connect and secure retail - Časopis zaštitazastita.info/userfiles/file/zastita/sigshop/sigshop...
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
Connect and Secure Retail
Tomislav Tucibat, Major accounts Manager Adriatic
February 2016
2 / 25 2 / 25
• Target
– 40 million card numbers, 70 million records
• Home Depot
– 56 million card numbers, 53 million records
• Michaels
– 2.6 million card numbers
• Staples
– 1.6 million card numbers
• Goodwill Industries
– 868,000 card numbers
2014: Year of the Retail Data Breach
3 / 25 3 / 25
• New retail technologies
– Wireless POS, sales tablets, guest Wi-Fi, smart digital signage, presence analytics
• Compliance requirements
– PCI, regional data privacy compliance
• Security threats
– Advanced Persistent Threats
• Multiplied by many locations
Technology Demands on Retail Networks
4 / 25
Fortinet Connect and Secure Solution
PoE Interfaces
Space & Energy Saving
FW & VPN Web Filtering
3G/4G connectivity SSL Inspection User/Device ID
IPS DLP
Application Control Vuln. Scanning
AV/Sandbox Anti-spam
Hybrid WAN
WiFi Controller
WAN Optimization
Endpoint Control
Token Service
So
ftw
are
Fe
atu
res
Ha
rdw
are
Fe
atu
res
Wireless Net
WAN
3G/4G Wired Net PoE
FortiGate
FortiAP
Management/ Reporting
FortiManager
FortiAnalyzer
FortiSwitch
WAN/VPN
FortiPresence
FortiExtender
6 / 25
Retail Store Device Proliferation
Multiple
Management
Consoles
Inconsistent
Networking
Functions
Potential
Gap in Protection
Slower Threat
Response
WAN
Acceleration
Web
Filtering
IPS
Application
Control
WiFi Controller
Advanced
Threat
Protection
Antivirus
Firewall
Management
SaaS Gateway
VPN
INTERNET
7 / 25
INTERNET
FortiGate Device Consolidation
FortiGate consolidates networking and security technologies into a single high performance appliance
Firewall
VPN
Application Control
IPS
Web Filtering
Antivirus
WAN Acceleration
Data Leakage Protection
WiFi Controller
Advanced Threat Protection
SaaS Gateway
FortiGate DCFW NGFW UTM
Management
Single
Management
Console
Integrated
Networking
& Security
Consolidated
Security Policy
Faster
Threat Response
8 / 25
Pe
rfo
rma
nc
e &
Sc
ala
bil
ity
FW <1G 1G – 2G 2G – 4G
NGFW
<250Mbps 250MB – 1G 275MB – 1G
Ports 1 – 5 GE 1 – 10 GE 1 – 48 GE
FortiGate Entry Level Family
FG-30D/-POE
FWF-30D/-POE
FG-60D/-POE
FWF-60D/-POE
FG/FWF-60D-
3G4G
FG-80D
FG-94D-POE
FWF-90D/-POE
FG-70D
FG/FWF-92D
FG-90D/-POE
FGR-60D
CPU
CPU
SoC2
SoC2 SoC2
FG-98D-POE
10 / 25
FortiWiFi Overview
FortiWiFi
INTERNET
Small Deployments - Up to 300 sq meters or 3,000 sq feet
FortiWiFi
11 / 25
FortiWiFi Family
FWF-30D/30D-POE
FWF-60D/60D-POE
FWF-90D/90D-POE
Thick AP ✓ ✓ ✓
Number of radios 1 1 1
IEEE 802.11 standards a/b/g/n a/b/g/n a/b/g/n
802.11n support 2x2 MIMO 2x2 MIMO 2x2 MIMO
Max client association rate
300Mbps 300Mbps 300Mbps
Max number of SSIDs 8 8 8
Max Managed FortiAP (Total/ Local Bridge)
2/2 10 / 5 32 / 16
12 / 25
FortiAP overview
FortiAP
INTERNET
Larger Deployments - More than 300 sq
meters or 3,000 sq feet
FortiGate/FortiWiFi WLAN Controller
13 / 25
FortiAP Family
3x3:3 D
ual
Rad
io
Du
al B
and
2x2:2
Sin
gle
Rad
io
1x1:1
Remote Outdoor Indoor
802.11ac
802.11ac
FAP-28C
FAP-14C
FAP-11C
FAP-222C
FAP-112D
FAP-24D
FAP-223C
FAP-221C
FAP-321C
FAP-320C
802.11ac
802.11ac
FAP-224D
FAP-25D
FAP-21D
802.11ac
14 / 25 14 / 25
• Wireless IDS
• Rogue AP Suppression
• Layer 7 Application Control
• Integrated Guest Captive Portal
Fortinet Wireless Features for Retail
15 / 25 15 / 25
Po
E N
on
-Po
E
8 port 24 port 48 port
FortiSwitch Secure Access Family
FS-28C
FS-224D-POE
FS-348B
FS-324B-POE FS-108D-POE
FS-124D-POE
FS-124D
FSR-112D-POE
FS-448B
16 / 25 16 / 25
FortiGate Switch Management
– Uses modified CAPWAP protocol – like FortiAP
– View port speed, status, etc.
– Apply security policy
– Authentication via 802.1x or captive portal
– Segment Network
Switch Segmentation for PCI Compliance
17 / 25 17 / 25
• Modems connected directly to CPE
• CPE usually located in a wiring closet
• Poorly located for optimal 3G/4G reception
Problems with 3G/4G WAN in Retail
18 / 25 18 / 25
• Houses a 3G/4G modem
• Can be installed for optimal coverage
• Connects to FortiGate via Ethernet cable
FortiExtender Wireless WAN Solution
19 / 25
FortiExtender family
FortiExtender-20B
• Indoor w/ Security Lock
• USB Modem
• PoE or AC powered
FortiExtender-100B
• Outdoor, IP55 Rated
• USB Modem
• Ruggedized Construction
• PoE Powered
FortiExtender-100A-VZW (Band 13)
• Outdoor, IP55 Rated
• Internal Verizon 4G Modem Ruggedized Construction
• PoE powered
21 / 25 21 / 25
• Components:
– FortiAP or FortiWiFi: Detects Wi-Fi signal from smartphones
– FortiGate: Aggregates signal information from multiple APs
– FortiPresence: Processes data and presents analytics on dashboard
FortiPresence Solution Overview
FortiPresence
22 / 25 22 / 25
• Measure
– Total/New/Repeat
– Dwell time duration
– A/B store comparison
– VIP Alert
– Real-time Heat maps
– And more…
FortiPresence: Measure. Connect. Influence
Connect
» Social Wi-Fi Login
» Marketing Opt-in
» Push coupon
Influence
» Analyzes Wi-Fi traffic
» Detect product search
» API can trigger:
» Smart digital signs
» Instant price cuts
» Push Coupons
23 / 25
Case Study - Bobbejaanland Theme Park
• Located in Flanders, Belgium
• 56 acres, 50 attractions, 750,000+ visitors per year
Challenge
Retail Theme Park
• Growing attendance and improving profitability
• Increasing utilization of rides and attractions
• Connecting wireless Point-of-Sale systems
• Enabling guest Wi-Fi for visitors
Solution
• FortiGate
– Deployed as Security Appliance and Wireless Controller
• 30+ FortiAP Access Points
• FortiPresence Analytics Service
24 / 25
Local case study - Plodine
• Located in Croatia
• 75 supermarkets across Croatia
Challenge
Plodine
• Protecting the local network
• Network segmentation
• Enabling guest Wi-Fi for visitors
Solution
• 2xFortiGate 500D
– Deployed as Security Appliance and Wireless Controller
• 50+ FortiAP Access Points
• FortiAnalyzer