Physician Office Administration Seminar Medical Society Milwaukee County

1
Physician Office Administration Seminar Medical
Society Milwaukee County

• Fortinet Unified Threat Management-Security

2
Introduction

• Thank you for the opportunity to present Security
  and Fortinet
• Jim Dziak-Regional Sales Director for Fortinet
  Inc.
• 5 Decades in IT
• 10 Years In Security
• Former IT Company Business Owner for 25 Years
• Please ask questions
• 5,000 fly-over for why security in-depth
• How many here have had a security related issue
  in the past year?

3
Agenda
Who is Fortinet
1
The Evolution of Security
2
Solution
3
Demonstration
4
QA
5
Summary
6
4
Fortinet Company Overview

• First Multi-Layered Security Platform provider
  that leverages ASIC technology
• Largest private network security company
• 750 employees / gt 300 RD
• Nearly 300,000 FortiGate devices WW
• Founded in 2000
• World Largest Privately Held Security Company
• Global Operations in U.S., EMEA Asia Pac
• Independent certifications
• 8 ICSA certifications (only vendor)
• Government Certifications (FIPS-2, Common
  Criteria EAL4)
• 50 industry awards-IDC-NSS-SC Etc.
• VB 100 and NSS Certifications

5
Fortinet Credentials

• Best Integrated Security Appliance-RSA 2007
• Most Accurate Anti-Virus-VB Lab 100 2007
• Most Accurate Malware-Malware Lab 2007
• Best Intrusion Prevention System-RSA 2007
• NSS Certified
• IDC Certified
• Current Analysis-Most Advanced Security
  Technology
• ICSA Certified World Wide

6
Global Customer Base

• Fortinet products are used by
• 25,000 customers World Wide
• 1000s of Healthcare institutions Worldwide
• The worlds largest telcos service providers
• Major Government Education, Financial, Legal,
  Manufacturing and Retail institutions

7
Healthcare References-Wisconsin Partial List

• Rural Wisconsin Health Cooperative
• Vernon Memorial Hospital
• Boscobel Area Health Care
• Moundview Memorial Hospital
• Grant Regional Health Center
• Memorial Hospital of Neillsville
• Milwaukee Health Services
• Black River Memorial Hospital
• Young Eye Clinic
• Monroe Clinic

8
Healthcare References-Wisconsin Partial List
Continued

• Wisconsin Primary Health Care Organization
• Mile Bluff Medical Center
• Bellinhealth Hospital Group
• Independent Physician Network
• St Joseph Synergy Health of West Bend
• Maximal Surgery Group
• Navitus Healthcare Group
• Medical College of Wisconsin
• Community Health Partnership-Eau Claire

9
Other References

• For the Catholics The Vatican
• For the Democrats Senator Kohls Office
• For the Republicans The Military
• For the Italians The country of Italy
• For the Sports Fan The Milwaukee Bucks
• For the Harley Fan Harley Davidson Dealer
  Network
• GMC Dealer Network
• Quick Lube
• A reference for everyone.

10
Agenda
Who is Fortinet
1
The Evolution of Security
2
Solution
3
Demonstration
4
QA
5
Summary
6
11
Blended Threats Leverage Vectors

• Malicious threats lead to
• Data loss
• Identify theft
• Corporate espionage
• Business downtime
• Bad publicity
• Regulatory fines
• The motive has changed
• From notoriety to criminal intent
• Funded by organized crime
• Global in reach
• Cyber crime economics too compelling to subside

Application Threat Vectors
Network Threat Vectors
12
Multiple Application Vectors

• Multiple Threat Types
• Various Application Entry Points
• Different Functions
• Threat Payload Intent Varies
• Broad Range of Propagation Techniques
• Application Threat Vector
• Viruses Spyware
• Spam Directory Harvest Attacks
• Web Phishing
• Network Threat Vector
• Network Worms
• DDOS/DOS
• IP Packet Capture
• Spoofing Man-In-The-Middle

Compliance driving for
Unified Management
additional security functionality
13
Business and Applications Evolve

• Businesses Always Evolve
• Mobile Workforce
• New Business Tools
• New Compliance Requirements
• Email, Web, VOIP Are Mission Critical
  Applications
• Applications Always Evolve
• IM with VOIP
• Email Web Plug-in
• New P2P Applications
• Skype
• Patch of Existing Applications

14
Traditional Anti-Virus is not effective

• Anti-Virus Signature protection is limited (over
  1,300,000 AV signatures)
• Hackers have developed malware to disable AV
  Agents
• Updates are not timely
• Hackers know what updates are missing from
  various AV providers
• Updates have destroyed networks
• Update portal for Symantec has been compromised
• According to industry experts Anti-Virus Agent
  Software is ineffective to stop todays attacks
  (Network World 4-9-07)

15
Current Enterprise Challenges
16
Are you certified?

• IAACA

17
IAACA

• International Association for the Advancement of
  Criminal Activity
• World Wide Organization and membership requires
  active participation

18
Anatomy of a Hack

• Anatomy of a hack
• Victim identification (organization name,
  employee name, domain name, etc.)
• Profiling and Reconnaissance (whose, network
  solutions, articles, hacking sites, search
  engines) gain valuable information from public
  domain
• Scanning (finding hosts, services and ports)
  create network map
• Enumeration create database of users and
  shared resources
• Vulnerability identification based on the
  systems identified (operating system and
  applications)
• Exploit Initial Compromise locate or create
  an exploit to take advantage of a host or
  application
• Improving Position Now start steps 1-6 from an
  internal, trusted host
• Create backdoors and accounts for future use
• Cover tracks purge or edit logs, remote temp
  files and applications
• Set decoy if detection is suspected, set
  decoys to confuse system administrators

19
The Rise of Blended Attacks

• Blended Threats
• Designed to maximize damage and speed of
  infection
• Fast spreading network-based threat with multiple
  attack vectors
• Combination of virus, worm, and exploits
  vulnerabilities
• Many leverage email to spread with a malicious
  payload attachment
• Can self replicate acting as a hybrid virus/worm
• Remote execution, DoS, Backdoor applications
• Use of Social Engineering Rising
• Trick users into installing or launching
  malicious code
• Phishing for identity information
• Latest attacks are now transparent - Pharming
• Spam was originally a nuisance but is now a
  corporate security concern

20
What are these Blended Threats?

• Blended threats are attacks that utilize multiple
  transmission techniques to spread itself and
  attack other computers. Email, Web and File
  Transfers are the most common methods of
  transmission.
• Traditional and Point security solutions are not
  enough to effectively block blended attacks from
  entering and leaving your network.
• New Content based attacks were reported to be up
  1000
• IBM reported over 1,000,000 security incidents in
  2005
• 82 Million reported Cyperthefts since Choice
  Point in July 2005
• Over 80 Million in 2007 have been reported to
  date

21
Website Security Threats

• Google 10 percent of sites are dangerous
• By Tim Ferguson, Silicon.com Published on ZDNet
  News May 15, 2007, 756 AM PT
• ZDNet Tags
• Web sites,
• Hacking,
• Viruses and worms,
• Google
• Google is warning Web users of the increasing
  threat posed by malicious software that can be
  dropped onto a computer as a Web surfer visits a
  particular site.
• The search giant carried out in-depth research on
  4.5 million Web sites and found that about one in
  10 Web pages could successfully "drive-by
  download" a Trojan horse virus onto a visitor's
  computer. Such malicious software potentially
  enables hackers to access sensitive data stored
  on the computer or its network, or to install
  rogue applications.

22
Web Site Security Threats

• An average of 8,000 new URLs containing malicious
  software emerged each week during April, Cluley
  said, adding that the notion that such software
  resides only in the darker corners of the
  Internet is very outdated. Seventy percent of Web
  pages hosting rogue software are found on
  legitimate sites targeted by hackers, according
  to Sophos.
• http//news.zdnet.com/2100-1009_22-6183818.html?ta
  gnl.e622

23
Other Noteworthy Items

• IBM reports 1 billion suspicious computer
  security events in 2005
• The shift is to Stealth Attacks and disabling AV
  Agents
• FBI Reports a survey of 2000 companies stated
  that 90 experienced a security incident
• Phishing for Tax Scammers
• Banks must do more to secure systems
• Keyloggers are collecting account numbers and
  social security numbers for 200.00 each.
• Illegal Down loads are the responsibility of the
  system owner which includes Corporations and
  Individuals

24
Other Noteworthy Items (con.)

• Federal Govt says personal information that is
  pilfered and misused each year is costing
  consumers 5 billion to 48 billion!
• Russia says it is a cancer it wont kill you
  today but it will over time
• CardSystems Solutions reported 40 million cards
  were exposed to possible theft. (New York Times)
• 200.00 per card is the going price it must
  include name,billing address and phone number.

25
Reasons to Implement Security

• Trust
• Competitive Advantage
• Reputation Image
• Stakeholder Value
• Ethics
• Customer Retention-Confidence
• Compliance-Regulation
• HIPAA
• Sarbanes
• OCI
• GLBA-FDIC-NCUA
• ISO 17799
• There are over 4,000 regulations that are
  legislated
• PCI compliance for Credit Card Merchants

26
Are You Secure? Or Are you as smart as a 5th
Grader?

• Is your network being used for business only
• Are you being used as a spam relayer
• Are you black listed
• Are you allowing attacks into your network
• Are you sending attacks from your network
• Is your network being used for Illegal Downloads
• Are there back doors setup in your network
• How often do you review security reports
• Is your data protected when transmitted
• Do you know the fine and penalty for Illegal
  Downloads
• Do you know the difference between a Virus and
  Intrusion Attack

27
Liability-What you dont know can cost you!

• The ability to point a finger is more powerful
  than you can imagine!!!
• CFOs and CEOs can literally go to jail with new
  legislation within Sarbanes Oxley CIPA
• HIPAA for any company providing healthcare
  co-managed plans to their employees not just
  healthcare institutions
• Local Law Firm dismissed an employee who went to
  another firm and had a backdoor for access into
  his former employers network for over a 1.5
  before it was discovered
• Grandfather in Racine, WI was litigated for Copy
  Right infringement Fine was reported at over
  600,000 settled at 40,000 with public service
  obligations.
• RIAA is actively enforcing Copy Right infringement

28
What Does HIPAA Require

• Intrusion Prevention of Worms, Bots, Trojans etc
• Prevention for Attacks embedded in Web Based
  E-Mail
• Reporting of Intrusions and Attack Activity
• Prevention of attacks from Web Page Downloads
• Protection from Internal Attacks of Memory
  Sticks, iPODS, CD,IP Printers, IP Cameras, Rom
  Media Laptop Computers

29
What does HIPAA Require

• Firewall
• Anti-Virus, Worm, Bots, Trojans, Malware
• Intrusion Prevention
• Implement Security sufficient to reduce risks and
  vulnerabilities that comply with 164.306(a)
• Implement procedures to regularly review records
  of system activity, audit logs, access reports
  and security incident reports
• Logs to be reviewed 2 xs per week or more
  frequently
• No unauthorized users on system
  Spyware,Malware, etc
• One incident of Spyware will nullify your
  compliance (because you do have an unauthorized
  user on your network)

30
Traditional Perimeter Technology
Spam
Viruses, worms
Allow port 80
Intrusions
Banned content
Block rest
31
Current Perimeter Technologies Non-integrated
point solutions not effective against Blended
Threats
Hacker
Spam
Viruses, worms
Intrusions
Banned content
www.find_a new job.com www.free
music.com www.pornography.com
32
Why Traditional Firewalls Miss The Latest Attacks
STATEFUL INSPECTION FIREWALL
DATA PACKETS

• OK

http//www.freesurf.com/downloads/Gettysburg
Four score and BAD CONTENT our forefathers brou
Inspects packet headers only i.e. looks at the
envelope, but not at whats contained inside

• OK

ght forth upon this continent a new nation,

• OK

n liberty, and dedicated to the
proposition that all

• OK

Not Scanned
Packet headers (TO, FROM, TYPE OF DATA, etc.)
Packet payload (data)

• Weaknesses Includes
• No Deep Packet Inspection capabilities to spot
  malicious payloads
• Per-Packet forwarding with no packet reassembly
• Malicious applications can be tunneled through
  trusted ports
• Traditionally deployed only at the perimeter and
  cant defend against internal threats

33
How Traditional IDS/IPS Are Missing Modern Attacks
DEEP PACKET INSPECTION
Performs a packet-by-packet inspection of
contents but can easily miss complex attacks
that span multiple packets or fragmented
Undetected

• OK

http//www.freesurf.com/downloads/Gettysburg
Four score and BAD CONTENT our forefathers brou
!

• OK

ght forth upon this continent a new nation,

• OK

n liberty, and dedicated to the
proposition that all

• Weaknesses Includes
• Mirrored traffic analysis, not inline with
  network flow
• Alert only, will not proactively block attack
  traffic
• Damage is done before alert can be responded to
• Deep Packet Inspection IDS/IPS systems may be
  overrun by GB links
• Traditionally deployed at the perimeter

34
Protection With Content Reassembly
COMPLETE CONTENT PROTECTION
1. Reassemble packets into content
http//www.freesurf.com/downloads/Gettysburg
Four score and BAD CONTENT our forefathers brou
ght forth upon this continent a new nation,

n liberty, and dedicated to the
proposition that all
ATTACK SIGNATURES
!!
!!
2. Compare against disallowed content and attack
lists
35
Best of Breed Point Product Is Costly

• Multiple Vendors for Blended Threats
• Require multiple security point products
• Limited to no product interoperability
• Lack of Management
• Too Costly
• High capital and operational expense
• Disparate management consoles
• No central threat dashboard
• Not Flexible
• No deployment flexibility
• Limited product offering
• Junipers 3rd AV partner

Servers
Users
36
Agenda
Who is Fortinet
1
The Evolution of Security
2
Solution
3
Demonstration
4
QA
5
Summary
6
37
Flexible Multi-Layered Security Platform
10/100 Mbps
1 Gbps
10 Gbps
38
Flexible Product Portfolio
39
Powerful Cost Advantage
40
Unified Threat Management The Power of Security
Performance

• Network ASIC
• Line Speed FW
• Line Speed VPN (IPSEC and SSL)
• Line Speed IPS
• Application ASIC
• Anti-Virus (Anti-Spyware) Acceleration
• Web Content Filtering and Anti-Spam Advantage
  from Accelerated AV scanning
• Intrusion Prevention
• Packet Reassembly

IPSEC SSL
41
FortiGuard Security Subscription
SLA Response Time lt 2 hrs.
24x7 Global Threat Research Lab
Source FortiGuard Subscription Service
42
FortiGuard Security Portal

• Central Dashboard
• Real-Time
• Detailed Information per Threat Category
• Security Threat Visibility
• Viruses Spyware
• Spam
• Phishing
• Web Content Categorization
• Mobile Threats

http//www.fortinet.com/FortiGuardCenter/index.htm
l
43
Agenda
Who is Fortinet
1
The Evolution of Security
2
Solution
3
Summary
4
44
Fortinet Security System Reporting- -In the
Cloud-Onsite Device-Managed Service

• User Secure Access Reports
• Prevented Attacks
• Type of Attack
• Source Destination
• Protocol Analysis of Attacks
• Management of Instant Messenger P2P
• Event Correlation
• Alerting
• Report Access

45
Usual Comments-Excuses often heard

• I dont have the time-who does
• It sounds expensive-not really
• It sounds complicated-doesnt have to be
• I am just a small office who cares about my
  data-The world
• My ISP takes care of it-maybe
• Reports? What reports?-
• No one is enforcing HIPAA-enforcement is usually
  a post event
• I have insurance to cover it - ?
• My Anti-Virus takes care of it-Uh No it doesnt
• I have a firewall-That is a start
• You are just trying to scare me into buying
  something I dont need or want-motivation to
  change starts with knowledge of the threat

46
Possible Next Steps

• Do an audit of how secure you really are- EVA-IVA
  Analysis
• Apply for Cyber Insurance-See if you are eligible
• Update your security policy
• Verify that you have the proper protection to
  provide a secure computing environment with
  controls to prevent your system from intentional
  or un-intentional misuse.
• Invest in the technology that will provide you
  the necessary protection and reporting that
  doesnt require a security expert

47
Whats needed to provide Security Solution
recommendations

• Existing Security Products Currently Used
• How Many Users on Your Network
• What type of internet connection (s)
• Do you require access from a remote location
• Do you have multiple offices
• How many servers do you have
• Do you have 3rd parties accessing your network

48
Information Available

• Product Literature is available
• The Slide Presentation is Available-please
  provide your business card
• Fortinet.Com Web Site
• Fortinet Awestruck Presentation
• Marriott Milwaukee West-Waukesha, WI
• May 24th
• Registration 830am to 900am
• Presentation 900am to Noon

49
Thank You!

• For more information please visithttp//www.forti
  net.com