© Copyright Fortinet Inc. All rights reserved.

Internal Network Firewall (INFW)Protecting your network from the inside out

Ted Maniatis, SE – Central Canada

Fortinet Technologies

Data Connectors 2015

2

Agenda

Internal Security Threats and Challenges

Introducing Internal Network Security

Meeting Customer Requirements – INFW Deployment

Customer Scenario’s

The Fortinet Advantage

3

A Global Leader and Innovator in Network SecurityFortinet Quick Facts

Platform Advantage built on key innovations

• FortiGuard: industry-leading threat research

• FortiOS: tightly integrated network + security OS

• FortiASIC: custom ASIC-based architecture

• Market-leading technology: 196 patents, 162 pending

Founded November 2000, 1st product shipped 2002, IPO 2009

HQ: Sunnyvale, California

Employees: 3000+ worldwide

Consistent growth, gaining market share

Strong positive cash flow, profitable

$13M

$770M

$16M

~$1B

Cash

Revenue

2003 2014

2003 2014

Global presence and customer base

• Customers: 225,000+

• Units shipped: 1.9+ Million

• Offices: 80+ worldwide

Based on Q4 and FY 2014 data

4

Fortinet Advantage - GLOBAL PlatformFortiOS Enables Networking & Security Convergence, Security Consolidation

Firewall

VPN

Application Control

IPS

Web Filtering

Anti-malware

WAN Acceleration

Data Leakage Protection

WiFi Controller

Advanced Threat Protection

SaaS Gateway

Management

� Single management console

� Common platform across all size deployments

� Deploy what you need, where you need it

� Consistent, coordinated policy

� Consolidated infrastructure

� Faster and more robust response to threats, decreased risk exposure

� Lower admin burden, easier to maintain infrastructure

� Frees up IT resources to be reallocated to strategic projects

� Fewer user complaints

5

Advanced Threats Take Advantage of the “Flat Internal” Network

� Existing Firewall’s focused on the border

� Internal network no longer “trusted”

� Many ways into the network

� Once inside threats can spread

6

Time to Discovery of a Breach is Not Keeping Up

� Wide gap between percentages for the two phases

� Time to compromise accelerating faster than Discovery

� Once inside, what can be done to contain and minimize the attack?

*Verizon DBIR 2014

Percent of breaches where time to compromise (red)/time todiscovery (blue) was days or less

100%

75%

50%

25%

20

04

20

05

20

06

20

07

20

08

20

09

20

10

20

11

20

12

20

13

Time to compromise

Time to discovery

7

Internal Security is Integral to a Layered Security Approach

� What is Recommended

» Inside-out visibility

» Internal segmentation

» Easy deployment

and administration

What is Internal Security?

DMZs, firewalls, IDS, gateway AV

Protects attacks from within

Client security controls

8

Business Drivers for Internal Security

Business Driver IT Pain Point

Prevent Business Disruption• Stop spread of malware

• Ensure application and network availability

Revenue & Profitability• Reduce costs associated with recovery and remediation

• Minimize IT activity

Regulatory Compliance • Ensure confidentiality / integrity of information

9

Too Many Ways In…

Endpoint

Multi-FunctionGateway

Data CenterCloud

WAN

External Network(Multi-Megabit)

AV Signature Only Protection

Less Trustworthy Networks/Subsidiary

Security out of your Control

Not every Security App switched on

Internet

More Customer/PartnerAccess

Security Becomes a Bottleneck

Too Many Point Solutions

No Security Agents

“FLAT” InternalNetwork Architecture

Internal Network(Multi-Gigabit)

10

Too Many Ways In… Rethink Your Architecture

Endpoint

Multi-FunctionGateway

Data CenterCloud

WAN

AV Signature Only Protection

Less Trustworthy Networks/Subsidiary

Security out of your Control

Not every Security App switched on

More Customer/PartnerAccess

Security Becomes a Bottleneck

No Security Agents

INFW

INFW

INFW

INFW External Network(Multi-Megabit)

Internal Network(Multi-Gigabit)

Internet

Too Many Point Solutions

Internal Network Firewall� 100G+ Performance� Ease of Deployment

� Protection

11

Introducing: Internal Network Firewall (INFW)

� Complete Protection– Continuous inside-out protection against advanced threats

� Easy Deployment – Default Transparent Mode means no need to re-architect the network

� High Performance – Multi-Gigabit throughput supports wire speed East-West traffic

LOCAL SERVERS USER NETWORKDEVICES

To Internet

Core/Distribution Switch

AccessSwitch/VLAN

DISTRIBUTION/CORE LAYER

ACCESS LAYER

• FortiGate wire intercept using transparent port pair

• High speed interface connectivity

• IPS, ATP & App Control

12

Internal Network Firewall – How is it different?

Deployment INFW NGFW UTM DCFW CCFW

Purpose Visibility & protection for internal segments

Visibility & protection against external threats and internet activities

Visibility & protection against external threats and user activities

High performance, low latency network protection

Network security for Service Providers

Location Access Layer Internet Gateway Internet Gateway Core Layer/DC gateway Various

Network Operation Mode

Transparent Mode NAT/Route Mode NAT/Route Mode NAT/Route Mode NAT/Route Mode

Hardware requirements Higher port density to protect multiple assets, hardware acceleration

GbE and GbE/10 port High GbE port density,integrated wireless connectivity and PoE

High speed (GbE/10 GbE/40 GbE/100) & high port density, hardware acceleration

High speed (GbE/10 GbE/40 GbE, GbE/100) & high port density, hardware acceleration

Security Components Firewall, IPS, ATP, Application Control

(User-based) Firewall, VPN, IPS, Application Control,

Comprehensive and extensible, client and device integration

Firewall, DDoS protection Firewall, CGN, LTE & mobile security

Other Characteristics Rapid Deployment –near zero configuration

Integration with Advanced Threat Protection (Sandbox)

Broad WAN connectivity options including 3G/4G/LTE

High Availability High Availability

14

Firewall Deployment Modes

Deployment Mode

Deployment Complexity

Network Functions

High Availability

Traffic Visibility

Threat Prevention

Network Routing

High L3 – L7 � � �

Transparent Low L1 – L2 � � �

Sniffer Low � � � �

Transparent mode combines the advantages of Network Routing and Sniffer mode

28

INFW – Customer Scenario’s

Existing FortiGate customers

� Requirements

» Protection against advanced threats

� Benefits

» Multi-layered attack prevention

» Network segmentation prevents spread of malware

» Reduced costs with security management

New customers with legacy firewalls

� Requirements

» Application visibility, address weaknesses in legacy competitive firewalls

� Benefits

» Instant application visibility with default Transparent Mode deployment

» Advanced threat protection

» Network segmentation prevents spread of malware

29

Awards & Certifications Partnerships & Industry

35 Awards

Founded by Fortinet additional members include Palo Alto Networks, McAfee and Symantec

Fortinet Advantage – SECUREFortiGuard Labs Is An Industry Leader in Threat Research

30

Unparalleled Independent 3rd Party Certification

Description Fortinet Check Point CiscoPalo AltoNetworks

Juniper FireEye

NSS - Firewall NGFW Recommended RecommendedRecommended

& Neutral Caution Caution x

NSS - Firewall DC Recommended x x x x x

NSS - Breach Detection Recommended x Recommended x x Caution

NSS - WAF Recommended x x x x x

NSS – Next Gen IPS Recommended x Recommended Neutral x x

NSS - IPS (DC) ✔ ✔ x x Caution x

BreakingPoint Resiliency Record High - 95 x x Poor - 53 x x

ICSA Firewall ✔ ✔ x ✔ ✔ x

ICSA IPS ✔ ✔ x x x x

ICSA Antivirus ✔ x x x x x

ICSA WAF ✔ x x x x x

VB 100 ✔ Caution x x x x

AV Comparative ✔ x x x x x

Common Criteria ✔ ✔ ✔ ✔ ✔ ✔

FIPS ✔ ✔ ✔ ✔ ✔ ✔

Contains results from the latest published NSS Labs reports X = did not participate, not certified

31

NGFW

NSS Labs Validates Our Advantage

�Fortinet is “Recommended” while top competitors are not

X-axis = TCO per protected Mbps Y-axis = Security Effectiveness Upper right quadrant = “Recommended” Lower left quadrant = “Caution”

Breach Detection

32

The Fortinet Secured NetworkBroad Complementary Security Portfolio

FortiDBDatabaseProtection

FortiClientEndpoint Protection, VPN

FortiTokenTwo Factor Authentication

FortiSandboxAdvanced ThreatProtection

FortiClientEndpoint Protection

FortiGateNGFW

FortiAuthenticatorUser Identity Management

FortiManagerCentralized Management

FortiAnalyzerLogging, Analysis,Reporting

FortiADCApplicationDelivery Control

FortiWebWeb Application Firewall

FortiGateDCFW

FortiGateInternal NGFW

FortiDDoSDDoS Protection

FortiMailEmail Security

FortiGateVMXSDN, Virtual Firewall

FortiAPSecure Access Point

DATA CENTER

BRANCHOFFICE

CAMPUS

FortiGateCloud

FortiWiFiUTM

FortiGateTop-of-Rack

FortiCameraIP Video Security

FortiVoiceIP PBX Phone System

FortiGateNext Gen IPS

FortiExtenderLTE Extension

33

Wide Product Range for Every Segments

MSSP ✔ ✔ ✔ ✔ ✔ ✔ ✔

Carrier ✔ ✔ ✔

Data Center / Cloud

✔ ✔ ✔ ✔

Enterprise✔ ✔

(Branch)✔

(Branch)✔

(Branch)✔

(Campus)✔

(Campus)✔

DistributedEnterprise

✔ ✔ ✔ ✔ ✔ ✔ ✔

SMB ✔ ✔ ✔ ✔

Model 20-90 Series

100Series

200Series

300-800Series

1000Series

3000Series

5000Series

Product Range

Entry Level Mid Range High End

*Key Hardware Features

PoE, Switch,

WiFiPoE, High Density GE

High Density

GE

High Density

GE, 10 GE

10 GE, 40 GE

Chassis & Blades

* May be available as hardware variants

34

Per Minute

25,000Spam emails intercepted

390,000Network Intrusion Attempts resisted

83,000Malware programs neutralized

160,000Malicious Website accesses blocked

59,000Botnet C&C attempts thwarted

39 millionWebsite categorization requests

Per Week

47 millionNew & updated spam rules

100Intrusion prevention rules

2 millionNew & updated AV definitions

1.3 millionNew URL ratings

8,000Hours of threat research globally

Total Database

170Terabytes of threat samples

17,500Intrusion Prevention rules

5,800Application Control rules

250 millionRated websites in 78 categories

173Zero-day threats discovered

Based on Q1 2015 data

Image: threatmap.FortiGuard.com

Fortinet Advantage – SECUREFortiGuard Labs Threat Research

35

The Fortinet Advantage

� Best multi-layered protection on the market

� Best performance for internal protection

� Out-of-the-box Transparent Mode for easy deployment