security without compromise · security without compromise stan easparro – channel se . 2...
TRANSCRIPT
1 © Copyright Fortinet Inc. All rights reserved.
Security Without Compromise
Stan Easparro – Channel SE
2
Infrastructure. Constant Change.
Green Google’s 13 data
centers use 0.01%
of global power
SDN/NFV Software-defined
everything. SD WAN
SaaS On average, companies
have 10+ applications
running via the Cloud
IaaS Security still the
No.1 inhibitor
IoT 35B devices, mostly
headless attaching
to the network
Virtualization 80% of data center
apps are virtualized
Mobile No control of
endpoints (BYOD)
Social Bandwidth ever
increasing
Bandwidth Wi-Fi speeds rival LANs.
100G networks here
Analytics Big Data
Internet 2 100 Gbps and
UHDTV
5G Wireless
FUTURE
100G
3
The Attack Surface Has Increased Dramatically
Today’s Security is Borderless
Internal External
Mobile
Endpoint
Branch
Office
NGFW
Campus
Data Center
DCFW
UTM
IoT
PoS
Network
Applications
Data
People
4
End to End Segmentation Critical
Internal External
Cloud
On Demand
Data Center
SDN Orchestration
Mobile
Endpoint
Branch
Office
NGFW
Campus
Data Center
DCFW
UTM
IoT
PoS
5
Segmentation Inhibitors
Communication
» Too Many point solutions that do not talk to each other (SIEM)
» Platform’s use central Management to coordinate which is too slow to stop
Advanced Threats
Operations
» Adding Internal Firewalls requires Automation of Security Policies
» Need Visualization of end to end Network to architect the Segmentation
model
Performance
» Internal Performance much Higher than Edge/Perimeter
» Still big Gap between Firewall and NGFW Performance
Segmentation Sprawl
6
Fortinet Security Fabric – Protecting from IoT to Cloud
Scalable
Aware
Secure
Actionable
Open
Client Security
Network Security
Application
Security
Cloud Security
Secure WLAN Access
Alliance Partners
Secure LAN Access
IoT
Fortinet
Security Fabric
Global Intelligence
Local
Intelligence
7
Key Fabric Attributes
From IoT to Cloud
Actionable Security Scalability Awareness Scalability Open
8
Device Access Network Cloud
Distributed
Enterprise
Edge Segmentation
Branch
Data Center
North-South
Carrier
Class Private Cloud IaaS/SaaS
WLAN / LAN
Rugged
Embedded System on a Chips Packet and Content Processor ASIC Hardware Dependent
Device
>1G
Appliance
>5G
Appliance
>30G
Appliance
>300G
Chassis
>Terabit
Virtual Machine
SDN/NFV
Virtual Machine
On Demand
Client
Endpoint SDN
Provisioned
Distributed
NSF
Flow Based
ASIC
Single Pane of Glass
(Management)
Single point of
Security Updates
Single Network
Operating System
Scalable from IoT to Cloud
Single point of
Authentication
and SSO
9
Parallel Path Processing (PPP)
Packet
Processing
Content
Inspection
Policy
Management
Security for the Network
Slow is Broken
CPU Only
Policy Management
Packet Processing
Deep Inspection
More Performance
Less Latency
Less Power
Less Space
CPU
Optimised
SoC
10
Security for the Cloud
Virtualization Hypervisor Port
Hypervisor
Private Cloud SDN - Orchestration Integration
Public Cloud On-Demand
IaaS Cloud
Connector API
East-West North-South
Flow
NGFW WAF Management Reporting APT
SaaS Cloud
Proxy
CASI
Broker
API
Hybrid
11
Security for Access - Secure Access Architecture W
LA
N Infrastructure
On Premise Management
Integrated On Premise Management
Cloud Cloud Management
3 2 1
Infrastructure Integrated Cloud
FortiGate
FortiSwitch LA
N
“Universal Access Point and Switch
Access
Application
Portfolio
Authentication/SSO
Fabric
12
Actionable Awareness Scalability Open
Key Fabric Attributes
From IoT to Cloud
Security
13
Key Fabric Attributes
Actionable Security Open Scalability Awareness
From IoT to Cloud
14
Global and Local Security
App Control Antivirus Anti-spam
IPS Web App Database
Web Filtering
Vulnerability Management
Botnet Mobile
Security
Cloud Sandbox
Deep App Control
Partner FortiWeb FortiMail FortiClient FortiGate
Threat
Researchers
Threat Intelligence
Exchange
Advanced
Threat
Protection
16
Awareness Scalability Open Security
Key Fabric Attributes
From IoT to Cloud
Actionable Security
17
Support Services Single Pane of Glass Migration to Cloud Based Systems
FortiCare FortiCloud FortiGuard Cloud FortiSandbox
Cloud Based Management of
NGFW + Access Point
Cloud Based Management of
NGFW + Access Point
Cloud Based
Management of
NGFW + Access Point
Threat Intelligence Advanced Threat
Protection
Actionable Threat Intelligence
WAN Data Center Access
IoT Mobile
PoS Windows
FortiManager
18
Awareness Scalability Security Actionable Security
Key Fabric Attributes
From IoT to Cloud
Open
19
Open: Multiple Levels of Fabric API’s for Partner Integration
Fortinet Security Fabric
SIEM
SDN Endpoint
Cloud Virtual
Management
Ecosystem Alliance Partners
20
Cloud SDN Sandbox
Test/SSO System Integrator SIEM Management
Ecosystem Integration Points
21 © Copyright Fortinet Inc. All rights reserved.
Thank You!