace On-Demand

Detailed Datasheet

Multiple Deployment Scenarios

Gateway Mode• Most common deployment scenario• Mail is delivered to FortiMail, scrubbed of threats and forwarded to

destination mailserver

Transparent Mode• Deployed as a bump in the wire. No configuration changes

required to the email infrastructure.• Commonly utilised in the ISP and Carrier environment.

Server Mode• FortiMail acts as a full mailserver providing POP3, IMAP, Webmail

and calendaring in addition to security functions.

Deploys as Primary or Supplemental Filtering On-premise

FortiGuard

• Antispam• Adult Image Analysis• Antimalware• Virus Outbreak• Optional Sandboxing

Mail Server

FortiMail

FortiSandbox

IoC Distribution• IPs• File Hashes

Or Also Deploy in the Cloud

Mail Server

Cloud SEG & Sandboxing

FortiGuard

• Antispam• Adult Image Analysis• Antimalware• Virus Outbreak• Optional Sandboxing

IoC Distribution• IPs• File Hashes

Security Bundles

Antispam Service

• Sender IP ratings

• Embedded URL ratings

• Content-based hashes for spam and phishing campaigns

• Separate “newsletter” identifiers

Antivirus Service

• One-to-many signatures

• Heuristic rules

• Emulation

• Decrypting/Unpacking

• Patented content pattern recognition language (CPRL)

Outbreak Prevention

• Pre-signature intelligence

• Covers emerging spam and malware campaigns

• Leverages new sandbox and other intelligence

Impersonation Analysis

• Identifies spoofed email

• Dynamically builds protections for common email addresses

• Complements sender authentication

FortiSandboxCloud

• FortiSandbox hosted by Fortinet

• Includes prefiltering, emulation and full instrumented analysis

• Subscription-based

• No separate sandbox required

Content Disarm and Reconstruction

• Removes high risk active content

• Supports Microsoft Office and Adobe

• Can be applied by user, group or policy

• Original documents can be retained and restored

Click Protect

• Dynamic reputation query

• Determines rating at the time of user click

• Identifies recently compromised sites changed shortly after campaigns are launched

Base Bundle

Enterprise ATP Bundle

High Availability and Scalability Options

▪ Active-Passive Cluster• Two-devices, full failover protection• » Heartbeat and Service Monitoring• » Full mailbox, archive, quarantine, log and queue synchronization

▪ Config Only HA• Linear scalability suitable for the largest ISPs and Carriers• » Centralized quarantine, management and IBE• » Enables DR and geographic redundancy• » Load balanced option using FortiADC or third party load balancer

FortiMail

Security Overview

Anti-Spam/Anti-Phishing

▪ FortiGuard Reputation Databases» Cloud database query to identify knowspam IP and content

FortiGuard Antivirus, Anti-Spam and URL FilteringFortiGuard IP Reputation includingBotnets

» Removes volumetric spam at low cost

▪ Advanced Filtering Techniques» Detects new Spam campaigns using a variety of dynamic techniques

Header Analysis Sender ReputationDynamic Heuristics DKIM / SPF / DMARCBehavior AnalysisS suspicious NewsletterGreyware Scanning

Anti-Malware

▪ FortiGuard Anti-Malware (On-box)» One-to-many signature matching (CPRL)» Heuristic detection» Code emulation & Behavioural analysis

▪ Outbreak Protection (Cloud based)» Real-time data analytics on every request to the FortiGuard network to identify 0-day threat outbreaks in minutes

▪ Active Threat Neutralization» Strip active HTML content and attachmentsfrom emails to neutralize potential threats» Deliver neutralized version and forwardoriginal to archive host

File Sample

Take Action Based on ProfilesFile discarded, option to Quarantine and event logged

Outbreak detection

Behavioral Analysis

Code Emulation

Decryption/unpacker System

Signature Match(CPRL/Checksum)

FortiGuard Data Analytics

Content Disarm & Reconstruction

▪ Select URI category to strip when disarming HTML » Select a URL filter to

selectively disarm URLs in CDR

▪ Password Decrypt Office Docs» Password decrypt of Archive and PDF

supported since 5.4 » Extend support to MSOffice Documents

Remove macros

Neutralize URLs

Remove embedded content

URI Click Protection

▪ Rewrite URLs to point at FortiMail» FortiMail rescans when links are clicked to detect status change since first rating » New URL Click Protect License

▪ Benefit » Extends security to the desktop » FortiMail continues to add valuewith Outbreak Protection featurelicense

Business Email Compromise (BEC)

▪ Impersonation Analysis » Identify normal Display Name /

Header Address matches. » Detect inbound email spoofing

and warn recipient» Prevent Whaling attacks against C- Levels» Automatic detection of normal address

format or manual upload

FortiSandbox Action

▪ Separate actions for FortiSandbox scan results(Attachments and URI): » Malicious/Virus» High Risk» Medium risk» Low Risk» No Result

FortiMail

Other Features

Security Fabric Integration

▪ FortiSandbox» Identify previously unknown threats» Return file and URL ratings to FortiMail

▪ FortiGate, FortiClient, Fabric-Ready Partners» Receive IoCs related to attacks starting with email» Increase overall security posture

▪ FortiAnalyzer» Aggregate and correlate security logs from email, network, endpoint and more» Provide a single, enterprise-wide view of the security posture

FortiGateFortiMail

HTTP Traffic

MailServer

FortiSandboxFiles for

Inspection

Fabric Ready Endpoint Partners

Ratings Returned

IoCs to Block

FortiClient

FortiAnalyzer

IoCs to Block

FORTIGUARD ENHANCEMENTS

▪ Email Template Hashing» Some spam content follows a very

common layout format » Content hashes change on each mail but

follows a common format

▪ Enhanced Data Mining Engine » AntiSpam Data Mining Engine

enhancements, over 90% AntiSpamsignatures are now mined/releasedby our AntiSpam Data Mining Engine automatically

FortiGuard HASH

FortiGuard Geo IP

▪ Import Geo IP DB from FortiGuard» IP Based Policy based in

Geo Country / Region» Embellish reports and logs with

region flags

Office 365 API Integration

▪ Office 365 Connector » New feature becomes visible on licensing» Available in Gateway mode » Profiles & Policy are totally separate to the

existing versions

▪ Configuring an Office 365 Account » Add Account » Single Sign-on into Office365 to grant API

access permission

Office 365 API Integration

▪ Scan Policy » On demand: Scans emails post deliverywhen triggered by administrator(useful for POC)

▪ Pattern matching» Similar to Recipient Policy» Defines which recipients and sendersto scan email for

▪ Profiles» Similar to Recipient Policy» Apply security profiles to email flows

Exclusive Networks

Here For You

Excslusive Network Italy Overview

Training Training in aula, online e presso la vostra sede Centro Pearson-VUE, certificazioni in sede Exclusive Networks

Servizi Professionali Professionisti Certificati per support Pre e Post Vendita Installazione, Design, Configurazione, Ottimizzazione Eroghiamo servizi di persona e remotamente

Exclusive Networks per voi

Power Lab Toccare con mano l'integrazione fra diverse tecnologie 20 Brand presenti, scenari con integrazioni reali Possibilità di ospitare Partner e Utilizzatori Finali

Next Events

https://tech-experience-2020.sharevent.it/it-IT

Thank You!

rborsello@exclusive-networks.com