Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
FortiMail
Multilayer EMAIL Security
Email is *the* critical threat vector
269 Billions Mail x Day 49.7% Spam 135 Billions 2.3 % Malicious Attach 3,1 Billions
Email is still the Number 1 ThreatVector (80%)
30% of phishingmessages wereopened by theirintended target about 12% percent of
recipients went on to click the maliciousattachment or link thatenabled the attack to potentially succeed
Email is *the* critical threat vector
Malware
• Targets unskilled users thereforeoften volumetric attacks
• Use of social engineeringtechniques to get users to open email and execute malware
• Some zero day, mostly a numbersgame
Email Based Threats
Phishing
• Targets an interest group, organization or individuals (spearphishing) within the organization
• Customised content based on userinterests or role
• Often targeted at C-levels (whaling)• Zero day malware or social
engineering to divulge financial or credential information
• 12% users click on maliciousattachments or links in such mails*
Compliance & Data Loss
• Sending of Personally IdentifiableInformation (PII) via Email
• Sending of corporate confidentialinformation out of the organization
• Corporate espionage• Failure to encrypt sensitive emails• Failure to backup/save/archive
emails to comply with corporate standards
• IRS – 7 years• PCI – 1 year• State depts – 3 years• HIPPA – 6 years
All form factors
Hardware Appliances
• 8 models
• Filter 2.7k to 2m Messages Per Hour
• Support for 10GE
SaaS
• Gateway or Server Mode
• Standard or Premium
• Per User Per Year
Virtual Appliances
• 7 VM models
• CPU- and Domain-based
• Perpetual licensing or Marketplace On-Demand
Detailed Datasheet
Multiple Deployment Scenarios
Gateway Mode• Most common deployment scenario• Mail is delivered to FortiMail, scrubbed of threats and forwarded to
destination mailserver
Transparent Mode• Deployed as a bump in the wire. No configuration changes
required to the email infrastructure.• Commonly utilised in the ISP and Carrier environment.
Server Mode• FortiMail acts as a full mailserver providing POP3, IMAP, Webmail
and calendaring in addition to security functions.
Deploys as Primary or Supplemental Filtering On-premise
FortiGuard
• Antispam• Adult Image Analysis• Antimalware• Virus Outbreak• Optional Sandboxing
Mail Server
FortiMail
FortiSandbox
IoC Distribution• IPs• File Hashes
Or Also Deploy in the Cloud
Mail Server
Cloud SEG & Sandboxing
FortiGuard
• Antispam• Adult Image Analysis• Antimalware• Virus Outbreak• Optional Sandboxing
IoC Distribution• IPs• File Hashes
Security Bundles
Antispam Service
• Sender IP ratings
• Embedded URL ratings
• Content-based hashes for spam and phishing campaigns
• Separate “newsletter” identifiers
Antivirus Service
• One-to-many signatures
• Heuristic rules
• Emulation
• Decrypting/Unpacking
• Patented content pattern recognition language (CPRL)
Outbreak Prevention
• Pre-signature intelligence
• Covers emerging spam and malware campaigns
• Leverages new sandbox and other intelligence
Impersonation Analysis
• Identifies spoofed email
• Dynamically builds protections for common email addresses
• Complements sender authentication
FortiSandboxCloud
• FortiSandbox hosted by Fortinet
• Includes prefiltering, emulation and full instrumented analysis
• Subscription-based
• No separate sandbox required
Content Disarm and Reconstruction
• Removes high risk active content
• Supports Microsoft Office and Adobe
• Can be applied by user, group or policy
• Original documents can be retained and restored
Click Protect
• Dynamic reputation query
• Determines rating at the time of user click
• Identifies recently compromised sites changed shortly after campaigns are launched
Base Bundle
Enterprise ATP Bundle
High Availability and Scalability Options
▪ Active-Passive Cluster• Two-devices, full failover protection• » Heartbeat and Service Monitoring• » Full mailbox, archive, quarantine, log and queue synchronization
▪ Config Only HA• Linear scalability suitable for the largest ISPs and Carriers• » Centralized quarantine, management and IBE• » Enables DR and geographic redundancy• » Load balanced option using FortiADC or third party load balancer
FortiMail
Security Overview
Anti-Spam/Anti-Phishing
▪ FortiGuard Reputation Databases» Cloud database query to identify knowspam IP and content
FortiGuard Antivirus, Anti-Spam and URL FilteringFortiGuard IP Reputation includingBotnets
» Removes volumetric spam at low cost
▪ Advanced Filtering Techniques» Detects new Spam campaigns using a variety of dynamic techniques
Header Analysis Sender ReputationDynamic Heuristics DKIM / SPF / DMARCBehavior AnalysisS suspicious NewsletterGreyware Scanning
Anti-Malware
▪ FortiGuard Anti-Malware (On-box)» One-to-many signature matching (CPRL)» Heuristic detection» Code emulation & Behavioural analysis
▪ Outbreak Protection (Cloud based)» Real-time data analytics on every request to the FortiGuard network to identify 0-day threat outbreaks in minutes
▪ Active Threat Neutralization» Strip active HTML content and attachmentsfrom emails to neutralize potential threats» Deliver neutralized version and forwardoriginal to archive host
File Sample
Take Action Based on ProfilesFile discarded, option to Quarantine and event logged
Outbreak detection
Behavioral Analysis
Code Emulation
Decryption/unpacker System
Signature Match(CPRL/Checksum)
FortiGuard Data Analytics
Content Disarm & Reconstruction
▪ Select URI category to strip when disarming HTML » Select a URL filter to
selectively disarm URLs in CDR
▪ Password Decrypt Office Docs» Password decrypt of Archive and PDF
supported since 5.4 » Extend support to MSOffice Documents
Remove macros
Neutralize URLs
Remove embedded content
URI Click Protection
▪ Rewrite URLs to point at FortiMail» FortiMail rescans when links are clicked to detect status change since first rating » New URL Click Protect License
▪ Benefit » Extends security to the desktop » FortiMail continues to add valuewith Outbreak Protection featurelicense
Business Email Compromise (BEC)
▪ Impersonation Analysis » Identify normal Display Name /
Header Address matches. » Detect inbound email spoofing
and warn recipient» Prevent Whaling attacks against C- Levels» Automatic detection of normal address
format or manual upload
FortiSandbox Action
▪ Separate actions for FortiSandbox scan results(Attachments and URI): » Malicious/Virus» High Risk» Medium risk» Low Risk» No Result
FortiMail
Other Features
Security Fabric Integration
▪ FortiSandbox» Identify previously unknown threats» Return file and URL ratings to FortiMail
▪ FortiGate, FortiClient, Fabric-Ready Partners» Receive IoCs related to attacks starting with email» Increase overall security posture
▪ FortiAnalyzer» Aggregate and correlate security logs from email, network, endpoint and more» Provide a single, enterprise-wide view of the security posture
FortiGateFortiMail
HTTP Traffic
MailServer
FortiSandboxFiles for
Inspection
Fabric Ready Endpoint Partners
Ratings Returned
IoCs to Block
FortiClient
FortiAnalyzer
IoCs to Block
FORTIGUARD ENHANCEMENTS
▪ Email Template Hashing» Some spam content follows a very
common layout format » Content hashes change on each mail but
follows a common format
▪ Enhanced Data Mining Engine » AntiSpam Data Mining Engine
enhancements, over 90% AntiSpamsignatures are now mined/releasedby our AntiSpam Data Mining Engine automatically
FortiGuard HASH
FortiGuard Geo IP
▪ Import Geo IP DB from FortiGuard» IP Based Policy based in
Geo Country / Region» Embellish reports and logs with
region flags
Office 365 API Integration
▪ Office 365 Connector » New feature becomes visible on licensing» Available in Gateway mode » Profiles & Policy are totally separate to the
existing versions
▪ Configuring an Office 365 Account » Add Account » Single Sign-on into Office365 to grant API
access permission
Office 365 API Integration
▪ Scan Policy » On demand: Scans emails post deliverywhen triggered by administrator(useful for POC)
▪ Pattern matching» Similar to Recipient Policy» Defines which recipients and sendersto scan email for
▪ Profiles» Similar to Recipient Policy» Apply security profiles to email flows
Exclusive Networks
Here For You
Excslusive Network Italy Overview
Training Training in aula, online e presso la vostra sede Centro Pearson-VUE, certificazioni in sede Exclusive Networks
Servizi Professionali Professionisti Certificati per support Pre e Post Vendita Installazione, Design, Configurazione, Ottimizzazione Eroghiamo servizi di persona e remotamente
Exclusive Networks per voi
Power Lab Toccare con mano l'integrazione fra diverse tecnologie 20 Brand presenti, scenari con integrazioni reali Possibilità di ospitare Partner e Utilizzatori Finali
Next Events
https://tech-experience-2020.sharevent.it/it-IT
Thank You!