© Copyright Fortinet Inc. All rights reserved.

Fortinet Security FabricPeter KocikSystems Engineer, CEE

2Fortinet - Confidential

Infrastructure. Constant Change.

GreenGoogle’s 13 data centers use 0.01% of global power

SDN/NFVSoftware-defined everything. SD WAN

SaaSOn average, companies have 10+ applications running via the Cloud

IaaSSecurity still the No.1 inhibitor

IoT35B devices, mostly headless attaching to the network

Virtualization80% of data center apps are virtualized

MobileNo control of endpoints (BYOD)

SocialBandwidth ever increasing

BandwidthWi-Fi speeds rival LANs. 100G networks here

AnalyticsBig Data

Internet 2100 Gbps and

UHDTV

5GWireless

FUTURE

100G

3Fortinet - Confidential

Accidental Architecture

§Routers§Switches§Wireless Access

NETWORKTEAM

MESSAGINGTEAM

SECURITY TEAM

OS TEAM

§Firewall§ IPS§Web Application

§Desktop OS§Antivirus§Mobile Device Mgmt

§Email§ Instant Messaging§Voice§Unified

CommunicationMany Isolated Point Solutions

4Fortinet - Confidential

The attack surface has increased dramatically, everywhere, inside and out.

PoSIoT

UTM

NGFW

Campus

Mobile

Endpoint

Data Center

DCFWBranch Office

Internal External

5Fortinet - Confidential

Fortinet Security Fabric

AccessEndpoint Application Cloud

NOC/SOCAdvanced

Threat Intelligence

Network

Fabric Ready

• Scalable• Aware• Secure• Actionable• Open

6Fortinet - Confidential

Aware - The Fabric gives you complete visibility allowing network segmentation

7Fortinet - Confidential

Aware - The Fabric gives you complete visibility allowing network segmentation

8Fortinet - Confidential

FortiMail

FortiClient

FortiGateAdvanced

ThreatProtection

Appliance Virtual Cloud

App Control Antivirus Anti-spam

IPS Web App Database

WebFiltering

VulnerabilityManagement

Botnet MobileSecurity

CloudSandbox

DeepApp Control

Partner

FortiWeb

Actionable – The Fabric cuts Time to Protect from hours to seconds

9Fortinet - Confidential

Open – The Fabric allows integration of existing security solutions

SIEM

PrivateCloud(SDN)Endpoint

PublicCloud

Vulnerability

Management

10Fortinet - Confidential

Attacker Defender Life Cycle – Kill Chain

Threat Methodology

Defender ResponseIncreasing Risk and Cost to the Business

Recon Weaponize Delivery Exploit C&C Internal Recon Maintain

Prepare Prevent Detect Response

Zero-DaySocial Engineering

Botnet Lateral MovementRecruitment

EvadeInfection Vector

11Fortinet - Confidential

Continuous Monitoring and Analytics

PrepareSegmentationProcessesTraining

PreventHardenIsolate

Network Application

Endpoint

DetectATP

SIEMTIS

RespondContainRemediate Clean

12

34

12Fortinet - Confidential

End-to-End Security OperationsSandbox to SIEM

AutomationCustom Feed

Security Analysts

Sandbox IOC Extraction

Samples Sent for Automated Extraction

Restful API

Telemetry Flow2M+ Sensors

50B+ Daily Events

FortiGuard Global CTI

FP Reduction

Global Context

Global CTI Database

Do not delete dot – for animation

Value-Added

ServicesCustomers

QA

CTI Platform

SIEM

SOC / MSS

001001101100100011

Respond