Embed Size (px)
© Copyright Fortinet Inc. All rights reserved.
Introduction to the Fortinet Security Fabric
manager systems engineeringErwin Schürmann CISSP
2
“All organizations should now assume that they are in a state of continuous compromise.”- Gartner, 14-2-2014
A TRUE STATEMENT?
Source: Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks. February 2014.
3
SECURITY HAS CHANGED
3.2BILLIONINTERNETUSERS 1.3BILLION
SMARTPHONES SHIPPED WORLDWIDE 3BILLION
NEW DEVICES PER YEAR THROUGH 2020
INCREASE IN CYBER THREATS
10,000x PUBLIC CLOUD MARKET IS ESTIMATED TO REACH
$191BILLION
4
So have the Risks
Email Attachment
Web drive-by
Email link
Download malware
Network propagation
Incident count
Top 5 Avenues for Crimeware
Source: Verizon. 2016 Data Breach Investigations Report. 2016.
5
Given the Time Malware Remains Undetected
Random Detection(average ~200 days,
prior to response)
DURATION
IMPA
CT
6
Problem No.1 – Expanded Attack SurfaceENCRYPTED TRAFFIC INCREASING MULTIPLE CLOUD TYPES
IP ENABLED OPERATIONAL TECH (OT) BROADBAND WAN ACCESS
BROADVisibility and Protection
7
Problem No.2 – Increased Security ComplexityTOO MANY POINT SECURITY PRODUCTS TOO MANY SECURITY CONSOLES
NO SHARING OF THREAT INTELLIGENCEAND MITIGATION INFORMATION INCREASING COMPLIANCE REQUIREMENTS
INTEGRATEDDetection and Response
8
Problem No.3 – Rapidly Changing Advanced ThreatsTOO MANY SECURITY ALERTS(HOW TO PRIORITIZE)
NEED RAPID AND SMART ANALYSISAPPLIED TO DIRECT ACTION
HIRING CRITICAL CYBERSECURITY SKILLSWHAT IS MY SECURITY STANDING?
(THREAT SCORE)
AUTOMATEDOperations and Analytics
9
Security
ComplianceInfrastructure
Cybersecurity is a foundation of Digital Business
The Evolving Security Landscape» Advanced Threats» Detect and Respond» Ransomware
Governance/Compliance» Digital Risk Framework» Industry Regulation» 3rd Party Certification
Infrastructure Evolution (New Edge)» Data in Public Cloud» Headless OT/IoT Devices» The Need for Speed
10
Stopping Advanced Threats require rapid communication of Security elements
1980s
Hardware Theft
Perfo
rman
ce D
egra
datio
n
Viruses& Spyware
Intrusion& Worms
MaliciousApps
AdvancedTargeted Attacks
Spam
Today
MaliciousSites
Machine to Machine Attacks
Anti-malware
Firewall
Exploits Vulnerability Management
Intrusion Prevention
Secure Email Gateway
Botnets
Network Segmentation
Application Control
IP Reputation
URL Filtering
Advanced Threat Protection
Point ProductsCONTENT BASED SECUTY
Rapid Communication & ActionINFRASTRUCTURE
CONNECTION SECURITY
11
Digital Attack Surface Requires an Adaptive Security Framework
RAPID RESPONSE INTEGRATED DETECTION OF UNKNOWN THREATS
PROTECT AGAINST KNOWN THREATS
IDENTIFY THE BROAD ATTACK SURFACE
AUTOMATED TRUST ASSESSMENT
NOC
SOC
12
2018 Fortinet Security FabricA Security Architecture that provides:
BROAD Visibility & Protection of the Digital Attack Surface
INTEGRATED Detection of Advanced Threats
AUTOMATED Response & Continuous Trust Assessment
Delivered as:
Appliance Virtual Machine
Hosted Cloud
NETWORK
MULTI-CLOUDPARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
Software
13
2018 Fortinet SolutionsNetworkSecurity
Multi-Cloud Security
Endpoint Security
Email Security
Web Application Security
SecureUnified Access
Advanced Threat Protection
Management- Analytics
FortiGateEnterprise Firewall
FortiGateCloud Firewall
Network Security
FortiClientEPP
FortiWebWeb Application
Firewall
FortiMailSecure Email
Gateway
FortiSandboxAdvanced Threat
Protection
FortiAnalyzerCentral Logging /Reporting
FortiManagerCentral Security Management
FortiSIEMSecurity Information &
Event Management
FortiGateVirtual FirewallNetwork Security
FortiAPWireless
Infrastructure
FortiSwitchSwitching
InfrastructureSWG
SD-WAN
IPS
THE FORTINET SECURITY FABRIC SOME EXAMPLES
15
Flexible/Open
Broad – The Fabric Gives You Complete Visibility, Coverage and Flexibility Across The Entire Dynamic Attack Surface
CoverageVisibility
Application Security
Cloud Security
Client/IoT Security
Access Security
Network Security
16
Fortinet Security Fabric Topology View Fabric Integration
Internet
NGFW
ISFW.2
ISFW.1
SD-WANNGFW
NGFW
Cloud NGFWSaaS / CASB
Virtual FW Switch.1
Switch.2 WiFi.3
WiFi.2
WiFi.1
Switch.3
HOSTS (APPS)
CLIENTS (DEVICES)
Email WAF
Advanced ThreatProtection
32
3
3
13
4
1
1
Manager Analyzer
5 2 1 11733 111
17
18
Broad – The Fabric Allows Flexible, Open Integration of Other Security Partners
19
Multi-Cloud Security Connectors
Networking
Servers
Virtualization
O/S
Applications
API
Data
SaaS
SaaSCloud
CASB CONNECTORS
Networking
Servers
Virtualization
O/S
Applications
Virtual Security
Data
Private
PrivateCloud
SDN CONNECTORS
Networking
Servers
Virtualization
O/S
Applications
Cloud Security
Data
Public
PublicCloud
CLOUD CONNECTORS
Single Console
Connectors
20
Powerful – Increasing Performance Reduces The Burden on Infrastructure
Comprehensive Range
Parallel Path Processing
Security Processors (SPU’s)
AcceleratesContent Inspection
Optimized Performance for Entry Level
AcceleratesNetwork Traffic
High End
Mid Range
EntryLevel
1 Tbps
21
Less Latency
Less Power
Less Space
More Performance
FortiGate 3980E > 1Tbps FW FortiGate 7060E > 100bps NGFW
Powerful – The Fastest Network Security Appliance’s on the market
22
Automated to Provide a Fast, Coordinated Response to Threats
CoordinatedAudit & RecommendGlobal & Local
Known ThreatsFortiGuard
Unknown ThreatsFortiSandbox
ISFW-PRI
Demo_ISFW-Sales
Demo_ISFW-Finance
Demo_ISFW-ENG
FP320C3X15002440
2.62 GB
23
Automated Security Audit and Recommendations
24
Workflow Automation
Automated workflows using triggers to deliver appropriate actions
AUTOMATED WORKFLOW
Notification Reports Quarantine Adjust Configuration
ACTIONSTRIGGERS
SystemEvents
ThreatAlerts
User & DeviceStatus
ExternalInputs
Automation
