het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
Peter Vanhemelryckpresales engineer
Het ecosysteem als complete bescherming tegen cybercriminaliteit
2
Focus op deze richtsnoeren
Known and Unknown
InboundOutboundInternalExternal
3
WHAT IF I TOLD YOU
YOU’VE BEEN BREACHED(AND DIDN’T EVEN KNOW IT?)
4
Source: DataBreaches.net
Adobe 152M customer
records breached
Target70M customers
at risk
Home Depot56M customers at
risk
eBay 145M customers at
risk
UPS
Snapchat
Dominos Pizza (France)
Neiman Marcus
Korean Credit
Bureau
Mozilla
Vodafone
Gmail
LexisNexus
AOL2,400,000
Sony 47,740
employees exposed
European Central
Bank
Apple
5
Customer Challenge – Security
Increasing Damage
AppControl
WebFilter
Anti-Spam
AntiMalwareVPN IPSFIREWALL Advanced
Threat Protection
Hackers
Layer 1-2 Content & Application (Layer 3-7)
IntrusionsWorms
VirusesSpyware
BotnetsSpam
MaliciousURLs
MaliciousApps
AdvancedPersistent
Threats
2005 2007 TodayTHREATTIMELINE
201120032000
Incr
easi
ng P
erfo
rman
ce R
equi
rem
ents
Today’s sophisticated threats are causing more damage than ever, and a growing set of security technologies is needed to stop them.
Most security vendors outsource or lack critical pieces of the puzzle Customers try to piece together a solution on their own
6
Breaking the Kill Chain of Advanced Attacks
Antispam
Web Filtering
Antivirus
Intrusion Prevention
App ControlIP Reputation
Spam
MaliciousLink
Exploit
Malware
Bot Commands& Stolen Data
Spam
MaliciousLink
Exploit
Malware
Bot Commands& Stolen Data
MaliciousEmail
MaliciousWeb Site
C2 Server
7
Fortinet Advanced Threat Protection Framework
Step 1 - Prevent• Block threats before they
enter your network
Step 2 - Detect• Discover threats that
have entered the network
Step 3 - Mitigate• Respond to any threats that have
breached the network
8
The Technologies Behind It
Botnet DetectionIP & Client ReputationSandboxing
Network FirewallAnti-Virus
Two Factor AuthenticationIntrusion Prevention
Secure Email GatewayWeb Application Firewall
End Point Protection
PeopleProcessTechnology
Threat IntelligenceZero Day ResearchContinuous updates
9
FortiGuard Lab
FortiGuard Services
Advanced Threat Protection in Action
FortiGate
FortiMail
FortiWeb
FortiClient
10
FortiGuard Lab
FortiGuard Services
Advanced Threat Protection in Action
FortiGate
FortiMail
FortiWeb
FortiSandbox
FortiClient
11
Integration, Integration, Integration
File Submission
File Submission
Detailed Status Report
FSA Dynamic Threat DB Update
Control Host Quarantine
FortiSandbox
FortiClientFortiGate
1
2
3b
1
Real-time engine and intelligence updates
Enforce Network Quarantine
3c
File Status result for auto File Hold &
Quarantine
2
FSA Dynamic Threat DB Update
1 File submission for Analysis
2 Respective analysis results are returned
4 4
3a
3a
Remediation Auto File Quarantine on Host with option to hold file until result
Query
3b Manual Host Quarantine by Admin
3c Manual Source IP Quarantine using Firewall
Protection
4 Proactive dynamic Threat DB update to gateway and host
12
Founded in 2000, 1st shipment 2002, IPO 2009 HQ: Sunnyvale… 100+ offices worldwide
Employees: 3900+ 255,000+ customers
Over 2 million devices shipped
#1 unit share worldwide in network security (IDC)
Market-leading tech… 257 patents, 228 pending
Balanced business across segments
Balanced revenue and growth around the globe
APAC21%
Americas44%
EMEA35%
FortinetRevenue
By RegionQ3 2015
Entry-Level Ap-pliances
36%
Mid-Range Appliances
26%
High-End Ap-pliances
38%
FortiGateRevenue
By SegmentQ3 2015
Custom ASIC-based scalable architectureFortiASIC
Custom, convergedNetworking + Security OSFortiOS
Industry-leading, validatedThreat ResearchFortiGuard
Global Infrastructure & Support FortiCare
A Global Leader and Innovator in Network SecurityFortinet Quick Facts
13
Proven, Certified SecurityFortiGuard Labs Threat Intelligence Powers Fortinet Products
Per Minute21,000Spam emails intercepted
390,000Network Intrusion Attempts resisted
460,000Malware programs neutralized
160,000Malicious Website accesses blocked
50,000Botnet C&C attempts thwarted
43 millionWebsite categorization requests
Per Week46 millionNew & updated spam rules
120Intrusion prevention rules
1.8 millionNew & updated AV definitions
1.4 millionNew URL ratings
8,000Hours of threat research globally
Total Database190Terabytes of threat samples
18,000Intrusion Prevention rules
5,800Application Control rules
250 millionRated websites in 78 categories
200Zero-day threats discovered
Based on Q2 2015 dataImage: threatmap.FortiGuard.com
14
NSS Labs Validates Our AdvantageFortinet Is Consistently “Recommended” While Top Competitors Are Not
NGFW
Breach Detection
X-axis = TCO per protected Mbps, ‘Value’ Y-axis = Security Effectiveness
Upper right quadrant = “Recommended” Lower left quadrant = “Caution” Other quadrants “Neutral”
Next Generation IPS
Aug. 2015Apr. 2015
Sept. 2014
FortiSandboxProtection against unknown treaths
16
FortiSandbox – 5 Steps to Better Performance
Call Back Detection
Full Virtual Sandbox
Code Emulation
Cloud File Query
AV Prefilter
• Quickly simulate intended activity – Fortinet patented CPRL• OS independent & immune to evasion – high catch rate
• Apply top-rated anti-malware engine
• Examine real-time, full lifecycle activity in the sandbox to get the threat to expose itself
• Check community intelligence & file reputation
• Identify the ultimate aim, call back & exfiltration• Mitigate w/ analytics & FortiGuard updates
17
Scenario 1
Scenario» 0day protection against realtime communications threats like HTTP(s).
Ex. Malicious websites
Use FortiGate Use FortiSandbox
» Cloud» On Premise
or
18
Scenario 2
Scenario» 0day protection against realtime communications threats like HTTP(s).
Ex. Malicious websites» 0day protection for mail threats. Ex. Cryptolocker mails
Use FortiGate Use FortiMail Use FortiSandbox
» Cloud» On Premise
or
19
Scenario 3
Scenario» 0day protection against realtime communications threats like HTTP(s).
Ex. Malicious websites» 0day protection for mail threats. Ex. Cryptolocker mails» 0day protection for Road Warriors
Use FortiGate Use FortiMail Use FortiClient Use FortiSandbox
20
Deployment Example
Confidential
One Solution for the Enterprise
FSA working in Device Mode and Sniffer Mode
Signature Updates
Span Port
Signature Updates
21
4 week FSA catching statistic
Known malicious content detected by step 1/2/3
Suspicious content detected in VM
Belgian customer• FG1500D cluster• AV profile with FSA
integration• Multiple VDOMs• FSA1000D
Threat Landscape & Evolving IT Infrastructure
23
Threat Landscape & Evolving IT Infrastructure
WAN
Internet
Cloud
HomeOffice
Internal Network(100 Gbps+)
BranchOffice
PrivateCloud
EdgeGateway
Data Center
ISFW
ISFWISFW
ISFWISFW
ISFW
External
Internal
FortiGate ISFW Features: Very high performance Ultra-low latency High port density 1, 10, 40 & 100 GbE interfaces Detection and proactive protection Quick deployment and operational ease Proven FortiGuard threat intelligence
24
Cybersecurity PlatformSeamless Security Across the Entire Attack Surface
USERS
NETWORK
DATA CENTER
ATP Framework Allows Threat Intelligence Sharing and Alerting
Secure Access
Network Security Application Security
FortiGuard Threat Intelligence & Services
FortiGate
Client Security
CloudSecurity