![Page 1: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/1.jpg)
© Copyright Fortinet Inc. All rights reserved.
Fortinet Advanced Threat Protection- Part 4
Closing Off The #1 Targeted Attack Vector- EMAIL
![Page 2: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/2.jpg)
2
Agenda
Brief Recap on Breaches and the Need for Advanced Threat Protection
Gartner Secure Email Gateway (SEG) Requirements
Overview of FortiMail (SEG)
A Closer Look at FortiMail and FortiSandbox Together
Final Thoughts
![Page 3: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/3.jpg)
Brief Recap
![Page 4: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/4.jpg)
4
The Problem: Breaches, Breaches and More Breaches
2014: 79,790 security
incidents
2015: CEOs, CIOs and
CISOs who resigned
All organizations should now assume
that they are in a state of continuous
compromise. — Gartner, 2/14/14
Sources: Verizon 2015 Data Breach Investigations Report, April 2015
Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks. February 2014.
IDG Media. IT Security Priorities and Next-Generation Firewall Deployment. January 2016.
![Page 5: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/5.jpg)
5
This is Fortinet Advanced Threat Protection (ATP)
Hand off : High risk items
Hand off : Provide
ratings
& results
Hand off : Creating a
fix & update
prevention
FortiSandbox & everything that is
behavior based
FortiGate & everything that
can enforce a
security policy
FortiGuard teams and automation
Known Threats Reduce Attack Surface
Inspect & Block Known Threats
Unknown Threats Identify Unknown Threats
Assess Behavior & Identify Trends
Response Identify scope
Mitigate impact
![Page 6: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/6.jpg)
6
How To Move From Detection/Response To Prevention?
Random Detection (average 229 days,
prior to response)
DURATION
IMP
AC
T
Sandbox Only Detection &
Response (days)
Sandbox +
NGFW/WAF Detect & Respond
(minutes)
Sandbox +
SEG/EPP Prevention
(0-second)
![Page 7: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/7.jpg)
7
The $20bn Opportunity
Sandbox ($2bn)
NGFW/UTM ($8.5bn) SWG ($2bn)
Endpoint ($4.6bn) SEG
($2bn) WAF ($800m)
![Page 8: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/8.jpg)
8
Integrating a Secure Email Gateway with Sandbox
1. Email is a top vector of targeted attack
2. No one notices small email delay
3. It’s better to prevent than just detect
![Page 9: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/9.jpg)
9
Director favored FireEye
Fortinet won with: » Better detection
» FortiGate/FortiMail integration
» Flexible deployment options
Sales Motion: Add SEG + Sandbox
![Page 10: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/10.jpg)
10
Global 500 financial firm, ~10,000 employees
FireEye kicked out for low-balling
Fortinet won with: » Mature solution, high effectiveness
» Consolidated functions
» Integration with Fortinet and partner products
Sales Motion: Add SEG + Sandbox
![Page 11: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/11.jpg)
11
Sales Motion: Net New NGFW+ SEG + Sandbox
FireEye was dismissed due to the
distributed environment.
FortiGate + FortiSandbox stopped
spearphishing
FortiMail integration is first in 2016.
![Page 12: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/12.jpg)
Gartner Secure Email Gateway Requirements
![Page 13: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/13.jpg)
13
Email Security Requirements
Email handling » MTA, rate control, address rewriting…
Threat protection » Anti-spam, anti-malware, anti-phishing
» Optional sandboxing
Data protection » DLP, encryption, fingerprinting, workflow
» Optional Email archiving
Administration » Role-based administration
» Central quarantine/end user digest
» Optional newsletter handling
More for service providers » White label, end user self-service…
![Page 14: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/14.jpg)
14
Email Security Requirements
Email handling » MTA, rate control, address rewriting…
Threat protection » Anti-spam, anti-malware, anti-phishing
» Optional sandboxing
Data protection » DLP, encryption, fingerprinting, workflow
» Optional Email archiving
Administration » Role-based administration
» Central quarantine/end user digest
» Optional newsletter handling
More for service providers » White label, end user self-service…
The penetration rate of commercial
SEG solutions is close to 100% of
enterprises…Ancillary services, such
as targeted attack prevention, data loss
prevention and encryption, are the
main drivers of growth, while traditional
spam and virus-filtering subscription
costs are flat to slightly down.”
—Gartner
![Page 15: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/15.jpg)
Overview of FortiMail Secure Email Gateway
![Page 16: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/16.jpg)
16
FortiMail- Top rated. High performance. All-in-one.
A consolidated solution to prevent threats
and data loss in a single high performance
appliance for all segments » Top-rated threat protection
» Integrated data protection
» Enterprise class/service provider management
» High performance physical/virtual appliances
» Powered by FortiGuard Labs
Independent Validation
![Page 17: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/17.jpg)
17
#1 Highly accurate and effective antispam “cocktail”
Connection Level Filtering:
Discard spam as early as possible
for greatest performance.
Header Filtering:
Verify valid destination.
Support for latest RFCs.
Full Content Filtering:
Examine message body, including
attachments, images, text, etc.
FortiMail
![Page 18: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/18.jpg)
18
#2- Powerful Antimalware, more than signature matching
Signature Match
(CPRL/Checksum)
File Sample
Decryption/unpacker
System
Code Emulator Behavior Analysis
Take Action Based on Profiles File discarded, option to Quarantine and event logged
Anti-malware
One-to-many signature matching
Heuristic engine
Unpacker/decryption
Code emulation
![Page 19: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/19.jpg)
19
Key Driver: Integration with NSS Recommended sandbox
Hold for and act upon result
Block previously unknown attacks
Leverage granular policy controls
Targeted Email
(1) Attachment sent
to FortiSandbox
(2) Object analyzed in
Sandbox environment
(3) Risk rating
returned, message
handled by policy
FortiMail
FortiSandbox
![Page 20: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/20.jpg)
20
Key Driver: Integrated Data Protection
Data loss prevention » Preset dictionaries for easy
policy creation
» Smart identifiers for high accuracy
» Covers HIPAA, GLBA, SOX, PCI
and more
TLS & S/MIME Encryption
Identity Based Encryption » No additional license required
» No encryption key exchange,
minimal key management
Sender or policy-based trigger
![Page 21: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/21.jpg)
21
#3: Low administration quarantine and end user controls
Central quarantine » Easy administration
» Can be consolidated
across devices
Self-service personal
quarantine digest » Sender and subject
» Release or delete links
Automatic tagging and delivery » Newsletter and junk categories
» Client filters to appropriate folder
![Page 22: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/22.jpg)
22
Integrated email archiving
Per mailbox policy
based archiving: » Sender/recipient
» Subject/body/attachment filename
keywords
IMAP archive access
Remote archival support
Comply with regulatory obligations
![Page 23: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/23.jpg)
23
#4: Managed Security Service Provider-ready
MSSP Service Framework » FortiMail White Labelling
» Multi Domain support with
per domain quotas
» Mass provisioning for
lower OPEX
» Delegated administration
» User self service
Mail Security Service
Provider in a box!
Domain A
Domain B
Domain C
Domain D
![Page 24: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/24.jpg)
24
FortiGuard-powered security services
Global FortiGuard Labs » 200+ threat researchers
» Automated analysis of millions of
messages per day
» Proactively discovers zero day threats
and tracks global botnets
Security experts
working for you 24x7!
![Page 25: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/25.jpg)
25
Pe
rfo
rma
nc
e &
Sc
ala
bil
ity
Email Routing
(Msgs/hr)* 3.6k 76k 150k 680k 1,200k
AS+AV Perf.
(Msgs/hr)* 2.6k 58k 120k 500k 1,000k
FML- 400C
FML-200D
FML-1000D
FML-3000D
FML-VM04
FortiMail Physical and Virtual Appliances
FML-VM00 FML-VM01
FML-VM02
*Note: Performance numbers are for physical appliances only. Domain capacity is common for physical and virtual appliances
FML-VM08
FML-60D
![Page 26: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/26.jpg)
FortiMail- FortiSandbox Demonstration
![Page 27: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/27.jpg)
27
Additional Resources
Partner Portal: https://partners.fortinet.com/FortiPartnerPortal/fortipp/login.jsp
FortiMail Product Page: http://www.fortinet.com/products/fortimail/index.html
VBSpam Test Report: http://www.fortinet.com/resource_center/analyst_reports/excerpt-vb-anti-spam-comparative-review-july-2015.html
ATP Online Demo: http://www.fortinet.com/videos/stop-targeted-attacks-advanced-threat-protection.html
NSE Training: http://www.fortinet.com/training/certifications/
![Page 28: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/28.jpg)
28
Final Thoughts
Top-rated Spam, Virus, Phishing Protection
Top-rated Integrated Sandbox
Integrated Data Protection
Available in all Form Factors
Part of a Broader ATP solution
![Page 29: Fortinet Advanced Threat Protection- Part 4 · Email Routing (Msgs/hr)* 3.6k 76k 150k 680k 1,200k AS+AV Perf. (Msgs/hr)* 2.6k 58k 120k 500k 1,000k FML- 400C FML-200D FML-1000D FML-3000D](https://reader031.vdocument.in/reader031/viewer/2022011914/5fc180f224087a58724dc05e/html5/thumbnails/29.jpg)
Thank you.