welcome to the advanced threat protection playbook€¦ · advanced threat protection playbook -...

Welcome to the Advanced Threat Protection Playbook

GET STARTED

Advanced Threat Protection Playbook - Internal Use Only

START DRIVING DEMAND

Fortinet Advanced Threat Protection

Fortinet Advanced Threat Protection enables customers to establish a security fabric- across their entire organization and all attack vectors- to combat advanced persistent threats (APTs) and avoid data breaches. Specifically, FortiGuard Labs global threat intelligence and FortiSandbox local intelligence is rapidly shared among Fortinet and non-Fortinet security components to quickly and effectively prevent, detect and respond to known and unknown attacks.

OVERVIEW

1

MARKET ENABLE PROMOTE SELLSOLUTION

GlobalIntelligence

LocalIntelligence

FortiGate

FortiClient

FortiWeb

FortiMail

Current Market Situation

• Data breaches continue to make headlines and 55% of surveyed organizations reported more than 6 incidents (Forrester ATP Thought Leadership Survey, October 2015)

• Dealing with APTs/Data Breaches is the #1 Enterprise security priority in 2016 (IDG, CSO Survey)

• 99% of malware is seen for 58 seconds or less and 99.5% of malware found by Verizon during data breach investigations was unique to the organization (Verizon, 2016 DBIR)

Sell More FortiSandbox, FortiGate, FortiMail, FortiWeb, FortiClient By:

• Establishing the need among customers and prospects for sandboxing as part of most Enterprise Firewall (NGFW, ISFW, DEFW) projects

• Describing our unique approach to Advanced Threat Protection, based on (but bigger than) FortiSandbox in the context of the Fortinet Security Fabric

• Identifying the proper components of an on-site evaluation (CTAP, Email Audit and/or Endpoint PoC all with sandboxing)


What are Customers Saying?• 79% of IT executives consider protection from advanced persistent threats a

critical or high priority IT initiative with NGFW close behind at 71% (IDG, CSO Survey)

• Ransomware has emerged as a top concern in 2016 (Fortinet Deal Flows)

• “despite all of the security products we've deployed, I can't confidently say we won't get compromised because those product don't work together- leaving potential gaps for malware to enter and making it difficult for us to detect and respond if it does.”

What is the Market Opportunity?• $1.6bn in 2017 for sandboxing to deal with advanced threats, $20bn for

associated pieces-NGFW, SEG, SWG, WAF, EPP (IDC, 2015)

• 90% of new enterprise edge firewall purchases will be NGFWs by 2018 and 85% of new sandbox deals will be packaged with firewall and content security platforms (Gartner 2016)

• Ancillary services like targeted attack protection (and data loss prevention or “DLP”/encryption) are driving secure email gateway projects (Gartner, 2015)

• Sandboxing is a key evaluation criteria in the Gartner Endpoint Protection Platform MQ (Gartner 2015)

MARKETOVERVIEW

confirmed data breaches in 2015*2260

2


ENABLE PROMOTE SELLSOLUTION

malware samples leading to breaches are unique to the compromised organization*

58secondsOn average, 99% of malware is seen for only 58 seconds or less*

1There is at least 1 new ransomware variant every day**

* 2016 Verizon** FortiGuard Threat Intelligence newsletter


Rapidly Share Global and Local Threat Intelligence With infrastructure change- driven by IoT and cloud services- dissolving the enterprise perimeter at a time that the threat landscape is more sophisticated than ever, it is no surprise that cyber threats slip in. While it’s critical to prevent as many attacks as possible with global threat intelligence, it is now essential to continue to detect and respond to previously unknown threats and the resulting incidents that occur with local intelligence. Most importantly, prevention, detection and response components must all work together for a coordinated defense rather than independently in silos.

Fortinet Advanced Threat Protection is:

• Scalable: covers the entire organization and all attack vectors

• Aware: coordinates across top-rated prevention, detection and response components

• Actionable: rapidly shares global and local intelligence for assisted and automated response

Useful Links

• ATP Solution

• ATP Solution FUSE Community

• ATP Account Manager Sales Presentation

• ATP Recorded Demo

• NSE L2 ATP Module

SOLUTION

3

SOLUTION PRODUCTS SERVICES


MARKETOVERVIEW ENABLE PROMOTE SELL

COMPETITORS


Useful Links

• ATP SE Presentation to Security Architects

SOLUTION

4




FortiGateNEXT GENERATION FIREWALLS

• Segments the network, controls access and blocks threats

• Hands off unknown items to FortiSandbox

• Offers assisted and automated response based on FortiSandbox intelligence

FortiSandbox ADVANCED THREAT PROTECTION

• Detects attacks that slip past traditional defenses

• Dynamically generates and distributs local threat intelligence

• Reduces risk & impact of breaches

FortiWebWEB APPLICATION FIREWALLS

• Shields web servers and applications from being exploited

• Applies sandboxing to external submissions

• Closes off a common attack vector

FortiMailEMAIL SECURITY

• Stops email threats with top rated protections

• Prevents data loss with integrated DLP, encryption and archiving

• Designed to hold messages for analysis including sandboxing, closing off the #1 attack vector

FortiClientENDPOINT SECURITY

• Protects endpoints on and off network with top rated threat protection

• Submits objects to FortiSandbox and acts on results/local intelligence

• Secures the ultimate point of attack, the endpoint

COMPETITORS

• Enables third party products to leverage FortiSandbox

• Submit objects, receive ratings and consume intelligence updates via JSON and ICAP

• Integrates existing security components within the Fortinet Security Fabric

• Online Demos • NSE L3/L6 FortiSandbox, FortiMail, FortiClient, FortiWeb, FortiGate Modules

• NSE L7- ATP Workshop


SOLUTION

5




FortiGuard Subscription Services send constant updates to our Security Products, providing customers continuously updated threat protection. The table below shows which FortiGuard Subscription Services are associated with products.

APP

ControlIPS AV

IP Rep./

Anti-bot

Web

Filtering

Anti-

Spam

Vuln.

Scan

Web

Security

FortiGate √ √ √ √ √ √ √

FortiSandbox √ √ √ √

FortiClient √ √ √ √ √

FortiWeb √ √ √

FortiMail √ √

Fortinet Services

FortiGuardYour security partner should have deep understanding and visibility into the dynamic threat landscape, and the ability to respond in real-time at multiple levels in your network. For more than 10 years, Fortinet’s dedicated in-house threat research team, FortiGuard Labs, has led the industry while developing and constantly updating all of Fortinet’s security services. Fortinet’s superior and consistent effectiveness at stopping advanced threats has been independently validated by NSS Labs, VirusBulletin, AV Comparatives and other certification and testing organizations.

Useful Links

• FortiGuard security services brochure

• FortiGuard web site

• NSE Training on FortiGuard Labs

COMPETITORS


SOLUTION

6



SOLUTION PRODUCTS SERVICES COMPETITORS

FireEye

• Covers all vectors with sandboxing

• Demonstrated good (95%) effectiveness in NSS BDS testing but rated neutral for excessive cost

• Shares intelligence well among its own components but operates as a silo

Palo Alto Networks

• Does not scale up or down well (no desktop model, chassis is expensive for limited performance)

• Only NGFW earned top ratings, and Traps has not been tested

• Can't coordinate with WAF, SEG sharing requires ProofPoint

• Overall, Palo Alto can't fully scale, leaves gaps in vectors and shows inconsistent effectiveness in testing

Cisco

• Does not scale up or down well (requires Meraki, ASA and Sourcefire)

• Only NGFW and BDS earned top ratings, SEG is unrated and no EPP is offered

• Multiple, acquired products don't work well as a solution

Capability Fortinet Fire Eye Cisco Palo Alto

Scale- device to cloud √- All sizes, all vectors√- All sizes all vectors (sandbox only)

W- Limited (3 FW product lines, no WAF, poor email effectiveness)

W- Limited (no small boxes, chassis does not scale)

Top-rated Intelligence√- NSS NGFW, WAF, EPP, BDS, VB SEG

W- Neutral in NSS BDS √- NGFW and BDS only W- NSS NGFW, Caution for BDS, no WAF or SEG

Awareness√- Topology view, bidirectional sharing

√- CMS, bidirectional sharing

√- Bidirectional sharing (no single view)

√- Limited view (no SEG), sharing (EPP)

Useful Links

• Competitive Community on Fuse • NSE L2 ATP Module



7

MARKETOVERVIEW ENABLE PROMOTE SELLSOLUTION

This sales play is designed to move organizations who understand the Fortinet Security Fabric Vision to a formal assessment on the value of adding Fortinet Advanced Threat Protection Components to improve their security posture against today’s threats.

According to CSO online, 79% of IT executives consider protection from advanced persistent threats a critical or high priority IT initiative with NGFW close behind at 71% (IDG, CSO Survey.)

What are you doing to reduce the risk of an advanced attack via email?

• #1 cybercrime attack vector (Verizon 2016 DBIR)

• Primary ransomware delivery method today (FortiGuard Labs)

• Targeted attack protection is a key driver of email security today (Gartner 2015 SEG MQ)

What are you using for Email Security today?

• Cisco Ironport: customers like Sterlite found 9 ransomware attacks passing Ironport in the first two days of an audit

• Microsoft Exchange Online Protection/Office 365: during a month PoC customers generally find 15% of email passing MSFT is still spam, plus 70-90 known pieces of malware and thousands more identified by sandboxing

Call to Action: Deploy FortiMail and FortiSandbox behind your current email security and see how well your current security is really doing

EMAIL

Do you have a sandboxing (or next generation firewall or secure web gateway) project to stop ad-vanced attacks delivered via the web?

• The most common way ($1.4bn of $2bn) organizations address advanced threats (IDC 2016)

• #2 cybercrime attack vector (Verizon 2016 DBIR)

• 90% of new enterprise edge firewall purchases will be NGFWs in 2018 and 85% of new sandbox deals will be packaged with firewall and content security platforms (Gartner 2016)

What are you using for Edge Firewall today?

• Cisco or other Legacy Firewall: on average Cyber Threat Assessment found that users visited 1 malicious web site every other day and had 4 active pieces or malware.

• Palo Alto, Check Point or other NGFW: customers like the visibility but as network bandwidth increases their box struggle to keep up, especially as more security services (like AV or SSL). Mention ISFW if not up for renewal.

Call to Action: Deploy FortiGate and FortiSandbox behind your current firewall and measure the number of unknown threats are slipping through.

NETWORK

Do you have a lot of mobile or remote workers?

• On or off the network, regardless of attack vector, all attacks try to reach an endpoint

• With the current severe and growing shortage of InfoSec talent, automated remediation is a must for endpoint security (IDC WW STAP Forecast 2015-2019)

• Sandboxing is a key evaluation criteria in the Gartner Endpoint Protection Platform MQ (Gartner 2015)

What are you using for Endpoint Security today?

• Top enterprise AV vendors have been successfully compromised, according to 44% of customers surveyed. (Gartner 2016 MQ EPP)

• In a recent head-to-head comparison in a healthcare POC, it was observed that SCEP let thousands of malware and riskware files slip through.

• 80% of emerging vendors acquired, merge or disappear by 2020. (Gartner’s Real Value of a Non-Signature Anti-Malware Solution)

Call to Action: Deploy FortiClient and FortiSandbox on a pilot group of users

ENDPOINT

Key Resources • ATP Solution Community on Fuse • Video Demos for SEs • NSE Training Modules



Promote the SolutionThe following resources are part of an ongoing outbound marketing effort and available for local lead generation activities.

8


Awareness Engagement Consideration

3rd Party Paper: Forrester Sandbox Technology Exec Summary

Whitepaper: Building a Natural Immunity Against Advanced Threats

3rd Party Paper:

ESG Lab Validation Report on ATP

NSS Labs 2016 BDS PARs

ICSA Labs ATD Report

Video: Unique Benefits of Fortinet ATPVideo: ATP recorded demo video

Webcast: Insights Before Your Next Sandbox Investment

Webinar: Insights from NSS Labs before your Next Investment in Sandbox

Infographic: How Sandboxing Breaks the Cyber Attack Kill Chain

Solution Brief: Defending Against the Undetected

Fortinet Paper: ATP Buyers Guide and Checklist



READY TO FOLLOW UP?

9

There are a range of resources available to help you generate meetings to discuss advanced threats and advanced threat protection, prepare you to have and guide you through those discussions and create projects by demonstrating the critical need to improve their security.


1Generate Meetings by Sharing the Following

Forrester Sandbox Technology Exec Summary: Fortinet commissioned Forrester to survey 150 enterprises who had practical

experience using sandbox technology. Key findings included:

• 87% of users found the information provided by sandboxes useful in identifying advanced attacks

• Top concerns about sandboxes were the cost, complexity and work they generated

• Not surprisingly, they wanted sandboxes to integrate with (on average) 6 other security tools and most (58%) wished for a high degree of automation

in their sandbox

Video on What Makes Fortinet ATP Unique:

Fortinet shares this “whiteboard” video about our unique approach to stopping

advanced threats. It’s a short 3 minute summary.

Webcast: Insights Before Your Next Sandbox Investment

NSS Labs and Fortinet discuss the key trends and general findings from the

latest NSS Labs Breach Detection Systems Group Test.

2Prepare for Discussions by Staying NSE Certified

NSE 2- Advanced Threat Protection

NSE 3- FortiSandbox

NSE 3- FortiMail

NSE 3- FortiClient

3Guidance Through the Discussion

All ATP Assets can be found within the ATP Solution Community on Fuse

4Create Projects

CTAP with Sandbox

FortiMail/FortiSandbox PoC

FortiClient/FortiSandbox PoC

welcome to the advanced threat protection playbook€¦ · advanced threat protection playbook -...

Documents