© copyright fortinet inc. all rights reserved. threat landscape ryan kane – swat specialist -...
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
Threat Landscape
Ryan Kane – SWAT Specialist - Secure Wireless, & Access TechnologiesData Connectors ABQ December 2015
2 - Fortinet Confidential
Trend: Device Growth ContinuesMore devices and newer device types are entering the network
• 33 Billion endpoints projected to be connected by 2020 – Gartner
• New device types entering the network» ‘headless’ IoT, wireless sensor nodes,
beacons, wearables
3 - Fortinet Confidential
A Global Leader and Innovator in Network SecurityFortinet Quick Facts
• Founded in 2000, 1st shipment 2002, IPO 2009
• HQ: Sunnyvale… 80+ offices worldwide
• Employees: 3700+
• 247,000+ customers
• Over 2 million devices shipped
• #1 unit share worldwide in network security (IDC)
• Market-leading tech… 243 patents, 215 pending
$16M
$1B+
Cash2003 2014
$13M
$770M
Revenue2003 2014
Consistent , accelerating growth
Strong positive cash flow
Profitable
Custom ASIC-based scalable architectureFortiASIC
Custom, convergedNetworking + Security OSFortiOS
Industry-leading, validatedThreat ResearchFortiGuard
Global Infrastructure & Support FortiCare
4 - Fortinet Confidential
• Founded in 2000, 1st shipment 2002, IPO 2009
• HQ: Sunnyvale… 80+ offices worldwide
• Employees: 3700+
• 247,000+ customers
• Over 2 million devices shipped
• #1 unit share worldwide in network security (IDC)
• Market-leading tech… 243 patents, 215 pending
Balanced business across segments
Balanced revenue and growth around the globe
APAC20%
Americas45%
EMEA35%
FortinetRevenue
By RegionQ2 2015
Entry-Level Appli-ances31%
Mid-Range Appliances
24%
High-End Appliances
45%FortiGateRevenue
By SegmentQ2 2015
Custom ASIC-based scalable architectureFortiASIC
Custom, convergedNetworking + Security OSFortiOS
Industry-leading, validatedThreat ResearchFortiGuard
Global Infrastructure & Support FortiCare
A Global Leader and Innovator in Network SecurityFortinet Quick Facts
5 - Fortinet Confidential
Billings by Product Segment
Q2 2015
37%High-end
37%Entry Level
26%Mid-range 7 of Top 10
Global 100 Computer Services
9 of Top 10 Global 100
7 of Top 10 Global 100
Major Banks
9 of Top 10 Global 100 Aerospace & Defense
A Global Leader and Innovator in Network SecurityBalanced Revenue Across Product Segments
6 - Fortinet Confidential
• Founded in 2000, 1st shipment 2002, IPO 2009
• HQ: Sunnyvale… 80+ offices worldwide
• Employees: 3700+
• 247,000+ customers
• Over 2 million devices shipped
• #1 unit share worldwide in network security (IDC)
• Market-leading tech… 243 patents, 215 pending
Gaining overall market share, pulling away
Gaining share in higher-end markets
2011 2012 2013 2014 -
100,000
200,000
300,000
400,000
500,000
Cisco
Check Point
JuniperPalo Alto
Worldwide Network Security Appliance Shipments
Worldwide Data Center Firewall Unit Share
CY 2012 CY 2013 1H 20140%
5%
10%
15%
20%
25%
30%
w/o Sourcefire
Check Point
Juniper
McAfee
Cisco
Custom ASIC-based scalable architectureFortiASIC
Custom, convergedNetworking + Security OSFortiOS
Industry-leading, validatedThreat ResearchFortiGuard
Global Infrastructure & Support FortiCare
A Global Leader and Innovator in Network SecurityFortinet Quick Facts
7 - Fortinet Confidential
Scalable, High Performance SecurityFortiASICs Dramatically Boost Performance
6Gbps
2Gbps
3.5Gbps
FW
VPN
IPS
CPU
FW
IPS
Base
line
CP 8NP 6
40Gbps
25Gbps
FW
VPN10Gbps
9Gbps
IPS
VPN
CPU
NetworkProcessor
ContentProcessor
10X data center firewall performance 5X NGFW performance Security that keeps up with
growing bandwidth requirements(IPsec) (SSL)
8 - Fortinet Confidential
Proven, Certified Security Unparalleled 3rd Party Validation
Description Fortinet Check Point CiscoPalo AltoNetworks
Juniper FireEye
NSS - Firewall NGFW Recommended RecommendedRecommended
& NeutralCaution Caution x
NSS - Firewall DC Recommended x x x x x
NSS - Breach Detection Recommended x Recommended x x Caution
NSS - WAF Recommended x x x x x
NSS – Next Gen IPS Recommended x Recommended Neutral x x
NSS - IPS (DC) ✔ ✔ x x Caution x
BreakingPoint Resiliency Record High - 95 x x Poor - 53 x x
ICSA Firewall ✔ ✔ x ✔ ✔ x
ICSA IPS ✔ ✔ x x x x
ICSA Antivirus ✔ x x x x x
ICSA WAF ✔ x x x x x
VB 100 ✔ Caution x x x x
AV Comparative ✔ x x x x x
Common Criteria ✔ ✔ ✔ ✔ ✔ ✔
FIPS ✔ ✔ ✔ ✔ ✔ ✔
9 - Fortinet Confidential
Security Advantage – FortiGuard Threat Research Labs
FortiGuardLabs
FDNServices
FortinetDevices
FortiGate
FortiClient
FortiManager
FortiSandbox
ConsolidatedIntelligence
Anti-spam
Vulnerability
IP Reputation
IPS
App Control
Web Filtering
Web Threat Research
Malicious Javascript
Security Research
Botnet Research
Mobile Research
Fortinet DevelopmentRoadmaps & EnginesThreat Mitigation Technology
Customer ServiceFortiCare
FortiGuardServices
Anti-malware
FortiMail
FortiWeb
10 - Fortinet Confidential
11 - Fortinet Confidential
12 - Fortinet Confidential
13 - Fortinet Confidential
14 - Fortinet Confidential
15 - Fortinet Confidential
16 - Fortinet Confidential
17 - Fortinet Confidential
18 - Fortinet Confidential
© Copyright Fortinet Inc. All rights reserved.
Breaking the Kill Chain:Prevent, Detect, and Mitigate Threats
Terry Zechman, Systems Engineer
Data Connectors ABQ December 2015
20 - Fortinet Confidential
Common Attack Vectors
SpamMaliciousEmail
Malware
Web Filtering
Intrusion Prevention
Antivirus
App Ctrl / IP Rep
Exploit
MaliciousWeb Site
21 - Fortinet Confidential
Signature Based Threat Prevention
SpamMaliciousEmail
Malware
Anti-spam
Intrusion Prevention
Antivirus
Exploit
MaliciousWeb Site
22 - Fortinet Confidential
Next Gen Firewall
SpamMaliciousEmail
Malware
Bot Commands
C&C
Malicious Link
Stolen Data
Anti-spam
Web Filtering
Intrusion Prevention
Antivirus
App Ctrl / IP Rep
Exploit
MaliciousWeb Site
23 - Fortinet Confidential
KnownGood
Known Bad
ProbablyGood
Very Suspicious
SomewhatSuspicious
Might beGood
CompletelyUnknown
Whitelists Reputation: File, IP, App, Email SignaturesDigitally signed files
BlacklistsSignatures
HeuristicsReputation:
File, IP, App, Email
Generic Signatures
CodeContinuum
SecurityTechnologies
Sandboxing
Malware? Goodware? Idon’tknowware? The Continuum
24 - Fortinet Confidential
Add Sandbox to make Unknowns Known
Malicious Link
SpamMaliciousEmail
Malware
Bot Commands
C&C
Stolen Data
Anti-spam
Web Filtering
Intrusion Prevention
Antivirus
App Ctrl / IP Rep
Exploit
MaliciousWeb Site
San
db
ox
25 - Fortinet Confidential
Attacks Hide Behind SSL Encryption
1- Downloaderemailed to victim
2- SSL connection to compromisedweb server and Trojan download
3- Credentials captured enabling unauthorized access
https://blog.fortinet.com/post/the-stealthy-downloader
26 - Fortinet Confidential
Just How Prevalent Is This?
• In 2017, more than 50% of the network attacks targeting enterprises will use encrypted traffic to bypass controls, up from less than 5% in 2013
-Gartner
27 - Fortinet Confidential
Add SSL Inspection
SpamMaliciousEmail
Malware
Bot Commands
C&C
Malicious Link
Stolen Data
Anti-spam
Web Filtering
Intrusion Prevention
Antivirus
App Ctrl / IP Rep
Exploit
MaliciousWeb Site
San
db
ox
SS
L In
spec
tio
n
28 - Fortinet Confidential
Why Don’t Organizations Inspect SSL Traffic?
• Privacy laws• Employees might
not like it• Performance impact
on NGFWs
39%
29 - Fortinet Confidential
Existing Firewalls focused on the Border
Internal network no longer “trusted”
Many ways into the network Once inside threats
can spread quickly
EXTERNAL INTERNAL
Email (Phishing) VulnerabilitiesWeb Downloads
Social Engineering Exploits(Zero Days)
Threat Production+ Recon
1
34
Disposal
Package Encrypt Stage
Hide, Spread, Disarm, Access,Contact Botnet CC, Update
Threat Vector Infection
CommunicationExtraction
2
Border
Advanced Threats Take Advantage of the “Flat Internal” Network
30 - Fortinet Confidential
Consider Segmenting Your Internal Network
WAN
Internet
Cloud
HomeOffice
Internal Segmentation Firewall(ISFW)
Internal Network
(100 Gbps+)
BranchOffice
PrivateCloud
EdgeGateway
Data Center
ISFW
ISFWISFW
ISFWISFW
ISFW
External
Internal
31 - Fortinet Confidential
Summary / Recommendations
• Make sure you have a good layered security defense to break the kill chain» Next Generation Firewall, Secure Email Gateway, Endpoint Protection
• User/App/Device type ID & control, IPS, AV, Web Filtering, IP Reputation, AntiSpam, etc.
» Good solutions must have great security & great performance – Make sure your choice is validated by industry neutral third-party tests (such as NSS Labs) or do your own testing
• Build an Advanced Threat Protection Framework that includes sandboxing» The best choice is a sandbox that integrates with your other security
• Start inspecting SSL traffic» Your NGFW should have this capability; if not, make sure your next NGFW does» Work with compliance & HR on privacy regulations
• Implement Internal Segmentation Firewalls» Keep threats from running rampant throughout your internal network
32 - Fortinet Confidential
DON’T GO UNPROTECTED