Post on 30-Mar-2015
transcript
The Consolidation Imperative
Maximizing Security, ROI and Environmental Benefits with Fortinet SolutionsTodd Craw – FL Channel SE - June 2010
Consolidation is all Around Us
Just a few examples: Discrete MP3 Player, Camera, Phone =
iPhone or Android Triple Play services over coax or dsl =
Voice, Video and Data
And most importantly: Network Security = Antivirus, IDS/IPS,
Antispam, Web Content Filtering, VPN and more in one device
Consolidation Market Drivers
Dynamic threat landscape
Slowing growth of IT budgets
Easier Mangement – Lower Opex
Fewer Devices – Lower Capex
Reductions in Footprint
Energy/Carbon
Rackspace
Dynamic Threat Landscape
Evolving Threats
Continued increase in sophistication
and prevalence of threats require
multiple security technologies
Increased enterprise adoption of Web
2.0 applications and IP-based services
provide new vectors for attack
Regulatory compliance pressures
(SOX, PCI, etc.)
Blended Threat – W32/Pushdo!tr Multiple Attack Vectors
Spams email with malicious attachment
Email contains a trojan downloader
– Downloads a rootkit to cover activity
– Downloads multiple other components
The trojan uses a command and control communication channel
W32/Pushdo!tr - Antispam
Antispam recognizes email as spam
Blocks message from user’s inbox
W32/Pushdo!tr - Antivirus Gateway antivirus detects
the malicious attachments The trojan downloader The rootkit The various other
components
Removes malicious payloads, preventing accidental execution
W32/Pushdo
W32/Pushdo!tr – Intrusion Prevention
IPS detects communications on the command and control channel
Blocks the transmission of the infected host’s communication
W32.Pushdo.Virus .Detection
Financial “Belt Tightening”
Slowing growth of IT budgets driving higher demands for ROI Rising complexity and cost
of managing and maintaining multiple security solutions
Increased pressure to improve security service while reducing TCO
Real Disadvantages Higher Capex for multiple products Increases network complexity and
operational costs – training & support Discrete security technologies such
as VPN, AV, IPS, WCF, AntiSpam have become commodities!
Multiple Point Solutions Add Complexity & Cost Perceived Advantages
Comprehensive security approach Quickly react to individual threats Specialization
Consolidate to Reduce TCO
Lower operational expenditures (OpEx) Simplified management, maintenance,
renewals and threat update subscriptions Smaller investment on training and support
Lower capital expenditures (CapEx) Fewer devices to purchase, manage and
maintain Virtualization to manage up to thousands
of security profiles from one platform
Long-term investment protection Future-proof devices:
Service activation as security needs grow Per-device license model
Doing More With Less – Capex Savings
Security Service Fortinet CompetitorFirewall / VPN $43,495 $13,199
Intrusion Prevention Included $38,145
Antivirus Included $16,585
Web Filtering Included $13,449
Totals $43,495 $81,378
500 User Network Savings over Standalone Products - $37,883
Fortinet Consolidated Network Security
Reduces number of vendors and appliances
Provides comprehensive security
Minimizes down-time from individual threats
Simplifies security management
Coordinates security alerting, logging, and
reporting
Improves detection capabilities
Reducing Footprint
Firewall / VPN
Antivirus
Web Filtering
IPS
FortiGate Appliance¼ Physical Space
¼ Power Consumption=
=
Consolidate for Environmental Benefits
Smaller hardware footprint Reduced data center space with
multi-threat security appliances and virtualized security chassis
Reduced power consumption over multiple standalone systems
Green impact Energy/emission reduction
across the entire life cycle with less manufacturing, cabling and recycling
Fortinet Differentiation Broad technology platform
ASIC accelerated security on all platforms Unified security functions AV, IPS, WCF, FW,
VPN, Anti-spam/Spyware with NO OEM relationships
Identical user interface on all appliances No per user licensing – services unlimited
Unified Management, Logging and Reporting Enterprise management – firmware – policy Logging, reporting, event correlation Active directory integration
user activity reporting
Broad security subscription coverage via global infrastructure Active push and pull technology for rapid
protection >200 researchers WW
FortiOS constantly adds new features
FortiOS is the security hardened operating system that powers all FortiGate multi-threat security systems. The CLI and GUI are the same across all applicances.
Application Control
Facilitates inspection for evasive applications using non-standard ports, port-hopping, or tunneling within trusted applications
More flexible and fine-grained policy control Increased security Deeper visibility into network traffic FortiOS 4.2 adds shaping to any application!
Enforces security policy for over 1000 applications, regardless of port or protocol used for communication
SSL Traffic Inspection
Inspect otherwise hidden communication
Increased protection for secure web/app servers
Improved visibility into network traffic
Supports HTTPS, POP3S, SMTPS, and IMAPS protocols
Proxies SSL encrypted traffic, inspecting for threats and applying policy to traffic that is invisible to other security devices.
Data Leakage Prevention
Integrates with Application Control and SSL Inspection
Works across any application and encrypted traffic
Configurable actions (block / log) Provides audit trails for data and files Aides in legislative compliance Protects an organization’s sensitive
information
Keep sensitive, confidential, and proprietary data from escaping defined network perimeter
Consolidate with Fortinet
Preserve Your Investment∙ Lower CapEx with fewer hardware requirements ∙ Lower OpEx with reduced management
complexity ∙ Increase functionality without increasing hardware
Reduce Your Footprint∙ More robust security capabilities with less hardware ∙ More powerful protection with less power consumption ∙ More network defense with less cost of ownership
Protect Your Network∙ Network and content-level protection ∙ Data integrity-level protection ∙ Enterprise-level strength
Thank You for your time!
Questions?For more information, visit us at: http://fortinet.com/
Protect Your
Network
Reduce Your
Footprint
Preserve Your
Investment
Lee County Clerk of Courts
“The Fortinet solution is surpassing our high expectations and demands. Though we were seeking a performance and throughput improvement, we now also have less boxes to manage, 24/7 availability even if a datacenter goes down and a way to report on
network usage without taking the entire network down.”
Brian Bernard, senior network administrator Lee County Clerk of Courts
Products: FortiGate-1000, FortiGate-5050, FortiGate-5001FA2
Solution: Antivirus, anti-spam, firewall, Web filtering and intrusion prevention
Where: FortiGate-1000 at its Sarasota, FL disaster recovery site
-Two FortiGate-5050™ systems in active/active mode located at two data centers in Fort Myers, FL and one FortiGate-5050 for the public facing network and the other is for the remote agency network being accessed by the State attorney, defense attorneys and other state agencies.
- Two FortiGate-5001FA2 blade modules are connected to each of the FortiGate-5050 systems in clustered pairs.
Benefits: Protection of sensitive information such as case histories from county courts, county finance information, land records
- Aggregate, analyze and report on log data traversing the distributed network.
Hardee’s quick-service and fast-casual dining
“Managing multiple restaurant locations nationwide, it was very important for us to select a network security solution that was cost-effective, easy to use and offered central management while ensuring Federal compliance regulations. The FortiGate
product line is allowing us to offer enterprise-level network security to our restaurants as well as complying with government regulations such as PCI mandates.”
Greg May, Chief Technology Officer Paradigm
Products: FortiGate-300A, FortiWifi-60B, FortiManager-400
Solution: firewall, IPS and Web content filtering
Where: FortiGate at Paradigm HQ to provide firewall, IPS and WCF for the main network
- FortiWifi deployed at each of the 95 franchise networks
- FortiManager deployed at Paradigm HQ to easily and centrally manage the 295 appliances located at nationwide franchises.
Benefits: new wireless newtork for patrons of some of the restaurants
- PCI compliance
- Simplified management of appliances
-Consolidated network security functions
Clerk of the Circuit Court of Cook County second largest county in U.S.
"In our first 107 days of having the Fortinet solution deployed, we did not have a second of downtime. Although we experienced 381,407 attempted attacks against our network, the Fortinet solution blocked and protected us from every single
attack."
Bridget Dancy, CIOCircuit Court of Cook County
Products: FortiGate™-1000 (replaced Norton and Microsoft), FortiAnalyzer™-100
Solution: Antivirus and intrusion prevention
Where: FortiGate™-1000 to provide antivirus, firewall and intrusion prevention for network
- FortiAnalyzer™-100 to easily analyze and log traffic traversing the network of more than 800 computers
Benefits: protecting more than 5.6 million documents ranging from employee email to citizen legal case material, adoptions, mental health, and tax objection documents.
-helping secure the Circuit Court Clerk's $5 million cashiering system which collects and disburses more than $100 million in revenue -Experienced 381,407 attempted attacks against network and Fortinet blocked and protected every single attack
-FortiAnalyzer is providing valuable intelligence on network usage and assistance with meeting regulatory compliance