The New Generation of RealTime Network Protection

1
The New Generation of Real-Time Network
Protection
Fortinet Overview
2
Agenda

• Corporate Overview
• Challenges of Modern University IT
• Security Challenges for Universities
• Fortinet Solution
• Demo
• QA

3
Fortinet Company Overview

• Founded October, 2000 by Ken Xie
• Founder, former Pres. CEO of NetScreen (NASDAQ
  NSCN)
• Senior management team of industry veterans
• From NetScreen, Trend Micro, 3COM, VPNet,
  Symantec, HP, etc.
• 210 employees HQ in Santa Clara, CA
• Offices throughout Americas, Asia, and EMEA
• Creators of worlds only ASIC-powered antivirus
  systems
• Addressing the need for real-time network
  protection

4
Fortinet Announces Record Results for Q303

• Strong market acceptance
• Products launched May, 2002
• Cumulative shipments reached 20,000 in Q3 2003
• Industry recognition
• Numerous industry awards
• Revenue growth
• Achieving 50-100 quarter-on-quarter growth
  since Q2 2002
• Reached break-even with record 3Q03 quarter
• Strong financial position
• Completed 30 million Series D financing in Aug
• Led by Redpoint Ventures

5
Complete Security Requires a Costly Collection of
Point Products
Hacker
Malicious email
Viruses, worms
Intrusions
Banned content
www.find_a new job.com www.free
music.com www.pornography.com
6
The FortiGate Antivirus Firewall
Better Protection, Faster, at Lower Cost
Hacker
X
Malicious email
X
Viruses, worms
X
Intrusions
Antivirus Firewall
X
Banned content
www.find_a new job.com www.free
music.com www.pornography.com
7
Fortinet has Rapidly Established the Leading
Position in the Evolving Security Market
Fortinet has demonstrated its investment in
powerful network processing technology by
filtering viruses in-line, which requires an
unprecedented level of packet assembly and
filtering.
Firewalls must provide a wider range of
intrusion prevention capabilities, or face
extinction
8
Global Customer Base Includes Enterprise, SMB,
MSSPs
9
University Security Dynamic
10
The Business of Universities
11
Universities and Information Technologies
IT is the lifeblood of the operation.
12
The University Balancing Act

• Risks

• Access
• Freedom

13
University IT Manager Key Responsibilities

• Security
• Protecting information assets from inside and
  outside threats
• Privacy and Intellectual Property Protection
• Quality of Service
• Network should follow expected behavior
• Reliability and Availability of Service
• Network should be available to everyone on Campus

14
Issues Examined
15
The Nature of Threats Has Evolved
External
Spam
Banned Content
Worms
Trojans
SPEED, DAMAGE ()
Viruses
Intrusions
Hardware Theft
1970
1990
2000
1980
16
Fueling an Explosion of Point Solutions
Blended attacks exploit gaps between point
products
Anti-spam
Spam
Banned Content
Content Filter
Worms
Anti- virus
Trojans
SPEED, DAMAGE ()
CONTENT-BASED
Viruses
IDS
VPN
Firewall
Intrusions
CONNECTION-BASED
Lock Key
Hardware Theft
PHYSICAL
1970
1990
2000
1980
17
University Security Considerations

• Protection from malware
• Secure connectivity
• Protection from Innappropriate Content
• Maximization of Network Resources
• Protection of Resources
• Ease of IT administration
• Maximization of performance
• Budget Management

18
Virus Outbreaks

• Problem
• Malicious applications(a.k.a. malware) such as
  viruses and worms can cause loss of functionality
  and/or loss of data if system is infected
• Types
• Viruses, Worms, Trojans and blended threats
• Result
• Viruses take advantage of vulnerabilities
• Solution
• Holistic approach
• Strategic methodology
• Drastic measures

19
Growing problem
Billions
2001
2001
2003
Expect more dangerous threats
20
Consensus
Over 72 of respondents agree problem is getting
worse
Source ICSA Labs Virus Prevalence Survey 2002
21
Virus Disaster
Historically the survey has considered a virus
disaster to be 25 or more PCs or servers infected
at the same time ICSA Labs Virus Prevalence
Survey 2002
At the University of North Texas, technicians
are removing viruses from roughly 16 computers
every 90 minutes IT Administrator, University
of North Texas
22
Virus Disaster Stats
The number of virus disasters is growing on
average per organization YoY.
The cost of virus disasters is growing on average
per organization YoY.
Sources ICSA Labs Virus Prevalence Survey 2002
23
AV Protection Trend
HTTP now accounts for over 20 of viruses
Sources ICSA Labs Virus Prevalence Survey 2002
24
Vulnerabilities

• IT administrators are not doing enough to patch
  vulnerabilities
• Stringent patching is key to anti-virus security
  management

25
How to Secure Malware Threat

• Strategic security plan
• Comprehensive policy-based AV/security
  infrastructure/service
• Ongoing communications to constituents
• Drastic enforcement
• Cooperation with AV vendors
• For desktop solutions

26
Secure Connectivity

• Problem
• Remote users connecting to facility network via
  VPNs
• Issue
• VPNs can provide yet another means by which
  viruses, worms, and other attacks can penetrate
  the firewall and reach the private network.
• Cause
• Conventional VPN hardware and software does not
  scan the content carried within their secure
  tunnels
• Solution
• Implement secure scanning of tunnel

27
Protection from Innappropriate Content

• Problem
• Access to banned websites and content results in
  productivity loss and possible liability for the
  host
• Cause
• Lack of effective enforcement of security policy
  regarding internet access and content transfer
• Result
• Productivity loss and possible liability for the
  host
• Solution
• Limit exposure to liability caused by access to
  inappropriate or malicious content

28
Protection of Resources

• Problem
• Un-authorized access and removal of individual,
  business and IPR content
• Types
• Financial - Credit card,ID , SSN , UserID,
  Password
• Proprietary Info Patents, Research findings
• Cause
• Exploits in Servers and applications
• Solution
• Stringent Access control to prevent Snooping,
  Spoofing and un-authorized access

29
Maximization of Network Resources

• Problem
• Misuse of network resources
• Cause
• File swapping, malware distribution
• Result
• Network resources applied to non-productive and
  potentially illegal activities
• Solution
• Use traffic management to limit the amount of
  network bandwidth allocated to swapping
  applications

30
Ease of Administration

• Problem
• Complexity of network infrastructure
• Cause
• Divergent point solutions
• Lack of specialized administrators
• Result
• Various challenges associated with network
  administration
• Solution
• Implement consolidated security technologies for
  fast, efective, easy to manage network security
  management

31
Maximization of Performance

• Problem
• Maximum network security may equal compromised
  security performance
• Cause
• Loosely inter-operable point solutions
• Result
• Lack of real-time performance
• Solution
• Hardware accelerated security solution

32
Budgeting

• Problem
• Existing security infrastructure needs to be
  upgraded / reinforced
• Cause
• New threats
• Need for security specialists
• Result
• Security infrastructure lacking
• Solution
• Seek lower TCO for advanced security

33
TANET 2003 Tutorial SessionNetwork
ProtectionArchitecture and Feature
FORTINET HQ
Confidential
Rev 120
34
A Unique Architecture for Complete, Real-Time
Network Protection
SUPPORT SERVICES TOOLS

• Instant Attack Updates

Intrusion Detection/ Prevention
Antivirus
Content Filtering
FortiASIC Content Processor
VPN
FortiOS Operating System
Traffic Shaping
Firewall
Anti- Spam
Virtual Systems

• Centralized Management

• Comprehensive Support

35
A Unique Architecture for Complete, Real-Time
Network Protection
CORE TECHNOLOGY

• Proprietary Fortinet Chip
• Hardware scanning engine
• Hardware encryption
• Real-time content analysis

• Real-time networking OS
• High performance
• Robust, reliable

36
FortiOS Highlights

• Secure and Reliable Platform
• Proprietary Security-Hardened OS
• Purpose built platform for application-level
  security functions
• Real-time OS
• Optimized for content processing
• Wide range of Applications
• Firewall
• VPN
• virus/Worm Scanning
• Web and email Content filtering
• Network Intrusion Detection (NIDS) and
  Prevention
• Traffic Shaping
• Extensible for new applications
• Anti-spam
• Virtual systems
• Wireless security
• Etc.

37
Fortinet Antivirus Feature Highlights

• High Performance
• The worlds only ASIC-based antivirus solution
• First and only ICSA-certified, hardware-based AV
  gateway
• Policy-based
• Virus scanning
• Full coverage of the WildList viruses Including
  polymorphic viruses
• Quarantine of infected and suspicious files
  blocking of oversized
• Rapid threat reaction
• Updated by Threat Response Team FortiResponse
  Distribution Network
• Automatic push updates for AV and NIDS definition
  databases

38
Fortinet Antivirus Benefits

• Enhances user experience
• Scans real-time (Web) traffic without noticeable
  delay
• Reduction in false positives and the amount of
  data analysis
• Policy-based AV applies scanning only where
  needed
• Contain the impact of virus
• Immediate response to breaking threats

39
Fortinet Content Filtering Feature Highlights

• Native content filtering (uses free blacklists)
• URL Blocking, Keyword or phrase blocking
• Blocks ActiveX, Java applets, and cookies
• Email filtering
• Optional third party blacklist support
• Integration with Third Party Web Filter List
• Requires per-seat subscription

40
Content Profiles Provide Granular Configuration,
Ease Admin

• Users can define up to 32 content profiles

• Any content profile can be applied as part of a
  policy

41
Fortinet Content Filtering Benefits

• Increase productivity
• Prevent access to non-business related web sites
  during office hours
• Reduce liability
• Avoid hostile work environment liability
• Improve bandwidth utilization
• Filter out non-work-related content e.g., mp3
  files, pornographic material, etc.
• Ensure regulatory compliance
• CIPA (US primary/secondary schools)

42
Fortinet Network Intrusion Detection System
(NIDS) Highlights

• High Performance
• Network monitoring without performance
  degradation
• NIDS supported on all interfaces simultaneously,
  including sub interfaces mapped to VLANs
• Industry leading range of signature support
• Signature database of close to 1,400 known
  attacks
• Support for customer self-defined signatures
• Signature-based attack recognition
• Protocol anomaly detection and prevention
• 34 attack signatures covering TCP, UDP, ICMP and
  IP
• Customizable
• Attack list
• e-mail alerts

43
Fortinet NIDS Benefits

• Reliable network protection
• From the most demanding network conditions
• Fast containment of attacks
• Push updates of attack signatures through the
  FortiResponse Distribution Network
• Operational cost savings
• Customizable signatures and support for
  self-defined signatures helps to eliminate false
  positives
• Easy to configure and easy to maintain

44
Easy to Configure Intrusion Detection
Prevention

• Signature based customer definable signatures and
  customer unique network environment
• Confirming to Fortinet defined syntax

• Close to 1,400 detection signatures
• Signatures grouped into categories for easy
  management
• Configurable to apply IDS on one or multiple
  interfaces

• Over 34 attacks
• Customizable thresholds
• Configurable logs alerts

45
Fortinet Firewall Feature Highlights

• High Performance
• ICSA-certified Stateful Inspection Firewall
• NAT, Route, and Transparent mode
• H.323 NAT Traversal
• Policy based
• Authentication User groups, LDAP and Radius
  based
• Routing for WAN failover
• Supports over 40 standard and user-defined
  services
• e.g. Telnet, realaudio, FTP, GRE, Oracle8 etc.
• Control and Management
• DHCP Relay and WINS support
• One touch management for AV, FW and VPN tunnels
• Interoperate transparently with existing Firewall

46
Fortinet Firewall Benefits

• Reliable Network Protection
• The best first layer of defense against the
  worst network condition
• Fast response to threats
• Integrated management of AV, FW, NIDS and NIPS
• Investment protection
• Sits transparently behind another vendors
  firewall

47
Fortinet High Availability Feature Highlights

• Fortigate Clustering Protocol
• Active-Active
• Active Passive
• HA in transparent mode
• Stateful failover for both firewall and VPN
  traffic within 3 seconds
• Link status monitoring and failover
• HA Alert
• During failover, the FortiGate units in an HA
  group send an email and SNMP trap, and log the
  event.

48
FortiManager System
Key Features and Benefits

• Multi-tier Client/Server architecture
• Server software Deployed on security-hardened
  appliance to eliminate installation issues,
  improve system reliability security
• Admin console(s) Platform-independent Java
  client
• Role-based administration Supports multiple
  simultaneous administrators with different
  authorization levels
• Corba-based interfaces Eases integration into
  customer existing management systems
• Secure communication between Server and FG units
• Strong mutual authentication mitigates attacks
• Strong encryption of communication protects from
  information interception

49
FortiManager System Provides Global, Centralized
Management
50
FortiResponse Infrastructure

• FortiResponse Distribution Network (FDN)
• Provides automated, timely, and reliable AV/NIDS
  updates
• Ensures that FortiGate units worldwide have the
  most current AV and NIDS protection available.
• FortiResponse Center
• An information portal providing up-to-the minute
  information about new viruses and vulnerabilities
  as well as network security news and resources.
• Fortinet Threat Response Team (TRT)
• A global team of network security experts
  dedicated to researching new threats and
  developing signatures that enable FortiGate
  units to detect and prevent new attacks.

51
FortiResponse Infrastructure Ensures Rapid
Response to New Threats
Fortinet Threat Response Team and Update
Distribution Servers
FortiResponse Center Web Portal email
Bulletins
Push Updates Can Protect All FortiGate Units
Worldwide in lt5 Minutes
52
FortiGate Product Line Spans from SOHO to Service
Provider
Price Points from 500 to 30,000 All Shipping
Now
FortiGate Product Family
FGT-2000
Service Provider/Telco
Medium Enterprise
Large Enterprise
SOHO
Branch Office
4G
FortiGate-3600
2G
Redundant power
FortiGate-3000
FortiGate-1000
1G
Gigabit entry platform
FortiGate 500
FortiManager System
Performance (Mbps)
Multi-Zone (12 ports)
300
FortiGate-400
High Availability
200
FortiGate-300
Enhanced remote client capacity
FortiGate-200
120
FortiGate-100
Integrated Logging (20 Gbyte)
95
DMZ port, traffic shaping
FortiGate-60
70
Dual USB ports integrated 4 managed switch
ports Dual WAN connection
FortiGate-50
30
Antivirus/worm, Firewall, VPN, Intrusion
Detection/Prevention, Content Filtering
Capabilities
53
Fortinet Value Education Case Study
FORTINET HQ
Confidential
Rev 120
54
Case Study Florida Computer College

• 1,600 students
• Was using Cisco PIX
• Deployed Fortigate 100(3), 300

"We evaluated several other products and found
that the Fortinet systems provided the most
complete, integrated, cost-effective security
systems availableFortinet has really cracked the
code on making it easy and affordable to
implement comprehensive network protection.
Joseph Vega, director of information technology,
Florida Computer College
55
TCO Comparison
56
Fortinet Value

• Fortinets Anti-Virus Firewall Gateway results in
  80 reduction in acquisition cost
• Managing Fortinet device compared to a patchwork
  of devices 67 operation cost savings
• Service cost saving of 75 with Fortinet solution
  compared to conventional solution

57
Summary

• Fortinet is leading a new model of purpose-built
  security appliance to protect todays networks
  from todays internet threats in the most cost
  effective way.
• By providing all applications layer services
  accelerated via the unique ASIC architecture
• Optimal solution for Education market

58
Demo
59
Thank you
60
Real Time System Status Monitoring

• Critical system performance data rendered
  graphically with both real-time and historical
  data refreshed continuously Graphic rendering of
  critical system statistics
• Data refreshed automatically without human
  intervention
• Historical view of system status as well as
  real-time monitoring
• CPU utilization and Memory used within the past
  minute
• Network and Session status within the past minute
• Virus and Intrusion detection for past 20 hours.
• Session List that allows individual sessions to
  be cleared

61
Real Time Monitoring with Historical Graphical
Representation
62
FortiResponse Distribution Network Verify,
Distribute, Monitor
MASTER FDS SITE
AV/NIDS Signature Databases
FortiResponse Distribution Server
Entitlement Database
63
Backup Slides
64
Technical Tutorial Agenda

• Real-time Network Protection
• System Architecture
• Components
• Hardware ASIC Arch. Description
• Firmware OS Overview
• System Management
• Antivirus
• NIDS / IPS
• Content Filtering
• Management Configuration/Update/Reporting
  /Logging

65
Designed from the Ground Up For Content Processing
Content Assembly Scanning Memory
FortiAsic Content Processor
Signature Memory (Virus, Worm, Keywords, etc.)
General Purpose CPU(s)
System Management (CLI, Web, SNMP, AutoUpdate)
FortiOS Operating System
System Bus

Physical Interfaces (10/100, GigE, etc.)
66

• Of particular interest to higher education is a
  recommendation that institutions establish a
  "point of contact reachable at all times to
  Internet service providers (ISPs) and law
  enforcement officials in the event the school's
  IT systems are discovered to be launching
  cyberattacks." Some security analysts have gone
  as far as to suggest screening out network
  requests from dot-edu addresses on the general
  presumption that academic users cannot be
  trusted.
• Prediction Institutions will recognize a new
  imperative to protect their information
  resources, and will designate an information
  security officer to lead and coordinate
  institutional resources.

67
Before Aggregation
Source Aberdeen Group, September 2003
68
After Aggregation
69
Multifunction Is the Present and the Future
Aggregated solutions allow IT buyers to get the
functionality they require in a smaller form
factor, at a lower acquisition price, and with a
much lower total cost of ownership.
Old adage think outside the box New adage
look inside the box
70
Changing Vectors
71
Educational Security Threats 2003

• Increased hacking activity, especially from
  hackers outside the institution
• Continued restricted budgets, forcing internal
  reallocations of budget and staff to meet
  security needs
• Escalating pressures from state and federal
  security agencies to secure campus networks and
  crack down on the illicit use of college networks
  to launch cyberattacks
• Increased use of outside resources for
  vulnerability audits and risk assessments
• Gartner Information Security Officers Needed in
  Higher Education

72
Recommendations for 2003

• View security as an institutional priority
  through a top-down commitment from senior
  administrators
• Establish institutional security information and
  analysis teams to coordinate activities across
  all departments and divisions
• Reassign staff and resources to address security
  needs, due to the lack of new funds
• Conduct security audits and develop a baseline
  vulnerability/risk profile
• Adopt more-stringent monitoring and implement
  controls to limit improper outbound network
  traffic
• Recognize that information security is not a
  collateral job for the CIO, and that, in fact, it
  may be a conflict of interest for the CIO
• Review enterprise architecture and adopt
  infrastructure standards and policies
• Pay attention to basic security elements,
  including firewalls, version control for standard
  software (including patches), ISP capabilities
  and mandatory antiviral software

Gartner Information Security Officers Needed in
Higher Education
73
Issues Faced By Unis

• The Massachusetts Institute of Technology shuts
  off Internet service to computers it determines
  are infected
• Oberlin, which began requiring all students to
  have their computers checked for viruses when
  they arrive on campus, found infections in nine
  out of every 10 running Windows software
• At the University of North Texas, technicians
  are removing viruses from roughly 16 computers
  every 90 minutes--plus assessing a mandatory 30
  cleaning fee. Students who have infections
  cleaned from their computers off campus must show
  proof before they're allowed to log back onto the
  school network.
• Vanderbilt University found infections in
  computers of roughly one-fourth its returning
  5,000 students. Stunned technicians shut off
  connections to nearly 1,200 computers they
  determined were infected and gradually restored
  service over the next several days after ensuring
  each machine was clean.
• A security audit at Georgia State University
  found that one in five users have no antivirus
  software installed, and an additional three in
  five users have outdated antivirus programs.
  (source NW Security Lesson, 7/7/03).
• At Temple University, officials sent 90,000
  E-mails and 27,000 flyers over the past two weeks
  warning students and teachers about threats from
  the latest virus attacks and instructing them how
  to secure their computers.