Post on 18-Nov-2014
description
transcript
© 2011 Windstream Communications, Inc. | 008906
Debunking Network Security Myths
Introduction
Presenters
Drew Savage, Fortinet
Director, MSSP Strategy and Business Development – Global Alliances
Has spent the past 12 years focusing on security for carriers, managed
service providers and vendors and will be the main presenter for the webinar.
Terry O’Brian, Windstream
Windstream Enterprise Product Development
Has over 25 years experience in voice and data technologies, business
development, and product marketing. Terry has authored numerous industry
white papers and trade press articles on a variety of networking topics
including MPLS, ATM/Frame Relay, Unified Communications, and Network
Security.
2
Overview
Top 5 Network Security Myths
1. I have a firewall, I don’t need any other network protection
2. Blocking applications is good enough
3. Best of breed products are better than a consolidated approach
4. There is no way to stay on top of threats
5. Hackers only attack big companies
3
4
Mature Company with Market Leadership Across the Board
Worldwide UTM Market Share
Q2 2010 (1)
(1) IDC Worldwide Security Appliances Tracker, September 2010 (market share based on factory revenue) (2) Gartner, Inc., “Magic Quadrant for Unified Threat Management”, October 2010
Notes
Rank Company Market
Share (%) (2)
1 16.4
2 Cisco 9.8
3 Juniper 9.0
4 SonicWALL 8.1
5 Check Point 7.2
6 WatchGuard 4.9
7 McAfee 5.5
8 Crossbeam 2.6
9 Other 41.4
Total 100.0
Magic Quadrant for Unified Threat Management (2)
• Founded in 2000
• Global presence with 30+ offices
worldwide & 1,300+ employees
– 5,000+ channel partners
– 100,000+ customers
– Majority of the Fortune Global 100
• IPO Nov 2009
• NASDAQ: FTNT
• 2009 revenue of $252 Million
– 19% YoY growth
• World class management team
Fortinet Pioneered a New Approach
5
The Fortinet Solution Traditional Network Security Solutions
Stand-alone, non-integrated security
Mix of off the shelf systems and applications
Higher total cost of ownership
Difficult to deploy / manage / use
Real-time, integrated security intelligence
ASIC-accelerated performance
Lower total cost of ownership
Easy to deploy / manage / use
Customers Worldwide
6
8 of the top 10 Fortune companies in Americas
8 of the top 10 Fortune companies in EMEA
9 of the top 10 Fortune companies in APAC
7 of the top 10 Fortune Telecommunications companies
9 of the top 10 Fortune Retail & Commercial Banks
9 of top 10 Fortune Aerospace & Defense
Myth #1
7
1. I have a firewall, I don’t need any other network protection
2. Blocking applications is good enough
3. Best of breed products are better than a consolidated approach
4. There is no way to stay on top of threats
5. Hackers only attack big companies
This Week in Hacks
8
South Shore Hospital data breach may affect up to 800,000; contractor named
A host of personal information was contained on the files.. driver’s license numbers,
SSNs, medical records…banking details
Bank Of America Accounts Hacked
Debit Card Information Stolen – local branch
Ceridian, Lookout Services Settle With FTC Over Data Breach
A report recently revealed that data breaches were at an all time high in 2010, with
96 percent of all breaches shown to have been avoidable by implementing simple
security measures.
FCC Helps Small Business Plug Huge Cybersecurity Gap
Study that finds American small businesses lose billions annually to cyberattacks and
that 74 percent of small and medium businesses reported being affected by cyber-
attacks in the past 12 months at an average cost of $200,000 per incident.
http://www.fcc.gov/cyberforsmallbiz
Layers of Protection Against Today’s Threats
9
• Overlapping, complementary layers of
protection
• Comprehensive, integrated inspection
– Allow but don’t trust any application
– Examine all application content
Myth #2
1. I have a firewall, I don’t need any other network protection
2. Blocking applications is good enough
3. Best of breed products are better than a consolidated approach
4. There is no way to stay on top of threats
5. Hackers only attack big companies
10
Myth: Blocking applications is good enough
11
Google SEO Poisoning
• Integrated Web Filtering
Blocks malicious website
• Antivirus
Block downloads of viruses
• Intrusion Protection and Application Control
Block exploit kits (SWF) and
Botnet command channels
Solution
import java.awt.*; import java.applet.*;
import java.net.*; public class SlideShow
extends Applet { private Image[] images;
private String[] text; private Label captions;
private volatile int curFrame; private Thread
timerThread; private volatile boolean
noStopRequested; private boolean paused;
Cross site scripting
Myth #3
12
1. I have a firewall, I don’t need any other network protection
2. Blocking applications is good enough
3. Best of breed products are better than a consolidated approach
4. There is no way to stay on top of threats
5. Hackers only attack big companies
Myth: Stand-alone products are better than
consolidated approach
13
•Deliver comprehensive solutions for the
largest global networks and organizations
–Improve performance
–Increase protection
–Reduce complexity
•Continually raising the performance bar
with purpose-built hardware and software
–Custom processors and latest
generation general purpose processors
•Convert stand-alone products into features
–Simplify the network and improve
visibility
•This approach facilitates highly efficient
and effective MSS
Fortinet & Windstream: Your World Class Security
Solution
14
Anti –
Malware
Firewall
Site to Site
VPN
IPS
Web
Filtering
Application
Control
Wireless
LAN
Remote
Access
VPN
Remote
Protect
Logfile
Retention
Customer
Portal
Weekly
Reports
24X7 Fully
Managed
Service
Myth #4
1. I have a firewall, I don’t need any other network protection
2. Blocking applications is good enough
3. Best of breed products are better than a consolidated approach
4. There is no way to stay on top of threats
5. Hackers only attack big companies
15
Myth: There is no way to stay on top of threats
16
• Intrusion Prevention: Vulnerabilities and Exploits Browser and website attack code crafted by hackers and criminal gangs.
• Application Control: Unwanted Services and P2P Limiting Botnet command channel, compromised Facebook applications, independent of port or protocol
• Web Filtering: Multiple categories and Malicious sites Botnet command, phishing, search poisoning, inappropriate content
• Antivirus: All malicious code Documents, macros, scripts, executables
Delivered via Web, Email, USB, Instant messaging, social networks, etc
Comprehensive Protection Solution for SMBs
Defending Against Day Zero Attacks
17
Fortinet support centers
FortiGuard update server locations
FortiGates Deployed
450000+ FortiGates = Hundreds Of Thousands of Eyes and Ears
NEW ATTACK
DETECTED!!!!!!!
Threat Identified, Remedy Created,
Pushed to FortiGuard, Pushed to
FortiGates
Myth #5
1. I have a firewall, I don’t need any other network protection
2. Blocking applications is good enough
3. Best of breed products are better than a consolidated approach
4. There is no way to stay on top of threats
5. Hackers only attack big companies
18
Myth: Hackers Only Attack Big Companies
According to NIST 23%+ of all small business have suffered a
data breach many not knowing it, of these…
• 42% reported laptop theft
• 44% reported insider abuse
• 50% detected computer viruses
• 21% reported denial of service attacks
• 20% reported systems being made bots
Why, isn't there more to be gained by attacking large
organizations?
Low hanging fruit - typically less armor against attack, easier, less chance
of discovery
Thinking of taking up mountain climbing? Not a good idea to begin with
Mount Everest
The infrastructure & applications are largely the same.
Microsoft: One Out of 14 Downloads Is Malware
19
Summary
20
Complete Content Protection •A firewall isn’t enough with today’s current blended attacks
Simple allow/deny access doesn’t work •Protection in depth is critical
Consolidation is better than best-of-breed •Integrated solutions better protect your network
Every FortiGate is protected with real-time updates •CPE or Cloud, On Net or Off ubiquitous security for
your entire network
Windstream’s Managed Security investment is world class •People, processes and tools delivering your piece of mind
Windstream Managed Network Security
21
Terry O’Brian
Windstream Enterprise Product
Development Manager
Windstream Managed Network Security Beyond Desktop Security
22
• Windstream Managed Network Security unifies stand-alone security
services, such as anti-virus protection, firewall and intrusion
prevention and detection, into one robust solution.
• Managed Network Security goes beyond protecting PC desktops. It
defends your entire office computing environment against the latest
generation of Internet threats.
• Protect your entire network:
– Application servers
– Desktop PCs
– Wireless LAN
– Network printers
• Windstream provides security without the hassle. We set it up,
maintain it and manage it for you.
Benefits to Your Business
• Comprehensive, near real-time protection against a variety of
Internet attacks.
• Helps keep your business in compliance with regulatory standards
for security.
• Because Managed Network Security is fully managed by
Windstream, you will reduce costs of dedicated IT staff or in-house
security expert.
23
Key Features
Managed Network Security Features
• CPE and Cloud firewall delivery options with customizable rules
• Application intelligence detects and prevents malicious traffic from gaining
network access
• Protection against viruses, worms, and phishing attacks
• Security log storage and weekly reports
• IPSec encrypted, site-to-site VPN connections
• Remote access VPN and remote desktop options available
• Remote Protect and Off-Net Remote Protect available
• Secure Wi-Fi options available
• Web content filtering protects employees from objectionable web content
• User-friendly web portal for account administration
24
Product Reporting Features
Reports for each Service Firewall
IPS
AntiVirus – Virus, Spyware etc.
VPN – All
WiFi
Web Content Filtering
Visible Value of the Service Underscores value of security investment
More robust than Do-It-Yourself approaches
Aids in validating regulatory compliancy for audits
High Level and Powerful Provides needed visibility into service performance
Easy to understand charts, graphs, and tables
Related Services
Internet Access. As your business grows, so does your dependency on the Internet for
access to real-time business applications and the demand for faster and more efficient
connectivity.
MPLS Networking Solutions. Windstream's MPLS Networking Solutions provide
customers with private, multi-site data connectivity for corporate headquarters, branch
offices, business offices and business partners. Connect your locations with a secure,
private network with Windstream's Virtual Private Network (VPN) or Virtual LAN (VLAN)
services.
Web Hosting Solutions. Windstream Web and E-mail Hosting services enable
customers to build and publish a Web site, create an online store, manage their
business e-mail accounts as well as many other features to promote your business.
Windstream E-mail Hosting packages include branded e-mail accounts with up to 1GB
of e-mail storage, 99% uptime guarantee and 24/7 technical support.
Equipment Solutions. Windstream has partnered with some of the most respected
names in the industry to bring you state-of-the-art technology and the features you need
to drive your business forward.
26
Q & A
27
Question & Answer
Session
© 2011 Windstream Communications, Inc. | 008906
Thank You
Contact Windstream today at windstreambusiness.com
Drew Savage, Fortinet
dsavage@fortinet.com
Terry O’Brian, Windstream
terry.o’brian@windstream.com