Upload
ledien
View
217
Download
0
Embed Size (px)
Citation preview
2
Technologie Vision
Realisierung ATP SAA Enterprise Firewall Cloud Security DC Security
Business Strategie Sicherheit für eine neue Welt
FORTINET SECURITY FABRIC
Fortinet - Secure Fabric
3
Internet
Known threats on web/messaging trafficblocked on the NGFW, WAF and SEG.
Unkown URLs and Files submission to FortiSandbox
FortiSandbox to deliver URL and AV DB updates for malicious or suspicious detection.
EPP lockdown in case of infection, from the NGFW FortiView FortiSandbox
FortiSandbox
FortiGate NGFW
FortiWeb
FortiMail
FortiClient
ATP Framework in Action
5
Evolution of Security
Increasing Damage
AppControl
WebFilter
Anti-Spam
AntiMalwareVPN IPSFIREWALL Advanced
Threat Protection
Hackers
Layer 1-2 Content & Application (Layer 3-7)
IntrusionsWorms
VirusesSpyware
BotnetsSpam
MaliciousURLs
MaliciousApps
AdvancedPersistent
Threats
2005 2007 TodayTHREATTIMELINE
201120032000
Incr
easi
ng P
erfo
rman
ce R
equi
rem
ents
FortiGate FortiMail FortiSandBoxFortiWeb FortiGate
9
0
100000
200000
300000
400000
Infektionsrate Ransomware Germany - Gesamt
88.265106.945
348.198354.677
Dezember 2015
Statistiken / Zahlen / Fakten
Januar 2016 Februar 2016 März 2016
12
Statistiken / Zahlen / FaktenTOP 3 Länder
Locky Infektionen seit 01.01.2016 pro Woche
17.000 GER11.000 USA5.000 ITA / NL
500.000
15
oderDOCDOCMXLS
JS
SPAM Email
http://maleware.ru/log/3643fj535.exe c2c.URL.ru/main.php
Ich habe eine Locky-Datei bekommen…
16
• Email mit Anhang• Word Dokument
möchte ein Makro ausführen
• Makro lädt Locky Payload
• Verschlüsselung wird durchgeführt
Locky – Was tut es?
17
• Locky wird von einem gekaperten Webserver geladen
• Server und Payload wechseln und werden schnell angepasst
Locky – Was tut es?
18
• C&C Domains werden täglich neu registriert.
• C&C Domains werden dynamisch generiert
Locky – Was tut es?
19
Internet
Known threats on web/messaging trafficblocked on the NGFW, WAF and SEG.
Unkown URLs and Files submission to FortiSandbox
FortiSandbox to deliver URL and AV DB updates for malicious or suspicious detection.
EPP lockdown in case of infection, from the NGFW FortiView FortiSandbox
FortiSandbox
FortiGate NGFW
FortiWeb
FortiMail
FortiClient
ATP Framework in Action
29
Nur 2 von 57 Virenscanner erkenne die Malware
Malware wurde von fast 8 Stunden das erste Mail gesehen und gescannt
Wildlife-Analyse
37
Personality, Performance and
Scalability
DCFW/CCFW
ISFW
CFW/VMFWNGFW/NGIPS
UTM
Software & Services
Product Range Entry Level Mid Range High End Virtual Appliances
FortiGuardSecurity Services
FortiOSOperating System
FortiCareSupport Services
100-200 Series
30-90 Series
300-900 Series
1000 Series
3000 Series
5000 Series
VM Series
SoCCPU
CP
MultiCoreCPUNP
MultiCoreCPUNP CP
MultiCoreCPU
H/W Dependent1 Gbps 10 Gbps 10 Gbps - 50 Gbps
Chassis System
50 Gbps - 1 Tbps
FortiGate
38
Performance & Scalability
Email Routing (Msgs/hr)* 3.6k 76k 150k 650k 1,500k
AS+AV Perf.(Msgs/hr)* 2.7 58k 120k 500k 1,300k
Domains 2 20 100 800 2,000
FML- 400C
FML-200D
FML-1000D
FML-3000D
FML-VM04
FML-VM00
FML-VM01
FML-VM02
FML-VM08
FML-60D
FortiMail
39
VMs NA 2+ 8 28
FortiSandbox - Modelle
Fortinet Sandbox Cloud
Fortinet Sandbox VM
Fortinet Sandbox 1000D
Fortinet Sandbox 3000D
High-End-LevelMid-Size-Level
Entry-Level