Fortinet FortiOS 5 Presentation

Editor's Notes

• #3: Wired Connectivity10G is becoming standard, 40G and 100G deployments starting Wireless ConnectivityWireless everywhere, wifi speeds moves to Gbps with 802.11ac Mobile Devices EverywhereBring your own device to work Video and Audio 48 Hours of content uploaded to YouTube per minute IPv6Real for carriers, and even some end users
• #4: Visibility of TrafficAdmin requirements extends to end users Accuracy of detection Is that really ‘Skype’ traffic you said you detected? Policy Explosion The complexity of enterprise security policies grows exponentially Log Explosion How to keep this relevant, the needle in the haystack problem Threats continue to scaleNation state, Stuxnet, Flame - Remember RSA, and Linkedin
• #5: IT BudgetRemains flat, more with less is the trend IT DepartmentSize remains largely the same, or shrinking Moore’s Law Arrives at the IT Department The number of Internet attached devices managed by the IT Department doubles every two years
• #6: Pricing FortiGuard Services simple licensing and pricing model maintained FortiGate more performance, more features, same aggressive pricing No complex feature enablement No per user calculations No surprises
• #7: Benefits of FortiOS 5.0 center around improved security, improved control and more intelligence.
• #8: Tackle today’s challenges: The need for more control – how do I control devices – as they may be personal or belongs to the organization The need to protect against new threats – How do I protect the network against zero-day attacks and goes beyond using Signatures … The need to effectively enforce security with more complex network environment and requirements – How do I simplify the management and implementation, so that I as the weakness link – do it correctly! Also, How can I better understand what is going on my network We also take our customers feedback seriously and have adopt a number of enhancement that improves our functionalities, our deliverables and user experience
• #9: Switch focus, and cover 3 main topics with APT: AV Engine – misconceptions and 5.0 extensions Cloud-based submission & updates Multi-vector analysis (Client Reputation)
• #10: Client Reputation is a key differentiator with FOS 5.0 It gives enterprises a cumulative security ranking of each device based on a range of behaviors and provides specific, actionable information that enables organizations to identity compromised systems and potential zero-day attacks in real time. Scoring Mechanism -- score for different behaviors -- enforcement works the same Cross Vectors -- Blocked apps -- Blocked websites -- Denied policies -- Malware
• #11: The new advanced anti-malware detection system adds an on-device behavior-based heuristic engine and cloud-based AV services that includes an operating system sandbox and botnet IP reputation database. Together with superior industry-validated AV signatures, FortiOS 5.0 delivers unbeatable multi-layered protection against today’s sophisticated malware. Behavior Analysis “Attributes” for each sig Different degrees of matching Java Script Obfuscation Common technique to hide malware in JS New Emulator Object Oriented Ext. for Mobile Malware (Android) Cloud Integration for submission & updates
• #13: This is one of the biggest matter to tackle in today’s IT environment. Do you or do you not allow personal devices for organisation’s use? Either way, how can I do that? BYOD – D is the keyword here. Device – No longer can we imagine that an IP Address or a user ID explicitly means it can do what is permissible. In order to empower the IT dept with the ability to control access and enforce security policies upon devices, we have build a couple of cool features. We talk a little on those features a little later but 1ST, let us why the ability to manage devices from a security context is important.
• #14: FortiOS 5.0 lets you secure mobile devices and BYOD environments by identifying devices and applying specific access policies as well as security profiles, according to the device type or device group, location and usage. So what what are we doing to make it work? Device Identification – by using 3 different technologies, and user can choose all of them or either, depending on their network setup Once a device is identified, admin can apply specific access policy as well as security profile, according to the device type or device group. We will work through a use case soon. What is a huge advantage here is that it al work seamlessly in the box. Does it work with user Authentication to create even more gradual policies – yes! Thus, giving the ability to tell who does what on which device.
• #16: One of the improvements in FortiClient 5.0 allows for off-net protection. The similar security policies can be applied even when the user is not connected to the corporate network. For example, policies can sent to the FortiClient that block access to malicious websites. When that user is no longer connected to the corporate network, they would still be denied access to those websites.
• #18: Making security administration is simpler and more efficient as networks become more complex and larger. Ultimately, these enhancements make security enforcement more accurate hence lower the risk of security beaches as the human is still the weakest link.
• #19: - Going beyond traditional SSO capabilities Take advantage of our capabilities as a wireless controller and new switch controller Make it easier for the security device to acquire user ID Aslo made improvement to existing SSO feature which makes it easier to implement
• #20: FortiOS provides automatic adjustment of role-based policies for users and guests based on location, data and application profile
• #21: Guest access is now part of security. Setting up guest policies is now very easy with the guest administration profile.
• #22: Enhanced reporting and analysis also provides administrators with more intelligence on the behavior of their network, users, devices, applications and threats.
• #23: FOS 5.0 provides very rich reporting functions. Comprehensive reports are easily constructed and ideal for generating documents for compliance and auditing (Note: Expand these reports to show the level of available detail).
• #25: Client Reputation Reputation built by activityWhat, Where, How Compromised client? Drill down report created for those with the worst reputations Administrator defined thresholds New JS emulator in AV engine Added native scripting framework XDP support to extract PDF file from XML
• #26: Client Reputation Reputation built by activityWhat, Where, How Compromised client? Drill down report created for those with the worst reputations Administrator defined thresholds New JS emulator in AV engine Added native scripting framework XDP support to extract PDF file from XML
• #27: Client Reputation Reputation built by activityWhat, Where, How Compromised client? Drill down report created for those with the worst reputations Administrator defined thresholds New JS emulator in AV engine Added native scripting framework XDP support to extract PDF file from XML
• #28: Client Reputation Reputation built by activityWhat, Where, How Compromised client? Drill down report created for those with the worst reputations Administrator defined thresholds New JS emulator in AV engine Added native scripting framework XDP support to extract PDF file from XML
• #30: Client Reputation Reputation built by activityWhat, Where, How Compromised client? Drill down report created for those with the worst reputations Administrator defined thresholds New JS emulator in AV engine Added native scripting framework XDP support to extract PDF file from XML