b&data solutions day 2008 think beyond a virtualized infrastructure the network security...
Post on 18-Dec-2015
214 views
TRANSCRIPT
B&Data Solutions Day 2008 Think Beyond a Virtualized Infrastructure
The Network Security Consolidation Imperatives - Protect, Preserve and Reduce
Flora ChanRegional Manager, Hong Kong & Macau
Fortinet Confidential
Virtualized Network Security
Network Security Consolidation Imperatives
About Fortinet
1
2
3
Agenda
Fortinet Confidential
Secure Virtualization: A New Paradigm
Virtualization is the most important solution being implemented in the Enterprise Data Center today.
This creates the need for a ‘security for virtualization’ paradigm that protects virtual environments in ways beyond what is currently available to protect physical environments.
Gartner Group:
Enterprises that do not leverage virtualization technologies will spend 25% more annually for hardware, software, security,
labor, and space for their infrastructure.
Fortinet Confidential Fortinet Confidential
Network Security Requirements
Performance
Management / Reporting
Flexibility
Content Security
Reliability / Density
Logging / Reporting
Fortinet Confidential Fortinet Confidential
Network Security Considerations
High availability
Out-of-Band management
Troubleshooting
Product upgrades
Product support
Hardware cost
Added network complexity
Fortinet Confidential
Fortinet’s Virtualization - Virtual Domains
Virtual Domains (VDOMs) Enable a single FortiGate
system to function as multiple independent virtual FortiGate systems
Up to 500 VDOMs supported per physical FortiGate device
Fortinet Confidential
Virtualized Network Security
Each VDOM can be configured with custom:
Virtual Routing features (Static, PBR, OSPF, BGP, RIP, Multicast)
Virtual Firewall (All Firewall features)
Virtual VPN (IPSec VPN, SSL VPN, PPTP)
Virtual IPS (Signature/Anomaly based, Protocol decoding)
Virtual Web filtering (84 Web Filter categories)
Virtual Antivirus (HTTP, FTP, SMTP, IMAP, POP3, NNT, ICQ, MSN, Yahoo, AIM)
Virtual Antispam (SMTP, POP3, IMAP)
Fortinet Confidential Fortinet Confidential
Fortinet’s VDOMsEach VDOM contains its own virtual interfaces, route table, state table, application proxies, and IPS table instances.
Fortinet Confidential
Virtualized ManagementMultiple Administrative domains Administrative Domain (ADOM) Per customer/device group policy management Per customer/device report generation Supports VDOM groups and device groups or
combinations of them
Fortimanager
Admin 2 Device Group 2
Device Group 1
FortiAnalyzer
Admin 1
Customer 1
Customer 2
Fortinet Confidential
Virtualized Reporting
Customizable with Customer/Private Branding
Per VDOM reporting Per ADOM log access
Fortinet Confidential
Agenda
Virtualized Network Security
Network Security Consolidation Imperatives
About Fortinet
1
2
3
Fortinet Confidential
Consolidation is all Around Us!
Just a few examples: Mobile Phones Companies Telecommunications / Video
And most importantly: Network Security
Fortinet Confidential
Consolidation Market Drivers Dynamic security landscape
Continued increase in sophistication and prevalence of threats which require multiple security protections
Increased enterprise adoption of Web 2.0 applications and IP-based services provide new methods of attack
Regulatory compliance pressures (SOX, PCI, etc.)
Slowing growth of IT budgets driving higher demands for ROI Rising complexity and cost of managing and maintaining
multiple security solutions Increased pressure to improve security service while reducing
TCO
Corporate concern for the environment/desire to be “green”
Fortinet Confidential
Consolidate for Enhanced Security
Comprehensive, integrated security platform Full breadth of network and content security on
a single appliance
Superior threat protection Integrated threat research; global research
team provides 24x7x365 coverage
More effective and efficient security management Centralized management and reporting Simplified deployment, configuration and
maintenance Unified logging and reporting
Fortinet Confidential
Consolidate to Reduce TCO
Lower capital expenditures (CapEx) Fewer devices to purchase, manage and
maintain Virtualization to manage up to thousands
of security profiles from one platform
Lower operational expenditures (OpEx) Smaller investment on training and support Simplified management, maintenance,
renewals and threat update subscriptions
Long-term investment protection Future-proof devices: service activation
as security needs grow Per-device license model
Fortinet Confidential
Consolidate for Environmental Benefits
Smaller hardware footprint Reduced data center space with
multi-threat security appliances and virtualized security chassis
Reduced power consumption over multiple standalone systems
Green impact Energy/emission reduction across
the entire life cycle with less manufacturing, cabling and recycling
Fortinet Confidential
The Network Security Consolidation Imperatives
Preserve Your Investment∙ Lower CapEx with fewer hardware requirements ∙ Lower OpEx with reduced management
complexity ∙ Increase functionality without increasing hardware
Reduce Your Footprint∙ More robust security capabilities with less hardware ∙ More powerful protection with less power consumption ∙ More network defense with less cost of ownership
Protect Your Network∙ Network content-level protection ∙ Data integrity-level protection ∙ Enterprise-level strength
Fortinet Confidential
A New Security Architecture is Required Antispam
Reduce unwanted email
Web filters Eliminated unproductive web-browsing
VPN Delivering secure remote access
Firewall Defend against intrusions
Antivirus Protect email from virus infection
IPS Protect against malicious attacks
VPNVPN
IPSIPS
UsersUsers
ServersServersFirewallFirewall
AntivirusAntivirus
AntispamAntispam
URL FiltersURL Filters
Fortinet Confidential
Real Disadvantages Requires multiple products that don’t talk to
each other Increases network complexity and operational
costs Negative impact to environment Non-optimal security implementation
Multiple Point Solutions Add Complexity & Cost
Perceived Advantages Comprehensive security approach Quickly react to individual threats
VPNVPN
IPSIPS
UsersUsers
ServersServersFirewallFirewall
AntivirusAntivirus
AntispamAntispam
URL FiltersURL Filters
Fortinet Confidential
Fortinet Consolidated Network Security
VPNVPN
IPSIPS
UsersUsers
ServersServersFirewallFirewall
AntivirusAntivirus
AntispamAntispam
URL FiltersURL Filters
Provides comprehensive security Minimizes down-time from individual threats Reduces number of vendors and appliances Simplifies security management Coordinates security alerting, logging, and reporting Improves detection capabilities Improves TCO
Fortinet Confidential
Agenda
Virtualized Network Security
Network Security Consolidations Imperatives
About Fortinet
1
2
3
Fortinet Confidential
Company Overview Leading provider of ASIC-accelerated Unified Threat
Management (UTM) Security Solutions
Company Stats Founded in 2000 by Ken Xie (Former NetScreen Founder)
Silicon Valley based with offices worldwide
1,000+ employees / 500+ engineers
350,000+ FortiGate devices shipped worldwide
Strong, validated technologies and products 11 patents; 80+ pending
Seven ICSA certifications (FIRST and ONLY security vendor)
Government Certifications (FIPS-2, Common Criteria EAL4+)
Virus Bulletin 100 approved
Fortinet Confidential
Large Global Installed BaseBlue Chip CustomersBlue Chip Customers
Fortinet products are used by:
• 20,000+ customers WW
•The world’s leading enterprises, telcos and service providers
• Major government education, healthcare and retail institutions
Fortinet Confidential Fortinet Confidential
Market Leadership & Growth
Fortinet pioneered the UTM market & has been the WW UTM market leader for the past 3 years -- source: IDC, 2007
By 2011 UTM will be the largest single market with a CAGR of 26.2%
Fortinet Confidential
Fortinet Leads Across UTM Market
“Fortinet is the leading vendor in the UTM security appliance market”
“Fortinet’s UTM product portfolio is seeing success across all price bands, including the high end, which has been the hardest sell for many vendors”
Fortinet Confidential
Email Email SpamSpam
X VirusesViruseswormsworms
Next-Generation Security Gateways
HackerHacker
XFortiGateFortiGate
www.find_a_new_job.comwww.free_music.comwww.pornography.com
InternetInternet
Real-TimeReal-TimeContent SecurityContent Security
at the Network Edgeat the Network Edge
Web filtering / Web filtering / BannedBannedcontentcontentX
Intrusions Intrusions PreventionPrevention
X
Instant Message / Instant Message / P2P securityP2P securityX
Fortinet Confidential
Comprehensive Product Portfolio
FortiGate-60A – FortiGate-100A
SMB & Remote OfficeSMB & Remote Office
FortiGate-200A – FortiGate-800F
EnterpriseEnterprise
FortiGate-1000A – FortiGate-5000
Carrier, MSSP &Carrier, MSSP &Large EnterpriseLarge Enterprise
FortiAnalyzer/FortiManager Centralised Management
FortiGate UTM Appliances
FortiMail Email Security
Fortinet Confidential
Fortinet Unique Value Proposition
SecurityMulti-Layered
1
PerformanceScalable & Line Speed
2
CostLow Cap and Op Ex
3
FlexibilityBroad Hardware Offering Security Software Modules Security Subscription
4
Fortinet Confidential
Thank You!For more information, please visit us at: http://www.fortinet.com/
Protect Your
Network
Reduce Your
Footprint
Preserve Your
Investment