securing next generation carrier networks vishak raman - regional director – saarc
TRANSCRIPT
![Page 1: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/1.jpg)
Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC
![Page 2: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/2.jpg)
Fortinet Confidential
Protecting the Service Provider’s Infrastructure
MOBILENETWORK
RADIUS SERVER
GGSN
SGSN
2Protecting the customer (Managed Security Service Provider)
Subscriber Network
Subscriber Network
Subscriber Network
1
Two discrete solutions for Service ProvidersTwo discrete solutions for Service ProvidersTwo discrete solutions for Service ProvidersTwo discrete solutions for Service Providers
Security Solutions for Service Providers
![Page 3: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/3.jpg)
Fortinet Confidential
Managed Security Services
![Page 4: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/4.jpg)
Fortinet Confidential
MSS Drivers
DriversDrivers
Domestic RegulationHuge SME uptakeConcerns over ConfidentialityReducing cost & fulfilling corporate requirements
Inhibitors
Perturbations in Financial Markets Lack of Investments in Regional SOCs Localization of Support
Key SuccessFactors
Key SuccessFactors
Service Expertise Quality of Service Cost Reduction Relationship window
![Page 5: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/5.jpg)
Fortinet Confidential
APAC MSS Landscape
Integrators
Telecommunication/Wan ProvidersTelecommunication/Wan Providers
Pure-Play
Inclusion Criteria > 150 customer FW/IPS/Web/Mail GW in APAC Or 50 Customers in APAC
HQ or Major RO in APAC
Channel presence in 2 of 6 APAC Regions
2 reference accounts to Gartner
![Page 6: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/6.jpg)
Fortinet Confidential
APAC MSS Pointers
Market Growth Rate in 2009
Number of devices 24%
Client Base 16%
Deal Size APAC EMEA<$150K 57% 12.5%
Between $150K and $750K
30% 25%
Between $750K and $1.5M
_______ 25%
>$1.5M _______ 37.5%
Type No of Devices in 2009
CPE ( Customer Premise) 20,010
ITC (In The Cloud ) 2,760
Beyond “Device Management”
![Page 7: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/7.jpg)
Fortinet Confidential
NOC/SOC
CPE / Client Based MSS
7
Internet
![Page 8: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/8.jpg)
Fortinet Confidential
Cloud Based Services
• Per Customer Virtual Domain▪ Application Control▪ Web Filtering▪ AntiVirus / AntiSpyware▪ Data Leak Prevention▪ AntiSpam▪ Intrusion Protection▪ VPN (IPSec / SSL)▪ Firewall▪ Dynamic Routing
8
![Page 9: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/9.jpg)
Fortinet Confidential
Access Layer Virtualization Services
Virtualized Secure Remote Access Service to End Users in Public (IPSec / SSL)
- Virtualized Firewall catering to Virtual Network
- Independent Access Policies
- Virtualized IPS Sensor Policies
- Added advantage with Application control
Protecting VoIP servers and connections from Threat and targeted DoS Attacks
ACCESS CONTROLSecure Authentication and Access
vUTM services in Select Markets
![Page 10: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/10.jpg)
Fortinet Confidential
Virtualization in FortiGate
Super Admin
VDOM Admin
FortiGate Hardware
FortiOS
Firewall
VPN(IPSec/SSL)
IPS / App Ctrl
WCF / G AV
Routing
VLANs
Firewall
VPN(IPSec/SSL)
IPS / App Ctrl
WCF / G AV
Routing
VLANs
Individual VDOMs
. ..
Root VDOMM
GM
T
MG
MT
Firewall
IPS / App Ctrl
WCF / G AV
Routing
VLANs
VPN(IPSec/SSL)
![Page 11: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/11.jpg)
Fortinet Confidential
Dynamic Security Profiles
![Page 12: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/12.jpg)
Fortinet Confidential
Provides an authenticated bypass of the Service Restrictions Within a domestic environment
Both end-points (users) are behind the same NAT boundary Clientless solution to differentiate access – no software to ‘hack’ Parental control is maintained
DSL
Home user 1(Adult)
NAT
DSL
Home user 2 (Child)
Dynamic Security Profiles- In Home Parental Control*
DYNAMIC SECURITY PROFILES
DYNAMIC SECURITY PROFILES
*FortiOS Carrier 4.1
www.badsite.com
![Page 13: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/13.jpg)
Fortinet Confidential
• Per end-point Black / White List− End points (users, MSISDN) can have their own black white list− No requirement for end user to access FortiGate infrastructure
• Can be populated on Self Service Portal• Dynamically configured on FortiGate as end points attach
− RADIUS VSA Extension, no fixed limit for URLs
DSL+3G
RADIUS
Dynamic Security ProfilesEnd-Point customisation
DYNAMIC SECURITY PROFILES
DYNAMIC SECURITY PROFILES
Self ServicePortal
*FortiOS Carrier 4.2www.badsite.com
![Page 14: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/14.jpg)
Fortinet Confidential
Infrastructure protection
![Page 15: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/15.jpg)
Fortinet Confidential
Mobile Operator Threat Evolution
Pre-IMS IMS
voice
SMS
VOIP
Media
IPTV
IMMMS
Rapid ApplicationDeployment
Web
Web
![Page 16: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/16.jpg)
Fortinet Confidential
Security Considerations – What?
InterrogatingCSCF
InterrogatingCSCF
ServingCSCF
ServingCSCFFixed
Wireline
WifiWiMax
MobileWireless
ProxyCSCFProxyCSCF
App ServerPresence / IM App Server
Presence / IM
IPNetwork
App ServerPush-to-talk App Server
Push-to-talk
App ServerETC…
App ServerETC…
IPNetwork
SIPSIP
IMS SIPCore
IMS SIPCore
h.248h.248
DIAMETERDIAMETER
PDFRACSRACF
PDFRACSRACF
CarrierPeer IP
Network
A-BGFA-BGF I-BGFI-BGF
I-BCFI-BCF
PSTNMedia
GatewayMedia
Gateway
h.248h.248
SIPSIP
SIPSIP
SIPSIP
MediaMedia MediaMediaMediaMedia
FortiGateFortiGate
Access-Voice Security moves all the way to the handset
-Encryption/Compression/Authentication (open up payload)-IPS capabilities (msg flood, header tampering)
- Network Denial of Service-Antivirus
-Same HTTP/SMTP offerings as pre-ims at Internet Egress
Applications-Rapid app delivery
-Host Attacks
Peering-Open Internet (Traffic Anomaly)
-IPS (msg flood, proto conformance)-QoS-VPN
-Antivirus-Protocol translations (L3 and L4)
-NAT ALG services-Overlapping Subnets-Virtualization per peer
Handsets-FW/VPN/IPS/AV
![Page 17: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/17.jpg)
Fortinet Confidential
FortiOS Carrier Security Highlights
Dynamic Profiles Per user services via a RADIUS API Protection Profile derived from RADIUS record
Session Initiation Protocol (SIP) Security Stateful SIP tracking, Malicious SIP message protection , SIP Rate Limitation SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing Geographical Redundancy, SIP Stateful High-Availability
Multimedia Message Service (MMS) Security Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering) Sender and Admin notification
GPRS Tunneling Protocol (GTP) Firewall 3GPP 29.060 version 6.9.0, including Overbilling Protection Protocol Anomaly Checks, IMSI/APN/IE filtering
Dynamic Profiles Per user services via a RADIUS API Protection Profile derived from RADIUS record
Session Initiation Protocol (SIP) Security Stateful SIP tracking, Malicious SIP message protection , SIP Rate Limitation SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing Geographical Redundancy, SIP Stateful High-Availability
Multimedia Message Service (MMS) Security Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering) Sender and Admin notification
GPRS Tunneling Protocol (GTP) Firewall 3GPP 29.060 version 6.9.0, including Overbilling Protection Protocol Anomaly Checks, IMSI/APN/IE filtering
![Page 18: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/18.jpg)
Fortinet Confidential
• Global presence with 30+ offices worldwide• 5,000+ channel partners• 500,000 units shipped worldwide • 75,000+ customers (including the majority of the
Fortune Global 100)• 1,200+ employees• IPO Nov 2009 – FTNT• Consistently strong sequential growth• Profitable: $259+ million cash balance & cash flow
positive
Fortinet: An Established Security Vendor
![Page 19: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/19.jpg)
Fortinet Confidential
Security Vendor of The Year in APAC
• Fortinet awarded 2010 Security Vendor of the Year by Frost & Sullivan for Asia Pacific
• Competitors: Juniper, Check Point, Cisco
[…] an achievement that was undoubtedly driven by the foresight of Fortinet in expounding and leveraging on the rapidly emerging trend of technology convergence.
The combination of effective go-to-market and product strategies was pivotal in cementing Fortinet’s position as a major player in the network security market in the Asia Pacific region.
Edison Yu, Asia Pacific Information & Communication Technologies Practice, Frost & Sullivan
””
““
““
””
![Page 20: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/20.jpg)
Fortinet Confidential
Fortinet High-End Traction
20
International UTM Revenue Share, 2009$50,000-99,999 Price Band
Source: IDC Worldwide Security Appliance Tracker, Q3 2009*International = Western Europe + Japan +Asia Pacific
Fortinet Secures:
• 7 of Top 10 Fortune 500
• 5 of Top 10 Global 500 in EMEA
• 7 of Top 10 Global 500 in APAC
• 6 of Top 10 Global 500 Commercial & Savings Banks
• 7 of Top 10 Global 500 Aerospace & Defense
• 2 of Top 5 Global 500 in IT Services
![Page 21: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/21.jpg)
Fortinet Confidential
India
2009 UTM Market – 31.26 M$2009 UTM Market – 31.26 M$2009 Security Appliances Market 2009 Security Appliances Market – 85.23 M$– 85.23 M$
![Page 22: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/22.jpg)
Fortinet Confidential
Fortinet TelCos/xSPs Customers Success
…and others rely on Fortinet’s protection
![Page 23: Securing Next Generation Carrier Networks Vishak Raman - Regional Director – SAARC](https://reader030.vdocuments.site/reader030/viewer/2022032709/56649eca5503460f94bd7c48/html5/thumbnails/23.jpg)
Fortinet Confidential
Thank You
23