Académique Documents
Professionnel Documents
Culture Documents
• Targets unskilled users therefore • Targets an interest group, • Sending of Personally Identifiable
often volumetric attacks organization or individuals (spear Information (PII) via Email
• Use of social engineering phishing) within the organization • Sending of corporate confidential
techniques to get users to open • Customised content based on information out of the organization
email and execute malware user interests or role • Corporate espionage
• Some zero day, mostly a numbers • Often targeted at C-levels • Failure to encrypt sensitive emails
game (whaling) • Failure to backup/save/archive
• 92.4% of malware is delivered via • Zero day malware or social emails to comply with corporate
the email vector* engineering to divulge financial or standards
credential information • IRS – 7 years
• PCI – 1 year
• 4% users click on malicious • State depts – 3 years
attachments or links in such mails* • HIPPA – 6 years
Lack of email security and management can lead to direct financial impact through fraud or indirect impact
through regulatory fines and negative PR.
3
Protection from Email-based Threats
Primary Challenges Solution
Email common entry point for attackers FortiMail Email Security
Spam, attachments, phishing Inbound and outbound threat protection
Targeted attacks Data loss prevention and encryption
FortiSandbox FortiSandbox integration
Compliance, privacy and data control
Users are major contributing factor to Advantages
risk 42 consecutive VBSpam awards
44 VB100 awards
Highest performance in industry
FortiMail
FortiGuard
Email Server
4
FortiMail Overview
5
Top-rated Traditional and Advanced Threat Prevention
FortiGuard IP Reputation
7
Feature Details
Key Features
Anti-Spam/Anti-Phishing
9
Key Features Take Action Based on Profiles
FortiGuard
File discarded, option to Quarantine and event logged
Anti-Malware
Malware Outbreak detection
FortiGuard Anti-Virus (On-box)
» One-to-many signature matching (CPRL)
» Heuristic detection
Virus Outbreak detection
» Code emulation & Behavioural analysis
File Sample
10
Key Features
Defending Against Emerging Threats
Behavioural Analysis
» Machine learning engine based on previous
detections
» Is behaviour similar to recent signature based
detections? If it walks like a duck…….
11
Key Features Remove macros
12
Key Features
Targeted Attack Prevention
13
Key Features
Management
FortiView
» User and threat real time statistics
14
Key Features
FortiMail is Core to Fortinet’s Advanced Threat Protection Framework
Hand off :
High risk items
Known Threats FortiGate, FortiSandbox &
• Reduce Attack Surface FortiMail & everything that
• Inspect & Block Known Threats everything that analyzes
can enforce a behavior
security policy
Unknown Threats
• Identify Unknown Threats
• Assess Behavior & Identify Trends
Hand off : Hand off :
Response Security Ratings
• Identify scope updates & results
• Mitigate impact
FortiGuard teams and automation
FortiMail actively mitigates threats by queuing emails whilst waiting for a FortiSandbox result
15
Key Features
FortiSandbox Threat Analysis *
FortiMail
On-Premise and Cloud options
» FortiSandbox Cloud included in Enterprise ATP
(4) Risk rating returned,
Bundle message handled by policy
Targeted Email
FortiMail queues email and submits files and (1) Email queued
17
Key Features
Data Protection and Compliance
18
Key Features
Quarantine, End User Digest, Junkmail/Newsletter Folders
Central quarantine
» Easy administration
» Can be consolidated
across devices
19
Key Features
Testing & Certification
Independent Testing
» ICSA – Advanced Threat Defense
» NSS – Breach Prevention Systems
» Gartner – SEG Market Report
Certification
» FIPS 140-2
» NDcPP
20
Deployment Options
Flexible Deployment Options
21
Deployment Options
Multiple Deployment Scenarios
Gateway Mode
• Most common deployment scenario
•Mail is delivered to FortiMail, scrubbed of threats and forwarded to
destination mailserver
Transparent Mode
• Deployed as a bump in the wire. No configuration changes required
to the email infrastructure.
•Commonly utilised in the ISP and Carrier environment.
Server Mode
• FortiMail acts as a full mailserver providing POP3, IMAP, Webmail
and calendaring in addition to security functions.
22
Deployment Options
High Availability and Scalability Options
Active-Passive Cluster
• Two-devices, full failover protection
•Heartbeat and Service Monitoring
•Full mailbox, archive, quarantine, log and queue synchronization
Config Only HA
•Linear scalability suitable for the largest ISPs and Carriers
•Centralized quarantine, management and IBE
•Enables DR and geographic redundancy
•Load balanced option using FortiiADC or third party load balancer
23
Deployment Options
The move to the Office365
Solution
» FortiMail can be deployed alongside Office 365 in the
Microsoft Azure Cloud for enhanced security and content
protection.
24
Deployment Options
Bundle Licensing
25
Product Line
FML-3200E
Performance & Scalability
FML Cloud
FML-3000E FML-VM32
FML-2000E
FML-VM16
FML-VM08
FML-1000D
FML-VM04
FML-400E
FML-VM02
FML-200E
FML-60D FML-VM01
FML-VM00
Email Routing
3.6K 80k 157k 680k 1.5M 1.8M
(Msgs/hr)*
AS+AV Perf.
2.7K 61k 126k 500k 1.3M 1.5M
(Msgs/hr)*
Large Enterprise, Large Enterprise,
Recommended Mid/Large
Demo/Home Small Office Mid Enterprise ISP, Carrier, ISP, Carrier,
for Enterprise
University University
https://www.virusbulletin.com/uploads/pdf/magazine/2016/201605-vbspam-comparative.pdf 37