Upload
zymbian
View
115
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Web 2.0 communications are outstripping the use of email on corporate networks, and user 'dependence' is growing so that personal lifestyles and professional duties are becoming completely intertwined.
Citation preview
Fortinet Confidential
Kanwal Sohal – SE Manager UK&[email protected]
Richard Holmes – Technical [email protected]
WEB 2.0 & APPLICATION SECURITY CHALLENGE
Fortinet Confidential2
Agenda
Application Security
Fortinet Protection
Summary & Proof of Concept
Visibility and Control
Fortinet Confidential
Application Security Challenge
• Freedom of choice – who’s in control.
3
Fortinet Confidential
Web 2.0 & Application Security Challenge . . . . . .
• Shrinking DEFENCE budgets
• Viruses, Worms, Identity theft . . . .
• Expanding attack and threat surfaces
4
Fortinet Confidential
Challenges facing Organisations
• Social networking sites and the blogosphere have become an integral part of many peoples lives (FortiGuard)*
• Companies increasingly realise that their people, while their greatest asset, can be their greatest vulnerability, and so need to be educated on security risks. (BERR)*
• HTTP traffic now is not just web browsing but an “application tunnel”
• Majority of this traffic bypasses traditional security controls or uses inefficient proxies that slow down infrastructures & still misses content
• 30% of companies are using Voice over IP telephony (BERR)*
• Web 2.0 targeted by spam. Throughout the 12 months we witnessed a barrage of attacks on these sites: malicious social applications, Spam 2.0, worms such as Koobface, Secret Crush, and various phishing campaigns (FortiGuard)*
*BERR: Department for Business Enterprise & Regulatory Reform*FortiGuard: Fortinet Global Security Research Team
Fortinet Confidential
Applications, Applications & Applications
• Evasive applications using non-standard ports, port-hopping, or tunneling within trusted applications
• Drive by infections on the increase – personal use vs. business use.
• Security posture needs to be enhanced – business enablement.
• Intelligent firewall with “Application control” a must – regain control of your network.
Fortinet Confidential
Fortinet FortiGuard Threat Analysis
• User activity exposes internal network to threat/s. Infection vectors:• Instant Messaging
• P2P networks
• Web Browsing
• Web 2.0
• Social Networking Sites
7
Severity Number ofVulnerabiliti
es
ActiveExploitation
Critical 15 7High 15 7
Medium 6 3Low 2 -Info - n/aTotal 38 17
This month only
Application NameApple ITunes, QuickTime Microsoft AD, Direct
show, Excel, IE, Office, Publisher, Office, PowerPoint
Citrix Presentation Server
Adobe Flash Player Oracle Secure Backup, BEA Weblogic
RIM Blackberry Enterprise Server
EMC Alpha Store Mozilla Memory Corruption
Sun Java Runtime
Fortinet Confidential
Web 2.0 - Secret Crush•Malicious Facebook Widget - prompts users to install the infamous "Zango" adware/spyware.*
Propagates by requesting other users to be added.
URL = http://static.zangocash.com/Setup/46/Zango/Setup.exe
Installs Exe
*Source: FortiGuard (Fortinet Global Security Research Team)
Fortinet Confidential
Web Browsing – How Safe is it?• There is always a way into your network.
• Even when at first glance all looks safe.*
Obfuscated script that embeds links to malicious PDF file and malicious FLASH file.
*Source: FortiGuard (Fortinet Global Security Research Team)
Fortinet Confidential
Layers of protection
• Requires an integrated security strategy• Allow but don’t trust any application• Examine all application content• Comprehensive, integrated
inspection• Overlapping, complementary
layers of protection
10
Fortinet Confidential11
Agenda
Application Security
Fortinet Protection
Summary & Proof of Concept
Visibility and Control
Fortinet Confidential
FortiGate - Application Aware Firewall
Industry first Tier 1 “Application Aware Firewall” identifying 1,000+ applications.
•Instant Messaging•Peer-to-peer•Voice over IP•File Transfer •Video/Audio Streaming•Internet Proxy•Remote Access Connection•Games•Web Browser Toolbar•Database•Web-based email•Web•Protocol Command•Internet Protocol•Network Services•Enterprise Applications•System Update•Network Backup
Fortinet Confidential
FortiGate Application Management
• Create granular policies for authorised applications.• Identify/control rogue
application – allow or block• Add new applications.
13
Fortinet Confidential
FortiAnalyzer - Seeing is Believing
Fortinet Confidential
SSL Traffic Inspection
• SSL content scanning and inspection.• Apply antivirus
scanning, web filtering, spam filtering & data leak prevention (DLP).• Re-encrypts the
sessions and forwards them to their destinations.
Fortinet Confidential
DLP Control – HTTP, EMAIL & Instant Messaging • DLP Sensor
• Used to define data detection rule sets.
• Sensor applied in protection profile.
DLP Actions• Log, block, archive (to FortiAnalyzer)
• Ban or quarantine user.
16
Fortinet Confidential17
Agenda
Application Security
Fortinet Protection
Summary & Proof of Concept
Visibility and Control
Fortinet Confidential
Today’s Budget - Financial “Belt Tightening”Shrinking IT budgets driving higher demands for ROI.• Rising complexity and cost of
managing and maintaining multiple security solutions.
• Increased pressure to improve security service while reducing TCO.
ROI = Return on InvestmentTCO = Total Cost of Ownership
Fortinet Confidential
Impact on today's Security
• Multiple ‘pain' products.• Tactical purchases have led to reactive environments.• Costly implementations/renewals.• Lack of innovative expenditure due to reactive
spending.• Too many suppliers, too many vendors.• Threat Landscape has changed.• Bandwidth congestion.• Compliance & Risk• Greater risk of breach/infection.
Fortinet Confidential
Fortinet Security Simplification
Industry Evolution Towards Security SimplificationIndustry Evolution Towards Security Simplification
IPSEC VPN
SSL VPN
IPS
Firewall
Antivirus
Antispam
URL Filters
AntispywareWAN OPT
SSL Inspection
DLP
Technologies
Cost=£+£+£+£+£+£Budget=£+£+£
Benefits of Multi-Layered Security Platforms
Complements legacy point products.
Lower Cap Ex and Op Ex.
Ease of management.
Better risk mitigation capabilities against blended threats
FortiGate Appliance
Fortinet Confidential
Getting More for Less $
• Security Consolidation• Reducing costs.
• Improving security posture & hardware consolidation.
IPSEC VPN
SSL VPN
IPS
Firewall
Antivirus
Antispam
URL Filters
AntispywareWAN OPT
SSL Inspection
DLP
Current Deployment
$
Reducing CostImproving Security Posture
& Consolidation
+
FW, VPN, SSL Inspection
URL,IPS,AV,AS
Fortinet Confidential
Fortinet End-2-End Security
Network Security
Host Security
Data Security
Application Security
Management
FortiGateNetwork SecurityPlatform
FortiManagerCentralized Mgmt
FortiAnalyzerLog & Reporting
FortiMailEmail Security
FortiClientHost Security Solution
FortiDBDatabase Security
Security Services
FortiGuardReal time Security Services
FortiWebXML and Web Application Security
FortiScanAsset Vulnerability Mgmt
Fortinet Confidential23
Agenda
Application Security
Fortinet Protection
Summary & Proof of Concept
Visibility and Control
Fortinet Confidential24
Fortinet EMEA: Success in All Verticals
Telco/MSSP Industry
Public Sector Finance
Oxford University
Fortinet Confidential
Making Security Scalable
Security Service Fortinet CompetitorApp Aware Firewall / VPN
$14,495 $10,899
Intrusion Prevention Included $16,569
Antivirus Included $7,736
Web Filtering Included $7,853
Totals $14,495 $43,057
Lowering the cost of security & consolidation of hardware.
• 200 User Network• Savings over Standalone Products - $28,562
Fortinet Confidential
Fortinet Positioned In The Leaders Quadrant –Magic Quadrant for Multifunction Firewalls
Source: Gartner, Inc., “Magic Quadrant for SMB Multifunction Firewalls” by G. Young and A. Hils, July 10, 2009.
Fortinet Confidential
Proof of Concept - seeing is believing …
• All evals to date have proved 30 – 50% of HTTP traffic escapes inspection.
• One eval demonstrated over 2 terabytes of unaccountable traffic on the network (downloading films etc).
• 85,000 IM connections in a week when the client said all IM was banned.
• QQ – the Chinese ‘IM’ service rife in a secure & partitioned off hedge fund environment.
• DLP – customer identified 800 Meg customer database file leaving network .
• To book a POC contact Richard Holmes([email protected])
27
Fortinet Confidential
Thank You