Fortinet Security Fabric

Présentation au sujet: "Fortinet Security Fabric"— Transcription de la présentation:

1 Fortinet Security Fabric
Nabila EL ATTABI – Major Account Manager La transformation digitale c’est mettre en oeuvre toute les technologie au service du metier.

2 3.2 3 1.3 10,000x $191 BILLION SECURITY HAS CHANGED
Billion INTERNET users 3 Billion NEW DEVICES PER YEAR THROUGH 2020 1.3 Billion SMARTPHONES SHIPPED WORLDWIDE PUBLIC CLOUD MARKET IS ESTIMATED TO REACH $191 BILLION INCREASE IN CYBER THREATS 10,000x Ces statistiques sont intéressantes, mais que signifient-elles vraiment ? Elles signifient simplement que la menace à laquelle sont confrontés tous les réseaux, aussi bien ceux des PME que des grandes entreprises, a pris de l’ampleur et continue d’augmenter de façon exponentielle. La multiplication des menaces, combinée à la spectaculaire augmentation du nombre d’appareils pouvant être utilisés pour accéder au réseau, se traduit par de plus en plus de difficultés à protéger les réseaux d’entreprise.

3 SO HAVE THE RISKS “ Average Cost of Cybercrime in the U.S. Dollars (Millions), per incident Sony security spends $22M per year. Sony Breach…direct cost of $35M for one year….cost to reputation $100B+ Kowsik Guruswamy, CTO of Menlo Security “ Le nombre de fuites de données médiatisées ces dernières années permet de se rendre facilement compte de ces difficultés. Néanmoins, si l’annonce d’une nouvelle brèche de sécurité dans les journaux attire notre attention, en particulier le nombre d’identités ou de cartes de crédit compromises, on néglige fréquemment l’impact à long terme pour une entreprise, aussi bien pour sa réputation que du point de vue financier. Les éléments négligés lors du vol de données de Sony Pictures sont les coûts directs et indirects pour l’entreprise, estimés à plus de 100 milliards de dollars.

4 TODAY’S STANDARD APPROACHES NO LONGER WORK
Too Risk Based Taking a reactive approach only addresses known threats, not the new unknowns. TOO Much Focus on compliance Enterprises spend too much on checking boxes down a list. Too MANY POINT SOLUTIONS Too many different security vendors whose products do not communicate with one another. À la lumière de ces éléments, il est clair que de nouvelles idées sont nécessaires. Néanmoins, à l’heure actuelle, les entreprises continuent de se fier aux mêmes vieilles stratégies. Il suffit de consulter la presse : on a l’impression qu’une nouvelle attaque, une nouvelle effraction, une nouvelle perte massive de données a lieu presque tous les jours. Pourquoi ces stratégies ne fonctionnent-elles plus ? Plusieurs raisons peuvent l’expliquer, mais nous en citerons trois principales. La première est un excès de focalisation sur la conformité : il ne suffit pas de respecter les critères un à un. À combien de brèches de sécurité massives avons-nous assisté alors que l’entreprise avait récemment été auditée et déclarée totalement conforme aux normes PCI ? Les pirates se moquent bien que vous ayez réussi votre dernier audit. Les stratégies sont également trop réactives et basées sur les risques. S’il est en effet important de se protéger contre les menaces connues les plus simples, il est essentiel de détecter les nouvelles menaces inconnues. Dans le paysage actuel des menaces, une évaluation annuelle des risques est obsolète dès l’instant où elle est réalisée. Enfin, les stratégies sont trop axées sur les « meilleures solutions de leur catégorie ». Le firewall d’un fournisseur, le sandbox d’un autre/deuxième fournisseur et la solution antispam d’un troisième . Aucun de ces outils n’a jamais été conçu pour interagir avec les autres, entraînant des carences potentielles au niveau de la protection de votre réseau. Que font les entreprises pour éviter d’être les prochaines à faire les gros titres ?

5

6 TODAY’S NETWORK IS BORDERLESS
Mobile PoS IoT Saas There’s more ways in Campus Branch Office Internet More ways out Data Center Internet Remote Office Cloud Il existait auparavant un périmètre clairement défini, et les stratégies de sécurité ont évolué pour protéger ce périmètre. Néanmoins, l’évolution de la technologie a entraîné des changements que ces stratégies n’ont pas pu gérer ; Internet, les technologies de cloud et l’assaut des équipements sans fil contribuent tous à une augmentation massive de la surface d’attaque. Si l’on ajoute à cela le fait que la plupart des réseaux sont conçus pour être plats une fois que l’on se trouve à l’intérieur du périmètre, les pirates peuvent facilement se déplacer de façon latérale dans les réseaux dès lors qu’ils sont parvenus à y pénétrer. Il s’agit d’une préoccupation majeure pour les grandes entreprises. Mais nous nous préoccupons également de la façon dont les données peuvent quitter les réseaux. Le Shadow IT, à savoir l’utilisation d’applications non autorisées comme Hightail ou Dropbox, signifie également qu’il existe différents moyens pour que les données quittent le réseau sans que vous le sachiez, facilitant leur exfiltration à la suite d’une intrusion. Saas

7 Each solution is bounded No interaction No integration
COMPLEXITY IS THE ENEMY OF SECURITY Cloud Vendor D Campus Vendor B Each solution is bounded No interaction No integration Vendor A Branch Vendor C Data Center Vendor E Voici le problème avec une stratégie classique faisant appel à des produits individuels : même si chaque produit fonctionne conformément aux spécifications et aux attentes, chacun se trouve sur un îlot distinct, isolé du reste de la solution. Vous avez une connectivité, mais aucune continuité de la sécurité entre les différents îlots. Qui plus est, il existe un manque de cohérence au niveau des renseignements nécessaires sur les menaces pour que ces solutions restent à jour : les différences inévitables en termes de qualité des renseignements et de fréquence des mises à jour entre les différents produits créent une faille énorme que les pirates peuvent exploiter. Les programmes malveillants qui pourraient être arrêtés par le firewall peuvent passer par un message électronique ou une application Web sans être détectés. Il revient aux entreprises de gérer ces problèmes et d’essayer d’harmoniser les écarts entre les différents produits, ce qui complique davantage une tâche déjà complexe. Ceci se vérifie particulièrement dans les entreprises de taille moyenne qui manquent de ressources pour gérer efficacement cette complexité.

8 SLOW IS BROKEN Infrastructure Speed Business Security
Le personnel informatique des entreprises est confronté à un problème jusqu’ici insoluble. Les entreprises dépendent du réseau pour garantir la continuité des activités et, selon le modèle qu’elles ont adopté, le réseau peut se trouver au centre de leur stratégie. L’intégration de la sécurité dans ce modèle se traduit généralement par un ralentissement du réseau, parfois jusqu’à affecter les performances des applications, ce qui entraîne des réclamations. Les entreprises sont alors contraintes de trouver un juste milieu entre les deux, un compromis qui ne satisfait personne. Mais, jusqu’à présent, les entreprises ont été forcées de faire ce compromis. SLOW IS BROKEN

9 Emerging Security Challenges
Fortinet’s mission is to deliver the most innovative, highest performing network security fabric to secure and simplify your IT infrastructure Today’s Network Is Borderless Slow Is Broken Complexity Is The Enemy of Security Telco Enterprise SMB Borderless Network There used to be a clearly defined perimeter and security strategies evolved to protect it. The evolution of technology however brought in changes that these strategies couldn’t deal with; the Internet, Cloud technologies and the onslaught of wireless all contribute to today’s borderless network- and a massive increase in the attack surface. Combined with the fact that most networks are architected to be flat once inside of the perimeter, if the network is breached, the intruder can easily move laterally throughout the network. This is a key concern for the larger enterprise. But we’re also concerned about how data can leave the network. Shadow IT, the use of unauthorized applications such as Hightail or Dropbox also means that there is any number of ways that data can leave your network without your knowing, making it easy to exfiltrate data following a network intrusion. To address the issue of a borderless network and an expanded attack surface, the new strategy calls for intelligent security that can provide visibility into all aspects of the infrastructure, and the wisdom needed to segment the network by trust level. Slow is broken. Slowing down the network to implement security is not, never has been nor will it ever be a satisfactory strategy. Enterprises have become accustomed to trading some performance for some security- a compromise that cannot be afforded in the modern era. An updated security strategy must be powerful and cannot compromise on performance in any segment of the network- from the IoT through the datacenter and into the Cloud- from the single user cell phone or tablet to the most sensitive proprietary database and everything in between- the security solution must be powerful at any scale. Complexity is the enemy of security. The more complex the network is, the harder it is to secure it. Therein lies the problem with the typical Point Product approach – while individually the products may work to specification and expectation, each one is an island, isolated from the rest of the solution. You have connectivity but no security continuity between each of the islands. More importantly is the lack of consistency of the threat intelligence necessary to keep these solutions up to date – inevitable gaps in the quality of the intelligence and the frequency of the updates between the different products opens up an enormous gap to be exploited by the hacker. Malware that might be stopped by the firewall could pass undetected by or web application. Dealing with these issues and trying to harmonize the differences between the different products is left to the enterprise, further complicating an already complex task. This is particularly true in the mid size enterprise that doesn’t have the resources to effectively manage this complexity. An updated security strategy requires seamless, simple cooperation between security devices- all gaps must be closed and coordination is a must. Enterprise Firewall Cloud Security ATP Application Security Secure Access Security Operations 9

10 BROAD POWERFUL AUTOMATED
Advanced Threat Intelligence Access Client Cloud Partner API NOC/SOC Network Application BROAD POWERFUL AUTOMATED Why the 3rd generation security fabric is much more secure and better than the first 2 generations of FW, UTM/NGFW system and platform? BROAD, POWERFUL AND AUTOMATED.

11

12 “Pour renforcer la sécurité de mon réseau j’ai besoin de deux étages firewall”

13 Deux technologies différentes
SCRIPT: In the following slides, you’ll be taken through the four primary application security solution products as they’re deployed to solve problems in a typical data center. Here we have a typical Fortinet-based network security platform installed in a data center. At the core is a FortiGate, connecting the users to and from the Internet. Off of the FortiGate are other common FortiGate-related data center products, including a FortiManager, FortiAnalyzer, a couple of wireless access points, and a FortiSandbox. All of these are provided security services by FortiGuard.

14 Firewall / NGFW / UTM as the Foundation
FortiGuard FortiGate-based Network Security Management, analytics, sandboxing Wireless, switching FortiGuard Services SCRIPT: In the following slides, you’ll be taken through the four primary application security solution products as they’re deployed to solve problems in a typical data center. Here we have a typical Fortinet-based network security platform installed in a data center. At the core is a FortiGate, connecting the users to and from the Internet. Off of the FortiGate are other common FortiGate-related data center products, including a FortiManager, FortiAnalyzer, a couple of wireless access points, and a FortiSandbox. All of these are provided security services by FortiGuard.

15 Protect from Email-based Threats
Primary Challenges common entry point for attackers Users main contributing factor Spam, phishing, attachments Solution FortiMail Security Inbound and outbound threat protection Data leakage prevention FortiSandbox integration Advantages 37 consecutive VBSpam Awards 40 VB100 awards Highest performance in industry FortiGuard SCRIPT: Here’s where our FortiMail Security appliance solution is used to protect data from these vulnerabilities. FortiMail scans all inbound and outbound for threats. It also can prevent sensitive files from being sent, with its data lossprevention tools. For extra security, FortiMail is integrated with FortiSandbox for advanced threat protection. If an looks good to FortiMail, it can be sent to FortiSandbox for further inspection just to be sure. FortiMail is not only the fastest security platform in the industry, it’s also one of the most awarded, with 37 consecutive VBSpam and 40 VB100 awards. Mail Server

16 Protect a Hosted Application
Primary Challenges Protect code-based vulnerabilities SQL Injection, Cross Site Scripting, etc. Meet PCI compliance Web Server 1 Solution FortiWeb Web Application Firewall Multiple, correlated attack protection Behavior-based application profiling Integration with FortiGate, FortiSandbox, 3rd Party Advantages Fastest WAF in Industry (20 Gbps) FortiGuard WAF, IP Reputation Security, AV Lowest TCO in market for enterprise WAF FortiGuard SCRIPT: When we drop a FortiWeb web application firewall into our network, we protect our web-based applications from attacks. FortiWeb uses various techniques, in a layered and correlated approach, to scan for any attack that targets applications on the network. It also uses a behavior-based detection engine to detect anomalies from normal application usage patterns. When integrated with FortiGate and FortiSandbox, FortiWeb provides extra defenses against advanced persistent threats, and shares known infected internal user information from FortiGate. FortiWeb is the fastest web application firewall in the industry, with speeds up to 20 gigabits per second of protected WAF throughput. It does this at the lowest total cost of ownership for enterprise-grade WAFs. Mail Server

17 Add Scale and Reliability to a Hosted Application
Primary Challenges Expand application from one server Protect from server outages Improve responsiveness Web Server 2 Web Server 1 Web Server 3 Solution FortiADC Application Delivery Controller Scale with Server Load Balancing Reliability with Health Checking SSL Offloading for Secure Applications Advantages Up to 50 Gbps of Throughputs FortiGuard WAF and IP Reputation Security Lowest TCO in market for ADCs FortiGuard SCRIPT: Here’s where we drop in a FortiADC application delivery controller. FortiADC manages traffic and provides server load balancing. Because of health-checking, users are directed to the best performing server, or, if one is down, FortiADC will direct traffic to the other servers. The feature that’s tied to Application Security is SSL Offloading, where FortiADC does all the heavy lifting of secure traffic encryption and decryption. SSL offloading can provide up to a twenty-fold increase in secure traffic throughputs. FortiADC offers models with up to 50 gigabits per second of throughput and has the lowest TCO for enterprise-grade ADCs. Mail Server

18 Protect Applications from DDoS Threats
Primary Challenges Application services vulnerable Layer 7 DDoS attacks small (<50 Mbps) Can be as disruptive as multi-gigabit attacks Web Server 2 Solution FortiDDoS Attack Mitigation Appliances 100% Behavior-based 100% Hardware-based Complete Layer 3, 4 and 7 protection Advantages Fastest detection and mitigation response No signatures required Minimized risk of false positives Web Server 1 Web Server 3 FortiGuard SCRIPT: To prevent application layer 7 DDoS attacks and disruptive multi-gigabit events, FortiDDos is placed at the front door of the data center. All traffic is now inspected using 100% hardware and 100% behavior-based detection methods. FortiDDoS scans all traffic and will now block any DDoS threats before they enter the data center. FortiDDoS offers fast detection and mitigation and, because it’s behavioral, it doesn’t use signatures to detect attacks. This minimizes the risk of false positive detections and protects against zero-day threats. Mail Server

19 A Complete End-to-End Solution
Web Server 2 Web Server 1 Web Server 3 FortiGuard SCRIPT: Here you can see all the core application security products deployed on our original, Fortinet-based network, providing a complete end-to-end Security Solution. Only one vendor can do all this with integration into FortiGate, FortiSandbox, and FortiGuard, and that’s Fortinet. Mail Server

20 “J’ai construit mon réseau! Maintenant il faut le sécuriser”

21 A quoi ressemble une réunion entre équipe Réseau et équipe Sécurité?

22 Unified Network Operations
Fortinet Secure Access Architecture Security (NGFW/UTM) Access (Enterprise) Unified Network Operations Device Growth Secure Access Architecture (Integrated Security) FSW is part of Secure Access Architecture by integrating with the FortiGate (via FortiLink) and providing different options for users & devices to connect to the network (Wired & Wireless access) Seamless Unified Experience Move to wireless Including IoT Application Growth Need More Speed Migration to ac

23 Key benefits Zero-touch Provisioning Secure Configuration Management
Fortilink – Fortiswitch controlled by fortigate Key benefits Zero-touch Provisioning Secure Configuration Management Centralized Provisioning and Maintenance FortiSwitch stack Model range No login to the switches FortiGate is Single Point of Management Auto Discovery of Switches Centralized VLAN and Features provisioning Centralized Authentication Stack of FortiSwitches Controlled by FortiGate (Single or HA-Pair) Range of FortiSwitch and FortiGate Models for Retail SMB Enterprise Datacenter

24 FortiLink – FortiSwitch Controlled by FortiGate

25 FortiSwitch in FTNT Security Fabric
FG-100D-HA1 # diagnose switch-controller dump mac_hosts_switch_port vd root/0 00:50:56:a8:3f:cb gen 8 req TOU/2c created 41486s gen 1 seen 0s office-vlan200 gen 5 ip type 17 'Windows PC' src vcm id 0 gen 2 os 'Windows' version '7 or 8' src vcm id 0 host 'RG-win-client-2' src dhcp switch S224DF3X port 1 vd root/0 00:15:65:83:cb:16 gen 9 req TOHU/3c created 29078s gen 5 seen 2549s office-vlan200 gen 6 ip type 6 'FortiFone' src sip id 40 gen 4 os 'Fortinet FON-470i' version '' src sip id 40 vd root/0 b0:61:c7:02:50:e6 gen 12 req TOHU/3c created 668s gen 10 seen 8s vlan-100 gen 7 ip type 6 'FortiFone' src dhcp id 293 gen 6 os 'Fortinet FON' version '460i' src dhcp id 293 switch S224DF3X port 3

26 “Une solution SIEM me donne tout ce qu’il me faut pour comprendre et diagnostiquer les incidents?”

27 Typical NOC/SOC Environment
TICKETING SYSTEMS SOC NOC Team SOC Team Help Desk Datacenter Director Systems, Admin It is no wonder that the likelihood of a breach is real and common, and in part is due to the siloed approach that exists in many IT departments The Network Operations Center ( or NOC) is primarily focused on network performance, availability and up time. Their primary focus is on: Network Fault Tolerance and SLA Management Switch & Router Configuration Sniffing/Trouble Shooting The Security Operations Center (or SOC) is primarily focused on network security and compliance efforts. Primary focus is: Network Behavior Anomaly Detection Intrusion Detection at Multiple Levels Log Management & Reporting Network Forensics Other duties that are commonly shared are: Compliance Controls & Reporting System, image and version change controls User Validation & Geo Location Incident to application correlation and scoping It is common for organizations to have IT departments with a wide variety of systems, and tools in their respective areas of focus. These tools are rarely correlated, or integrated into a cohesive, comprehensive view of the overall network, or organization. All this adds up to a complex, and non-scalable, monitoring and reporting environment which increases the likelihood that breaches have the opportunity to occur, and go undetected, especially as the risks increase from an ever growing sources and types of threats, such as IoT. And when a breach does occur, as Gartner says is inevitable, this poses a daunting challenge to many organizations.

28