Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Fortinet ixia ottawa, june 2013
Similar a Fortinet ixia ottawa, june 2013 (20)
Último
Último (20)
Fortinet ixia ottawa, june 2013
- 1. 1 What’s Next in Next-Gen Firewalls and Testing? Ottawa. June 20th, 2013
- 2. 2 AGENDA 11:30 am Lunch 12:00 pm Welcome 12:10 pm Video: John Pescatore (SANS) –NGFW and ATAs 12:25 pm Fortinet / Ixia Live Demonstrations 1:00 pm Wrap Up / Q+A What’s Next in Next-Gen Firewalls and Testing?
- 3. 3 Fortinet’s Evolution: Comprehensive & Integrated Security Layer 1-2: PHYSICAL Layer 3-4: CONNECTION Layer 5-7: CONTENT & APPLICATION ANTI-SPYWARE ANTISPAM WEB FILTER ANTIVIRUS VPN IPS FIREWALL LOCK & KEY SPYWARE WORMS SPAM BANNED CONTENT TROJANS VIRUSES INTRUSIONS HARDWARE THEFT 1980s 1990s 2000s Today Performance-Damage Layer 8: USER ENHANCED USER EXPERIENCE
- 4. 4 June 24, 2013 ELIMINATE GUESSWORK Security Exposed
- 5. 5 Video
- 8. 8 Demonstration Equipment FortiGate-3600C Next Generation Firewall Ixia BreakingPoint FireStorm ONE
- 9. 9 Demo Set: Physical and Logical ViewPhysicalLogical 1x 10Gbps Fibre Inbound traffic Outbound traffic
- 10. 10 Live Demonstrations • Test 1 NGFW Bandwidth Throughput • Test 2 NGFW BW + Attacks -Same throughput as Test 1 Bidirectional attacks added (1757 in each direction) Standard BP strike level 4 Blocked strikes retry and retransmit • Test 3 NGFW BW + Attacks (but no detection) Still same throughput as before Bidirectional attacks go through FW only rules (no IPS or App control)
- 11. 11 Test Lab and Certification Results Separate 3rd Party Facts from Vendor Claims
- 13. 13 Over 150 New Features & Enhancements Securing Mobile Devices ------------------------------------ Device Identification Device Based Policy Endpoint Control Making Smart Policies ------------------------------------- Secured Guest Access Visibility & Reporting Identity-Centric Enforcement More Intelligence Fighting Advanced Threats -------------------------------------- Client Reputation Advanced Anti-malware Protection FortiOS 5 - The World’s Most Powerful Network Security Operating System More Security More Control
- 14. 14 What’s Next in Next-Gen Firewalls and Testing?
- 15. 15 Fortinet’s Answer to What’s Next - FortiOS 5 The World’s Most Powerful Network Security OS just got even better! Advanced Security Advanced Threat Protection and Remediation Technologies to break the Threat life Cycle Contextual Visibility Empowering organization to gain deep insights to real-time and historical network use by Application, by User and by Device (BYOD) Feature Select Instantly fine-tune Fortigate based on desired deployment needs using feature presets
- 16. 16 Feature Select: Enabling Flexible, Optimized Configurations • Deploy specific security functions per network location requirements HQ (Enterprise Core) Branch Office (Distributed Enterprise) NGFW+ATP NGFW+ATP WF ATP NGFW NGFW INTERNET Retail Outlet /Kiosk (Distributed Enterprise) Data Center FW NGFW UTM Management Endpoint Control
- 17. 17 Feature Select Presets - Flexible Configuration Allow administrators to easily set up GUI that is relevant to the unit’s deployment Further customizations
- 18. 18 Context Visibility - Network Activities NAT’ed IP and Port Applications and their usage Device & User Info Concurrent Session & New session per sec Geo IP Info FortiGuard Encyclopedia Integration
- 19. 19 Context Visibility – Threat Status DRILL DOWN Display top clients that is associated with most threats
- 20. 20 Advanced Targeted Attacks • Advanced Targeted Attacks (ATA) » Target specific organizations » Infiltrate from multiple vectors » Remain stealthy for lengthy periods of time before exfiltrating data • ATA is the accepted term for viruses » Advanced Persistent Threats (APT) also used • Modified Infection Lifecycle » Zero day vulnerabilities » Fresh Malware » Phishing emails » Password hacks
- 21. 21 Fortinet Advanced Threat Protection Once compromised, systems can be controlled remotely Botnets Infection via web downloads, phishing or watering hole attacks Malicious Websites Viruses and other malware evolve to avoid detection Polymorphic Malware Host machines can become infected by viruses, trojans, etc. Traditional Viruses, etc. Identifies and blocks suspicious websites Identifies zero-day malware via cloud-based AV sandboxing Prevents command and control from remote systems through IP reputation Web Filtering Malware Sandboxing Botnet DB Blacklist FortinetATP Advanced AV Engine Uses heuristic techniques and OS independent local sandboxing Infected hosts take orders from the Internet Potential initial host infection vector Avoids traditional signature-based AV detection Destructive behavior or backdoor installation
- 22. 22 Capacity&Performance FG-100-800 Series FG-1000-3000 Series FG-5000 Chassis System Enterprise Branch Enterprise Core Data Center Enterprise Product Offering ATP NGFW NGFW+ATP 10G Interfaces Dual power supplies Multi-gigabit NGFW performance Highly scalable WFNGFW NGFW+ATP Compact 1 RU NGFWFW
- 23. 23 THE CURRENT THREAT LANDSCAPE IS CHANGING EVERYTHING
- 24. 24 Test Evaluate Next-Gen Technologies Rightsize Technology Investments Reduce Deployment Risk Optimize Performance Assess Certify Security Posture Predict Impact of Change Evaluate Threat of New Attacks Measure Wi-Fi Coverage Optimize Scalability and Reliability ACCELERATE & SECURE APPLICATION DELIVERY Optimize Deliver Packets to Monitoring Tools Eliminate Bottlenecks Filter Application Traffic De-duplicate Packets Identify Security Threats
- 25. 25 NETWORK PERFORMANCE MONITOR INTRUSION DETECTION SYSTEM APP PERFORMANCE MONITOR NETWORK DATA RECORDER NETWORK ANALYZER IXIA ANUE NET TOOL OPTIMIZER (NTO) ANUE: Complete Visibility
- 26. 26 SIMULATION AND TESTING APLICATION & THREAT INTELLIGENCE BreakingPoint: Performance & Security Evaluate Next-Gen Technologies Rightsize Technology Investments Reduce Deployment Risk Optimize Performance Network Surveillance Strategic Relationships Carrier Feeds Research
- 27. 27 ACTIONABLE SECURITY INTELLIGENCE Unprecedented Performance • 120 Gbps blended application traffic • 90M concurrent TCP sessions • 3M TCP sessions/second • 640K concurrent SSL sessions Real World Applications • 200+ application protocols • Social media, peer-to-peer, voice, video • Web and enterprise applications, gaming • Custom applications • Frequent updates Real Attacks • 5,000+ live security attacks • 30,000+ pieces of live Malware • 100+ evasions • DDoS and Botnet simulation • Custom attacks • Research and frequent updates NEWEVERY 2WEEKS 26 NEW biweekly updates Applications DDoS/APT attacks
- 29. 29 Storage SAN HOLDING YOUR VENDORS ACCOUNTABLE METRIC Transactions Concurrent Flows Average Latency (microseconds) Attacks Blocked (Ixia Security Level 1) GOAL 10,000 30,000 5,000 80% FIREWALL A 12,243 32,684 5,114 47% FIREWALL B 8,832 57,908 1,308 91% FIREWALL C N/A 14,618 235,648 78% Met Specification Missed Specification by 5% or less Missed Specification by more than 5%Key: Wireless Wi-Fi Next-Gen Security Devices Massive Performance Routing Port Density Switching Ethernet 100G DEVICE EVALUATION
- 30. 30 APP FLOOD SYN FLOOD USERS Router Firewall Load Balancer App Server Switch Database Server APPLICATION RESILIENCY NETWORK RESILIENCY DATA CENTER RESILIENCY DDOS RESILIENCY TESTING
- 31. 31 Best-in-class solutions to test, assess and optimize networks and data centers Complete visibility into your network, data center, and the applications that fuel your business From the lab to the network to the cloud, Ixia solutions optimize networks and data centers to accelerate, secure, and scale the delivery of your applications. Actionable insight to eliminate guesswork for optimal and predictable application & service delivery Only Ixia Provides
- 32. 32 Questions?
Notas del editor
- Use this slide to introduce Fortinet during the Welcome segment (see Agenda)The purpose of this slide is just to do a quick 2 to 3 minute Fortinet intro for guests who are not familiar with the company.Fortinet is a leader in the NGFW and UTM markets. We are publicly traded, profitable and had 2012 revenues of $533 million.Historically, security has followed Internet trends, and now is no exception. Security that can protect against network and content threats – both known and unknown – and do so at network speeds is required. Fortinet recognized this early on and our vision was to tightly integrate many securityfunctions and point products together into a single, manageable and flexible platform. This vision created the Unified Threat Management market, and it’s offshoot, the Next Generation Firewall market, which is essentially a subset of UTM.UTM is defined as a device that “Unifies” multiple security features, including firewall/VPN, Intrusion Detection/Prevention and gateway antivirus, at a minimum, Fortinet offers all these plus much more features. We also leverage our FortiASIC to accelerate performance, and utilize our FortiGuard Labs for real-time global update service, this solution effectively protects our customers in today’s challenging network environment
- Ixia is the global leader for test, assessment and validation of IT infrastructure solutions that enable customers to optimize technology throughout the IT lifecycle. Our family of products provides quantifiable data where no data exist before. This means less guessing more facts. We assist preproduction, production and operations with products solutions and services that evaluate performance scalability and security resiliency.
- This is the actual gear used in today’s demo. It consists of a Fortigate 3600C and an Ixia BreakingPoint FireStorm ONE. The setup is physically located in Sunnyvale, CA. We are using the hotel Internet connect to reach to equipment.
- Here is both a physical and logical view of the demo configuration.We are just using a single port on the Fortigate/Breakpoint connected in loopback mode so that the Breaking Point can monitor and show the activity on the Fortigate.If all ports were activated on the Fortigate, capacity would be 60G. But we are only using 1 port so 10 G would be the maximum. In fact, we have throttled this back for the demo and the latency of the remote connection, so we should expect to see 8 to 9G for the demo.
- This is a summary off the 3 demos we will do today (read the slide!). They are:Test 1 NGFW Bandwidth ThroughputTest 2NGFW BW + Attacks Test 3 NGFW BW + Attacks (but no detection)
- Fortinet’s leading is continually validated by our robust feature set, independent test lab verifications and industry awardsFortinet has been award the coveted “Recommended” designation by NSS labs for Firewall, IPS and NGFW.
- FORTINET BUILT AND OWNS ALL 3 KEY UTM COMPONENTS – INTEGRATED SECURITY TECHNOLOGIES, HIGH-SPEED ASICS, AND GLOBAL SUBSCRIPTION UPDATE SERVICES -- WHICH PROVIDES US WITH A COMPETITIVE ADVANTAGE. WE BELIEVE THAT NONE OF OUR COMPETITORS PROVIDE A SOLUTION THAT INCORPORATES ALL THESE 3 UTM KEY COMPONENTS. OUR FORTIOS OPERATING SYSTEM ENABLES US TO EFFICIENTLY DELIVER MULTI-THREAT, COMPREHENSIVE SECURITY.OUR FORTIASICs ADD SIGNIFICANT PROCESSING POWER ADVANTAGE OVER THE SOFTWARE APPROACH, ACCELERATING FORTIGATE UTM PERFORMANCE.OUR FORTIGUARD INFRASTRUCTURE PROVIDES PROTECTION IN REAL-TIME - ESSENTIALLY PROVIDING A RECURRING, SUBSCRIPTION BUSINESS ON TOP OF OUR FORTIGATE APPLIANCES.SOME OF OUR COMPETITORS MAY BE ABLE COMPETE WITH INDIVIDUAL ELEMENTS OF OUR UTM SOLUTION - BUT IN OUR VIEW NO ONE CAN DELIVER THE ENTIRE SOLUTION AS WE ARE DOING TODAY. FOR EXAMPLE:SECURITY VENDORS SUCH AS CHECK POINT AND MCAFEE OFFER A BROAD SET OF FEATURES, BUT DO A POOR JOB OF INTEGRATING THEM, AND DON’T COME CLOSE ON PERFORMANCE NETWORKING VENDORS SUCH AS CISCO AND JUNIPER ARE OK ON PERFORMANCE, BUT THEIR FIREWALL AND VPNS MISS ALL THE VIRUS AND BAD CONTENT-BASED ATTACKS.WE BELIEVE WE HAVE THE BEST TECHNOLOGY COVERING ALL THE KEY UTM FUNCTIONS, AND FROM A PERFORMANCE AND INTEGRATION PERSPECTIVE, NO ONE EVEN COMES CLOSE TO FORTINET.
- FortiOS tackles today’s challenges:The need for more control – how do I control devices - devices may be personal or belongs to the organizationThe need to protect against new threats – How do I protect the network against zero-day attacks and goes beyond using Signatures …The need to effectively enforce security with more complex network environment and requirements – How do I simplify the management and implementation, so that I as the weakness link – do it correctly! Also, How can I better understand what is going on my network
- So, what is next for Next Gen Firewalls?
- Fortinet answered the question, “What’s next in next-generation enterprise firewalls?” with new features within its FortiOS 5 operating system, which serves as the foundation for the company’s award-winning FortiGate™ network security platform. The new update includes:Feature Select: With one-click, customers can choose from a variety of security configuration options, including: High Speed Firewall, NGFW, ATP, Web Filtering, UTM and others Contextual Visibility: Gives organizations real-time and historical insight on network use based on application, user and device Advanced Threat Protection (ATP): Enhanced security tools combat and mitigate multi-vector persistent attacks
- Gartner has recently recommend that customers standardize on a single firewall platform across their enterprise. Gartner believes this will reduce firewall rule errors, simplify management and lead to reduced operating costs.Fortinet offers a wide product portfolio with its Fortigate network security platforms.Now, with Feature Select, you can standardize the same network security operating systems (FortiOS) across your enterprise and be able to fine tune each device with features specific to it physical location in the network.Feature Select includes the following presets:FW = FirewallNGFW = NGFWATP = Advanced Threat ProtectionWF = Web FilteringNGFW +ATP = NGFW + Advanced Threat ProtectionUTM = Unified Threat Management
- You access Feature Select from the Fortigate Console “Features” section.Using the dropdown box, you choose your desired Feature Select Preset, and then the configuration will be updated in the Fortigate.
- Better Protection with Better VisibilityThe new Contextual Visibility feature in FortiOS 5 gives administrators deeper insights into historic or real-time network activities using detailed analytics. The types of data that can be extracted include IP and Port, geographical IP, session type, user names, network usage, network coverage and the types of applications and devices that are connecting to the network. With this, administrators can use correlated data to identify top clients associated with particular threats and further isolate suspicious Websites and IP addresses.
- Another Example of Context VisibilityThe new Contextual Visibility feature in FortiOS 5 gives administrators deeper insights into historic or real-time network activities using detailed analytics. The types of data that can be extracted include IP and Port, geographical IP, session type, user names, network usage, network coverage and the types of applications and devices that are connecting to the network. With this, administrators can use correlated data to identify top clients associated with particular threats and further isolate suspicious Websites and IP addresses.Context Visibility can also be used to drill down and identify Threat Status.
- Fortinet addresses these threat vectors with multiple technologies to provide advanced threat protectionFortinet Web Filtering uses URL matching and advanced DNS-based web filters to identify potentially harmful websitesFortinet Antivirus Engine can identify standard AV threats, but also uses advanced techniques like heuristics and sandboxing to determine malicious behaviorFortiGuard Analytics (aka AV sandboxing) allow zero-day wares to be identified and further analyzed in the cloudFortiGuard Botnet database contains up-to-date information about IP reputations and prevents remote command and control communications
- Summary of Fortigate NGFW offerings.
- The current threat landscape is changing everything, from the way we protect data and secure infrastructures to the way we test infrastructure devices and train cyber warriors. The divide between testing tools, threat intelligence, and monitoring products has created dangerous blind spots that continue to erode the security posture of businesses and government agencies.
- Ixia believes organizations deserve definitive answers, not best guesses and promises.That’s why Ixia accelerates and secures application delivery by providing the most comprehensive solutions that test, assess, and optimize networks. This is a critical combination that provides the predictive insights and actionable intelligence you need to accelerate, secure, and scale application delivery.Our recent acquisitions of Anue and BreakingPoint have added to our already strong solutions.
- Only Ixia Anue solutions deliver complete visibility into your network, your data center, and the applications and services that fuel your business. Deliver Right Packets to Security & Monitoring Tools (with Anue Dynamic filters)Aggregate Traffic from Different Parts of the Network (with Anue Aggregation)Eliminate Monitoring Traffic Bottlenecks (with Anue Load Balancing)Share Traffic between Different Tools (with Anue traffic sharing)Filter Application Traffic (Layer 2, 3, 4, plus Dynamic filters – send the traffic each tool needs)De-duplicate Packets (increase performance of security monitoring tools)Identify Security Threats with the help of Partners Tools such as Fortinet
- Ixia BreakingPoint solutions are the industry's most scalable, easy-to-use, and adaptable network assessment offerings – allowing companies to optimize performance and protect against threats with the latest applications and security attacks. You WILL be attacked, so you better be ready. All you can trust is data…data that provides predictive analytics, shows infrastructure stress fractures, monitors user behavior, and keeps you ahead of the hackers and the auditors.
- Actionable Security IntelligenceBridges the gap between IT testing, monitoring, and IT operations delivering the advance insight to protect highly dynamic converged and mobile networks, virtualized data centers, applications, and data in a highly volatile environment.Using our patented products, we then CONTROL this intelligence to simulate massively scalable With the exclusive ability to capture and control global threat intelligence at Internet-scale, BreakingPoint delivers the patented product bridges the gap between IT testing, monitoring, and operations delivering the advance insight to protect highly dynamic converged and mobile networks, virtualized data centers, applications, and data.