fortinet securityfabric 2018 資訊安全論壇 · 系統,弱點資料庫...
TRANSCRIPT
3
2007 2017Threat Actors <50 >1,000Threat Types <50 >1,000,000
Alerts/Day (Average Per Firm) <1,000 >1,000,000Security Vendors <100 >2,300VC Investments <$500M >$6B
Security Spending <$3B >$80B
網路安全的演進⋯
Source: Optiv, 2017
6
Fortinet 2018 年 資安趨勢預測
§/��-%Hivenet�Swarmbot�.%12§)�8'�$����%�!§�����%��49§65�&� +3%�'7�§ �+30+3#,*"9(��$ AI /�����
請參閱:2018 Threat Predictions - by Derek Manky
Mid-year 2017 Predictions Update
© Copyright Fortinet Inc. All rights reserved.
鞏固網路安全 成就數位轉型Security without perimeter
Johnson Lai+e: [email protected]
Channel Manager
9
資訊安全成為數位轉型的極其重要的關鍵
洞悉潛在的威脅
導入更多創新技術與自動化管控
彈性化配置
新世代安全須涵蓋混合雲環境提供一致性的管理與
多樣化建置
OT 的安全
將 IT 的安全擴展到運營技術網絡
資料保護
無論以何種型態存在, 靜止的或處於傳輸過程
法規遵循
融入整合於既有安全規範策略與法令之內
10
[Security Transformation]SX20��%8)�;��.��4�%�&����;�6%���%�&���
!%�'������$ #15�+;*9�=� %���/-�,:%
(���7+"3�<�2�%4��
12
過多的獨立產品與產業規範制度遵循
Security Consoles
Compliance
Point Products
INTEGRATIONVery Difficult
Form Factor
30+
GPDR
16
���
FORTINETSECURITYFABRIC 20182018
���-C> %E��G�;�8C>��)9�7�F
�-?<�6
���'�-�:+�C>*AD�6-����
���-!5/0H1,�3�-7 �(*=�H.�?�/07@2�"�B4
�����#&$#
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
��� ���
19
Multi
CloudEmail Applications
Web Unified
Access
Management
AnalyticsThreat
Protection
Advanced
Endpoint
IoT
NetworkSecurity
Multi-Cloud Security
EndpointSecurity
Email Security
Web Application Security
SecureUnified Access
Advanced Threat Protection
Management& Analytics
FortiGateEnterprise Firewall
FortiGate Cloud FirewallNetwork Security
FortiClientEPP
FortiWebWeb Application
Firewall
FortiMailSecure Email
Gateway
FortiSandboxAdvanced Threat
Protection
FortiAnalyzerCentral Logging
/Reporting
FortiManagerCentral Security
Management
FortiSIEMSecurity Information &
Event Management
FortiGate Virtual Firewall
Network Security
FortiAPWireless
Infrastructure
FortiSwitchSwitching Infrastructure
Securing IoT, Networks & Cloud ecosystems
“The Fabric 8”
20
THE FABRIC 8
Network Security
FortiGateEnterprise Firewall
SWG
SD-WAN
IPSAppliance Virtual
Machine
Cloud
& ���#�%�+�������#("'$!��& ������������)��+ �����*����
Network
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
21
提昇防護的廣度能預防來自四面八方的細微攻擊BROAD
WAF
EMAILSWITCH
ACCESSPOINTS
Network
MOBILE IoT
WINDOWS MAC
APIs
SECURITY
SANDBOX
MANAGEMENT
ANALYTICS
CASB PRIVATE
PUBLICMETER
Access Apps
CloudEndpoint
22
THE FABRIC 8
Multi-Cloud Security
FortiGate Virtual FirewallNetwork Security
FortiCASBCloud Access Security Broker
FortiGate Cloud FirewallNetwork Security
Fortinet ConnectorsCloud & SDN Integration
Virtual Machine
Cloud
)���*%��*���'#�"�Fortinet ����&���������� �� ��!��$�(* �'#���
Multi
Cloud
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
23
多樣化雲端應用引發了更多的網路攻擊威脅管道
Campus
Branch Office
Retail Office
Single Console
Private Cloud
Public
SaaS
SD-WAN CSP Cloud
Remote
Data Center
WAN
24
THE FABRIC 8
Endpoint Security
Software
FortiClientNG Endpoint Protection Platform
Enterprise Management ServerCentral Management
2���!6*�.)��4$��(��&+�1��� ��&5����2���#%.) �������0!��,/-�"�3�'
Endpoint
IoT
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
25
即時主機安全防護
時時刻刻快速更新
週期性掃描過濾
網路行為偵測解析
多種應用程式分類
針對特有應用程式的細節控制
即時雲端的網站IP URL評比
安全搜尋設定
例外排除名單
即時更新應用程式、系統,弱點資料庫
自動化系統安全強化
週期性弱點掃描
終端先進式威脅防護方案Advanced Threat Protection
Antivirus ApplicationFirewall Web Filter Vulnerability
Scanning
有效避免惡意軟體感染
有效減少攻擊管道生成
避免透過網頁木馬入侵感染
避免未預期系統或程式弱點
“Fortinet rarely misses a VB100 comparative, and a strong record of
passes, complemented by a
steady improvement in detection over the last couple of years, have put it well up with the
leaders… ”
26
THE FABRIC 8
Email Security
FortiMailSecure Email Gateway
Appliance Virtual Machine
Hosted Cloud
4�6�3��*0����'�+� 3��)(57���/���2&������,%��'-# "��$�!�'.��1
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
27
郵件傳遞是主要威脅感染的管道
Malware
• 特別針對低警戒心的用戶經常會發生大量的攻擊
• 透過社交工程技術來讓用戶打開電子郵件並執行惡意軟件
• 零時差的攻擊程式
Phishing
• 針對特定組織或團體單位,(魚叉式網絡釣魚)並根據用戶感興趣的內容題材
• 通常針對CxO 等級(捕鯨)
• 零時差惡意軟體或社交工程洩漏到財務或重要內部信息
• 12%的用戶會點擊這樣的郵件中的惡意附件或鏈接*
��������
* Source: Verizon 2016 Data Breach Investigations Report
Compliance & Data Loss
• 通過電子郵件發送個人身份信息(PII)
• 從組織中發送公司機密信息• 公司內部間諜活動• 無法加密敏感電子郵件• 未能備份/保存/歸檔電子郵件以
符合企業標準• IRS – 7 years• PCI – 1 year• State depts – 3 years• HIPPA – 6 years
28
THE FABRIC 8
Web Application Security
FortiWebWeb Application Firewall
FortiADCApplication Delivery Controller
Appliance Virtual Machine
Hosted Cloud
%!'� ������ �(���&���$(��������������"#������
Applications
Web
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
29
§ 網站應用程序漏洞修補
§ 病毒威脅過濾防範
§ 安全的網頁服務
§ 提升應用程能力與可靠度
§ 弱點掃描功能
§ 提升SSL 處理能力與內容解析
安全 / 高擴展與快捷的網頁應用服務架構
FortiGuard
AttachmentScanning
SSLOffloadingSSL
Outlook (mobile and web)
30
THE FABRIC 8
Secure Unified Access
FortiAP, FortiWLC, FortiWLMWireless Infrastructure
FortiSwitchSwitching Infrastructure
FortiAuthenticator, FortiTokenIdentity and Identity Management
Appliance Virtual Machine
Hosted
�� ��������������������������Fortinet Security Fabric ���������
Unified
Access
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
FortiWiFiIntegrated Wireless
31
網路終端存取的現況與挑戰
新世代WIFI的變革與演進
有線/無線的認證
簡化單一的管理與維運
資料存取方式變遷
大量成長的行動裝置
無線存取的需求增加
��������(Integrated Security)
32
THE FABRIC 8
Advanced Threat Protection
FortiSandboxAdvanced Threat Protection
Appliance Virtual Machine
Hosted Cloud
�� (NGFW, SEG, EPP, WAF…) �$#��������%"�������� $���!�!�������#���
ATP
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
33
現今威脅已是快速多變並難以預測⋯⋯
�� & � �$�� �"� ���� �"��� & �� ��
��! ���
�%#�:File, IP, App, Email App Signatures, Digitally singed files
������%#�:File, IP, App, Email Generic Signatures
'���� ���
99.5%Of Malware samples are
Unique to an Organization
Source:Verizon 2016 Data Breach Investigations Report, April 2016
99.5% ����������
58��������� �
�����
沙箱模擬技術
34
THE FABRIC 8
Management & Analytics
�Fortinet#�� ���$�����"�%�������(��*'�!)��#&���*�������� &
FortiAnalyzerCentral Logging & Reporting
FortiManagerCentral Security Management
FortiSIEMSecurity Information & Event Management
Appliance Virtual Machine
Hosted Cloud
FortiCloudCloud-based Central Management
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
35
管理與分析 - 包含了哪些範疇?
�� ��
UIG�����
� ������
��� ���
PIAFabric ����FortiManager FortiAnalyzerFortiCloud FortiSIEM
36
[Security Transformation]SX 52��(;,�?��0��7�(�)!��B
��9(���(�)���#(�*B��� �
'�&38C�A�"(���1/.>(+�
��� �=<B:-$6�@�5�(7�%4C
37
���
FORTINETSECURITYFABRIC 20182018
���-C> %E��G�;�8C>��)9�7�F
�-?<�6
���'�-�:+�C>*AD�6-����
���-!5/0H1,�3�-7 �(*=�H.�?�/07@2�"�B4
�����#&$#
NETWORK
MULTI-CLOUD
PARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT
WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
��� ���
39
SECURITY FABRIC – 客戶的環境與應用
DDoS Protection
Database Protection
Web ApplicationFirewall
ApplicationDeliveryController
Top-of-Rack
BRANCHOFFICE
Distributed Ent FW
LTE Extension
Endpoint Protection NGFWSecure Access
Point
IP VideoSecurity
Email Server
Web Servers
SDN, VirtualFirewall
DCFW/ NGFW
Sandbox
Internal Segmentation
FW
Sandbox
Switching
Internal Segmentation FW
Email Security
Internal Segmentation FW
CAMPUS
Internal Segmentation FW
DATA CENTER/PRIVATE CLOUD
VirtualFirewall
FortiCloud
Client Devices
Client Devices
PUBLIC CLOUD
OPERATIONS CENTER
40
SECURITY FABRIC – Network Security
DDoS Protection
Database Protection
Web ApplicationFirewall
ApplicationDeliveryController
Top-of-Rack
BRANCHOFFICE
LTE Extension
Endpoint Protection
FortiGateNGFWSecure Access
Point
IP VideoSecurity
Email Server
SDN, VirtualFirewall
FortiGateDCFW/ NGFW
Sandbox
FortiGate Internal Segmentation FW
Sandbox
Switching
FortiGate Internal Segmentation FW
Email Security
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
CAMPUS
Client Devices
DATA CENTER/PRIVATE CLOUD
Web Servers
ENTERPRISE FIREWALL
FortiGate/FortiWiFiDistributed Ent FW
Client Devices
FortiManager
FortiAnalyzer
FortiSIEM
OPERATIONS CENTER
VirtualFirewall
FortiCloud
PUBLIC CLOUD
41
SECURITY FABRIC – Cloud Security
DDoS Protection
Database Protection
Web ApplicationFirewall
ApplicationDeliveryController
Top-of-Rack
BRANCHOFFICE
LTE Extension
CAMPUS
Secure AccessPoint
IP VideoSecurity
Switching
FortiGateNGFW
FortiGateDCFW/ NGFW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate VMX SDN, Virtual
Firewall
DATA CENTER/PRIVATE CLOUD
Web Servers
ENTERPRISE FIREWALL
Client Devices
CLOUD SECURITY
Client Devices
Endpoint Protection
Email Server
Sandbox
Sandbox
Email Security
OPERATIONS CENTER
FortinetVirtual Firewall
FortiManager
FortiAnalyzer
FortiSIEM
FortiCloud
PUBLIC CLOUD
FortiGate/FortiWiFiDistributed Ent FW
42
SECURITY FABRIC - Advanced Threat Protection
DDoS Protection
Database Protection
ApplicationDeliveryController
Top-of-Rack
BRANCHOFFICE
LTE Extension
CAMPUS
FortiClient Secure AccessPoint
IP VideoSecurity
Switching
FortiGateNGFW
FortiGateDCFW/ NGFW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate VMX SDN, Virtual
Firewall
DATA CENTER/PRIVATE CLOUD
Web Servers
CLOUD SECURITYADVANCED THREATPROTECTION
ENTERPRISE FIREWALL
FortiClient
FortiSandbox
FortiClient
FortiSandbox
FortiMailEmail Security
Email Server
FortiWebWeb Application
Firewall
OPERATIONS CENTER
FortiManager
FortiAnalyzer
FortiSIEM
FortinetVirtual Firewall
FortiCloud
PUBLIC CLOUD
FortiCloud Sandboxing
FortiGate/FortiWiFiDistributed Ent FW
43
SECURITY FABRIC – Application Security
Top-of-Rack
BRANCHOFFICE
LTE Extension
CAMPUS
FortiClientSecure AccessPoint
IP VideoSecurity
Switching
FortiGateNGFW
FortiGateDCFW/ NGFW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate VMX SDN, Virtual
Firewall
FortiDDoS Protection
FortiWebWeb Application
Firewall
FortiADCApplicationDeliveryController
DATA CENTER/PRIVATE CLOUD
Web Servers
FortiGate Internal Segmentation FW
APPLICATIONSECURITY
ENTERPRISE FIREWALL
FortiClient
FortiSandbox
FortiClient
FortiSandbox
FortiMailEmail Security
FortiDBDatabase Protection
CLOUD SECURITYADVANCED THREATPROTECTION
Email Server
OPERATIONS CENTER
FortiManager
FortiAnalyzer
FortiSIEM
FortinetVirtual Firewall
FortiCloud
PUBLIC CLOUD
FortiCloud Sandboxing
FortiGate/FortiWiFiDistributed Ent FW
44
SECURITY FABRIC - Unified Access
FortiWebWeb Application
Firewall
FortiADCApplicationDeliveryController
Top-of-Rack
BRANCHOFFICE
FortiExtenderLTE Extension
CAMPUS
FortiClient Secure AccessPoint
IP VideoSecurity
FortiGateNGFW
FortiGateDCFW/ NGFW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate Internal Segmentation FW
FortiGate VMX SDN, Virtual
Firewall
FortiDDoS Protection
FortiGate Internal Segmentation FW
DATA CENTER/PRIVATE CLOUD
Web Servers
SECURE ACCESS APPLICATIONSECURITY
ENTERPRISE FIREWALL
FortiClient
FortiSandbox
FortiClient
FortiSandbox
FortiMailEmail Security
FortiSwitchSwitching
CLOUD SECURITYADVANCED THREATPROTECTION
FortiSwitchSwitching
Email Server
FortiDBDatabase Protection
OPERATIONS CENTER
FortiManager
FortiAnalyzer
FortiSIEM
FortinetVirtual Firewall
FortiCloud
PUBLIC CLOUD
FortiCloud Sandboxing
FortiCloud AP Management
FortiGate/FortiWiFiDistributed Ent FW