Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
1
May 22, 2017
Introducing FortiMail Top rated Threat Prevention
Integrated Data Protection
Industry-Best Performance
2
FortiMail e-mail and messaging
security
•Top rated, multi-layer threat protection
• Integrated data Leak prevention, identity-
based encryption and archiving
• Industry leading price/performance
•Flexible and scalable deployment modes
and architectures
•Secured by FortiGuard
FortiMail Overview
Summary
50,000 customers including
Trusted Solution
3
FortiGuard Spam Content
Database
Content & Behavior Based
Heuristic Detection
Mail Content URL Filtering –
Adult, Malware
FortiGuard Malware
Detection
Policy Based Archiving and
Encryption
Advanced Spam and Anti-Malware Protection
FortiGuard Threat Research
Global FortiGuard IP
Reputation
FortiGuard Botnet
Tracking Database
Local Dynamic Sender
Reputation
Real time updated, 3rd party validated
Reject spam at connection stage
Avoid queuing mail when destination is available Low impact scanning
4
AntiSpam Detail
Connection Level Filtering: Discard spam as early as possible for greatest performance
Header Filtering: Verify valid destination Support for latest RFCs
Full Content Filtering: Examine message body, including attachments, images, URLs, etc.
5
AntiMalware Detail
Signature Match
(CPRL/Checksum)
File Sample
Decryption/unpacker
System
Code Emulator Behavior Analysis
Take Action Based on Profiles File discarded, option to Quarantine and event logged
AntiMalware • One-to-many signature matching
• Heuristic engine
• Unpacker/decryption
• Code emulation
6
FortiMail for Secure Email Gateway • Blocks known threats using connection, content, recipient
intelligence and more
• Quarantines suspicious (or high risk) objects for more
inspection
• Releases/deletes messages based on FortiSandbox
risk rating
FortiSandbox for Payload Analysis • Runs objects in a contained environment, analyzing activity
• Provides a malicious or low, medium or high risk rating
• Uncovers threat lifecycle information and allows information
sharing with FortiGuard experts for protection updates
Network
Email Traffic
Web
Filtering AV Anti-
Botnet
Code
Emulation
OS
Sandbox
Extending to Address Advanced Threats
7
8
What Exactly FortiSandbox Tells You
Call Back Detection
Full Virtual Sandbox
Code Emulation
Cloud File Query
AV Prefilter
9
• FortiMail for Email Hygiene » Submit objects to for additional analysis
» Control submissions based on File Type
» Queue messages during analysis
» Automatically handled messages based on results
» Access additional FortiSandbox intelligence through FortiGuard Labs
• FortiSandbox for Payload Analysis » Watch the wire for objects to analyze or indicators of command control
activity
» Receive objects from FortiMail
» Analyze all objects and activity
» Assign and return a rating for the submission
» Maintain a community of FortiSandbox results
FortiMail: FortiSandbox Integration
Targeted Email
(1) Attachment sent
to FortiSandbox
(2) Object analyzed in
Sandbox environment
(3) Risk rating
returned, message
handled by policy
FortiMail
FortiSandbox
Antispam Service
• Sender IP reputation
• Heuristic rules
• Signature database
• Outbreak protection
• White/black list
FortiSandbox Appliance
or Cloud
• Various pre-filters
• Full OS sandbox
• Office documents
• Callback detection
• Malicious URI detection **
Antivirus Service
• Signature database
• Heuristic, emulation rules
Not available on FortiSandbox Cloud **
10
FortiMail: FortiSandbox Integration
• FortiSandbox On-Premise » Typical On-prem sandbox customers:
• Mid to Large Enterprise
• Financial services and healthcare (concern about sensitive files may rule
cloud service out)
• Cross portfolio customers (FGT, FWB, FML)
• FortiSandbox Cloud » Typical cloud sandbox customers:
• Small to Medium enterprise – cost of on-prem may be prohibitive, opex of
cloud is more palatable
Targeted Email
Targeted Email
11
• FortiSandbox On-Premise » Dedicated on-prem FortiSandbox appliance
» Can be shared with FortiGate, FortiWeb and FortiClient
» Can monitor files shares and test manual submissions
» FML queues email and wait for response
» Direct access to FortiSandbox samples, reports and statistics
» Summary statistics available from the FortiMail GUI
» File and URI inspection
FortiMail: FortiSandbox Integration
Targeted Email
Targeted Email
• FortiSandbox Cloud » Cloud hosted FortiSandbox
» Options for FortiSandbox Cloud for FortiGate (not included in FML license)
» No additional on site hardware required but limited submissions
» Queue email and wait for response
» Direct access to FortiSandbox samples, reports and statistics *
» Summary statistics available from the FortiMail GUI File and URI Inspection
* Since FML 5.3.5
12
Call Back Detection
Full Virtual Sandbox
Code Emulation
Cloud File Query
AV Prefilter
• Quickly simulate intended activity – Fortinet patented CPRL
• OS independent & immune to evasion – high catch rate
• Apply top-rated anti-malware engine
• Examine real-time, full lifecycle activity in the sandbox
to get the threat to expose itself
• Check community intelligence & file reputation
• Identify the ultimate aim, call back & exfiltration
• Mitigate w/ analytics & FortiGuard updates
13
• Data Loss Prevention
Preset dictionaries for easy policy creation
Smart identifiers for high accuracy
Covers HIPAA, GLBA, SOX, PCI and more
• TLS & S/MIME Encryption
• Identity Based Encryption
No additional license required
No encryption key exchange, minimal key
management
• Sender or policy-based trigger
Data Protection Detail
14
Quarantine, End User Digest, Junkmail/Newsletter Folders
• Central quarantine » Easy administration
» Can be consolidated across devices
• Self-service personal quarantine digest » Sender and subject
» Release or delete links
• Automatic tagging and delivery » Newsletter and junk categories
» Client filters to appropriate folder
15
Per mailbox policy based
archiving:
• Sender/Recipient
• Subject/Body/Attachment
filename keywords
IMAP archive access
Remote archival support
Comply with regulatory obligations
Email Archiving Detail
16
Deploy on-site or in the cloud to
relay mail to destination
Gateway
Network and application
transparent
Transparent Inline
Full mail server and groupware
functionality
Server
Flexible Deployment
17
Active–Passive Clustering
• Limited to Two Devices, Failover
Protection
• Heartbeat and Service Monitoring
• Full mailbox, archive, quarantine, log
and queue synchronization
Full Mailbox and queue synchronization
High Availability & Scalability
Config Only HA
• Scales up to 25 devices with linear
scalability
• Up to 28 Million messages per hour
in a single appliance
• Centralized quarantine,
management and IBE
• Enables DR and geographic
redundancy
Protect your investment
18
MSSP Service Framework • FortiMail White Labelling
• Multi Domain support with per
domain quotas
• Mass provisioning for lower OPEX
• Delegated administration
• User self service
Domain A
Domain B
Domain C
Domain n
….
Mail Security Service Provider in a box!
Service Provider Ready
19
Cloud based antispam and antimalware
service
Visibility of millions of messages per day
with global feedback
Discovers zero day threats and tracks
global botnets www.fortiguard.com
Security experts working for you 24x7!
Secured by FortiGuard
20
The Fortinet Advantage Secure Email Gateway
① Top Rated Threat Protection
② All-in-one Threat and Data Protection
③ Industry Best Performance/Price
(no per user licensing)
$0
$10,000
$20,000
$30,000
$40,000
$50,000
$60,000
ProofPoint650
Ironport C370 FortiMail400C
Software (3 yr)
Appliance
21
Pe
rfo
rma
nc
e &
Sc
ala
bil
ity
Email Routing
(Msgs/hr)* 3.6k 76k 150k 650k 1,500k
AS+AV Perf.
(Msgs/hr)* 2.7 58k 120k 500k 1,300k
Domains 2 20 100 800 2,000
FML- 400C
FML-200D
FML-1000D
FML-3000D
FML-VM04
FortiMail Physical and Virtual Appliances {Numbers/Table In Progress}
FML-VM00
FML-VM01
FML-VM02
*Note: Performance numbers are for physical appliances only. Domain capacity is common for physical and virtual appliances
FML-VM08
FML-60D
22
Thank you
Questions