Académique Documents
Professionnel Documents
Culture Documents
EL ORBE
REAS
DE SOLUCIN
Valoracin de Situacin
Actual en Ciberseguridad.
Anlisis de Vulnerabilidades
y Pruebas de Penetracin.
Identificacin de Infraestructura
Crtica y Anlisis de Riesgo.
Consultora, capacitaciones
y planes de concientizacin.
Instalacin y Configuracin
Cualquier tipo de empresa sin de NGIPS y NGFW.
importar su mercado o industria,
no se encuentra exenta de los
Ciberataques, por lo que se
deben tomar medidas para no Soluciones de Cifrado
verse envuelto en un incidente de
seguridad de informacin. Esto
conlleva a alinear los recursos
limitados con los que se cuenta y Soluciones de HSM
orientarlos a proteger la infra-
estructura crtica que realmente
soporta la operacin de las orga-
nizaciones, como parte funda- Anlisis y Valoracin de Trfico
mental para la continuidad de los Malicioso (Assessment)
servicios.
Hardening (Endurecimiento
de configuraciones)
www.elorbe.la
SOLUTION GUIDE
Most organizations focus their limited resources on locking down Verizons 2015 Data Breach Investigations Report revealed that over
access and controlling their networks to protect their data centers 38 percent of all data breaches were caused by web application
from external threats. The latest generation of enterprise firewalls and vulnerabilities. The Open Web Application Security Project (OWASP)
intrusion prevention systems (IPS) primarily focus on securing the has consistently reported since 2010 that almost every web-based
network and controlling access to it. These are great technologies, application has one or more vulnerabilities listed in their Top 10 list of
however there are limits to what they can offer to provide complete application security risks. They have also reported that 95 percent
protection against threats that target applications, application of all websites are attacked annually using cross-site scripting and
services, and users. injection techniques. Gartner stated in its 2015 Web Application
Firewall Magic Quadrant that they expect more than 80 percent of
As soon as an application is opened to the Internet, it is a target.
all enterprises will have a web application firewall (WAF) in place by
All that stands between an attacker and an organizations sensitive
2018 to protect against web application attacks.
data is an unassuming login screen. No matter how many layers of
network security are in place, this entry point could expose Application Layer DDoS Attacks
customer data, proprietary information, or sensitive financial
Distributed denial of service (DDoS) attacks are one of the oldest
information if the application hasnt been hardened or protected by
security threat types, however they have evolved over the past
some other means.
decade to target application-level services. Large scale bulk
In this solution guide well explore the top challenges organizations volumetric attacks still grab the large headlines, however the fastest
face when it comes to securing applications and the data they host, growing category of these attack types are layer 7 events that only
including web application vulnerabilities, application layer DDoS take a few megabits of packets to do as much harm as an attack
attacks, advanced persistent threats (APTs), scaling application in the hundreds of gigabits. DDoS attacks are still ranked as the
encryption, and protecting users from email-borne threats. top threat by data center managers compared to other events like
infrastructure outages and bandwidth saturation.
Applications are Easy Targets
Email: The Backdoor to Your Security Fortress
There is no question that a firewall is your first line of defense for
network security. Todays latest firewall technologies are almost Network security professionals spend the better part of their
bulletproof, at least at the layer 2 and 3 levels. Attackers and cyber careers designing, implementing, and maintaining the latest and
criminals know this and have had to adapt their techniques. Not that best defenses for their organizations. Even with the most advanced
they wont try to look for firewall vulnerabilities, rather they know that firewall security systems in place, all it takes is one click by a user on
high-value targets like financial institutions, retailers, and government a link in a malicious email to bypass your carefully crafted network
agencies have tightened their security policies and the days of easy protections. Cyber criminals are getting much more sophisticated
data breaches at the firewall are over. in their tactics. Many spam and phishing emails they send can fool
even the most cautious of users with communications that appear to
The fastest growing categories of attacks and data breaches
come from reliable sources or even your own IT department.
are those that target applications, application layer services, and
inexperienced users. These represent most of the remaining Email is also one of the key attack vectors for social engineering.
weak spots and there are countless possibilities to exploit code Clever attackers can now easily access connections on Facebook,
vulnerabilities, application modules, and trusting users who think that LinkedIn, and other social media sites to easily obtain contact
the email they just received was a legitimate request to reset their information. Then they craft emails that look like theyre being sent
account credentials. by legitimate friends and colleagues in an attempt to trick users
into downloading malicious attachments or direct them to websites
where malware can be installed.
2
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
APTs are custom-developed, targeted attacks. They can evade volume increase to 30 percent in 2015 and expects 50 percent
straightforward detection, using previously unseen (or zero-day) growth in 2016. Combined with this explosive expansion in traffic,
malware, exploit vulnerabilities (unpatched security holes), and come the complexity of moving to more advanced encryption keys as the
from brand-new or seemingly innocent hosting URLs and IPs. Their technology expands from 1,024 keys to 2,048 and now 4,096, is
goal is to compromise their target system with advanced code doubling and even quadrupling secure packet sizes. Servers and
techniques that attempt to circumvent security barriers and stay load balancers are struggling to keep up with this demand using
under the radar as long as possible. todays current crop of secure application delivery solutions.
Applications and email are two top vectors in APTs. Many web
Complete Application Security Extends Past
applications allow the uploading of files and many emails contain
the Firewall
attached files that could be risks. Antivirus scans can check for
previously identified risks, however APTs generally are tailored to Each of the areas presented in the previous section provide unique
circumvent traditional AV detection and many slip past this first line challenges that need more than a firewall or an IPS to completely
of defense. address. Most firewall and IPS systems today, including our
FortiGate product line, have features that can solve many of these
Secure Application Traffic Growth new problems. However, in general they are limited to signature
detection and need additional solutions to provide complete
Although not a threat, many enterprises are aggressively expanding
protection for unknown and zero-day attacks. FortiGate has many
SSL to all their web-facing applications. Even seemingly benign
services that can be enabled such as deep packet inspection
applications are getting the secure treatment in order to patch
and data loss prevention (DLP), but even with those, there are
known or unknown vulnerabilities to other more important systems.
still loopholes and there are performance impacts that need to be
Sandvines Encrypted Traffic Report 2015 saw encrypted traffic
considered in enterprise deployments.
3
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
The most used application-level protection features of FortiGate offers many advanced services that come close, but still, no
and other firewalls are IP reputation and signature detection. one product can do everything. We discussed deep packet
Usually subscription-based services, IP reputation and attack inspection earlier. Most enterprise data center managers do not
signatures are very effective measures that block attacks before turn this service on as it can be very processor-intensive and can
any processing is applied by the firewall. If an attack is from a impact overall firewall throughput. In these cases, the FortiGate is
known source or it matches a predefined signature, it is blocked streamlined to basic capabilities for maximum performance, where
automatically without the firewall having to perform any further other devices manage the additional layers of security needed.
inspection. FortiGate offers these services through our award- Small to mid-size organizations enable many of the advanced
winning FortiGuard Labs. FortiGate NGFW features for Unified Threat Management (UTM),
where a single box can handle the throughputs and make things
Although signature services are very effective to block attacks
easier to manage to help when IT resources are limited.
from known sources and previous attack patterns, zero-day and
APTs bypass these detection systems. In some cases APTs are So, as a data center manager youre most likely going to need to
so customized, that malicious code is developed specifically at a look beyond the capabilities of your firewall to provide the complete
single target with no forewarning until the malware is deployed. network and application protection to meet the challenges your
Signatures and IP reputation also cant fully protect web organization faces.
applications from attacks as many code-based vulnerabilities have
For large organizations, one of the most difficult decision points is
almost unlimited ways to bypass any predefined signatures.
whether or not to consolidate to one vendor or opt for best-of-
In the face of these threats, Fortinet has risen to the occasion with breed point solutions. There are many arguments on both sides
purpose-built solutions to supplement the protections in firewalls of this debate ranging from single vendors are easier to deal
and IPS platforms. These include web application firewalls for with all the way to point solutions will offer the best in security
application security, DDoS attack mitigation appliances for DDoS and features. When you sit down and weigh the options, you
protection, advanced application delivery controllers (ADCs) to should look at what is critical to your organization such as features,
meet the demands of secure application traffic, sandboxing to interoperability, integration, management, and support to select a
isolate malicious code for inspection, and email security gateways vendor that can meet as many of those to provide a complete end-
that can detect and prevent email-borne threats from getting to to-end solution for your data center.
your users.
The remainder of this document discusses the major challenges
In a perfect world all of these security measures would be in a and provides you information on how Fortinet can help you solve
single appliance. However, even with the best hardware available these problems as a complete single vendor for your advanced
today, the performance impacts of these services put an all- network and application security needs.
inclusive super firewall out of reach for enterprises. FortiGate
4
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
PCI Compliance, Firewalls, and WAFs Application Threats: The OWASP Top 10
Weve done our best to highlight the case that youre going to need Threat Firewall WAF
more than a firewall to completely protect your applications and 1 Injection (SQL, OS, and LDAP) No Yes
data. If youre in one of the many industries that deal in e-commerce
Broken Authentication and
and banking, you need to consider PCI compliance for your network 2 No Yes
Session Management
and application security. 3 Cross-Site Scripting No Yes
4 Insecure Direct Object References No Yes
Although PCI DSS standards are not mandated by law, many laws,
5 Security Misconfiguration No Yes
especially at the state and local level, specifically mention PCI
6 Sensitive Data Exposure Yes Yes
compliance to meet legal requirements. A firewall alone is not going
7 Missing Function Level Access Control No Yes
to be enough. To pass PCI DSS 6 compliance, youre going to need
8 Cross-site Request Forgery (CSRF) No Yes
a web application firewall to meet all the OWASP Top 10 Application
9 Using Components with Known Vulnerabilities No Yes
Threats that are referred to in that section. Below is a list of the
10 Unvalidated Redirects and Forwards No Yes
OWASP Top 10 and how a WAF stacks up against a firewall.
5
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
Securing web applications requires a completely different approach than signature detection nn95 percent of all websites
alone. Only a web application firewall can provide complete application protection by have experienced cross-site
understanding application logic and what elements exist on the web application such as URLs, scripting and SQL injection
parameters, and what cookies it uses. Using behavioral monitoring of application usage, the attacks
WAF can deeply inspect every application in your data center to build a baseline of normal
behaviors and trigger actions to protect your applications when anomalies arise from attacks.
FortiWeb Web Application Firewalls provide specialized, layered web application threat
protection for medium/large enterprises, application service providers, and SaaS providers.
FortiWeb Web Application Firewalls protect web-based applications and Internet-facing data
from attacks and breaches. Using advanced techniques it provides bidirectional protection
against malicious sources, DoS attacks, and sophisticated threats such as SQL injection,
cross-site scripting, buffer overflows, file inclusion, cookie poisoning, and numerous other
attack types.
nnIncluded vulnerability scanner and support for virtual patching with third-party scanner
integration
nnSimplified deployment with automatic setup tools and integration with FortiGate
6
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
DDoS Protection
DDoS attacks were one of the first data center threats and as Application layer attacks can be very effective using small traffic
theyve evolved, they continue to be the top threat that data center volumes, and may appear to be completely normal to most
managers face today. New DDoS attacks target layer 7 application traditional DDoS detection methods. This makes application layer
services and can do as much damage as high-volume multi-gigabit attacks much harder to detect than other basic DDoS attack types.
bulk-volumetric attacks. Rather than simply flooding a network with Most ISPs use basic methods to protect you from large-scale
traffic or sessions, these attack types target specific applications attacks, however they dont have the sophisticated detection tools
and services to slowly exhaust resources at the application level. to intercept these smaller application-level threats and normally
pass them through to your network.
nnSmall layer 7 attacks under 50 Mbps can do as much damage as attacks in the hundreds of gigabits
7
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
The FortiDDoS family of purpose-built appliances provides real-time network visibility in addition to detection and prevention of DDoS
attacks. FortiDDoS helps protect Internet-facing infrastructure from threats and service disruptions by surgically removing network and
application-layer DDoS attacks. It defends critical on-premises and cloud infrastructure from attacks while relying on sophisticated filtering
technologies to allow legitimate traffic to continue to flow. These scalable, high-performance appliances deliver proven DDoS defenses, and
are completely interoperable with existing security technologies and network infrastructure.
nn100 percent behavioral-based DDoS detection and mitigation using ASIC technology
nnFortiASIC TP2 processor delivers less than 5-second attack response and mitigation times
nnIP reputation scoring system and continuous attack re-evaluation reduce risks of false positive detections
nnCentralized alerts, bandwidth management, role-based management, and self-service portals for MSSP environments
Email Protection
Email is a critical business service that no organization can survive without, but it is one of
the greatest vulnerabilities when it comes to security. It has become the primary target that Email Remains a
criminals use to take advantage of poor security policies and unsophisticated users. Top Target
nnEven sophisticated users
Email threats come in two primary forms, inbound and outbound. Inbound are the traditional
are falling prey to advanced
threats like spam and phishing attacks that attempt to lure users into providing sensitive
phishing schemes
information such as login credentials or credit card information. Outbound threats arent
nnData loss of sensitive
really attacks, rather they are risks to your organizations sensitive information. Employees,
contractors, and consultants have the ability to send proprietary information to anyone, materials is a major risk to
anywhere. Sometimes its by mistake; other times its not. organizations
8
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
nnHighest performance: The unique architecture of FortiMail has nnFirewalls usually have limited application delivery
been proven to meet the requirements many of the worlds functionality
largest carriers and is the highest-performing messaging nnExpansion of complex encryption keys (2,048 and 4,096)
security solution in the industry, delivering message protection
put increased demands on data center resources
for over 28 million messages per hour in a single appliance.
9
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
FortiADC and allowed to do what it was intended to do. Since the sandbox is
completely isolated from your network and applications, if the code
is malware, its not going to do any harm to your real environment.
Once the code is extracted and installed in the sandbox, its easy
to examine the changes it makes to do the damage it was intended
to do. If it is assessed to be a threat, the malware is quarantined
FortiADC hardware and virtual ADCs provide unmatched server and blocked from entering your network.
load balancing performance whether scaling an application across
a few servers in a single data center or serving multiple applications FortiSandbox Advanced Threat Detection
to millions of users around the globe. With included SSL offloading,
HTTP compression, global server load balancing, firewall, and link
load Balancing, they offer the performance, features, and security
needed at a single all-inclusive price.
nnComplete layer 4 to 7 server load balancing solution with FortiSandbox is a key part of Fortinets integrated and automated
intelligent policy-based routing Advanced Threat Protection solution. Recommended by NSS
nnWeb
Labs, FortiSandbox is designed to detect and analyze advanced
application firewall and IP reputation (subscriptions
required) attacks designed to bypass traditional security defenses. In
independent NSS Labs testing, FortiSandbox demonstrated 97.3
nnScripting for custom load balancing and content rewriting rules
percent breach detection effectiveness and due to Fortinets unique
nnAuthentication offloading speeds user authentication for secure multi-layered sandbox analysis approach, detected the majority of
applications threats within one minute.
nnSSL forward proxy for increased secure traffic inspection with
FortiSandbox, secured by FortiGuard, offers inspection of all
FortiGate firewalls
protocols and functions in one appliance. It can integrate with your
nnQualified for Microsoft Exchange 2010 and 2013
existing Fortinet infrastructure including FortiGate, FortiMail, and
FortiClient, fueling a security ecosystem that automatically protects,
Advanced Threat Protection for Applications
learns, and improves your overall threat protection. It delivers highly
Malware can come in any form and can be one of the most difficult
effective protection against advanced persistent threats that is
threats to detect. Some forms of it can be simple to detect as they
affordable as well as simple and flexible to deploy and manage.
may route a user to a website to download malicious code. Newer
Complement your established defenses with this cutting-edge
methods are much more obfuscated and rely on many different
sandbox capability; analyzing files in a contained environment
vectors to infect users or data center infrastructure elements.
to identify previously unknown threats and uncovering the full
This complexity, combined with the almost limitless options for attack lifecycle.
zero-day malware attacks can make it almost impossible for nnProtects against advanced threats: Scans files on the network,
firewalls and IPS systems to detect all these threats. Additionally,
in emails, in URLs, in network file share locations, and
many of them may be buried in seemingly harmless code that in
on-demand. Protects against advanced email threats,
some cases may take years to be fully exposed.
Windows threats, Office threats, zip threats, pdf threats,
mobile threats, and more.
Sandboxing
nnInspects across all Operating Environments: Code emulation
Even with the best threat detection defenses, sometimes its just
examines and runs instruction sets to assess intended
best to let the code explode to see what its going to do. This
activity independent of operating environment for broader
is where a sandbox comes in and acts like a bomb squad. The
security coverage.
suspicious code is isolated in a virtual bomb detonation chamber
10
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
nnExamines activity, rather than attributes: Executes objects FortiSandbox. Most Appliances offer centralized management and
within a secure virtual runtime environment (sandbox) to are tied to FortiAnalyzer for consolidated reporting and analytics.
analyze activity--system changes, exploit efforts, site visits, Additionally, most products offer user authentication support that
subsequent downloads, botnet communications, and moreto can be tied into FortiGate or other authentication methods.
expose sophisticated threats.
Actionable: This is the Fabric category that focuses on making
nnPre-filters to deliver fast results: Leverages Fortinets sense out of it all to take action quickly, especially when any part of
proactive anti-malware (consistently top-rated in VB100 RAP the network is under attack. All devices can be configured to alert
tests) and extended database as well as additional patented IT staff of suspicious activity, or can take action by themselves to
advanced threat intelligence techniques to detect a large block threats. Centralized management and reporting via the single
percentage of advanced threats without the time and effort of pane of glass helps security managers cut through the clutter to
full sandboxing. act on events in near real time. Automated tools and behavioral
detection can augment human response times with granular
nnProvides rich threat intelligence: Uncovers information related
policies to take actions immediately to minimize damages.
to the full threat lifecycle, not just initial code, to speed
remediation. Trigger automated and manual response in other Scalable: Scalability is defined as both speed and expansion.
Fortinet products to mitigate incidents. Dynamically generate Application Security offers some of Fortinets highest performance
custom threat intelligence and distribute to supporting devices including FortiWeb and FortiMail, with the fastest WAF
Fortinet products. and email security in the industry. We also offer high-performance
nnDelivers Officially Licensed Microsoft Components: Product ASIC-enhanced solutions for DDoS and ADCs with FortiDDoS and
FortiADC. Each Fortinet product line provides models that span
comes with Microsoft Windows, Internet Explorer, and Office
the needs of mid-market organizations all the way to large carriers
embedded licenses, confirmed approved for use in virtual
and MSPs. In addition, FortiADC can be employed to expand
environments unlike other sandbox solutions.
capacities for other Fortinet products such as FortiMail, FortiCache
Cooperative Network Security Across the and FortiGate.
Extended Enterprise Open: Finally, as mentioned above, Application Security is an
The Fortinet Security Fabric enables Fortinet Application Security open platform that integrates many third-party solutions, via their
products and those of third-party vendors to work together to boost native APIs, including those from industry leaders such as IBM, HP
security across core networks, remote devices and the cloud. and Verisign.
11
SOLUTION GUIDE: APPLICATION SECURITY FOR THE DATA CENTER
Fortinet products are designed to leverage and interoperate organization. As a customer you have options for 24/7 support,
with other Fortinet devices and services via the Fortinet Security on-site consulting, and other enterprise-class services offered by
Fabric. We optimize and test our products to minimize bottlenecks our award-winning FortiCare global customer support.
to increase overall performance between platforms when used
together in an enterprise data center environment. Summary
Only Fortinet offers deep integration between our FortiGate, A firewall is your first line of network defense in your data center,
FortiWeb, FortiMail, and FortiSandbox platforms. Whether its however many new trends that target applications and end
simplifying the setup of traffic routing to advanced ATP scanning users require additional protections that a firewall or an IPS cant
with FortiSandbox, Fortinet makes it easy to deploy advanced provide. Signature-based detection, IP reputation, and deep
application security in your network and closes the gaps common packet inspection can stop some of these advanced threats, but
in point solutions. they are limited in what they can offer. Additional products like
web application firewalls, DDoS attack mitigation appliances,
Most of Fortinets products support single pane of glass sandboxing, email security gateways, and application delivery
management and reporting through our FortiManager and controllers are needed to address these new threats to your data
FortiAnalyzer products. Unified under a single screen, operators center and users.
get a complete picture of their Fortinet products for simplified
management and complete visibility of incidents that span one or Fortinet offers a wide range of products to data center managers
more Fortinet devices. that not only complement our class-leading FortiGate firewalls,
they also are designed to work together seamlessly in a complete
Finally, expertise matters. We are leaders in enterprise security network and application security protection framework. For more
technologies. Our trained pre-sales engineers can provide information on the products presented in this white paper, please
assistance in reviewing your advanced threat requirements visit Fortinet.com.
and design solutions to meet the unique challenges of your
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Paseo de la Reforma 412 piso 16
899 Kifer Road Valbonne The Concourse Col. Juarez
Sunnyvale, CA 94086 06560, Alpes-Maritimes, Singapore 199555 C.P. 06600
United States France Tel: +65.6513.3730 Mxico D.F.
Tel: +1.408.235.7700 Tel +33 4 8987 0500 Tel: 011-52-(55) 5524-8428
www.fortinet.com/sales
Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable.
May 16, 2016
SOLUTION BRIEF
This guide discusses these trends and demonstrates how Fortinets nnFlexibility
to enable the firewall
data center security solutions can help you meet the corresponding personality you need to match
your environment with edge
security requirements to take advantage of the opportunities presented or core deployment, network
by these trends. segmentation, or integrated
security technologies
Market Trends Affecting the Data Center nnSingle-pane-of-glass management
nnMobility and BYOD Smartphone and tablets are increasingly being used by for unmatched visibility and control
employees, customers and end-users to consume data and services. This explosion of
nnSingle
security platform delivers all
anytime, anywere data consumption has driven the need for greater network speeds
needed data center services
in the data center, but also increased risk exposure of sensitive data to unauthorized
nnLower TCO, improved projection,
access outside of corporate boundaries.
increased performance
nnServer Virtualization and Data Center Consolidation As multiple physical systems
were efficiently combined with server virtualization such as VMware, core network nnUnmatched flexibility of
traffic density increased from first server consolidation and later even consolidation of deployment with appliance,
multiple data centers. As IT efficiency reduced new server provisioning from months to chassis, and virtual
machine options
mere days, it enabled further business productivity driving further increases in network
traffic and utilization.
www.fortinet.com 1
SOLUTION BRIEF: Fortinets Data Center Solution
nnCloud Computing and Software Defined Networking What this Means for Security Requirements
As organizations of all sizes utilize public and private cloud
1. Scalability As networks continue to accelerate, the data
services, data centers have to evolve to support multi-
center is at the forefront of the requirement to support
tenancy, infrastructure orchestration, seamless integration
higher performance and need high-speed, high-capacity,
with third-party application services and greater access
and low latency firewalls.
by external parties. This dynamic environment becomes
even more fluid as control of the networking function is 2. Segmentation As data centers have become more
separated from its physical hardware for greater flexibility dynamic, organizations are embracing increased network
and speed. This enables increased business agility, but also segmentation as a best practice to isolate data based
with operational risk that sensitive data and assets will be on applications, user groups, regulatory requirements,
more exposed to unintended access in shared, external business functions, trust levels, and locations. As a
computing environments. result, firewalls need to provide high port density and
logical abstraction to support both physical and virtual
These trends are driving, if not accelerating an ongoing Moores
segmentation across private and public clouds.
Law effect of core network speeds doubling every 18 months.
This is not just in the refresh of the data center network 3. Simplification As these data centers extend to external
switching and routing fabric, but also in the firewalls and parties of varying trust levels, organizations need to
network security appliances needed, more than ever, to secure consider a Zero-Trust model for data access that drives
data and IT assets in these dynamic, multi-tenant environments multiple security functions from traditionally just the data
spanning on-premise and external cloud resources. center edge more deeply into fine-grained segmentation
throughout the core of the network. This requires a
In fact, Infonetics Research found in a recent survey of decision-
consolidated security platform that can support high
makers of large organizations of over 1,000 employees that
speeds even as many functions are turned out at each
most are looking for:
micro-perimeter.
nnFaster firewalls with 100+ Gbps aggregate throughput
nnHigh-speed ports to interface to their core network fabric
Fortinets Data Center Solution
(40G and 100G) to Fortinet has been a leader in securing data centers for over
nnBetter
10 years. Our high-performance, low-latency chassis and
performance of their multi-function security
appliance-based solutions have protected many of the largest
technologies
data centers in the world. Fortinet customers are focused on
nnThe ability to deploy additional security services without very high throughput and ultra low latency to meet increasing
affecting performance data center core network speeds.
2
SOLUTION BRIEF: Fortinets Data Center Solution
To meet these performance demands, FortiGate platforms The only way for a network security platform to scale is
deliver some of the highest throughputs and lowest latencies via purpose-built ASICs to accelerate specific parts of the
on the market, several with over 100 Gbps aggregated packet processing and content scanning function. FortiGate
performance and sub-5 s latency. technology utilizes optimum path processing (OPP) to optimize
This high performance enables organizations to implement the the different resources available in packet flow.
network segmentation discussed earlier to support regulatory The FortiASIC can scale to 500 Gbps of firewall throughput
compliance, function, location or trust level. independent of packet size while maintaining a high number of
sessions and extremely low latency. The FortiASIC utilized by
The Fortinet Difference Purpose-built the FortiGate Firewall models are:
Appliances, Custom ASICs nnContent Processor (FortiASIC CP8) - Accelerated content
At the heart of the FortiGate data center firewalls are purpose- security such as antimalware, VPN encryption/decryption
built FortiASIC processors that enable this extremely high level and authentication processing
of performance. These custom content and network processors nnNetwork Processor (FortiASIC NP6) Accelerated network
provide near-wire speed switching, routing, and stateful
security tasks such as Firewall, VPN and IPv6 translation
firewalling.
The network processors eliminate the need for legacy Scale-Up and Scale-Out for Virtual and Cloud
L2 switches and routers within the datacenter. Instead, Environments
FortiGate takes over and performs network segmentation, FortiGate hardware solutions provide scale-up performance
switching, routing, and network security, all while reducing for data centers of all sizes with a range of appliance and
network complexity. chassis form factors ranging from 20 Gbps up to an industry-
Furthermore, our integrated architecture provides extremely leading 560 Gbps blade-in-chassis. These provide attractive
high throughput and exceptionally low latency, minimizing performance, TCO and flexibility in a single unit for organizations
packet processing while accurately scanning the data for ranging from mid-sized to larger enterprises, and to telco/carrier
threats. Custom FortiASIC processors deliver content segments.
inspection at multi-Gigabit speeds. The root of the problem with private cloud security comes
from the fact that its not a static architecture environment.
Clouds are built and aggregated through pools of resources
that must be elastic to scale with organizational demand. This
changes how security is designed and implemented. Fortinet
Cloud Security (including FortiGate, FortiWeb, FortiManager,
FortiAnalyzer) enables enterprises to automatically scale and
intelligently segment their private cloud infrastructure and
applications with elastic and agile protection.
In addition to providing efficient scale-up performance in
compact appliance and chassis options, FortiGate also provides
equally critical scale-out performance through FortiGate-VM
FIGURE 3: Dedicated ASICs versus CPU Architectures
virtual appliances that provide agile capacity that can deploy
elastically with virtualization hosts or cloud infrastructure to
Traditional security appliances that use multi-purpose CPU-
provide unlimited scalability through a distributed approach with
based architectures becomes an infrastructure bottleneck. Even
dozens if not hundreds of virtual security appliances across
when using multiple multi-core general purpose processors,
both private and public clouds.
network security devices cannot deliver the high performance
and low latency required in data center deployments.
3
SOLUTION BRIEF: Fortinets Data Center Solution
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Paseo de la Reforma 412 piso 16
899 Kifer Road Valbonne The Concourse Col. Juarez
Sunnyvale, CA 94086 06560, Alpes-Maritimes, Singapore 199555 C.P. 06600
United States France Tel: +65.6513.3730 Mxico D.F.
Tel: +1.408.235.7700 Tel: +33.4.8987.0500 Tel: 011-52-(55) 5524-8428
www.fortinet.com/sales
Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable. July 29, 2016
FortiADC
FortiADC 60F, 100F, 200D, 300D, 400D, 1000F, 2000F, 4000F and VM
DATA SHEET
FortiADC
HIGHLIGHTS
Hardware-Based SSL Offloading, need to lease expensive WAN links. It aggregates multiple links
SSL Inspection, and Visibility to create a virtual tunnel to a remote data center that ensures
FortiADC offloads server-intensive SSL processing with support for availability especially for applications that are time sensitive and
4096-bit keys, TCP connection management, data compression require large single-session bandwidth such as video conferencing.
and HTTP request processing from servers. This speeds up
response times, reduces load on the backend servers, allowing Optimize Performance with PageSpeed,
them to serve more users. Caching, and Compression
FortiADC provides multiple services that speed the delivery of
SSL Forward Proxy utilizes FortiADCs high-capacity decryption applications to users. The PageSpeed suite of website performance
and encryption to allow other devices, such as a FortiGate firewall, enhancement tools can automatically optimize HTTP, CSS, Javascript
to easily inspect traffic for threats. An inline pair of FortiADCs at the and image delivery to application users. Caching on FortiADC
front end and back end of a firewall remove all encryption so that dynamically stores popular application content such as images,
the firewall isnt taxed with the additional load of SSL processing. videos, HTML files and other file types to alleviate server resources
FortiADC ensures seamless re-encryption with certificates intact and accelerate overall application performance. HTTP Compression
with no user disruptions. employs GZIP and DEFLATE to intelligently compress many content
FortiADCs Transparent HTTP/S and TCP/S Mirroring Capabilities types used by todays latest web-based applications to reduce
decrypt secure traffic for inspection and reporting. Copies of clear bandwidth needs and improve the user application experience.
traffic can be sent for analysis by FortiGate or other third-party
solutions for an indepth view of threats that may be hidden in Web Application Firewall, Web Filtering, and
encrypted traffic while FortiADC continues to perform its application IP Reputation for Enhanced Security
delivery functions. Web applications can be an easy target for hackers. FortiADC
offers you multiple levels of protection to defend against attacks
FortiADC integrates with Gemaltos SafeNet Enterprise Hardware that target your applications. In addition to its stateful firewall
Security Modules (HSMs) to use the advanced security certificates feature, built in to every FortiADC is a Web Application Firewall
managed by the HSM for the encryption and decryption of secure that can detect known threats using FortiGuard WAF Security
application traffic. This lets organizations that use Gemaltos Services for layer 7 attack signatures (subscription required)
SafeNet HSMs deploy a high-performance ADC solution using a and checks that requests havent been tampered with using its
strong, centrally-managed set of certificates and encryption keys. HTTP RFC compliance constraints. FortiGuard Web Filtering
works with FortiADCs SSL Forward Proxy feature to simplify the
Disaster Recovery with Global Server process of managing exceptions for secure traffic inspection.
LoadBalancing Instead of manually configuring single URLs, Web Filtering gives
FortiADCs included Global Server Load Balancing (GSLB) makes
administrators the ability to choose websites by category type
your network reliable and available by scaling applications across
to enable or disable SSL traffic inspection as a group instead of
multiple data centers for disaster recovery or to improve application
on a site by site basis. FortiADC also supports our FortiGuard IP
response times. Administrators can set up rules that direct traffic
Reputation service (subscription required) that protects you from
based on site availability, data center performance and network latency.
sources associated with DoS/ DDoS attacks, phishing schemes,
spammers, malicious software and botnets.
Link Load Balancing
Built-in Link Load Balancing (LLB) gives you the option to connect
Scripting to Extend Built-in Features
your FortiADC to two or more WAN links to reduce the risk of FortiADCs Lua-based scripting language gives you the flexibility to
outages or to add additional bandwidth to relieve traffic congestion. create custom, event-driven rules using predefined commands,
FortiADC supports inbound and outbound Link Load Balancing to variables and operators. Using easy-to-create scripts, you get the
manage traffic leaving or entering the device. Using policy routing, flexibility you need to extend your FortiADC with specialized
FortiADC can support complex NAT and routing requirements to business rules that give you almost unlimited possibilities for
address almost any network LLB architecture. With Tunnel Routing serverload balancing and content rewriting to meet the needs of
you get high-speed, reliable site-to-site connectivity without the your organization.
2 www.fortinet.com
FortiADC
HIGHLIGHTS
Key Features and Benefits
Advanced Layer 7 LoadBalancing Intuitive L7 policy-based routing to dynamically rewrite content to support complex applications and
serverconfigurations.
SSL Offloading, Forward Proxy, Hardware and software-based SSL offloading reduces the performance impact on your server infrastructure.
and Visiblity Also provides SSL visibility, decryption and re-encryption for FortiGate to easily inspect traffic for threats.
Application Optimization Speed up web application delivery with Compression, Caching, HTTP 2.0, and HTTP Page Speed-UP for
improved network and web server utilization.
Global Server Load Balancing Included Global Server Load Balancing distributes traffic across multiple geographical locations for disaster
recovery or to improve user response times.
Link Load Balancing Link Load Balancing distributes traffic over multiple ISPs to increase resilience and reduce the need for
costly bandwidthupgrades.
Web Application Firewall Advanced security features that protect applications with Web Application Attack Signatures, HTTP RFC
and IP Reputation compliance, and botnet/malicious source identification.
FEATURES
3
FortiADC
FEATURES
4 www.fortinet.com
FortiADC
SPECIFICATIONS
Environment
Form Factor 1U Appliance 1U Appliance 1U Appliance 1U Appliance
Input Voltage 100240V, 5060Hz 100240V AC, 5060 Hz 90264V AC, 4763 Hz 100240V AC, 5060 Hz
Power Consumption (Average / Maximum) 14.3 W / 11.9 W 40 W / 60 W 60 W / 72 W 96 W / 115 W
Maximum Current 115Vac/0.9A, 230Vac/0.6A 100V/1.5A, 240V/0.6A 115V/6A, 230V/3A 100V/4A, 240V/2A
Heat Dissipation 49 BTU/h 132163 BTU/h 205 BTU/h 392.4 BTU/h
Operating Temperature 32104F (040C) 32104F (040C) 32104F (040C) 32104F (040C)
Storage Temperature -31158F (-3570C) -4167F (-2075C) -13158F (-2570C) -13158F (-2570C)
Humidity 2090% non-condensing 1085% relative humidity, 595% non-condensing 595% non-condensing
non-operating, non-condensing
Compliance
Regulatory Compliance FCC Part 15 Class A, C-Tick, VCCI Class A, CE, UL/c
Safety CSA, C/US, CE, UL
Dimensions
Height x Width x Length (inches) 1.5 x 8.5 x 6.3 1.75 x 17.3 x 10.55 1.75 x 17.05 x 13.86 1.73 x 17.24 x 16.38
Height x Width x Length (mm) 38 x 216 x 160 44 x 440 x 268 45 x 433 x 352 44 x 438 x 416
Weight 2.2 lbs (1 kg) 9.9 lbs (4.5 kg) 17.2 lbs (7.87 kg) 20 lbs (9.07 kg)
5
FortiADC
SPECIFICATIONS
Environment
Form Factor 1U Appliance 1U Appliance 1U Appliance 2U Appliance
Input Voltage 100240V AC, 5060 Hz 100240V AC, 6347 Hz 100240V AC, 6347 Hz 100240V AC, 6347 Hz
Power Consumption (Average / Maximum) 109 W / 130.8 W 320 W / 267 W 340 W / 282 W 360 W / 300 W
Maximum Current 100V/5A, 240V/3A 120V/7.1A, 240V/3.4A 120V/7.1A, 240V/3.4A 120V/8A, 240V/4A
Heat Dissipation 446.3 BTU/h 1092 BTU/h 1160 BTU/h 1228 BTU/h
Operating Temperature 32104F (040C) 32104F (040C) 32104F (040C) 32104F (040C)
Storage Temperature -13158F (-2570C) -4158F (-2070C) -4158F (-2070C) -4158F (-2070C)
Humidity 595% non-condensing 590% non-condensing 590% non-condensing 590% non-condensing
Compliance
Regulatory Compliance FCC Part 15 Class A, C-Tick, VCCI Class A, CE, UL/c
Safety CSA, C/US, CE, UL
Dimensions
Height x Width x Length (inches) 1.73 x 17.24 x 16.38 1.7 x 17.24 x 20.87 1.7 x 17.24 x 20.87 3.46 x 17.24 x 20.87
Height x Width x Length (mm) 44 x 438 x 416 44 x 438 x 530 44 x 438 x 530 88 x 438 x 530
Weight 22 lbs (9.97 kg) 22.6 lbs (10.3 kg) 22.6 lbs (10.3 kg) 27 lbs (12.25kg)
6 www.fortinet.com
FortiADC
ORDER INFORMATION
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Sawgrass Lakes Center
899 KIFER ROAD 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
Sunnyvale, CA 94086 France Singapore 199555 Sunrise, FL 33323
United States Tel: +33.4.8987.0500 Tel: +65.6395.2788 United States
Tel: +1.408.235.7700 Tel: +1.954.368.9990
www.fortinet.com/sales
Copyright 2017 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product
will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in
Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-ADC3 FAD-DAT-R23-201707
FortiSandbox
FortiSandbox 1000D, 3000E, 3500D, FortiSandbox-VM, and FortiSandbox Cloud
DATA SHEET
FortiSandbox
FEATURES
Threat Mitigation
Fortinets ability to uniquely integrate various products with FortiSandbox offers
automatic protection with incredibly simple setup. Once a malicious code is identified,
the FortiSandbox will return risk ratings and the local intelligence is shared in real time
with Fortinet and third-party vendor-registered devices and clients to remediate and
immunize against new advanced threats. The local intelligence can optionally be shared
with Fortinet threat research team, FortiGuard Labs, to help protect organizations
globally. Figure 3 steps through the flow on the automated mitigation process. Figure 2: Detailed malware report with built-in tools
Query
1 File submission for analysis,
results returned
Mitigate
Update
2 www.fortinet.com
FortiSandbox
DEPLOYMENT OPTIONS
Easy Deployment
FortiSandbox supports inspection of many protocols in one unified solution, thus simplifies network infrastructure and operations. Further, it
integrates within the Security Fabric adding a layer of advanced threat protection to your existing security architecture.
The FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers unique
configurations and requirements. Organizations can choose to combine these deployment options.
Standalone
This FortiSandbox deployment mode accepts inputs as an ICAP the most suitable infrastructure for adding protection capabilities to
server or from spanned switch ports or network taps. It may also existing threat protection systems from various vendors.
include administrators on-demand file uploads using the GUI. It is
Integrated
Fortinet products, such as FortiGate, FortiMail, FortiWeb, FortiClient This integration extends to other FortiSandboxes to allow
(ATP Agent) and third-party security vendors can intercept and instantaneous sharing of real-time intelligence. This benefits large
submit suspicious content to FortiSandbox when they are configured enterprises that deploy multiple FortiSandboxes in different
to interact with FortiSandbox. The integration will alsoprovide geo-locations. This zero-touch automated model is ideal for
timely remediation and reporting capabilities to thosedevices. holisticprotection across different borders and time zones.
3
FortiSandbox
FEATURES SUMMARY
ADMINISTRATION File type support: .7z, .ace, .apk, .arj, .bat, .bz2, .cab, .cmd, .dll, .doc, .docm, .docx, .dot, .dotm, .dotx, .exe,
Supports WebUI and CLI configurations .gz, .htm, html, .jar, .js, .kgb, .lnk, .lzh, .msi, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm,
.pptx, .ps1, .rar, .rtf, .sldm, .sldx, .swf, .tar, .tgz, .upx, url, .vbs, WEBLink, .wsf, .xlam, .xls, .xlsb, .xlsm, .xlsx, .xlt,
Multiple administrator account creation
.xltm, .xltx, .xz, .z, .zip
Configuration file backup and restore
Protocols/applications supported:
Notification email when malicious file is detected Sniffer mode: HTTP, FTP, POP3, IMAP, SMTP, SMB
Weekly report to global email list and FortiGate administrators Integrated mode with FortiGate: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM and their equivalent
Centralized search page which allows administrators to build customized search conditions SSL-encrypted versions
Integrated mode with FortiMail: SMTP, POP3, IMAP
Frequent signature auto-updates Integrated mode with FortiWeb: HTTP
Automatic check and download new VM images Integrated mode with ICAP Client: HTTP
VM status monitoring Customize VMs for supporting various file types
Radius Authentication for administrators Isolate VM image traffic from system traffic
NETWORKING/DEPLOYMENT Network threat detection in Sniffer Mode: Identify Botnet activities and network attacks, malicious URL visit
Static Routing Support Scan SMB/NFS network share and quarantine suspicious files. Scan can be scheduled
File Input: Offline/sniffer mode, On-demand file upload, file submission from integrated device(s) Scan embedded URLs inside document files
Option to create simulated network for scanned file to access in a closed network environment Integrate option for third-party Yara rules
High-Availability Clustering support Option to auto-submit suspicious files to cloud service for manual analysis and signature creation
Port monitoring for fail-over in a cluster Option to forward files to a network share for further third-party scanning
Files checksum whitelist and blacklist option
SYSTEMS INTEGRATION
URLs submission for scan and query from emails and files
File Submission input: FortiGate, FortiClient (ATP agent), FortiMail, FortiWeb
File Status Feedback and Report: FortiGate, FortiClient, FortiMail, FortiWeb MONITORING AND REPORT
Dynamic Threat DB update: FortiGate, FortiClient, FortiMail Real-Time Monitoring Widgets (viewable by source and time period options): Scanning result statistics,
Periodically push dynamic DB to registered entities scanning activities (over time), top targeted hosts, top malware, top infectious urls, top callback domains
File checksum and malicious URL DB Drilldown Event Viewer: Dynamic table with content of actions, malware name, rating, type, source, destination,
Update Database proxy: FortiManager detection time, and download path
Remote Logging: FortiAnalyzer, syslog server Logging GUI, download RAW log file
JSON API to automate the process of uploading samples and downloading actionable malware indicators Report generation for malicious files: Detailed reports on file characteristics and behaviors file modification,
toremediate process behaviors, registry behaviors, network behaviors, vm snapshot, behavior chronology chart
Certified third-party integration: CarbonBlack, Ziften Further Analysis: Downloadable files sample file, sandbox tracer logs, PCAP capture and indicators in
STIXformat
Inter-sharing of IOCs between FortiSandboxes
4 www.fortinet.com
FortiSandbox
SPECIFICATIONS
System
VM Sandboxing (Files/Hour) 160 1,120 720* (Upgradable** to 1,200) (160 per node)
AV Scanning (Files/Hour) 6,000 15,000 30,000* (Upgradable** to 48,000) (6,000 per node)
Number of VMs 8 56*** 36* (Upgradable** to 60) (8 per node)
Dimensions
Height x Width x Length (inches) 3.5 x 17.2 x 14.5 3.5 x 17.2 x 25.5 5.2 x 17.5 x 29.5
Height x Width x Length (mm) 89 x 437 x 368 89 x 437 x 647 133 x 445 x 749
Weight 27.60 lbs (12.52 kg) 43 lbs (19.52 kg) 88 lbs (39.92 kg)
Environment
Power Consumption (Average / Maximum) 115 / 138 W 538.6 / 549.6 W 625 / 735.6 W
Maximum Current 100V/5A, 240V/3A 100240V / 9.85A 12A@100V, 8A@240V
Heat Dissipation 471 BTU/h 1,943.82 BTU/h 2,728.9 BTU/h
Power Source 100240V AC, 6050 Hz 100240V AC, 6050 Hz 100240V AC, 6050 Hz
Humidity 595% non-condensing 890% (non-condensing) 890% (non-condensing)
Operation Temperature Range 32104F (040C) 5095F (10 35C 5095F (10 35C)
Storage Temperature Range -13158F (-2570C) -40 158F (-4070C -40 158F (-4070C)
Compliance
Certifications FCC Part 15 Class A, C-Tick, VCCI, CE, BSMI, KC, UL/cUL, CB, GOST
*** Based on the assumption that 1 blade will be used as master in HA-cluster mode.
*** By adding 3 more SAM-3500D nodes to the same chassis.
*** 8 Windows VM licenses included with hardware, remaining 48 sold as an upgrade license.
System
VM Sandboxing (Files/Hour) Hardware dependent *
AV Scanning (Files/Hour) Hardware dependent *
Number of VMs 1 to 54 (Upgrade via appropriate licenses) *
* Please refer to FortiCloud Sandbox Service Description
5
FortiSandbox
INTEGRATION MATRIX
ORDER INFORMATION
Optional Accessories
1 GE SFP SX Transceiver Module FG-TRAN-SX 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.
1 GE SFP LX Transceiver Module FG-TRAN-LX 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.
10 GE SFP+ Transceiver Module, Short Range FG-TRAN-SFP+SR 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots.
10 GE SFP+ Transceiver Module, Long Range FG-TRAN-SFP+LR 10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots.
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Sawgrass Lakes Center
899 KIFER ROAD 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
Sunnyvale, CA 94086 France Singapore 199555 Sunrise, FL 33323
United States Tel: +33.4.8987.0500 Tel: +65.6395.2788 United States
Tel: +1.408.235.7700 Tel: +1.954.368.9990
www.fortinet.com/sales
Copyright 2017 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product
will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in
Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FSA FSA-DAT-R21-201704
FortiSIEM
Unified event correlation and risk management for modern networks
DATA SHEET
FortiSIEM
HIGHLIGHTS
External Threat Intelligence (TI) feeds from open source threat Fortinet has developed a dynamic user identity mapping
intelligence feeds, commercial sources and custom data sources methodology. First, users and their roles are discovered from
integrate easily into the FortiSIEM TI framework. This grand on-premises repositories such as Microsoft Active Directory and
unification of diverse sources of data enables organizations to Open LDAP, or from Cloud SSO repositories such as OKTA. This
quickly create comprehensive dashboards and reports to more can be run on-demand or on a schedule to detect new users.
rapidly identify root causes of threats, and take the steps necessary Simultaneously, network identity is identified from important
to remediate and prevent them in the future. network events such as firewall network translation events,
Active Directory logons, VPN logons, WLAN logons, Host Agent
Distributed Real-Time Event Correlation registration logs, etc. Finally, bycombining user identity, network
(Patented) identity and geo-identity in a real-time distributed in-memory
Distributed event correlation is a difficult problem, as multiple nodes database, FortiSIEM is able to form a dynamic user identity
have to share their partial states in real-time to trigger a rule. While audit trail. This makes it possible to create policies or perform
many SIEM vendors have distributed data collection and distributed investigations based on user identity instead of IP addresses
search capabilities, Fortinet is the only vendor with a distributed allowing for rapid problem resolution.
real-time event correlation engine. Complex event patterns in real-
time can be detected with minimal delay. This patented algorithm Flexible and Fast Custom Log Parsing
enables FortiSIEM to handle a large number of rules in real-time at Framework (Patented)
high event rates for greatly increased detection timeframes. Effective log parsing requires custom scripts but those can be slow
to execute, especially for high volume logs like Active Directory,
Real-Time, Automated Infrastructure Discovery firewall logs, etc. Compiled code on the other hand, is fast to
and Application Discovery Engine (CMDB) execute but is not flexible since it needs new releases. Fortinet has
Rapid problem resolution requires infrastructure context. Most log developed an XML-based event parsing language that is functional
analysis and SIEM vendors require administrators to provide the like high level programming languages and easy to modify yet can
context manually, which quickly becomes stale, and is highly prone be compiled during run-time to be highly efficient. All FortiSIEM
to human error. Fortinet has developed an intelligent infrastructure parsers go beyond most competitors offerings using this patented
and application discovery engine that is able to discover and map solution and can be parsed at beyond 10K EPS per node.
the topology of both physical and virtual infrastructure, on-premises
and in public/private clouds simply using credentials without any Hybrid Database Architecture Leveraging
prior knowledge of what the devices or application is. Structured and Unstructured Data Feeds
FortiSIEM takes advantage of two diverse sources of information
Discovery is both wide (covering a large number of Tier 1/2/3
discovered information is structured data suitable for a traditional
vendors) and deep (covering system, hardware, software, running
relational database, while logs, performance metrics etc. are
services, applications, storage, users, network configuration,
unstructured data which needs a NoSQL-type database. Fortinet
topology and device relationships). Discovery can run on-demand
has developed a hybrid approach where the data is stored in
or on schedule to detect (in real-time) infrastructure changes and
optimized databases with unique business layer logic providing a
report on any new devices and applications detected this is
comprehensive, single database abstraction layer.
an essential part of compliance requirement management that
FortiSIEM is uniquely able to meet. An up-to-date (Centralized The user is able to search for events (stored in NoSQL database)
Management Database) CMDB enables sophisticated context using CMDB objects (stored in relational database). This approach
aware event analytics using CMDB Objects in search conditions. harnesses the power and benefits of both databases.
2 www.fortinet.com
FortiSIEM
HIGHLIGHTS
Large Scale Threat Feed Integration Large Enterprise and Managed Service
There are many sources available for customers to subscribe to Provider Ready Multi-Tenant Architecture
external threat feeds in managing potential threats in their network. Fortinet has developed a highly customizable, multi-tenant
However, threat feed information can be very large, often reaching architecture that enables enterprises and service providers to
millions of IP addresses, malware domains, hashes and URLs, and manage a large number of physical/logical domains and over-
the information can also quickly become stale as malware websites lapping systems and networks from a single console. In this
and domain are taken down and brought up. This provides a environment it is very easy to cross-correlate information across
significant computational challenge to the consumers of threat physical and logical domains, and individual customer networks.
intelligence data. Fortinet has developed proprietary algorithms that Unique reports, rules and dashboards can easily be built for each,
enable this large amount of information to be quickly obtained from with the ability to deploy them across a wide set of reporting
the source, then effectively distributed to various FortiSIEM nodes domains, and customers. Event archiving policies can also be
and evaluated in real-time at higher rates than other providers deployed on a per domain or customer basis.
(exceeding 10K EPS per node).
FEATURES
Real-Time Operational Context for Rapid Storage usage, performance monitoring EMC, NetApp, Isilon,
Security Analytics Nutanix, Nimble, Data Domain
Continually updated and accurate device context Specialized application performance monitoring
configuration, installed software and patches, running services Microsoft Active Directory and Exchange via WMI and
System and application performance analytics along with Powershell
contextual inter-relationship data for rapid triaging of security Databases Oracle, MS SQL, MySQL via JDBC
issues VoIP infrastructure via IPSLA, SNMP, CDR/CMR
User context, in real-time, with audit trails of IP addresses, Flow analysis and application performance Netflow, SFlow,
user identity changes, physical and geo-mapped location Cisco AVC, NBAR
datacontext Ability to add custom metrics
Detect unauthorized network devices and applications, Baseline metrics and detect significant deviations
configuration changes Real-Time Configuration Change Monitoring
Out-of-the-Box Compliance Reports Collect network configuration files, stored in a versioned
Out-of-the-box pre-defined reports supporting a wide range of repository
compliance auditing and management needs including Collect installed software versions, stored it in a versioned
PCI-DSS, HIPAA, SOX, NERC, FISMA, ISO, GLBA, GPG13, repository
SANS Critical Controls Automated detection of changes in network configuration and
installed software
Performance Monitoring Automated detection of file/folder changes Windows and
Monitor basic system/common metrics
Linux who and what details
System level via SNMP, WMI, PowerShell
Automated detection of changes from an approved
Application level via JMX, WMI, PowerShell
configuration file
Virtualization monitoring for VMware, HyperV guest, host,
Automated detection of windows registry changes via FortiSIEM
resource pool and cluster level
windows agent
3
FortiSIEM
FEATURES
4 www.fortinet.com
FortiSIEM
FEATURES
SPECIFICATIONS
5
FortiSIEM
ORDER INFORMATION
Licensing Scheme
FortiSIEM licenses provide the core functionality for network device discovery. Devices include switches, routers, firewalls, servers, etc.
Each device that is to be monitored requires a license. Each license supports data capture and correlation, alerting and alarming, reports,
analytics, search and optimized data repository and includes 10 EPS (Events Per Second). EPS is a performance measurement that
defines how many messages or events are generated by each device in a second. Additional EPS can be purchased separately as needed.
Licenses are available in either a Subscription or Perpetual version.
FortiSIEM Support
FortiCare Support for FortiSIEM FC[1-G]-10-FSM97-248-02-DD 24x7 FortiCare Contract (X Points). 1 device or 2 End-Points or 3 Windows Agents equals 1 point.
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Sawgrass Lakes Center
899 KIFER ROAD 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
Sunnyvale, CA 94086 France Singapore 199555 Sunrise, FL 33323
United States Tel: +33.4.8987.0500 Tel: +65.6395.2788 United States
Tel: +1.408.235.7700 Tel: +1.954.368.9990
www.fortinet.com/sales
Copyright 2017 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product
will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in
Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FSIEM FSIEM-DAT-R4-201706
DATA CENTER INTRUSION PREVENTION SYSTEM (DCIPS)
Intrusion Prevention System (IPS) technology protects your network from cyber criminal
attacks by actively seeking and blocking external threats before they can reach potentially
FORTINET DCIPS
vulnerable network devices such as key servers in the data center. Today, sophisticated
HIGHLIGHTS
and high-volume attacks are the challenges that every organization must recognize. These
nnRecommended by NSS Labs
attacks are evolving, infiltrating ever-increasing vectors and complex network environments.
The result is an urgent need for network protection while maintaining the ability to efficiently for security effectiveness and
provide demanding services and applications. performance value
Fortinet FortiOSs IPS functionality is an industry-proven network security solution that nnIndustrysfastest zero-day protection
scales to 120 Gbps and beyond of in-line protection. Powered by purpose-built hardware provided by FortiGuard Labs
and Fortinet Security Processing Unit (SPU), FortiOS is able to achieve attractive total cost
nnOptionaladvanced techniques, such
of ownership (TCO) while meeting performance requirements. IPS is easy to set up, yet
as sandboxing, broaden detection
offers feature-rich capabilities, with contextual visibility and coverage. It is kept up to date by
and expose evasive threats
research teams that work 24 hours a day worldwide, in order to detect and deter the latest
known threats as well as zero-day attacks. nnHigh level of precision and accuracy
DCIPS is designed to be highly tunable to ensure high security, performance, and availability provided by IPS filters
are achieved, especially to protect the key servers in the data center. DCIPS failure can nnHighly flexible deployment options
severely impact the performance and security of a data center. The following capabilities are using IPS sensors
considered essential for DCIPS products:
nnLower TCO and high-performance
nnIntrusion prevention
IPS achieved by purpose-built SPU
nnResistant to known evasion techniques
nnSingle-pane-of-glass management
nnReputation awareness for unmatched visibility and control
nnHighly resilient and stable
nnOperation at Layer 2 (network transparency)
Fortinets FortiGate products meet all these requirements by combining a high-speed, highly
effective IPS engine with evasion techniques, reputation awareness, extensive application
control capabilities, user and device identification, and a performance-optimized platform to
set a higher standard for security, control, and performance.
SOLUTION BRIEF
SOLUTION BRIEF: DATA CENTER INTRUSION PREVENTION SYSTEM (DCIPS)
2
SOLUTION BRIEF: DATA CENTER INTRUSION PREVENTION SYSTEM (DCIPS)
3
SOLUTION BRIEF: DATA CENTER INTRUSION PREVENTION SYSTEM (DCIPS)
ADDITIONAL REFERENCES
For more information on Fortinets Data Center IPS, please go to the following websites:
Data Center IPS:
https://www.fortinet.com/solutions/enterprise-midsize-business/data-center-security-sdn/dcips.html
FortiGate 7000 and 3000 Series Products:
https://www.fortinet.com/products/next-generation-firewall/high-end.html
FortiBridge Products:
https://www.fortinet.com/products/network-visibility/fortibridge.html
GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA HEADQUARTERS
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Sawgrass Lakes Center
899 Kifer Road 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
Sunnyvale, CA 94086 France Singapore 199555 Sunrise, FL 33323
United States Tel: +33.4.8987.0500 Tel: +65.6513.3730 Tel: +1.954.368.9990
Tel: +1.408.235.7700
www.fortinet.com/sales
Copyright 2017 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. 92950-0-0-EN June 28, 2017 11:13 AM
Mac:Users:susiehwang:Desktop:Egnyte:Egnyte:Shared:Creative Services:Team:Susie-Hwang:SB-DCIPS:sb-dcips