high performance ngfw extended - … this document contains confidential material proprietary to...
TRANSCRIPT
1 © Copyright 2013 Fortinet Inc. All rights reserved.
High Performance NGFW Extended
Enrique Millán
Country Manager Colombia
2
This document contains confidential material proprietary to Fortinet, Inc.
This document and information and ideas herein may not be disclosed, copied, reproduced or
distributed to anyone outside Fortinet, Inc. without prior written consent of Fortinet, Inc.
This information is pre-release and forward looking and therefore is subject to change without
notice.
The purpose of this document is to provide a statement of the current direction of Fortinet’s
product strategy and product marketing efforts.
Please note that this Product Roadmap is neither intended to bind Fortinet to any particular
course of product marketing and development nor to constitute a part of the license agreement
or any contractual agreement with Fortinet or its subsidiaries or affiliates.
D I S C L A I M E R
3
FortiGuard
Competence
High Performance
Market
Agenda
4
Global Success with Diversified Products
Nine of Top 10 Global 100
Nine of Top 10 Global 100 Aerospace & Defense
Seven of Top 10 Global 100 Computer Services
Seven of Top 10 Global 100 Major Banks
Billings by Region Revenue by Segment
5
Global Customers
Top 10
Fortune
500
Top 10
Global 500
Banks
Top 5
Global
Carriers
6
Network Security Market - $11B Opportunity
UTM/NGFW UTM/NGFW
$13 Billion
$11 Billion
FW FW
$5.3B
$2.4B $2.6B
$2.7B
VPN VPN $786M $725M
IPS
IPS SWG
SWG
ATP
$2.1B
$1B
$750M
$1.9B
$1.2B
2012 2016 IDC Market Forecasts (except Advanced Threat Protection , which is a Fortinet estimate)
WOC $1B WOC $1B
Fortinet - Confidential
7
Analyst Perspectives
• No Consensus around Security Appliances Naming or Functionality
- Segmentation Gateways
- UTM for SMBs
- NGFW for Enterprises
- Enterprise Firewalls (NGFW)
- SMB Firewalls (UTM)
- Branch Office Firewalls
- Data Center Firewalls
- UTM - Integrated Security Appliance
8
• UTM • Standard network stateful firewall functions
• Remote access and site-to-site virtual private network (VPN) support
• Web security gateway functionality (anti-malware, URL and content
filtering)
• Network intrusion prevention focused on blocking attacks against
unpatched Windows PCs and servers
All UTM products contain other security capabilities, such as email security, Web
application firewalls or data loss prevention.
• NGFW The firewall market has evolved from simple stateful firewalls to NGFWs,
incorporating full-stack inspection to support intrusion prevention,
application-level inspection and granular policy control.
Gartner Definitions
9
NGFW Market Drivers
1. More and more reports point to
infected web sites or web applications
as the primary source of infection
(Application Control)
2. APTs require a new response
mechanism (“Sandboxing” Web
Filtering)
3. Advancements in processing power
and inspection engines… now offer
converged security to larger enterprises
(Consolidation). Source: Competitive Landscape: NGFW Appliance Market, WW, 2013. Gartner, 4/13.)
10
Features/Presets NGFW NGFW+
SWG
NGFW+
ATP
NGFW
(Extend)
Security FW/VPN ✔ ✔ ✔ ✔
IPS ✔ ✔ ✔ ✔
App Control ✔ ✔ ✔ ✔
Explicit Proxy ✔ ✔ ✔
Web Filter ✔ ✔ ✔
AntiVirus ✔ ✔ ✔
Sandbox ✔ ✔
Authentication* ✔
Email Filter
DLP
Endpoint Control
Vulnerability Scan
NGFW Security Capabilities
11
Additional Consideration…
Initiate a multi-year plan to improve
your organizations coverage of
encrypted traffic and start with
inbound and outbound web
traffic…decrypting SSL traffic on a
firewall implies a loss of 74% for
throughput.
Source: Security Leaders Must Address Threats from Rising SSL Traffic, Gartner,
12/13.)
12
Focus Areas
13
SSL Performance
2Gbps
10Gbps
FortiOS 5.2 FortiOS 5.0
CP8
IPS Engine 3.0
Harnesses the power of the FortiASIC-CP8
Figures shown apply to FortiGate-3600C
Faster
14
Register
FortiGate linked to FortiSandbox
Deep AV Scan & Real Time
• 96% RAP before Sandbox
• No need to Sandbox if caught
FortiSandbox
Cloud Check
Real time check on
latest malware rating
Full Sandbox
Catch anything not
caught by signature
detection
Forensics
Behavior Report
Downloaded & Dropped Files
Recursively Scanned
Integrated ATP Evolution Derek Manky
15
Register
FortiGate linked to FortiSandbox
Deep AV Scan & Real Time
• 96% RAP before Sandbox
• No need to Sandbox if caught
FortiSandbox
Cloud Check
Real time check on
latest malware rating
Full Sandbox
Catch anything not
caught by signature
detection
Forensics
Behavior Report
Downloaded & Dropped Files
Recursively Scanned
Integrated ATP Evolution Derek Manky
16
Single Policy
Multiple Source decision process – Merges IP, User and Device Policies
Single Policy to Answer Where, Who and What
BYOD
Specific access based on device type (limit, block)
Captive Portal
Single Sign On
Nework Access for Users, Devices and Apps Robin Liao
AND AND
17
Building a bigger FortiGate
Extended Management
For remote device management ‘wired access point’
Manage Only Connection
Scalability, increases the number of FortiSwitches that can be managed
Encrypted FortiLink
Allows for wide area network connectivity for remotely sited switches
Internet
FortiLink
18
NSS Labs – Third Party Validation
• 100% Overall Protection » Stability & Reliability
» Firewall Enforcement
» Security Effectiveness
• Lowest TCO » $2 / Protected Mbps
• Lowest Latency » 5 μs latency 64 byte packets
• Top 2 vendors
• 96% Overall Protection
• Passed 100% Evasion
Tests
• 6.25 Gbps IPS
performance
• Ultra low latency
• 96% Overall Protection
• Passed 100% Evasion
Tests
https://cms.myfortinet.com/share/page/site/ProductPortal/documentLibra
ry#path=%252fCompetitive%252f0-
Fortinet%252fNSS%2520Labs%2520Reports
FortiGate 800C FortiGate 3240C FortiGate 3600C
Fortinet Earned Triple Recommend Rating in the Latest NSS Labs Tests
19
NSS Labs – Third Party Validation
20
Fortinet Advantage: Performance
Gbps Mbps Firewall
VPN NGFW UTM
Policy Security
Fortinet - Confidential
21
Fortinet Advantage: Simplified
Web
Filtering
AV Firewall
VPN
Router
Internet
IPS/App
Switch
Advanced
Threat
Protection
(Sandbox)
Internet
FortiGate
Data Center Firewall
Next Generation Firewall
Unified Threat Management
Point Products Consolidated Solution
Fortinet - Confidential
22
Firewall Solutions
Cloud/Carrier
Branch Office
Enterprise Campus
Distributed Enterprise
Data Center
INTERNET
Remote End Points
Edge or Core Firewall (NGFW)
Branch Firewall (NGFW)
Client Firewall
(VPN)
Unified
Threat
Management (UTM)
Data Center Firewall (Core, Perimeter, VM)
Carrier Firewall Platform
Fortinet - Confidential
23
Two Types of Competitors
Software
Based
Network
Based
•Missing New
Functions (NGFW)
•Old, Slow & No
Focus
•Limited
multifunction
Performance
•Not Scalable for
SMB or Telco
24
Deployment Scenarios
MSSP/ Carrier
Data Center
Enterprise Core
Distributed Enterprise
SMB
FortiGate 5000 Series
FortiGate 1000/ 3000 Series
FortiGate 20-100
PA 4000/ 5000 Series
PA 2000/ 3000 Series
PA 200/ 500
FortiGate 200-800
PA 7050
26
FortiGate 3700D vs. PA 5060
$100K
$168.5K
160Gbps
110Gbps
100Mpps
60Mpps 30M
13M
FortiGate 3700D PA 5060
Price Firewall Packet Per Second (Mpps) Sessions
40G Ports
$130K
20Gbps 15Mpps 4Mbps
Fortinet has 8X FW Performance
30
Products have Poor Performance
MSSP/ Carrier
Data Center
Enterprise Core
Distributed Enterprise
SMB
FGT 5000
Series
FGT 3000
Series
FGT/FW 20-100
Series
FGT 1000
Series
FGT 200 - 800
Series
Check Point 600 – 2200
Series
Check Point 4000
Series
Check Point 12000
Series
Check Point 21000
Series
Check Point 61000
Series
Check Point 13500
31
FortiGate 3700D vs. Checkpoint 21700
Twice the Performance – Half the Price
$100K
$168.5K 160Gbps
110Gbps 100Mpps
60Mpps
30M 13M
FortiGate 3700D Check Point 21700 w/ SAM
Price Firewall Packet Per Second (Mpps) Sessions
40G Ports
33
Products are Confusing & Lack Features
MSSP/ Carrier
Data Center
Enterprise Core
Distributed Enterprise
SMB
FGT 5000
Series
FGT 3000
Series
FGT/FW 20-100
Series
FGT 1000
Series
FGT 200 - 800
Series
Cisco ASA 5585-X
Series
Cisco ASA 5500-X
Series
Cisco ASA 5505
Sourcefire
3D8000 Series
34
FortiGate 3700D vs Cisco ASA 5585-X SSP20
Fortinet has 16X Performance
40G Ports
$100K
$115K
160Gbps
10Gbps
44M
1M
300K
50K 23 Gbps
2 Gbps
FortiGate 3700D Cisco ASA 5585-SSP20 (FW/IPS)
Price Firewall Sessions Connection Per Second IPS
35
Products are Falling Way Behind
MSSP/ Carrier
Data Center
Enterprise Core
Distributed Enterprise
SMB
SRX 5000
Series
SRX 3000
Series
FGT 5000
Series
FGT 3000
Series
FGT/FW 20-100
Series
FGT 1000
Series
FGT 200 - 800
Series
SRX 1000
Series
SRX 100-650
Series
36
FortiGate 3700D vs. Juniper SRX 3400
Twice the Performance – Half the Price
$100K
$168.5K
160Gbps
110Gbps
100Mpps
60Mpps
30M
13M
FortiGate 3700D Juniper SRX 3400
Price Firewall Packet Per Second (Mpps) Sessions
40G Ports
38
Rack Space & Performance vs. Competitors
• 560 Gbps firewall
• 630 Mpps
• 280M sessions
• Price $900K
Juniper SRX 5800
Fortinet
FortiGate-5140B
VS.
Check Point 61000 Cisco Catalyst
6500 w/ ASA SM Palo Alto PA 7050
Perf
orm
an
ce
S
es
sio
n
Cap
ac
ity
Pack
et
Per
Seco
nd
• 150 Gbps firewall
• 15 Mpps
• 20M sessions
• 200 Gbps firewall
• 50 Mpps
• 70M sessions
• 80 Gbps firewall
• 20 Mpps
• 40M sessions
• 120 Gbps firewall
• 105 Mpps
• 24M sessions
5 x $1.4M = $7M 3 x $1.267M = $3.8M 7 x $550K = $3.8M 5 x $1.253M = $6.3M
7 x $1.4M = $9.8M 2 x $1.267M = $2.5M
42 x $1.4M = $58.8M 13 x $1.267M = $16.4M
6 x $1.253 = $7.5M 3 x $550K = $1.6M
32 x $550K = $17.6 M
Source: Competitors’ US/North America Price Lists 2013
12 x $1.253 = $15M
39
Feature & Certification Comparison
No One Comes Close
Fortinet - Confidential
40
FortiGuard Services
FORTIGUARD ANTIVIRUS SERVICE
FORTIGUARD ANTISPAM
SECURITY SERVICE
FORTIGUARD WEB
SECURITY SERVICE
FORTIGUARD DATABASE
SECURITY SERVICE
FORTIGUARD IP REPUTATION
SERVICE
FORTIGUARD VULNERABILITY
MANAGEMENT SERVICE
FORTIGUARD WEB
FILTERING SERVICE
FORTIGUARD INTRUSION
PREVENTION SERVICE
FORTIGUARD APPLICATION
CONTROL SERVICE
What is FortiGuard?
Threat Landscape Update & Strategy
41
Spam e-mails intercepted
Malware programs neutralized
Network intrusion attempts resisted
Attempts to access malicious websites blocked
Botnet command and control attempts thwarted
Website categorization requests
3,100 Application
control signatures
75 Terabytes Of Threat Samples
12,500 Vulnerability
management signatures
250 Million Rated websites in
78 categories
1000 Web application firewall
attack signatures
70 Intrusion prevention signatures
8,000 Hours of research in labs around the globe
235,000 New and updated antivirus definitions
66 Million New and updated antispam signatures
725,000 URL ratings for web filtering
Threat Intelligence and Response
42
High End
FortiGate-5000 &
3000 Series
FortiMail
FortiWeb FortiDB
FortiScan
FortiSwitch
FortiBridge
FortiAuthenticator FortiClient
FortiDDoS
FortiBalancer
FortiDNS
FortiCache
FortiVoice FortiAnalyzer FortiManager
FortiCamera
Coyote Point
End-to-End Security Solutions
Mid Range
FortiGate-1000
to 100 Series
Desktop
FortiGate/FortiWiFi-90 to
20 Series
FortiAP
FortiToken
FortiADC
FortiSandbox FortiCloud
43
44
Let’s Grow your Businesses Together!