advanced threat protection€¦ · verizon 2015 data breach investigations report, april 2015...
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved. © Copyright Fortinet Inc. All rights reserved.
Advanced Threat Protection
Telling and Selling the $20b Story
January 2016
2 2
Agenda
Telling the Story
Selling the Story
Recap/Resources
Telling the Story
4 4
The Problem: Breaches, Breaches and More Breaches
2014: 79,790 security
incidents
2015: CEOs, CIOs and
CISOs who resigned
All organizations should now assume
that they are in a state of continuous
compromise. — Gartner, 2/14/14
Sources: Verizon 2015 Data Breach Investigations Report, April 2015
Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks. February 2014.
IDG Media. IT Security Priorities and Next-Generation Firewall Deployment. January 2016.
5 5
Random Detection (average ~200 days,
prior to response)
DURATION
IMP
AC
T
The Impact: Extended Compromise, Data Loss, Headlines…
6 6
The Impact: Extended Compromise, Data Loss, Headlines…
Sources: Verizon 2015 Data Breach Investigations Report, April 2015
7 7
Known
Good
Known
Bad
Probably
Good
Very
Suspicious
Somewhat
Suspicious
Might be
Good
Completely
Unknown
Whitelists Reputation:
File, IP, App, Email
App Signatures
Digitally signed files
Blacklists
Signatures
Heuristics
Reputation:
File, IP,
App, Email
Generic Signatures
Code Continuum
Security Technologies
A Root Cause: “Idon’tknowware”
70-90%
OF MALWARE SAMPLES
ARE UNIQUE TO AN
ORGANIZATION
8 8
Whitelists Reputation:
File, IP, App, Email
App Signatures
Digitally signed files
Blacklists
Signatures
Heuristics
Reputation:
File, IP,
App, Email
Generic Signatures
Code Continuum
Security Technologies
Sandboxing
A Solution: Behavior-based Sandboxing of the Unknown
Sources: Verizon 2015 Data Breach Investigations Report, April 2015
70-90%
OF MALWARE SAMPLES
ARE UNIQUE TO AN
ORGANIZATION
Known
Good
Known
Bad
Probably
Good
Very
Suspicious
Somewhat
Suspicious
Might be
Good
Completely
Unknown
9 9
Why? It Provides Information to Stop Advanced Threats
Source: Forrester Sandbox Survey. November 2015.
Worldwide Specialized Threat Analysis and Protection Revenue,
2011-2019: Comparison of August 2013 and May 2015 Forecasts
May 2015 forecast
August 2013 forecast
2011 2012 2013 2014 2015 2016 2017 2018 2019
($M
)
3,500
3,000
2,500
2,000
1,500
1,000
500
0
10 10
What You Need to Know About FortiSandbox
1. Analyzes Activity
2. Provides Data, Dynamic Updates
3. Independently Validated
4. Cloud or On-Premise Options
5. Integrated and Automated
11 11
Random Detection (average 200 days,
prior to response)
DURATION
IMP
AC
T
Sandbox Only Detection &
Response (days)
Why? A Good Sandbox Reduces Dwell Time, Risk, Impact
12 12
Experienced Sandbox Users Seek Integration and Automation
Base: 150 IT security decision-makers at US-based enterprises that have implemented or evaluated sandbox technology
Source: A commissioned study conducted by Forrester Consulting on behalf of Fortinet, August 2015
13 13
Integrating A Sandbox with NGFW/WAF Speeds Response
Random Detection (average 229 days,
prior to response)
DURATION
IMP
AC
T
Sandbox Only Detection &
Response (days)
Sandbox +
NGFW/WAF Detect & Respond
(minutes)
14 14
What You Need to Know About FortiGate as NGFW
1. Independently Top Rated Prevention
2. Send Unknown Items to FortiSandbox
3. One-Click Quarantine
4. Automatic, Local Updates
5. Detects Advanced Threats
15 15
What You Need to Know About FortiWeb
1. Shields Web Servers From Exploit
2. Fastest Performance, Lowest TCO
3. Sends Items to FortiSandbox
4. Removes Files Based on Results
5. Detects Advanced Threats for One Attack Vector
16 16
How To Move From Detection/Response To Prevention?
Random Detection (average 229 days,
prior to response)
DURATION
IMP
AC
T
Sandbox Only Detection &
Response (days)
Sandbox +
SEG/EPP
Prevention (0-second)
Sandbox +
NGFW/WAF Detect & Respond
(minutes)
17 17
What You Need to Know About FortiMail SEG
1. Top rated Threat + Data Protection
2. On-premise or Cloud Service
3. Holds Messages for Analysis
4. Sends Items to FortiSandbox
5. Provides Advanced Threat Prevention
for One Attack Vector
18 18
What You Need to Know About FortiClient
1. Unified Client Software
2. Top-rated with New Central Management
3. Sends Items/Acts Before or After Install
4. Receives All FortiSandbox Results
5. Advanced Threat Prevention for All
Vectors…but Seen by Every User
19 19
Hand off : High risk items
Hand off : Provide
ratings
& results
Hand off : Creating a
fix & update
prevention
FortiSandbox & everything that is
behavior based
FortiGate & everything that
can enforce a
security policy
FortiGuard teams and automation
This is our Fortinet Advanced Threat Protection Framework
Selling the Story
21 21
Customer Concern: Advanced Threats on the Web
22 22
Recent $2.2m investment in Fortinet
Initial $10m quote from FireEye
Won Fair PoC: coverage, cost
Sales Motion: Add Sandbox to FortiGate NGFW
23 23
Customer Concern: Targeted Email Attacks
24 24
Director favored FireEye
Fortinet won with: » Better detection
» FortiGate/FortiMail integration
» Flexible deployment options
Sales Motion: Add SEG + Sandbox
25 25
Customer Concern: Advanced Attacks via Web and Email
26 26
Sales Motion: Net New NGFW+ SEG + Sandbox
FireEye was dismissed due to the
distributed environment.
FortiGate + FortiSandbox stopped
spearphishing
FortiMail integration is first in 2016.
27 27
Customer Concern: Advanced Attacks Via Web, Email, Web Apps
28 28
Sales Motion: Net New NGFW + SEG + WAF + Sandbox
End to end solution
NSS certification
29 29
Customer Concern: Exposed Endpoints
30 30
Sales Motion: Net New Sandbox + Client
Full featured client reduces agents
Caught thousands of malwares
missed by SCEP
Stops zero-days with FSA
31 31
Customer Concern: Strongest Defense Against APTs
32 32
The $20bn Opportunity…This Year
Sandbox ($2bn)
33 33
The $20bn Opportunity
Sandbox ($2bn)
NGFW/UTM ($8.5bn)
34 34
The $20bn Opportunity
Sandbox ($2bn)
NGFW/UTM ($8.5bn) SWG
($2bn
)
SEG
($2bn)
35 35
The $20bn Opportunity
Sandbox ($2bn)
NGFW/UTM ($8.5bn) SWG ($2bn)
Endpoint ($4.6bn) SEG
($2bn) WAF ($800m)
36 36
Recap
Every Organization Should Have a Sandbox » New and Necessary Technology
» Can be affordable and manageable when integrated
It’s part of the only ATP Solution NSS Recommended Edge to Endpoint
Pick the point(s) of integration that make sense for your customers
37 37
Recap
Concern ATP Component Pro Con
Breaches/Headlines FortiSandbox Detects the Unknown
Enables Response and Mitigation
Requires Response
Web-based Threats,
Broad Coverage
FortiGate NGFW +
FortiSandbox
Extends Sandbox Coverage,
Speeds Response and Mitigation
Detection Only
Web App Exploits FortiWeb WAF +
FortiSandbox
Covers a Top Attack Vector,
Speeds Response and Mitigation
One Vector Only
Targeted Email Attacks,
Prevention
FortiMail SEG +
FortiSandbox
Prevention for a Top Attack Vector One Vector Only
Exposed Endpoints,
Manual response
FortiClient EPP +
FortiSandbox
Prevention for All Vectors Visible to all End Users
38 38
Additional Resources http://www.fortinet.com/solutions/advanced-threat-protection.html
Breaking the Kill Chain video http://www.fortinet.com/videos/breaking-kill-chain-advanced-attacks.html
Forrester Sandbox Survey Exec Summary http://www.fortinet.com/resource_center/analyst_reports/sandbox-technology-breach-detection-response-strategy.html
ATP Framework paper http://www.fortinet.com/sites/default/files/whitepapers/ATP-Framework.pdf
CTAP http://www.fortinet.com/how_to_buy/request-cyber-threat-assessment.html
Fuse Community- Advanced Threat Protection https://fuse.fortinet.com/p/fo/si/topic=438
39 39