Fortinet Confidential

Bangalore 4th December 2009Vishak RamanRegional Director – SAARC & KSA

“Security Virtualization”

The Cloud Momentum

Virtualization & Network consolidation

In the cloud &Data Center –Telco’s Case Study

Virtualized Security–An Enterprise case study

Fortinet

The Cloud Momentum

• A cluster of IT – enabled services which can be utilised over the internet (cloud) as a service – ‘re use of IT capabilities’

• Where information is permanently stored in servers on the internet and cached temporarily on clients that includes desktop , Entertainment centers, table computers, notebooks, wall computers, handhelds, etc, 

Gartner’s Hype Cycle for Cloud Computing

Is the cloud driving …..green IT subtly ?

SECURITY

Fortinet Confidental 6

Top concerns in IT Security

Dynamic threat landscapeContinued increase in sophistication and prevalence of threats which require multiple security protections

Regulatory compliance pressures (SOX, PCI, etc.)

Business ContinuityImpact on business of a security breach

Higher performance always required to cope with evolution of business applications

Distributed networks & mobile users

IT budgets: Doing More with LessRising complexity and cost of managing and maintaining multiple security solutions

Increased pressure to improve security service while reducing TCO

Reductions in FootprintPhysical / Data Center

Carbon

The Cloud Momentum

Virtualization & Network consolidation

In the cloud &Data Center –Telco’s Case Study

Virtualized Security–An Enterprise case study

Fortinet

Many ways to Virtualization

• Servers

•Desktops

• Applications

• Networks

• Storage

Fortinet Confidential

Consolidate Physical Resources• Logical resources may remain the same!

Reduce Power Consumption Streamline System Recovery Control and Provide Growth Simplify system maintenance Optimize Resource Utilization Maintain OS Versions and updates Training

The Economist, May 22nd 2008

Why Virtualize?

Information Security Over head.

High availability solutions

Separated management Interfaces

Troubleshooting madness

Training period

Updates and upgrades

Support ?! Who and for what?

Logging a reporting

Hardware cost

Virtualized Security must feel with

Performance

Management

Flexibility

Content Security

Reliability / Density

Logging / Reporting

Virtualization

Virtual Domains (VDOM)• Enable a single hardware system to function as multiple independent virtual systems

Multiple VDOMs supported per physical security device

13

Virtualized Architecture

Super Admin

VDOM Admin

Hardware

OS

Firewall

VPN(IPSec/SSL)

IPS

Web Filtering

Gateway AV

App Control

Routing

VLANs

Firewall

VPN(IPSec/SSL)

IPS

Web Filtering

Gateway AV

App Control

Routing

VLANs

Setup 2

...

Setup 1

MG

MT

MG

MT

Security Hardware Scalability

CPU

PacketClassification

Firewall ruleenforcement

IPSec (AH, ESP)3DES

NAT

SNMP

Management Interface (GUI, CLI)

Statistics

Logs

Alarms

QoS

PKI

LoadBalancing

NICNIC

Data Path

L2TP PPTP

System Bus

DES

MD5/SHA

NICNIC

CPU

PacketClassification

Firewall ruleenforcement

IPSec (AH, ESP)

3DES

NAT

SNMP

Management Interface (GUI, CLI)

Statistics

Logs

Alarms

QoS

PKI

LoadBalancing

System Bus

Data Path

EncryptionAccelerator

DES

MD5/SHA

The Cloud Momentum

Virtualization & Network consolidation

In the cloud &Data Center –Telco’s Case Study

Virtualized Security–An Enterprise case study

Fortinet

Traditional Data center Environment “In the Cage” Services

Internet

Dial-up Customers with Mobile VPN Clients

www Access

Internet Data Center with Multiple LAN’s

Admin or ASP Customer Access (WAN link or VPN)

Administration

Customer -BCustomer -A

Front End-Web

Servers

Back-end-Data base Servers

Back-end-Data base Servers

Front End-Web Servers

Front End

BackEnd

High Availability Mode

Customer -C

Next generation Cloud based offering using single Chasis .....

MSSP – Security Operations Centre

Internet

FortiManager

Fortianalyzer

Cust2

Cust1

Cust3

Root Virtual Domain

Cust1 Virtual Domain

Cust2 Virtual Domain

Cust3 Virtual Domain

80

2.1

Q V

LA

N tru

nk

80

2.1

Q V

LA

N tru

nk

Core Router

AggregationL2 switch, DSLAM etc

MSSPdomain

Log data withVDOM tagging

COMPLETE CONTENT SECURITY SERVICES FIREWALL

ANTI VIRUSANTI SPYWARE & ANTI PHISHINGWEB FILTERINGIPSMESSAGING FILTERING

SPAM FILTERINGP2P CONTROLIM CONTROL

18

VAS – High Margin Solutions for TELCO’s

IncreasesARPU

ReducesCAPEX

ReducesOPEX

Some Carrier and Service Provider Customers

The Cloud Momentum

Virtualization & Network consolidation

In the cloud &Data Center –Telco’s Case Study

Virtualized Security–An Enterprise case study

Fortinet

Airport Infrastructure overview

Domestic Security Check

Airline Domestic Security Check

Final check

Aerobridges

Virtualized Airport Security Solution

A single device will have separate VirtualUTM for each of the Airline networksHigh Performance - FW + VPN +IPS+WEB+AS

Switch

Firewall in HA

Internet

Air Lines 1

Air Lines 2

Air Lines 3

Air Lines 4

Traveler's LAN

Custom’s Office

Switch

Air Lines 1

Air Lines 2

Air Lines 3

Air Lines 4

Custom’s Office

E1 Connectivity VLAN’s on Airport network

Airport Network

Multi tenant Security for offshore Development Center (ODC )

Virtualized Security for Space Collaboration Center

• Multiple Agencies (Domestic /International )

• University

• Space agency

• Science Academy

• Public information • 11 Payloads developed/ designed with

multiple mappings output generation

• 5 Domestic ( indigenous )

• 6 AO international ( collaborative ) • It needed logical separation

• Different access policy / Internal protection

• Test Data from specific payload

• Upload /download from the respective servers

• Secured access & remote connectivity for domestic & international agency

Centralized Internal Security Consolidation

Back BoneSwitching

Centralized Logging and Reporting

Out of Band

Management

Department A

HA security solution with Virtual Solutions

Department B

Department C

Project A

Project BProject C

Server Farm

Internet Access

INTERNET

Summary

• Virtualization is here to stay

• Security & virtualization is a must to offer Cloud based services • Data Location Risk

• Data and Code Portability Risk

• Data Security (Privacy) Risk

• New Business Models would evolve in the difficult economic conditions & Virtualization will be a key

• Virtualization would allow Enterprise to compete in difficult economic conditions & provide highest level of security

• Datacenter & Telco’s would look at cost saving ( power / cooling) apart from ease of management & deployment

Global Trends

Virtualization & Network consolidation

In the cloud &Data Center –Telco’s Case Study

Virtualized Security–An Enterprise case study

Fortinet

Company Overview

• First Multi-Layered Security Platform provider that leverages ASIC technology

• Largest private network security company

• ~ 1300 employees / > 650 R&D

• 450,000 + FortiGate devices WW

• Founded in 2000

• Global Operations in U.S., EMEA & APAC

• Independent certifications

• 8 ICSA certifications (only vendor)

• Government Certifications (FIPS-2, C C EAL4+)

• 60+ industry awards

• 11 patents; 80+ pending

• Virus Bulletin 100 approved (2005, 06,07) and NSS Certifications

29

Gartner’s Hype Cycle for Infrastructure Protection

30

Threatscape Evolution

ConnectionBased Attacks

Layer 2/3/4

Mobile Devicesand Crossover

Web 2.0

InappropriateContent

Denial of Service Attacks

Spam, PhishingPharming

Virus, Spyware,Adware, Trojan,Worm

Peer to Peer

Botnets

Identity Theft

Application and System

Vulnerabilities

Fortinet High-End Traction

Worldwide UTM Revenue Share, 2008$50,000-99,999 Price Band

(Source: IDC, March 2009)

Fortinet Secures:• Seven of Top 10 Fortune 500

• Eight of Top 10 Global 500 in EMEA

• Eight of Top 10 Global 500 in APAC

• Six of Top 10 Global 500 Commercial & Savings Banks

• Seven of Top 10 Global 500 Aerospace & Defense

• Two of Top 5 Global 500 in IT Services

VPN (IPSec and SSL)

Firewall + VPN

Firewall

Secure Content Management

Antivirus

Antispyware

Web filtering

Messaging security

Intrusion Detection & Prevention

IDS

IPS

Database Vulnerability Assessment

Database Security/Audit

Securing Content in Applications/Databases

Real-Time Application & Network Protection – Portfolio

Endpoint Security

Firewall

Web filtering

Antispyware IPSec VPN

Antispam

Antivirus

Key Enterprise Customers – 10,000 + installations

Manufacturing Banking & Finance

Print/ Media / Retail Telecom Software/ITES

Thank You!

For more information please visithttp://www.fortinet.com email : india@fortinet.com

(vraman@fortinet.com)+919845040907