© copyright fortinet inc. all rights reserved. threat landscape ryan kane – swat specialist -...

© Copyright Fortinet Inc. All rights reserved.

Threat Landscape

Ryan Kane – SWAT Specialist - Secure Wireless, & Access TechnologiesData Connectors ABQ December 2015

2 - Fortinet Confidential

Trend: Device Growth ContinuesMore devices and newer device types are entering the network

• 33 Billion endpoints projected to be connected by 2020 – Gartner

• New device types entering the network» ‘headless’ IoT, wireless sensor nodes,

beacons, wearables


A Global Leader and Innovator in Network SecurityFortinet Quick Facts

• Founded in 2000, 1st shipment 2002, IPO 2009

• HQ: Sunnyvale… 80+ offices worldwide

• Employees: 3700+

• 247,000+ customers

• Over 2 million devices shipped

• #1 unit share worldwide in network security (IDC)

• Market-leading tech… 243 patents, 215 pending

$16M

$1B+

Cash2003 2014

$13M

$770M

Revenue2003 2014

Consistent , accelerating growth

Strong positive cash flow

Profitable

Custom ASIC-based scalable architectureFortiASIC

Custom, convergedNetworking + Security OSFortiOS

Industry-leading, validatedThreat ResearchFortiGuard

Global Infrastructure & Support FortiCare









Balanced business across segments

Balanced revenue and growth around the globe

APAC20%

Americas45%

EMEA35%

FortinetRevenue

By RegionQ2 2015

Entry-Level Appli-ances31%

Mid-Range Appliances

24%

High-End Appliances

45%FortiGateRevenue

By SegmentQ2 2015







Billings by Product Segment

Q2 2015

37%High-end

37%Entry Level

26%Mid-range 7 of Top 10

Global 100 Computer Services

9 of Top 10 Global 100

7 of Top 10 Global 100

Major Banks

9 of Top 10 Global 100 Aerospace & Defense

A Global Leader and Innovator in Network SecurityBalanced Revenue Across Product Segments









Gaining overall market share, pulling away

Gaining share in higher-end markets

2011 2012 2013 2014 -

100,000

200,000

300,000

400,000

500,000

Cisco

Check Point

JuniperPalo Alto

Worldwide Network Security Appliance Shipments

Worldwide Data Center Firewall Unit Share

CY 2012 CY 2013 1H 20140%

5%

10%

15%

20%

25%

30%

w/o Sourcefire

Check Point

Juniper

McAfee

Cisco







Scalable, High Performance SecurityFortiASICs Dramatically Boost Performance

6Gbps

2Gbps

3.5Gbps

FW

VPN

IPS

CPU

FW

IPS

Base

line

CP 8NP 6

40Gbps

25Gbps

FW

VPN10Gbps

9Gbps

IPS

VPN

CPU

NetworkProcessor

ContentProcessor

10X data center firewall performance 5X NGFW performance Security that keeps up with

growing bandwidth requirements(IPsec) (SSL)


Proven, Certified Security Unparalleled 3rd Party Validation

Description Fortinet Check Point CiscoPalo AltoNetworks

Juniper FireEye

NSS - Firewall NGFW Recommended RecommendedRecommended

& NeutralCaution Caution x

NSS - Firewall DC Recommended x x x x x

NSS - Breach Detection Recommended x Recommended x x Caution

NSS - WAF Recommended x x x x x

NSS – Next Gen IPS Recommended x Recommended Neutral x x

NSS - IPS (DC) ✔ ✔ x x Caution x

BreakingPoint Resiliency Record High - 95 x x Poor - 53 x x

ICSA Firewall ✔ ✔ x ✔ ✔ x

ICSA IPS ✔ ✔ x x x x

ICSA Antivirus ✔ x x x x x

ICSA WAF ✔ x x x x x

VB 100 ✔ Caution x x x x

AV Comparative ✔ x x x x x

Common Criteria ✔ ✔ ✔ ✔ ✔ ✔

FIPS ✔ ✔ ✔ ✔ ✔ ✔


Security Advantage – FortiGuard Threat Research Labs

FortiGuardLabs

FDNServices

FortinetDevices

FortiGate

FortiClient

FortiManager

FortiSandbox

ConsolidatedIntelligence

Anti-spam

Vulnerability

IP Reputation

IPS

App Control

Web Filtering

Web Threat Research

Malicious Javascript

Security Research

Botnet Research

Mobile Research

Fortinet DevelopmentRoadmaps & EnginesThreat Mitigation Technology

Customer ServiceFortiCare

FortiGuardServices

Anti-malware

FortiMail

FortiWeb

© Copyright Fortinet Inc. All rights reserved.

Breaking the Kill Chain:Prevent, Detect, and Mitigate Threats

Terry Zechman, Systems Engineer

Data Connectors ABQ December 2015


Common Attack Vectors

SpamMaliciousEmail

Malware

Web Filtering

Intrusion Prevention

Antivirus

App Ctrl / IP Rep

Exploit

MaliciousWeb Site


Signature Based Threat Prevention

SpamMaliciousEmail

Malware

Anti-spam


Antivirus

Exploit

MaliciousWeb Site


Next Gen Firewall

SpamMaliciousEmail

Malware

Bot Commands

C&C

Malicious Link

Stolen Data

Anti-spam

Web Filtering


Antivirus

App Ctrl / IP Rep

Exploit

MaliciousWeb Site


KnownGood

Known Bad

ProbablyGood

Very Suspicious

SomewhatSuspicious

Might beGood

CompletelyUnknown

Whitelists Reputation: File, IP, App, Email SignaturesDigitally signed files

BlacklistsSignatures

HeuristicsReputation:

File, IP, App, Email

Generic Signatures

CodeContinuum

SecurityTechnologies

Sandboxing

Malware? Goodware? Idon’tknowware? The Continuum


Add Sandbox to make Unknowns Known

Malicious Link

SpamMaliciousEmail

Malware

Bot Commands

C&C

Stolen Data

Anti-spam

Web Filtering


Antivirus

App Ctrl / IP Rep

Exploit

MaliciousWeb Site

San

db

ox


Attacks Hide Behind SSL Encryption

1- Downloaderemailed to victim

2- SSL connection to compromisedweb server and Trojan download

3- Credentials captured enabling unauthorized access

https://blog.fortinet.com/post/the-stealthy-downloader

https://blog.fortinet.com/post/the-stealthy-downloader

https://www.google.com/imgres?imgurl=http://www.tipsandtricks-hq.com/wp-content/uploads/2008/12/ssl_icon.gif&imgrefurl=http://www.tipsandtricks-hq.com/how-to-make-gmail-load-in-secure-ssl-mode-by-default-474&docid=QoLSQ9co0QuX4M&tbnid=URVMbpTiqQwhlM:&w=124&h=124&ei=K-4pU7nED4X_oQTf1YE4&ved=0CAIQxiAwAA&iact=c


Just How Prevalent Is This?

• In 2017, more than 50% of the network attacks targeting enterprises will use encrypted traffic to bypass controls, up from less than 5% in 2013

-Gartner


Add SSL Inspection

SpamMaliciousEmail

Malware

Bot Commands

C&C

Malicious Link

Stolen Data

Anti-spam

Web Filtering


Antivirus

App Ctrl / IP Rep

Exploit

MaliciousWeb Site

San

db

ox

SS

L In

spec

tio

n


Why Don’t Organizations Inspect SSL Traffic?

• Privacy laws• Employees might

not like it• Performance impact

on NGFWs

39%


Existing Firewalls focused on the Border

Internal network no longer “trusted”

Many ways into the network Once inside threats

can spread quickly

EXTERNAL INTERNAL

Email (Phishing) VulnerabilitiesWeb Downloads

Social Engineering Exploits(Zero Days)

Threat Production+ Recon

1

34

Disposal

Package Encrypt Stage

Hide, Spread, Disarm, Access,Contact Botnet CC, Update

Threat Vector Infection

CommunicationExtraction

2

Border

Advanced Threats Take Advantage of the “Flat Internal” Network


Consider Segmenting Your Internal Network

WAN

Internet

Cloud

HomeOffice

Internal Segmentation Firewall(ISFW)

Internal Network

(100 Gbps+)

BranchOffice

PrivateCloud

EdgeGateway

Data Center

ISFW

ISFWISFW

ISFWISFW

ISFW

External

Internal


Summary / Recommendations

• Make sure you have a good layered security defense to break the kill chain» Next Generation Firewall, Secure Email Gateway, Endpoint Protection

• User/App/Device type ID & control, IPS, AV, Web Filtering, IP Reputation, AntiSpam, etc.

» Good solutions must have great security & great performance – Make sure your choice is validated by industry neutral third-party tests (such as NSS Labs) or do your own testing

• Build an Advanced Threat Protection Framework that includes sandboxing» The best choice is a sandbox that integrates with your other security

• Start inspecting SSL traffic» Your NGFW should have this capability; if not, make sure your next NGFW does» Work with compliance & HR on privacy regulations

• Implement Internal Segmentation Firewalls» Keep threats from running rampant throughout your internal network


DON’T GO UNPROTECTED

© copyright fortinet inc. all rights reserved. threat landscape ryan kane – swat specialist -...

Documents

global leader

copyright fortinet

fortinet confidentialtrend

fortinet confidentialbefore

fortinet confidentialwere

fortinet confidentialif

use fortinet firewalls

fortinet confidentialin