Académique Documents
Professionnel Documents
Culture Documents
2
Fortinet Shipped 25% of All Network Security Appliance’s in Q2 2016
Leader in Unit Shipments
160,000+ units
25%
20%
15% % of
10%
5%
0%
2009 2010 2011 2012 2013 2014 2015 Q2 2016
Cisco Fortinet
3
70 % of Fortinet Shipments are to Enterprise or Service
Provider
Enterprise Campus
Data Center Small Business
Service Provider (Entry Level FortiGate’s)
(High End FortiGate’s)
41% 30%
29%
Small Enterprise
Based on Q4 2016 Financials
(Mid Range FortiGate’s)
4
The New Era of Hyperconnectivity
5
Value of Data Requires a Whole New Approach to Security
NETWORK SECURITY EVOLUTION GENERATION 1
1995-2005 Connection
SOFTWARE
Stateful Firewall
6
Value of Data Requires a Whole New Approach to Security
NETWORK SECURITY EVOLUTION GENERATION 2
2005-2015 Content
SOFTWARE
NGFW/UTM
SECURITY PROCESSORS
7
Value of Data Requires a Whole New Approach to Security
NETWORK SECURITY EVOLUTION GENERATION 3
2015+ Borderless
SOFTWARE
Fabric Cloud Security
Infrastructure
Application Security
SECURITY PROCESSORS
Network Security
Access Security
FABRIC INFRASTRUCTURE
Client/IoT Security
8
These Threats Have Moved Beyond The Application,
Content and User Level
Machine to
Fabric Generation 3
Machine Attacks
INFRASTRUCTURE
Advanced Advanced Threat
Targeted Attacks Protection
Performance Degradation
Malicious
Application Control
Apps
Malicious
Web Filter
Sites
Spam
Generation 2
Anti-spam
Botnets CONTENT
Viruses
Antivirus
& Spyware
Layer 3-4:
Firewall/VPN
Connection
Hardware Theft
Layer 1-2:
Lock & Key
Generation 1
Physical
CONNECTION
1980s Today
9
NSS Cyber Advanced Warning System
Validate your Security Product !
CAWS Alerts
11
12
NGFW Default (6 months)
13
NGFW Default +web reputation(6 months)
14
NGIPS Default (6 months)
15
Advanced
Threat
Intelligence NOC/SOC
BROAD
POWERFUL
Client Cloud
AUTOMATED
Network
Access Application
Partner API
16
Broad – The Fabric Gives You Complete Visibility, Coverage
and Flexibility Across The Entire Dynamic Attack Surface
Cloud Security
Application Security
Network Security
Access Security
Client/IoT Security
17
18
Broad – The Fabric Allows Flexible, Open Integration
of Other Security Partners
19
Powerful – Increasing Performance Reduces The
Burden on Infrastructure
Accelerates 1 Tbps
Network Traffic
High End
Accelerates
Content Inspection
Mid Range
Optimized
Performance for Entry
Entry Level Level
20
Powerful – The Fastest Network Security Appliance’s
on the market
21
Automated to Provide a Fast, Coordinated Response
to Threats
FortiGuard
FP320C3X15002440
Demo_ISFW-Finance
ISFW-PRI 2.62 GB
FortiSandbox
22
Automated Security Audit and Recommendations
23
Improved Control
24
Expanded Visibility
Aggregated Data
Available on upstream FortiGate in the Security Fabric
» Display consolidated info gathered from all participating downstream FortiGates
Upstream FortiGate is able to end session or quarantine endpoints belonging to
downstream FortiGates
» By send instructions to downstream FortiGates
25
Security Fabric Score
The Security Fabric Score widget has been added to the
FortiGate Dashboard to give visibility into auditing trends. This
widget uses information from the Security Fabric Audit to
determine your score. Score can be positive or negative, with a
higher score representing a more secure network.
26
Intent-based Network Security, Powered by Fabric
AUTOMATICALLY TRANSLATE BUSINESS NEEDS TO
INFRASTRUCTURE POLICIES
27
THE FORTINET SECURITY FABRIC
REALIZED
FORTINET SECURITY FABRIC
Sandbox
DATA CENTER/PRIVATE CLOUD
Endpoint
Secure Access NGFW
Protection
Point
Virtual
Top-of-Rack Firewall
Internal
PUBLIC CLOUD
CAMPUS Segmentation FW Email
Server
DCFW/
NGFW
Distributed Ent FW
Email
Security
Client Devices
Internal
Client Devices LTE Extension Segmentation
FW
Sandbox
BRANCH
OFFICE
OPERATIONS CENTER
29
FORTINET SECURITY FABRIC
ENTERPRISE
FIREWALL
Sandbox
DATA CENTER/PRIVATE CLOUD
Endpoint FortiGate
Secure Access
Protection NGFW
Point
Virtual
Top-of-Rack Firewall
FortiGate Internal
PUBLIC CLOUD
CAMPUS Segmentation FW Email
Server
FortiGate
DCFW/
FortiGate/FortiWiFi NGFW
Distributed Ent FW Email
Security
Client Devices
FortiGate Internal
Client Devices LTE Extension Segmentation FW
FortiAnalyzer
DDoS Protection FortiCloud
Sandbox
FortiManager
BRANCH FortiSIEM
OFFICE
OPERATIONS CENTER
30
FORTINET SECURITY FABRIC
CLOUD SECURITY ENTERPRISE
FIREWALL
Sandbox
DATA CENTER/PRIVATE CLOUD
Endpoint FortiGate
Secure Access
Protection NGFW
Point
Fortinet
Top-of-Rack Virtual Firewall
FortiGate Internal
PUBLIC CLOUD
CAMPUS Segmentation FW Email
Server
FortiGate
DCFW/
FortiGate/FortiWiFi NGFW
Distributed Ent FW Email
Security
Client Devices
FortiGate Internal
Client Devices LTE Extension Segmentation FW
FortiAnalyzer
DDoS Protection FortiCloud
Sandbox
FortiManager
BRANCH FortiSIEM
OFFICE
OPERATIONS CENTER
31
FORTINET SECURITY FABRIC
ADVANCED THREAT CLOUD SECURITY ENTERPRISE
PROTECTION FIREWALL
FortiSandbox
Fortinet
Top-of-Rack Virtual Firewall
FortiGate Internal
PUBLIC CLOUD
CAMPUS Segmentation FW Email
Server
FortiCloud Sandboxing
FortiGate
DCFW/
FortiGate/FortiWiFi NGFW
Distributed Ent FW FortiMail
FortiClient Email Security
FortiGate Internal
FortiClient LTE Extension Segmentation FW
FortiAnalyzer
DDoS Protection FortiCloud
FortiSandbox
FortiManager
BRANCH FortiSIEM
OFFICE
OPERATIONS CENTER
32
FORTINET SECURITY FABRIC
APPLICATION ADVANCED THREAT CLOUD SECURITY ENTERPRISE
SECURITY PROTECTION FIREWALL
FortiSandbox
Fortinet
Top-of-Rack Virtual Firewall
FortiGate Internal
PUBLIC CLOUD
CAMPUS Segmentation FW Email
Server
FortiCloud Sandboxing
FortiGate
DCFW/
FortiGate/FortiWiFi NGFW
Distributed Ent FW FortiMail
FortiClient Email Security
FortiGate Internal
FortiClient LTE Extension Segmentation FW
FortiAnalyzer
FortiDDoS Protection FortiCloud
FortiSandbox
FortiManager
BRANCH FortiSIEM
OFFICE
OPERATIONS CENTER
33
FORTINET SECURITY FABRIC
SECURE ACCESS APPLICATION ADVANCED THREAT CLOUD SECURITY ENTERPRISE
SECURITY PROTECTION FIREWALL
FortiSandbox
Fortinet
Top-of-Rack Virtual Firewall
FortiCloud Sandboxing
FortiGate
DCFW/
FortiGate/FortiWiFi NGFW
Distributed Ent FW FortiMail
FortiClient Email Security
FortiGate Internal
FortiClient FortiExtender Segmentation FW
LTE Extension
FortiAnalyzer
FortiDDoS Protection FortiCloud
FortiSandbox
FortiManager
BRANCH FortiSIEM
OFFICE
OPERATIONS CENTER
34
Security Fabric Secured by FortiGuard
Firewall
VPN
Application Control
IPS
Anti-malware
WAN Acceleration
Web Vulnerability IP
Filtering Management Reputation
35
How to Reduce Costs and Complexity in
Distributed Enterprise Environments with SD-WAN
Increasing Cyber-Threats
SaaS Applications Increasing malwares and botnets per
On average, companies have organizations – Fortinet Thrat Landscape
30+ applications running via the Business Traffic Report
Cloud Growing 30% every year
37
I hate my WAN : SD-WAN to the Rescue
By the end of 2019, 30% of enterprises will use SD-WAN technology in all
their branches, up from less than 1 % today - Gartner
38
Fortinet – SD-WAN Deployment Models
FortiGate Enterprise Firewall FortiHypervisor Eco-System
FortiHypervisor
FortiGate FortiHypervisor
#1 Market share in distributed enterprise FortiGate SPU with KVM Hypervisor
SPU acceleration for high performance FortiGate VM for security and SSL
Consolidated networking and security Supports fabric ready SD-WAN partners
Expanded SD-WAN as part of FOS 5.6
39
FortiGate Enterprise Firewall
SD-WAN Deployment Summary
Accelerated Entry/Mid-range FortiGate Enable
Secured SD-WAN at Branch and Campus
FortiGate 30 – 90 Series FortiGate 100 – 900 Series
Content
System Processor
on a Chip CPU
Network
Processor
FortiGate 80E Series with High IPsec VPN and SSL Performance FortiGate 100E & 200E Series with High Threat Protection and SSL Performance
41
SD-WAN Requirements - Multiple Links and VPN
Support for various Transport types – Flexibility Hybrid Cloud Data Center
Public Cloud
SaaS
42
SDWAN Requirements – Effective WAN Utilization
Supports various link path controller algorithms for effective WAN utilization
Dynamic Cloud Application Database for Cloud applications
Public Cloud
SaaS
HQ/Datacenter
43
SDWAN Requirements – Link Quality Measurement
Dynamic Routing based on Link quality measurements
Maintain High availability of Business critical applications
Best effort for low priority applications through low cost links Public Cloud
SaaS
Latency = 25 ms
Jitter = 1 ms
Packet Loss = 0 %
BW = 200 Mbps HQ/Datacenter
44
Deep Application Visibility for non-encrypted and SSL traffic
Deep Application Visibility for maintaining High SLA for Critical Applications
SSL Inspection for Visibility into Encrypted Applications
Public Cloud
HQ/Datacenter
45
SDWAN Requirements – QoS/Priority for Voice Traffic
DSCP Support for SIP and low latency Applications
Smart Routing and quick failover to provide high SLA
No Call Drop Failover for over 20000 simultaneous SIP Calls Public Cloud
SaaS
HQ/Datacenter
46
Topology Visibility and Link Utilization
Public Cloud
Sandbox Analytics
500MB
AWSFW.1
Internet
50MB
Switch.2 300MB
ACI.1 ISFW.2
Private Cloud
47
Centralized Management for SD-WAN is Critical
49
Expanded Visibility
50
Expanded Visibility
51
Secure Access Enhancements
Switch Controller
FortiSwitch firmware upgrade
Web Interface support
» user-port Link Aggregation Groups
» configure DHCP blocking, STP and Loop Guard on Managed FortiSwitch ports
IGMP Snooping config
Adding preauthorized FortiSwitches
52
Secure Access Enhancements
53
Secure Access Enhancements
54
Integrated Advanced Threat Protection for Network, Email, Web
and Endpoint
• Integrated with FortiGate, FortiMail,
FortiSandbox FortiWeb and FortiClient and non-Fortinet
Advanced Threat Detection security components to cover the entire
attack surface
Firewall SEG WAF EPP • Automated response of new unknown
threats via intelligence sharing
• Top rated based on independent 3rd party
tests to address the latest, sophisticated
threats
Automate the identification and response to ransomware,
Advanced phishing, and targeted attacks that can result in
Threat downtime, breaches, regulatory penalties and more,
Protection across network, mail, web and endpoint.
Appliance Virtual Cloud
FortiSandbox
55
Fabric Integrated FortiSandbox Deployment
• Antivirus
• IP Reputation/Botnet
• Web Filter
• Emerging Threats
FortiGuard
56
FortiManager – Single Pane Of Glass
Key Features
1. Enterprise Class Management
FortiManager
• Clean, modern look & feel
• Similar navigation to FortiGate
• Fewer clicks = faster enforcement
57
Network Security Expert (NSE) Program
58
There are no Limits to our Opportunity
BROAD
POWERFUL
AUTOMATED
59