Selling whats new on FortiOS 4'0

1
Selling whats new on FortiOS 4.0
Introducing FortiOS 4.0
2
Agenda

• Market Leadership
• FortiOS 4.0 Overview
• WAN Optimization
• Application Control
• Data Leakage Prevention
• SSL Inspection
• Other Features
• FortiOS 4.0 in Action!

3
UTM Leadership Growth

• By 2011 UTM will be the largest single market
  with a CAGR of 26.2
• UTM has already surpassed firewall market

In 2008, UTM surpassed firewall market
Fortinet Confidential
4
UTM Market Leadership Total
Worldwide UTM Revenue Share by Vendor, Q3 08
Note Market shares are based on IDCs Quarterly
Appliance Tracker. Source IDC, Dec. 2008
5
The New Generation of Security Gateway

• FortiGate appliances offer
• Multi-Threat protection
• Comprehensive security solution
• High-Performance security
• Custom ASICs for real-time, high perormance
  network protection

9
6
Integrated Simplicity

• Reduces number of vendors and appliances
• Provides comprehensive security
• Minimizes down-time from individual threats
• Simplifies security management
• Coordinates security alerting, logging, and
  reporting
• Improves detection capabilities

7
Connection Security

• Firewall
• Prevent unauthorized access
• Establish security perimeters / implement
  segmentation
• IPSec SSL VPN
• Provide remote access to privileged resources

8
Integrated Application and Content Security

• Intrusion Prevention
• Prevents exploitation of vulnerabilities
• Protocol awareness allows application awareness
• Antivirus / Antispyware
• Prevents malicious content from propagating

9
Application Security

• Web Filtering
• Prevents access to known malicious and
  spam/phishing sites
• Prevents any policy violating content
• Antispam
• Filters unsolicited bulk mail
• Application Control
• Prevents/Limits communication of common network
  applications (IM, P2P, etc.)
• Shapes traffic to guarantee/restrict bandwidth
  for a given application

10
Custom ASICs for Unmatched Performance

• The FortiASIC Family
• Network ASIC (NP)
• Firewall acceleration
• VPN (IPSEC and SSL)
• IPS anomaly acceleration
• Application ASIC (CP)
• Accelerated Antivirus (Antispyware) analysis
• Web Filtering and Antispam Advantage from
  Accelerated AV scanning
• Traffic Shaping

11

• FortiOS 4.0 Overview

12
Redefining Network Security
In-House Update Services
Real time protection
Firewall
VPN
AV
IPS
Antispam
WCF
Flexible Capabilities
Traffic Shaping
AppCtrl
DLP
WANop
SSL
Specialized OS (FortiOS 4.0)
Secured Platform
Purpose-Built Hardware
High Performance
With the release of FortiOS 4.0, Fortinet is
redefining network security again by extending
the scope of consolidated security capabilities
within the FortiGate multi-threat security system
13
FortiOS Software Evolution
2005
2007
2009/Q1
2009/Q3

• Additional features to mature code
• Continue further enhancements on these
  capabilities on V.4.1
• Release Cycle Changed
• To provide more stable code for use
• MR 4.X feature additions/enhancements (1/2
  yearly)
• Patch 4.0.X bug fixes (Quarterly)

14
Anatomy of the FortiGate Solution
FortiOS is the security hardened operating system
that powers all FortiGate multi-threat security
systems.
15
Introducing FortiOS 4.0
With the release of FortiOS 4.0, Fortinet is
redefining network security again by extending
the scope of consolidated security capabilities
within the FortiGate multi-threat security
system.  
4.0

• Primary Benefits
• Access to innovative new security technologies,
  once available only as standalone products
• Improved security through the integration of
  security technologies working together
• Consolidation simplifies management, saving time
  and money

16
FortiOS 4.0 Key Benefits

• Access to innovative new security technologies,
  once available only as standalone products
• Improved security through the integration of
  security technologies working together
• Consolidation simplifies management, saving time
  money
• Further enhance some of the existing capabilities
  to meet enterprise requirements

17
FortiOS 4.0 Key Features

• WAN Optimization
• Accelerate applications over WAN connections
  while ensuring multi-threat security enforcement

Application Control Recognize traffic based on
the application generating it, instead of port or
protocol
SSL Inspection Increase security and policy
control among encrypted traffic streams
Data Leakage Prevention (DLP) Identify and
prevent the communication of sensitive
information outside of the network boundaries
18
FortiOS 4.0 Features/ Positioning
HOT SPOT
Potential MSSP Offerings V4.0 may offering
additional managed service such as WAN-OP, DLP
Application Monitoring
19
Competitive Advantage Summary
Enhanced Security. Improved Value. Simplified
Management.
20
FortiOS 4.0

• Major OS release
• Over 40 new features
• Most non-A series will not be supported

224B support available in future patch releases
21
FortiOS 4.0

• OS features
• Some features will only be available on selected
  platforms

Requires additional ASM-S08 Module
22
FortiOS 4.0

• Product Sizing (Unofficial)

23

• WAN Optimization

24
WAN Optimization

• Increases network performance by reducing the
  amount of communication and data transmitted
  between applications and servers across a WAN

• Increases network performance
• Reduces data transmitted across a WAN
• Reduces bandwidth and server resource
  requirements
• Improves user productivity
• Reduces networking costs

25
WAN Optimization in Action

• Integrated caching
• Bi-directional
• Integrated with VDOMs
• Common applications
• File Sharing (CIFS, FTP)
• Email (MAPI with MS Exchange / MS Outlook)
• Web (HTTP / HTTPS)
• Generic (TCP)
• FortiClient Integration
• Remote / mobile users without local FortiGate

26
WAN-OP Deployment
WAN optimization VPN Peer
Data Center
LAN/Branch
WAN optimization VPN Peer

• Features
• Bi-directional web caching
• Peer-to-peer data reduction
• Common Application Acceleration
• File Sharing (CIFS, FTP)
• Email (MAPI with MS Exchange / MS Outlook)
• Web (HTTP / HTTPS)
• Generic (TCP)
• FortiClient Integration

Web Farm
27
Competitive Advantages

• Against Firewall/UTM players
• First Mover Advantage
• 1st in the market to deliver network security
  with WAN-OP
• Negate VPN overheads
• Reduce the need of additional network components,
  especially at branches
• Against WAD players
• Lack of VPN integration
• Common problem when deploying WAD solutions since
  encrypted data may pose problems
• Standalone solutions
• Requires additional efforts to manage maintain
• Lack of Application Control
• Which adds to even more efficient use of Bandwidth

28

• Application Control

29

• What is Application Control?
• Identifying enforces security policy for
  applications, regardless of port or protocol used
  for communication
• Extension reorganization of previous IPS
  IM/P2P implementation
• Objectives
• More flexible and fine-grained policy control
• Increased security
• Deeper visibility into network traffic

FortiGuard Application List Updates Application
List can be updated regularly automatically via
current FortiGuard IPS Subscriptions
30
Drivers for Application Control

• Beyond L3 Firewalling
• Need to be effective against applications that
  are evasive port-hopping, or tunneling within
  trusted ports
• Defending against P2P applications (no specific
  destinations)
• Example Instant Messengers, proxy avoidance
  applications
• HTTP becoming the universal application protocol
• Web 2.0 - Need to identify and enforce controls
  on web apps.
• Common vector for malicious applications
  communication, file transfers
• Host of streaming media and flash based games
  applications
• Network Visibility
• Allow admin to further understand network
  activities
• Example the cause of a network slowdown

31
Features
Identify over 1,000 applications Frequently
updated, leading in industry with many localized
applications

• Instant Messaging
• Peer-to-peer
• Voice over IP
• File Transfer
• Video/Audio Streaming
• Internet Proxy
• Remote Access Connection
• Games
• Web Browser Toolbar
• Database
• Web-based email
• Web
• Protocol Command
• Internet Protocol
• Network Services
• Enterprise Applications
• System Update
• Network Backup

32
Application Control List
Multiple Applications can be defined with
different actions and logging options
33
Categories and Apps
Thousands of Applications Supported
34
Competitive Advantages

• Against Firewall/UTM players
• Most comprehensive Application Control solution
• Unprecedented number of detectable applications
• More actions for key IM P2P control
• Against NG Firewalls
• Performance
• Essentially, an IPS (thus poor cost/performance)
• May run into problems if applications has been
  updated (versions/tweaks)
• Other components relying on OEMs
• Lacks in Product Range

35

• SSL Inspection

36
Drivers for SSL Inspection

• SSL is a business enabler for some organizations
• Gives some trust to customers / partners /
  suppliers
• Helps drive revenue to organizations
• SSL is needed to protect the integrity of both
  out in-coming traffic!
• Banking / Financial / Commercial transactions on
  the internet
• Money information!
• Any kind of sensitive data
• Social security numbers, Identity information,
  passwords
• Protecting sensitive information on intranets
• Trade secrets, Internal information.

Ask yourself this Question Will you buy from
an unsecured e-commence site?
37
SSL Inspection Deployment
SSL Servers on the Internet
38
SSL Inspection for Secure Web
New SSL Inspection Options
39
SSL Inspection E-Mail

• IMAPS
• POP3S
• SMTPS

New SSL Inspection Options
40
How to Position SSL Inspection

• Increased security with SSL inspection!
• AV, WCF within SSL encrypted traffic
• Most of our competition simply cant do this with
  their border products!
• Nobody with UTM products can inspect SSL today!
• Cleaner approach
• Less products to do the same
• Same management/ reporting
• Lower TCO
• More inspection capabilities for the same money

41

• Data Leakage Prevention

42
What is Data Leakage Prevention?

• Data leakage can be intentional or unintentional
  result of human/software error, it is often the
  result of specific, targeted actions, sometimes
  by trusted insiders, which leads to the loss of
  sensitive information
• There are many ways in which confidential data or
  proprietary secrets can leave an organization,
  such as emails FTP.
• Data-leak prevention protect your intellectual
  property from internal mishandling

43
What causes Data Leakage?

• Lack of consensus on what actually compromises a
  DLP solution
• i.e. Products that, based on central policies,
  identify, monitor, and protect data at rest, in
  motion, and in use, through deep content
  analysis.
• DLP solutions typically have 3 main components
• Data at Rest
• Scanning of content storage repositories, to
  identify where sensitive data exists
• Data in Motion
• Intercepting and inspecting traffic which is
  traversing the network, to identify potentially
  sensitive data
• Data in Use
• Endpoint solutions that monitor endpoint system
  activity and identify sensitive data

44
Fortinet DLP Implementation

• FortiGate Data Protection in Motion
• An evolution from Content Archiving
• Pre-configured DLP sensors will be available for
  quick setup
• FortiClient - Data Protection in Use

Can set period expiry
45
DLP Rules Protocol Specific Configuration
Rules can be created using Regular Expression or
ASCII.
46
Competitive Advantages

• Against Firewall/UTM players
• None come close for Content Security
• Types of actions
• Protocol Support
• File type supported
• Against Specialized DLP vendors
• Requires additional network equipment for
  Data-in-motion solution

DLP is resource intensive Be aware that DLP is
not suitable for large volume of interested
traffic
47

• Other Features

48
Other features
49
Other features
50

• FortiOS 4.0 Certification Trainings

51
2 routes to be FortiOS 4.0 enabled!
Training Promotions, More Reasons to be Fortinet
Certified Today
Exclusively For existing FCNSP personnel
FastTrack Promotion for FortiOS 4.0
For non-FCNSP personnel FT-201 Self-Paced
Training Kit FCNSA Exam Voucher FT-301
Classroom Training FCNSA FCNSP Exam
Voucher Simply visit Us at
https//campus.training.fortinet.com/
52
2 routes to be FortiOS 4.0 enabled!
53
Questions?