advanced threat protection€¦ · verizon 2015 data breach investigations report, april 2015...
TRANSCRIPT
![Page 1: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/1.jpg)
© Copyright Fortinet Inc. All rights reserved. © Copyright Fortinet Inc. All rights reserved.
Advanced Threat Protection
Telling and Selling the $20b Story
January 2016
![Page 2: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/2.jpg)
2 2
Agenda
Telling the Story
Selling the Story
Recap/Resources
![Page 3: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/3.jpg)
Telling the Story
![Page 4: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/4.jpg)
4 4
The Problem: Breaches, Breaches and More Breaches
2014: 79,790 security
incidents
2015: CEOs, CIOs and
CISOs who resigned
All organizations should now assume
that they are in a state of continuous
compromise. — Gartner, 2/14/14
Sources: Verizon 2015 Data Breach Investigations Report, April 2015
Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks. February 2014.
IDG Media. IT Security Priorities and Next-Generation Firewall Deployment. January 2016.
![Page 5: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/5.jpg)
5 5
Random Detection (average ~200 days,
prior to response)
DURATION
IMP
AC
T
The Impact: Extended Compromise, Data Loss, Headlines…
![Page 6: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/6.jpg)
6 6
The Impact: Extended Compromise, Data Loss, Headlines…
Sources: Verizon 2015 Data Breach Investigations Report, April 2015
![Page 7: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/7.jpg)
7 7
Known
Good
Known
Bad
Probably
Good
Very
Suspicious
Somewhat
Suspicious
Might be
Good
Completely
Unknown
Whitelists Reputation:
File, IP, App, Email
App Signatures
Digitally signed files
Blacklists
Signatures
Heuristics
Reputation:
File, IP,
App, Email
Generic Signatures
Code Continuum
Security Technologies
A Root Cause: “Idon’tknowware”
70-90%
OF MALWARE SAMPLES
ARE UNIQUE TO AN
ORGANIZATION
![Page 8: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/8.jpg)
8 8
Whitelists Reputation:
File, IP, App, Email
App Signatures
Digitally signed files
Blacklists
Signatures
Heuristics
Reputation:
File, IP,
App, Email
Generic Signatures
Code Continuum
Security Technologies
Sandboxing
A Solution: Behavior-based Sandboxing of the Unknown
Sources: Verizon 2015 Data Breach Investigations Report, April 2015
70-90%
OF MALWARE SAMPLES
ARE UNIQUE TO AN
ORGANIZATION
Known
Good
Known
Bad
Probably
Good
Very
Suspicious
Somewhat
Suspicious
Might be
Good
Completely
Unknown
![Page 9: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/9.jpg)
9 9
Why? It Provides Information to Stop Advanced Threats
Source: Forrester Sandbox Survey. November 2015.
Worldwide Specialized Threat Analysis and Protection Revenue,
2011-2019: Comparison of August 2013 and May 2015 Forecasts
May 2015 forecast
August 2013 forecast
2011 2012 2013 2014 2015 2016 2017 2018 2019
($M
)
3,500
3,000
2,500
2,000
1,500
1,000
500
0
![Page 10: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/10.jpg)
10 10
What You Need to Know About FortiSandbox
1. Analyzes Activity
2. Provides Data, Dynamic Updates
3. Independently Validated
4. Cloud or On-Premise Options
5. Integrated and Automated
![Page 11: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/11.jpg)
11 11
Random Detection (average 200 days,
prior to response)
DURATION
IMP
AC
T
Sandbox Only Detection &
Response (days)
Why? A Good Sandbox Reduces Dwell Time, Risk, Impact
![Page 12: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/12.jpg)
12 12
Experienced Sandbox Users Seek Integration and Automation
Base: 150 IT security decision-makers at US-based enterprises that have implemented or evaluated sandbox technology
Source: A commissioned study conducted by Forrester Consulting on behalf of Fortinet, August 2015
![Page 13: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/13.jpg)
13 13
Integrating A Sandbox with NGFW/WAF Speeds Response
Random Detection (average 229 days,
prior to response)
DURATION
IMP
AC
T
Sandbox Only Detection &
Response (days)
Sandbox +
NGFW/WAF Detect & Respond
(minutes)
![Page 14: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/14.jpg)
14 14
What You Need to Know About FortiGate as NGFW
1. Independently Top Rated Prevention
2. Send Unknown Items to FortiSandbox
3. One-Click Quarantine
4. Automatic, Local Updates
5. Detects Advanced Threats
![Page 15: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/15.jpg)
15 15
What You Need to Know About FortiWeb
1. Shields Web Servers From Exploit
2. Fastest Performance, Lowest TCO
3. Sends Items to FortiSandbox
4. Removes Files Based on Results
5. Detects Advanced Threats for One Attack Vector
![Page 16: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/16.jpg)
16 16
How To Move From Detection/Response To Prevention?
Random Detection (average 229 days,
prior to response)
DURATION
IMP
AC
T
Sandbox Only Detection &
Response (days)
Sandbox +
SEG/EPP
Prevention (0-second)
Sandbox +
NGFW/WAF Detect & Respond
(minutes)
![Page 17: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/17.jpg)
17 17
What You Need to Know About FortiMail SEG
1. Top rated Threat + Data Protection
2. On-premise or Cloud Service
3. Holds Messages for Analysis
4. Sends Items to FortiSandbox
5. Provides Advanced Threat Prevention
for One Attack Vector
![Page 18: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/18.jpg)
18 18
What You Need to Know About FortiClient
1. Unified Client Software
2. Top-rated with New Central Management
3. Sends Items/Acts Before or After Install
4. Receives All FortiSandbox Results
5. Advanced Threat Prevention for All
Vectors…but Seen by Every User
![Page 19: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/19.jpg)
19 19
Hand off : High risk items
Hand off : Provide
ratings
& results
Hand off : Creating a
fix & update
prevention
FortiSandbox & everything that is
behavior based
FortiGate & everything that
can enforce a
security policy
FortiGuard teams and automation
This is our Fortinet Advanced Threat Protection Framework
![Page 20: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/20.jpg)
Selling the Story
![Page 21: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/21.jpg)
21 21
Customer Concern: Advanced Threats on the Web
![Page 22: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/22.jpg)
22 22
Recent $2.2m investment in Fortinet
Initial $10m quote from FireEye
Won Fair PoC: coverage, cost
Sales Motion: Add Sandbox to FortiGate NGFW
![Page 23: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/23.jpg)
23 23
Customer Concern: Targeted Email Attacks
![Page 24: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/24.jpg)
24 24
Director favored FireEye
Fortinet won with: » Better detection
» FortiGate/FortiMail integration
» Flexible deployment options
Sales Motion: Add SEG + Sandbox
![Page 25: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/25.jpg)
25 25
Customer Concern: Advanced Attacks via Web and Email
![Page 26: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/26.jpg)
26 26
Sales Motion: Net New NGFW+ SEG + Sandbox
FireEye was dismissed due to the
distributed environment.
FortiGate + FortiSandbox stopped
spearphishing
FortiMail integration is first in 2016.
![Page 27: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/27.jpg)
27 27
Customer Concern: Advanced Attacks Via Web, Email, Web Apps
![Page 28: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/28.jpg)
28 28
Sales Motion: Net New NGFW + SEG + WAF + Sandbox
End to end solution
NSS certification
![Page 29: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/29.jpg)
29 29
Customer Concern: Exposed Endpoints
![Page 30: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/30.jpg)
30 30
Sales Motion: Net New Sandbox + Client
Full featured client reduces agents
Caught thousands of malwares
missed by SCEP
Stops zero-days with FSA
![Page 31: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/31.jpg)
31 31
Customer Concern: Strongest Defense Against APTs
![Page 32: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/32.jpg)
32 32
The $20bn Opportunity…This Year
Sandbox ($2bn)
![Page 33: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/33.jpg)
33 33
The $20bn Opportunity
Sandbox ($2bn)
NGFW/UTM ($8.5bn)
![Page 34: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/34.jpg)
34 34
The $20bn Opportunity
Sandbox ($2bn)
NGFW/UTM ($8.5bn) SWG
($2bn
)
SEG
($2bn)
![Page 35: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/35.jpg)
35 35
The $20bn Opportunity
Sandbox ($2bn)
NGFW/UTM ($8.5bn) SWG ($2bn)
Endpoint ($4.6bn) SEG
($2bn) WAF ($800m)
![Page 36: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/36.jpg)
36 36
Recap
Every Organization Should Have a Sandbox » New and Necessary Technology
» Can be affordable and manageable when integrated
It’s part of the only ATP Solution NSS Recommended Edge to Endpoint
Pick the point(s) of integration that make sense for your customers
![Page 37: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/37.jpg)
37 37
Recap
Concern ATP Component Pro Con
Breaches/Headlines FortiSandbox Detects the Unknown
Enables Response and Mitigation
Requires Response
Web-based Threats,
Broad Coverage
FortiGate NGFW +
FortiSandbox
Extends Sandbox Coverage,
Speeds Response and Mitigation
Detection Only
Web App Exploits FortiWeb WAF +
FortiSandbox
Covers a Top Attack Vector,
Speeds Response and Mitigation
One Vector Only
Targeted Email Attacks,
Prevention
FortiMail SEG +
FortiSandbox
Prevention for a Top Attack Vector One Vector Only
Exposed Endpoints,
Manual response
FortiClient EPP +
FortiSandbox
Prevention for All Vectors Visible to all End Users
![Page 38: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/38.jpg)
38 38
Additional Resources http://www.fortinet.com/solutions/advanced-threat-protection.html
Breaking the Kill Chain video http://www.fortinet.com/videos/breaking-kill-chain-advanced-attacks.html
Forrester Sandbox Survey Exec Summary http://www.fortinet.com/resource_center/analyst_reports/sandbox-technology-breach-detection-response-strategy.html
ATP Framework paper http://www.fortinet.com/sites/default/files/whitepapers/ATP-Framework.pdf
CTAP http://www.fortinet.com/how_to_buy/request-cyber-threat-assessment.html
Fuse Community- Advanced Threat Protection https://fuse.fortinet.com/p/fo/si/topic=438
![Page 39: Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks](https://reader033.vdocument.in/reader033/viewer/2022052005/6019736b6a643437c526f58e/html5/thumbnails/39.jpg)
39 39