Leading A Retail

Revolution
Fortinet Retail Solutions

Jim Overbeck, Fortinet

James Roman, Fiesta Restaurant Group
1
Agenda
Retail Industry Trends and Challenges

Fortinet Solutions in Retail—Enabling the Revolution

What’s Next for Fortinet in Retail?

Customer Success—Fiesta Restaurant Group

James Roman, Director of Infrastructure and Security

Summary

Q&A

2
Retail Industry Trends and Challenges
The Retail Industry Is Healthy and Growing

4
Omnichannel Is Where It’s At

2 Emma Sopadjieva, Utpal M. Dholakia, and Beth Benjamin, “A Study of 46,000 Shoppers Shows That Omnichannel Retailing Works,” Harvard Business Review, January 3, 2017.
3 Brendan Witcher and Claudia Tajima, “Masters of the Top Four Retail Tech Trends,” Forrester, January 18, 2018.
5
Retail Industry Is Changing

Digital Transformation

63% surveyed indicated that

their organizations deploy
new technologies in
advance of having the
security in place to protect
them.

¹
6
Source: 451 Research 2017 Retail Customer Survey
The Move to “Phygital” and “BOPIS”
90% of Retailers Plan to Implement BOPIS by 2021
Retailers are accelerating the move to “phygital” – the
digitization of the in-store experience.

By 2021:
• 75% will be able to identify specific customers in the
store and have the ability to customize their visits
• More store associates will be armed with the
technology to help create more customized
experiences:
• Mobile POS devices (87%)
• Mobile computers with scanners (86%)
• Tablets (85%)
• Kiosks (78%)
7
Source: 2017 Retail Vision Study---Zebra
Retail Trend Report—January 2019

8
Source: IHL Retail Trends---Article from 2019 NRF
Financial Impact of Retail Breaches
Retail Breaches Double in 2018
“The bad news is that 50% of U.S.
retail reported being breached last
year, also significantly ahead of the
global average (36%).”

“Further, three quarters (75%) of U.S.

retail have experienced at least one
breach at some point in the past.”

“84% of U.S. retail respondents say their organizations will increase IT security spending
this year, up sharply from last year (77%)”

“More than a quarter of both U.S. retail and Global retail (28%) say their spending this
year will be ‘much higher.’”
10
Fortinet Confidential https://www.thalesesecurity.com/2018/data-threat-report-retail-thankyou
How Much Does a Breach Cost?

11
Fortinet Confidential
2018 Cost of A Data Breach Study---IBM Security and Ponemon Institute: https://www.ibm.com/security/data-breach
Fortinet’s Retail Security Fabric
Retail’s Distributed and Disparate Environment

INTERNET

50%
RETAIL DATA

of global retailers cite

CENTER

SMALL STORE WAN

complexity as their
main barrier to securing
WAREHOUSE
sensitive data.
KIOSK

LARGE STORE

13
Source: 451 Research 2017 Retail Customer Survey
 Network Security

Fortinet Security Fabric Multi-Cloud Security

Device, Access, and

FortiManager
Application Security

Open Ecosystem

Security Operations

BROAD
Fabric Fabric
APIs Connectors

Visibility of the entire

digital attack surface

INTEGRATED FortiClient FortiGate VM

FortiNAC FortiCASB
Protection across all devices,
networks, and applications FortiGate

AUTOMATED FortiAP
FortiSwitch
FortiWeb
FortiMail
Operations and response FortiToken FortiADC
driven by Machine Learning

FortiAnalyzer
FortiSIEM
Q1FY19 v1.4.3 FortiSandbox 14
Fortinet Retail Security Fabric
FortiFone FON 175 Part Numbers

Security Features FortiGate 60E

FortiCamera FD40
FG-60E-BDL-950-DD
Hardware & 3 yrs support

FortiSwitch 124

FS-124E-FPOE, Hardware
FC-10-WP12E-311-02-DD, Support 8x5

FortiGate 60E
FortiSwitch 124 FortiAP 221

FAP-221E-A, Hardware
FC-10-PE221-311-02-DD, Support 8x5

FortiAP 221
FortiExtender 40D

FEX-40D-NAM
FC-10-X0041-610-02-DD

FortiExtender 40D
FortiCamera FD40

FCM-FD40
FortiLink
FC-10-FCM40-311-02-DD

Technical Features FortiFone FON 175

FON-175
FC-10-FF175-247-02-DD

15
Fortinet Security Fabric

Sandbox
Data Center / Private Cloud
Endpoint
Secure Access NGFW
Protection
Point

Virtual
Top-of-Rack Firewall

Switching SDN, Virtual Database

Firewall Protection
Internal Internal
Segmentation Segmentation FW
FW Web Servers Application
Delivery
Controller
IP Video
Web Application
Security
Firewall

Internal
Public Cloud
Distribution Center Segmentation FW Email
Server

DCFW/
NGFW
Distributed Ent FW
Email
Security
Client Devices
Internal
Client Devices LTE Extension Segmentation
FW

DDoS Protection FortiCloud

Sandbox

Store
Operations Center
Fortinet Security Fabric
SECURE ACCESS APPLICATION ADVANCED THREAT CLOUD SECURITY ENTERPRISE
SECURITY PROTECTION FIREWALL

FortiSandbox

Data Center / Private Cloud

FortiClient FortiGate
Secure Access
NGFW
Point

Fortinet
Top-of-Rack Virtual Firewall

FortiSwitch FortiGate VMX FortiDB

Switching SDN, Virtual Database
FortiGate Internal FortiGate Internal Firewall Protection
Segmentation FW Segmentation FW FortiADC
Web Servers Application
Delivery
Controller
FortiWeb
IP Video
Web Application
Security
FortiSwitch
Switching
Firewall

FortiGate Internal
Public Cloud
Segmentation FW
Distribution Center Email
Server
FortiCloud AP Management

FortiCloud Sandboxing
FortiGate
DCFW/
FortiGate/FortiWiFi NGFW
Distributed Ent FW FortiMail
FortiClient Email Security
FortiGate Internal
FortiClient FortiExtender Segmentation FW
LTE Extension
FortiAnalyzer
FortiDDoS Protection FortiCloud

FortiSandbox

FortiManager

Store FortiSIEM

Operations Center
Fortinet Fabric-Ready Partnerships

SDN/NFV & VIRTUALIZATION CLOUD ENDPOINT

MANAGEMENT IDENTITY MGMT. IoT/OT/NAC SIEM

18
Snapshot in 2019; new partners added continuously.
SECURE SD-WAN
Challenges with Today’s Retail WAN Topology

Lack of Security Backhauling Slows SaaS Apps

Internet
Poor App SLA

No App Visibility

MPLS Data Center

Retail Offices Expensive and Slow

20
SD-WAN Enables Digital Transformation in Retail

NGFW Security No Backhaul to the cloud

Internet
Better APP SLA
Multi-Cloud
Broad App Visibility

Internet

Data Center
Retail Offices OpEx Savings and Rapid Provisioning

21
Fortinet SD-WAN Gives Performance of a Lifetime

Highest QoE for VoIP

4.38 out of 4.41

Lowest TCO
$5 @ 749 Mbps

Only Security Vendor to

earn “Recommended” rating
Blocked 100% Evasions

22
 Recognized Security and SD-WAN
 Highest Rated SD-WAN vendor with
integrated NGFW security
 Recognized by Gartner:
 Key SD-WAN capabilities such as
application visibility and steering
 SSL inspection and high VPN scalability
 Global ties to large carrier and MSSP
partners that can delivery our solution
 Our vision around automation and
integration aligns with current and future
customer needs

23
Zero-Touch Deployment
Zero-Touch Deployment: Only Fortinet Offers 3 Levels

Retailers minimize
install/upgrade costs and
downtime through
automation of hardware
deployment

25
Advance Scalability
11 Bandwidth Classifications
13,049 Branches 229 Field Techs

7 Field Services
116 Modem Types Support Regions 240 Carriers

26
Branch Conversion Workflow
20 minutes

Prep Check FortiOS Configure branch- Power Call HQ

Arrive Get branch info Mount and cable
phone version and load specific info via down all support
from database FortiGate
system base config USB devices center

FortiProvision FortiProvision
first phase second phase
Call HQ
Approve
(DMZ FMGR) (Internal FMGR) Power on Router Branch Take Depart
Support
all devices checkout checkout pictures
Center
Ping test
Change router DNS

~ 1 hour 15 minutes

27
Rollout Dashboard

%
Country Complete Remaining Total
Complete
US 11,781 0 11,781 100%
CA 563 0 563 100%
Total 12,344 0 12,344 100%

28
What’s Next for Fortinet in Retail
“Phygital” Security Integration: FortiCamera

• Integration of physical and digital security

for stores, warehouse, HQ, etc.
• Presence analytics of network monitoring
(MAC address on APs) combined with
camera and recorder to provide remote
visibility of store
• Integration with door/RFID/biometric/other
physical security measures
• Facial and object recognition, alerting
personnel through SIEM or integration with
security/fire/safety monitoring partners

30
“Phygital” Security Integration: FortiNAC
• An estimated 31 billion IoT devices
will be connected by 20201
• Attacks targeting IoT devices
continue to rapidly evolve
• In response, FortiNAC provides IoT
endpoint visibility, network access
control, and automated threat
responses to suit the security
needs of retailers with IoT initiatives
• Features work with all firewalls and
integrate seamlessly with other
security solutions

1“The Internet of Things (IoT) units installed base by category from 2014 to 2020,” Statista, February 2017 (accessed August 24, 2018).
31
2019 Retail Event Presence
Event Name Date Location
NRF Big Show January 13-16, 2019 New York, NY
IFA Annual Convention February 24-27, 2019 Las Vegas, NV
MURTEC March 11-13, 2019 Las Vegas, NV
Retail Customer Advisory Board October, 2019 TBD
NRF Protect June 11-13, 2019 Anaheim, CA
FSTec Sept 8-10, 2019 Dallas, TX
NACS Oct 2-4, 2019 Atlanta, GA
MURTEC Executive Summit October, 2019 San Antonio, TX

32
Fortinet Retail Customer Logos
Quick Serve Restaurants

34
Fortinet Confidential
Consumer Goods and Services

35
Fortinet Confidential
Hospitality—Dine In

36
Fortinet Confidential
Customer Success Story
James Roman, Director of Infrastructure and Security
Fiesta Restaurant Group
Fiesta Restaurant Group

•Fiesta Restaurant Group, Inc. owns, operates, and franchises Pollo Tropical and Taco Cabana
restaurant brands. It has been publicly traded (NASDAQ: FRGI) since 2012
•Pollo Tropical operates nearly 140 locations in Florida, and 35 franchised locations internationally
specializing in citrus-marinated chicken and tropical flavors
•There are more than 160 company-owned and franchised Taco Cabana locations in Texas specializing
in Mexican-inspired food
•10K employees and 2018 revenue of $688.6M
38
Fiesta Restaurant Group Priorities
Profitability and
Customer Experience Company Culture Optimization
 Both brand menus are  Strong community  Training and
centered on freshly support programs at development programs
prepared, quality food Warrior and Family
with everyday value Support Center  Technology
investments to drive
 Safe, consistent, and  Random Acts of Tacos! sales, efficient
appealing inventory management,
environments in all and business analytics
 Life’s Truly Better
restaurants Under the Palm

39
Fiesta Restaurant Group History

Aug/Sept
1978 1988 2012 Feb 2017 May 2017 2017 Jan 2018

The first Taco Cabana FRGI established as I took over Network

opened in a former a spin-off from management of upgrades begin
Dairy Queen in San Carrols Restaurant infrastructure for for all
Antonio, TX Group, Inc. the company. restaurant
locations
Hurricane
Rick Stockinger
The first Pollo Harvey hits
appointed CEO. Started
Tropical opened in Texas and
a period of rapid change
Miami, FL and it is floods Houston.
to drive the restaurant
still in business brand’s growth. Hurricane Irma
hits Florida.

40
Fortinet Solutions at Fiesta Restaurant Group

FortiManager

Data Center
Colocation
Facility FortiGate
FortiAuthenticator

FortiAP-222E
Cloud-based FortiAP-221E Outdoors
solutions Indoors
FRGI HQ
Addison, TX FortiWiFi
FortiGate VM 60E
FortiExtender
40D Tablets

Taco Cabana Pollo Tropical

Kiosks
San Antonio, TX Miami, FL
POS

Restaurant
41
Fiesta Restaurant Group–Technology in Use
• FortiGates at restaurant locations, corporate offices, and data centers
• Redundancy built in

• FortiExtender at store for POS redundancy and data backup

• Multiple APs installed both internally and externally at all restaurants

• FortiManager to centrally manage firewall configurations and distribute updates

• FortiAuthenticator for two-factor authentication

42
Fiesta Restaurant Group—Project Highlights
• Staff Reductions / Loss of Internal Expertise
• Improve ability to maintain infrastructure with limited resources
• Changed MSP to Comm-Works to provide first-level support for entire network, including site dispatches
• 24/7 security operations management through Masergy

• FortiWiFi / FortiExtender Upgrade

• Overhaul an older network to support current needs and prepare for rapid changes
• Upgraded older FortiGate 60Cs with FortiWiFi 60Es
• Replaced existing broadband WAN2 circuits with FortiExtenders with dual SIMs for POS transaction and
data flow continuity

• Line Buster Implementation

• Drive thru customer experience and efficiency improvements (speed-of-sales)
• Wireless order and payment devices implemented at all restaurants
• Firmware upgrades required on all FortiGates
• Installed external FortiAPs at all sites
• Security a major factor
43
Delivering on the Promise: FRGI and Fortinet
Fiesta Restaurant Group Needs/Requirements Fortinet

Separation of PCI/POS from other systems/tech 

Staff availability/expertise 
Centralized control and management of firewalls for store configurations/changes 
Network availability and redundancy 
Readiness to rapidly support new business technologies 

44
Business Impact of Fortinet at Fiesta Restaurant Group
Comprehensive Flexibility and Secure Remote
Plug and Play
Protection Scalability Management

Multiple integrated solutions provide seamless

coverage across entire attack surface

45
Fiesta Restaurant Group Next Steps
• New projects in the works
• Guest loyalty
• Kiosks
• Off-premise orders: delivery, catering, and call-ahead orders
• IoT type devices: adding more (and sometime unexpected) devices to the network

• New focus areas

• Corporate office and data center hardware upgrades
• Other hardware changes in the stores (racks, power) to simplify remote physical
interaction
• End-of-life switches

46
Fiesta Restaurant Group Summary
• Network stabilized due to upgrades but the firewalls were only one
piece to the puzzle
• MSPs hired to augment staff and take over Level 1 support
• Circuits are being converted to improve service and reduce cost
• Firmware has to be upgraded to take advantage of hardware functionality

• Standardization: vendors, hardware, and configuration

• Takes fewer resources to maintain
• Resources are more focused
• Changes are easier to deploy rapidly

47
Summary
Summary

• Retail is not dead—but retailers must evolve and transform

• Fortinet’s solutions are enabling a revolution for retailers to fast-forward that change

• Fortinet has helped Fiesta Restaurant Group solve business challenges securely

• Fortinet is leading the way for major retailers, partners, and consumers

49
Questions?
Appendix: MSSP Focus
FortiGuard Subscription Service Options (FortiGate)
Advanced Threat Unified
Enterprise Standalone
FortiGuard Bundles & Services Protection Protection
Protection Protection
(ATP) (UTM)
Threat Intelligence Service ✔
Industrial Security Service ✔ ✔
Security Rating ✔ ✔
CASB ✔ ✔
Web Filtering ✔ ✔ ✔
Advanced Malware Protection
Includes Antivirus, FortiSandbox Cloud, Mobile, Botnet, VOS, CDR
✔ ✔ ✔ ✔
IPS ✔ ✔ ✔ ✔
Internet DB ✔ ✔ ✔
IP Reputation ✔ ✔ ✔
Application Control ✔ ✔ ✔
Anti-Spam ✔ ✔

52
 Managed SD-WAN Service* Good Better Best Custom

One WAN Link ✔ ✔ ✔

3G/4G Failover Configuration ✔ ✔ ✔
Multi-Path Controller & Link Health monitoring ✔ ✔ ✔
Dual WAN ✔ ✔
Load-balancing & bandwidth sharing ✔ ✔
Preferential Policy Routes ✔ ✔
QoS Provisioning ✔
Application Prioritization ✔
VPN Failover to data center ✔
Performance SLA ✔
Traffic Shaping ✔
Additional WAN Connections ✔

*hardware only
53
Managed Switching Offers

LAN / Switch Service Functions Good Better Best

Switch Configuration ✔ ✔ ✔
Hardware replacement ✔ ✔ ✔
Security & Centralized Mgt ✔ ✔ ✔
Single VLAN ✔ ✔ ✔
Switch Up/Down Monitoring ✔ ✔ ✔
Multiple VLANs ✔ ✔
LAN QoS Configuration ✔
Device Port Security ✔
FPOE ✔

54
Managed Wi-Fi Offers

Managed AP Service Functions Good Better Best

AP Configuration ✔ ✔ ✔
Hardware replacement ✔ ✔ ✔
AP Up/Down Monitoring ✔ ✔ ✔
Security & Centralized Mgt ✔ ✔ ✔
Single SSID ✔ ✔ ✔
Multiple SSID ✔ ✔
Guest Captive Portal ✔
Rogue AP Detection ✔
802.1x Authentication ✔

55