Upload
florence-oconnor
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Fortinet Confidential
Bangalore 4th December 2009Vishak RamanRegional Director – SAARC & KSA
“Security Virtualization”
The Cloud Momentum
Virtualization & Network consolidation
In the cloud &Data Center –Telco’s Case Study
Virtualized Security–An Enterprise case study
Fortinet
The Cloud Momentum
• A cluster of IT – enabled services which can be utilised over the internet (cloud) as a service – ‘re use of IT capabilities’
• Where information is permanently stored in servers on the internet and cached temporarily on clients that includes desktop , Entertainment centers, table computers, notebooks, wall computers, handhelds, etc,
Fortinet Confidental 6
Top concerns in IT Security
Dynamic threat landscapeContinued increase in sophistication and prevalence of threats which require multiple security protections
Regulatory compliance pressures (SOX, PCI, etc.)
Business ContinuityImpact on business of a security breach
Higher performance always required to cope with evolution of business applications
Distributed networks & mobile users
IT budgets: Doing More with LessRising complexity and cost of managing and maintaining multiple security solutions
Increased pressure to improve security service while reducing TCO
Reductions in FootprintPhysical / Data Center
Carbon
The Cloud Momentum
Virtualization & Network consolidation
In the cloud &Data Center –Telco’s Case Study
Virtualized Security–An Enterprise case study
Fortinet
Fortinet Confidential
Consolidate Physical Resources• Logical resources may remain the same!
Reduce Power Consumption Streamline System Recovery Control and Provide Growth Simplify system maintenance Optimize Resource Utilization Maintain OS Versions and updates Training
The Economist, May 22nd 2008
Why Virtualize?
Information Security Over head.
High availability solutions
Separated management Interfaces
Troubleshooting madness
Training period
Updates and upgrades
Support ?! Who and for what?
Logging a reporting
Hardware cost
Virtualized Security must feel with
Performance
Management
Flexibility
Content Security
Reliability / Density
Logging / Reporting
Virtualization
Virtual Domains (VDOM)• Enable a single hardware system to function as multiple independent virtual systems
Multiple VDOMs supported per physical security device
13
Virtualized Architecture
Super Admin
VDOM Admin
Hardware
OS
Firewall
VPN(IPSec/SSL)
IPS
Web Filtering
Gateway AV
App Control
Routing
VLANs
Firewall
VPN(IPSec/SSL)
IPS
Web Filtering
Gateway AV
App Control
Routing
VLANs
Setup 2
...
Setup 1
MG
MT
MG
MT
Security Hardware Scalability
CPU
PacketClassification
Firewall ruleenforcement
IPSec (AH, ESP)3DES
NAT
SNMP
Management Interface (GUI, CLI)
Statistics
Logs
Alarms
QoS
PKI
LoadBalancing
NICNIC
Data Path
L2TP PPTP
System Bus
DES
MD5/SHA
NICNIC
CPU
PacketClassification
Firewall ruleenforcement
IPSec (AH, ESP)
3DES
NAT
SNMP
Management Interface (GUI, CLI)
Statistics
Logs
Alarms
QoS
PKI
LoadBalancing
System Bus
Data Path
EncryptionAccelerator
DES
MD5/SHA
The Cloud Momentum
Virtualization & Network consolidation
In the cloud &Data Center –Telco’s Case Study
Virtualized Security–An Enterprise case study
Fortinet
Traditional Data center Environment “In the Cage” Services
Internet
Dial-up Customers with Mobile VPN Clients
www Access
Internet Data Center with Multiple LAN’s
Admin or ASP Customer Access (WAN link or VPN)
Administration
Customer -BCustomer -A
Front End-Web
Servers
Back-end-Data base Servers
Back-end-Data base Servers
Front End-Web Servers
Front End
BackEnd
High Availability Mode
Customer -C
Next generation Cloud based offering using single Chasis .....
MSSP – Security Operations Centre
Internet
FortiManager
Fortianalyzer
Cust2
Cust1
Cust3
Root Virtual Domain
Cust1 Virtual Domain
Cust2 Virtual Domain
Cust3 Virtual Domain
80
2.1
Q V
LA
N tru
nk
80
2.1
Q V
LA
N tru
nk
Core Router
AggregationL2 switch, DSLAM etc
MSSPdomain
Log data withVDOM tagging
COMPLETE CONTENT SECURITY SERVICES FIREWALL
ANTI VIRUSANTI SPYWARE & ANTI PHISHINGWEB FILTERINGIPSMESSAGING FILTERING
SPAM FILTERINGP2P CONTROLIM CONTROL
Some Carrier and Service Provider Customers
The Cloud Momentum
Virtualization & Network consolidation
In the cloud &Data Center –Telco’s Case Study
Virtualized Security–An Enterprise case study
Fortinet
Airport Infrastructure overview
Domestic Security Check
Airline Domestic Security Check
Final check
Aerobridges
Virtualized Airport Security Solution
A single device will have separate VirtualUTM for each of the Airline networksHigh Performance - FW + VPN +IPS+WEB+AS
Switch
Firewall in HA
Internet
Air Lines 1
Air Lines 2
Air Lines 3
Air Lines 4
Traveler's LAN
Custom’s Office
Switch
Air Lines 1
Air Lines 2
Air Lines 3
Air Lines 4
Custom’s Office
E1 Connectivity VLAN’s on Airport network
Airport Network
Virtualized Security for Space Collaboration Center
• Multiple Agencies (Domestic /International )
• University
• Space agency
• Science Academy
• Public information • 11 Payloads developed/ designed with
multiple mappings output generation
• 5 Domestic ( indigenous )
• 6 AO international ( collaborative ) • It needed logical separation
• Different access policy / Internal protection
• Test Data from specific payload
• Upload /download from the respective servers
• Secured access & remote connectivity for domestic & international agency
Centralized Internal Security Consolidation
Back BoneSwitching
Centralized Logging and Reporting
Out of Band
Management
Department A
HA security solution with Virtual Solutions
Department B
Department C
Project A
Project BProject C
Server Farm
Internet Access
INTERNET
Summary
• Virtualization is here to stay
• Security & virtualization is a must to offer Cloud based services • Data Location Risk
• Data and Code Portability Risk
• Data Security (Privacy) Risk
• New Business Models would evolve in the difficult economic conditions & Virtualization will be a key
• Virtualization would allow Enterprise to compete in difficult economic conditions & provide highest level of security
• Datacenter & Telco’s would look at cost saving ( power / cooling) apart from ease of management & deployment
Global Trends
Virtualization & Network consolidation
In the cloud &Data Center –Telco’s Case Study
Virtualized Security–An Enterprise case study
Fortinet
Company Overview
• First Multi-Layered Security Platform provider that leverages ASIC technology
• Largest private network security company
• ~ 1300 employees / > 650 R&D
• 450,000 + FortiGate devices WW
• Founded in 2000
• Global Operations in U.S., EMEA & APAC
• Independent certifications
• 8 ICSA certifications (only vendor)
• Government Certifications (FIPS-2, C C EAL4+)
• 60+ industry awards
• 11 patents; 80+ pending
• Virus Bulletin 100 approved (2005, 06,07) and NSS Certifications
30
Threatscape Evolution
ConnectionBased Attacks
Layer 2/3/4
Mobile Devicesand Crossover
Web 2.0
InappropriateContent
Denial of Service Attacks
Spam, PhishingPharming
Virus, Spyware,Adware, Trojan,Worm
Peer to Peer
Botnets
Identity Theft
Application and System
Vulnerabilities
Fortinet High-End Traction
Worldwide UTM Revenue Share, 2008$50,000-99,999 Price Band
(Source: IDC, March 2009)
Fortinet Secures:• Seven of Top 10 Fortune 500
• Eight of Top 10 Global 500 in EMEA
• Eight of Top 10 Global 500 in APAC
• Six of Top 10 Global 500 Commercial & Savings Banks
• Seven of Top 10 Global 500 Aerospace & Defense
• Two of Top 5 Global 500 in IT Services
VPN (IPSec and SSL)
Firewall + VPN
Firewall
Secure Content Management
Antivirus
Antispyware
Web filtering
Messaging security
Intrusion Detection & Prevention
IDS
IPS
Database Vulnerability Assessment
Database Security/Audit
Securing Content in Applications/Databases
Real-Time Application & Network Protection – Portfolio
Endpoint Security
Firewall
Web filtering
Antispyware IPSec VPN
Antispam
Antivirus
Key Enterprise Customers – 10,000 + installations
Manufacturing Banking & Finance
Print/ Media / Retail Telecom Software/ITES
Thank You!
For more information please visithttp://www.fortinet.com email : [email protected]
([email protected])+919845040907