Advanced Threat Protection

For the Enterprise

Derek Manky
Global Security Strategist

1 Fortinet - Confidential
Copyright 2013 Fortinet Inc. All rights reserved.
 DISCLAIMER

This document contains confidential material proprietary to Fortinet, Inc.

This document and information and ideas herein may not be disclosed, copied, reproduced or
distributed to anyone outside Fortinet, Inc. without prior written consent of Fortinet, Inc.

This information is pre-release and forward looking and therefore is subject to change without
notice.

The purpose of this document is to provide a statement of the current direction of Fortinets
product strategy and product marketing efforts.

Please note that this Product Roadmap is neither intended to bind Fortinet to any particular
course of product marketing and development nor to constitute a part of the license agreement
or any contractual agreement with Fortinet or its subsidiaries or affiliates.

2 Fortinet - Confidential
 Agenda

Introduction
Target market, opportunity size, requirements

What we offer
Solution description, benefits, new appliances

More detail
A look at the product, how it compares, a word of
caution

Recap
Partner calls to action, plus Q&A

3 Fortinet - Confidential
Market Opportunity
Advanced Threat Protection

Today's cybercrime environment has evolved from quick smash-and-grab tactics to the more refined
"long con"; criminal organizations, and even governments, now create specialized malware, intended for
a select target or groups of targets, with the ultimate goal of becoming embedded in the target's
infrastructureWhile methods vary, the commonality of these specialized attacks is that they are
created to avoid detection by mainstream security technologies, such as antivirus, firewalls, and content
inspection gateways. Following the emergence of these specialized threats over the past several years
is a new category of security technology aimed at detecting, analyzing, and preventing these threats;
IDC defines this market as specialized threat analysis and protection (STAP).

4 Fortinet - Confidential
Market Requirements
Advanced Threat Protection For the Enterprise

Security-conscious organizations should plan

on implementing at least two styles from this
framework.

Effective protection comes from combining

technologies from different rows (for example:
network/payload, payload/endpoint or
network/endpoint). The same logic applies to
mixing styles from different columns (different
time horizons).

5 Fortinet - Confidential
Market Requirements
Advanced Threat Protection For the Enterprise

Security-conscious organizations should plan

on implementing at least two styles from this
framework.

Effective protection comes from combining

technologies from different rows (for example:
network/payload, payload/endpoint or
network/endpoint). The same logic applies to
mixing styles from different columns (different
time horizons).

6 Fortinet - Confidential
 Advanced Threat Protection

Advanced Persistent Defense

Three Step Approach to APT Defense

Step 1 - Mitigate Step 2 - Discover Step 3 - Respond

Mitigate threats before Discover threats that Respond to any threats
they enter your network have or tried to enter the that have breached the
Proactive is key network network

UTM & NGFW Sandbox Incident Response

7 Fortinet - Confidential
 FortiSandbox Advanced Threat Protection

Multi-tiered file processing optimizes resource usage to improve security, capacity and
performance

Call Back Detection Identifies the ultimate aim, call back and exfiltration
FortiGuard verified

Cloud Query Accesses FortiSandbox, community intelligence

FortiGuard verified

Virtual OS Sandbox Examines real-time, full lifecycle activity

Provides rich threat information

Code Emulation Quickly simulates intended activity

OS independent and immune to evasion/obfuscation

Applies top-rated (95% (Reactive And Proactive) engine

AV Engine
Serves as an efficient pre-filter

8 Fortinet - Confidential
Solution Description
Advanced Threat Protection For the Enterprise

FortiGate for Network Traffic Analysis

Flag suspicious (or high risk) objects for more inspection
Identifies botnet and C&C communications
Receives updated threat intelligence for inline prevention Network Traffic

Network
FortiSandbox for Payload Analysis
Run objects in a contained environment, analyzing activity
Provide a malicious or low, medium or high risk rating
Uncover threat lifecycle information and allows information
sharing with FortiGuard experts for protection updates AV Anti- Web Code OS
Botnet Filtering Emulation Sandbox

Note: most all functions above can be handled by FortiSandbox alone, but for
existing customers leveraging in-place FortiGate is recommended

9 Fortinet - Confidential
 FortiSandbox 1000D/3000D

Effective, Affordable, Easy-to-Manage Advanced Threat

Protection (sandboxing)

FSA-1000D FSA-3000D

Availability: early 2014 Availability: Ltd availability mid-

December 2013

Highlights:
Up to 8 VMs supported, 1000 files/day
Handles all protocols, plus sandboxing
Unique dual-level sandbox
Integrates with FortiGate for simple
deployment and management
Highlights:
Up to 32 VMs supported, TBD files/day
Handles all protocols, plus sandboxing
Unique dual-level sandbox
Integrates with FortiGate for simple
deployment and management

10 Fortinet - Confidential
 FortiSandbox Advanced Threat Protection

Easier, more affordable to procure, deploy, monitor and maintain

5 dedicated ATP boxes

Email, Web, Internal traffic
Manual analysis
Central management

11 Fortinet - Confidential
 FortiSandbox Advanced Threat Protection

Easier, more affordable to procure, deploy, monitor and maintain

Fortinet Deployment Topology Example

5 dedicated ATP boxes

Email, Web, Internal traffic 1 dedicated ATP box
Manual analysis All protocols, all functions
Central management

12 Fortinet - Confidential
 What makes FortiSandbox different? Advanced yet simple.

More robust protection Best price/performance Integrated deployment

Dual-level Sandbox + Antimalware All protocols, All functions, One box Extension of In-place Infrastructure

FortiGuard
Labs

13
200K New Samples / Day
(Monitored Threat Landscape)

50% Proactive Detection via AV

Hour Zero, Day Zero

13 Fortinet - Confidential
 What else should I know? This is a 1.0 product.

Begins with a limited set of supported protocols, object types, operating environments
and integrations

Casts a broad net for high risk items, with limited detection of network anomalies
requiring further investigation

Needs more customer deployment to grow into its full potential

14 Fortinet - Confidential
Top 3 benefits

1. Identifies previously unknown threats that may have otherwise gone undetected for
weeks, months or more

2. Exposes lifecycle threat intelligence, for manual remediation and/or submission to

FortiGuard for updated protection

3. Raises executive awareness about the importance and prioritization of security

technology, process and staffing investments

15 Fortinet - Confidential
 FortiSandbox Advanced Threat Protection

Easily Extends FortiGate

Can Receive All or A Subset

of Objects from FortiGates

Allows Information Sharing

Back to FortiGuard

16 Fortinet - Confidential
 Advanced Threat Protection Step 1

The Wildlist Check

Deep Inspection vs. Traditional Stream

DEEP AV DEEP AV
" 99.82% " 99.81%
Effective 573
Effective
18,165
33 VB100 Awards, RAP Leader
STREAM STREAM
>96% Reactive and Proactive Detection
WILDLIST
" 98.6% " 28.18%
Q4 2013: #1 Proactive Vendor (Single Engine)
Effective Effective
Vendors like Checkpoint cannot compete
Public Results: www.virusbtn.com/vb100/rap-index.html

17 Fortinet - Confidential
FortiGuard Internal Test Comparative
 ATP: Botnet Control Step 1

Callback Detection
Black List vs. Proactive Intelligence

PROTOCOL RESEARCH
Botnet C2 Decoder (AppCtl)
" FortiGuard creates decoders
IRIS (IP Reputation)
" FortiGate, Sandbox understands botnet commands
Webfiltering
" Proactive C2 detection results

Stolen Data, Commands

18 Fortinet - Confidential
 Sandbox Locally Step 2

1 Files Processed 2 Suspicious to 3 Files collected, scanned

Through FortiGate FortiSandbox

4 Results sent to
FortiGuard for
5 Updates pushed out by Updates
FortiGuard Network
(To FortiGates, FortiSandbox)

FortiSandbox!
19 Fortinet - Confidential
 Sandbox in the Cloud Step 2

1 FortiOS AV 2 Still Suspicious 3 Results are correlated

Engine Provides Samples Sent for across all FortiGuard
Local Sandbox Cloud Sandbox Services
Analysis

4 Updates pushed out by

FortiGuard Network

FortiGuard Sandbox!
20 Fortinet - Confidential
 FortiSandbox Advanced Threat Protection

Delivers high level and detailed visibility into previously unknown attacks

21 Fortinet - Confidential
 Partner Call to Action

Top 3 things to do
Get up to speed on FortiSandbox
Educate customers about Advanced Targeted Attacks and the need
for Advanced Threat Protection
Contact your CAM for support on early opportunities

22 Fortinet - Confidential
 File Detection Advanced Threat Protection

23 Fortinet - Confidential
Network Alerts Advanced Threat Protection

24 Fortinet - Confidential
By FortiGate Advanced Threat Protection

25 Fortinet - Confidential
 Drill Down Report Advanced Threat Protection

26 Fortinet - Confidential
 Threat Analysis Advanced Threat Protection

Delivers high level and detailed visibility into previously unknown attacks

27 Fortinet - Confidential
 Threat Analysis Advanced Threat Protection

28 Fortinet - Confidential
 PDF Report Advanced Threat Protection

29 Fortinet - Confidential
On Demand Advanced Threat Protection

System & Malware Logging Support

30 Fortinet - Confidential
 Threat Analysis Advanced Threat Protection

Delivers high level and detailed visibility into previously unknown attacks

31 Fortinet - Confidential
 VM Activity Advanced Threat Protection

Delivers high level and detailed visibility into previously unknown attacks

32 Fortinet - Confidential