Fortinet Security Fabric Blueprint

Dr. Rattipong Putthacharoen, Com. Eng.

Senior Manager, Systems Engineering
1
Agenda

1 • Company Overview
2 • Fortinet Security Fabric Blueprint
3• Use Cases
4• Summary

2
Fortinet BluePrint
 Fortinet is among the Top 3 Cybersecurity
Companies in the World
FOUNDED IN 2000 $2.1B – 2018 ALMOST 500,000+ No. 1 SHIPMENTS
Employees - 6250 20% Growth CUSTOMERS No. 2 REVENUE
(IDC Firewall Tracker)

4
 Substantial Ongoing Investment in Innovation

R & D CENTERS SECURITY SECURITY FABRIC PATENTS

U.S. (HQ) PROCCESOR UNIT (Platform) 600+
Canada (SPU)

SPU

5
Fortinet is Positioned for a Bigger Total Addressable Market

Cloud Security
Infrastructure Security
$9B
$59B
NAC

Email
Endpoint
IoT & OT Security

Switch $19B
Mobile 5G

Identity
WiFi Network security

Information
Security
$18B
6
Source: Fortinet reclassification of data from recent analyst research -2022 opportunity shown
 Network Security

Fortinet Security Fabric Multi-Cloud Security

Device, Access, and

FortiManager
Application Security

Open Ecosystem

Security Operations
Fabric Fabric
BROAD APIs Connectors

Visibility of the entire

digital attack surface

INTEGRATED FortiClient FortiGate VM

Protection across all devices, FortiNAC FortiCASB

networks, and applications

AUTOMATED FortiAP
FortiSwitch
FortiWeb
FortiMail
Operations and response FortiToken FortiADC
driven by Machine Learning

FortiAnalyzer
FortiSIEM
FortiSandbox 7
ON-PREMISE
BLUEPRINT

8
Fortinet NGFW – Reduce Complexity with Better Security
Standalone FortiGate Next Generation Firewalls

Firewall/VPN
Advanced Threat Detection

Intrusion
Prevention Threat Prevention

NGFW
Web Proxy

Antivirus
+ + + + + +
Web-Filter Firewall App Intrusion Antivirus URL Filtering Sandboxing SSL Inspection
VPN Control Prevention

Sand-box

SSL Inspection
Purpose-built Security Processor delivers best performance

▪ Integrate various point products into NGFW Features

9
ForitGuard - AI-Driven Security
Global and Customer-specific
FortiGuard
9
Recommendations

Training Models

Control
Sensors Point
Feedback Outputs

100B 1B
EVENTS UPDATES

Largest Broadest
Footprint Footprint

4M+ 10M+ 1M+ 250M+ 100M+ Deception

Firewalls Endpoints Sandbox Web Emails

10
FortiGuard by the numbers

11
Introducing FortiDDoS Appliance

Hardware Accelerated DDoS Intent Based Defense

(SPU)-based layer 3, 4, and 7 DDoS

protection

Behavior-based DDoS protection to

eliminate need for signature files Web Hosting
ISP FortiDDoS Center
Minimal false-positive detections
through continuous threat evaluation
1
Ability to monitor enormous
parameters simultaneously Firewall

Advanced defense against bulk ISP

volumetric, layer 7 applications
2 Legitimate Traffic
Malicious Traffic
Attack protection for DNS services via
specialized tools
12
Introducing FortiADC Appliance Virtual Cloud
Machine

Optimize the availability, performance and scalability of mobile,

cloud and enterprise application delivery

Layer 7 Load Balancing

Secure Traffic Management

Application Optimization Web Application

Servers

Security Fabric Integration

Global Server Load Balancing

Value-added Security Features

13
ON-PREMISE
BLUEPRINT

14
Introducing FortiProxy Appliance Virtual Cloud
Machine

Reduce the cost and impact of downloaded content, while

increasing performance by improving the speed of access

Accelerated SSL deep inspection

Web Application
Servers

Protection against sophisticated web

attacks Internal User

FortiWeb

Authenticated web application control

FortiGate
WAN Optimization and Advanced FORTIPROXY

Caching
External User

15
FortiIsolator Product Overview
Malicious Web Page

Web
http://www.badsite.com
Browser PAC
Proxy
FortiGate FortiIsolator

FortiProxy Fetch
Execute
Fetch
Execute
Fetch
Execute
Fetch
Execute Reset
Render Render Render Render

http://www.badsite.com
Email

URL Rewrite
FortiMail Visual Airgap

Browser reset
to known
clean state for
each new
session
16
Introducing FortiSandbox Appliance Virtual
Hosted Cloud
Machine

Advanced Threat Protection solution designed to identify and

thwart the highly targeted and tailored attacks

Independently top-rated

Broad integration

Intelligent automation

All-in-one

Flexible deployment

Open extensibility

17
ON-PREMISE
BLUEPRINT

18
Introducing FortiWeb Appliance Virtual
Hosted Cloud
Machine

Web application firewall to protect, balance, and accelerate web

applications
Feature-rich product that consolidates
NGFW and SWG services

Powerful hardware that can perform

SSL deep inspection

Anti-malware techniques updated with

the latest threat intelligence

Single Pane of Glass management

Effectively remove blind spots in

encrypted traffic

Stay protected against the latest

known and unknown attacks
19
Machine Learning-based Web App Protection
How it works?
ANOMALY THREAT
DETECTION DETECTION

Application
Anomalies Threats
Traffic

BLOCKED

✘ ✘ ✘
Statistical probability Pattern analysis
= Normal Request analysis based on matching based on
observed application FortiGuard trained and
= Benign Anomaly traffic over time curated threat models

= Threat

Allowed Normal Request Traffic Normal and Benign Traffic

20
 FortiWeb adds Machine Learning
• FortiWeb identifies malicious
bot activity by building a
model based on live traffic

21
ON-PREMISE
BLUEPRINT

22
Introducing FortiMail Appliance Virtual
Hosted Cloud
Machine

Advanced anti-spam and antivirus filtering solution, with

extensive quarantine and archiving capabilities.
Top-rated Antispam, Antiphishing and
Business Email Compromise (BEC)

Independently certified advanced

threat defense Mail
Servers

Integrated data protection

FortiMail

Enterprise-class management

High-performance mail handling

23
ON-PREMISE
BLUEPRINT

24
Introducing FortiClient

Comprehensive end-point protection & security enforcement

Broad endpoint visibility

Endpoint compliance and vulnerability

management

Proactive endpoint defense

Automated threat containment

Secure remote access

Easy to deploy and manage

25
Introducing FortiEDR

Automated Real Time Protection At Fixed Cost

26
Introducing FortiToken Mobile

Oath Compliant Time Based One Time Password Soft Token

Reduced costs by leveraging existing

FortiGate as the authentication server

Minimized overhead with unique

online activation option

A scalable solution for low entry cost

and low total cost of ownership

27
Introducing FortiAuthenticator Appliance Virtual Cloud
Machine

Identity Management, User Access Control and multi-factor

identification
Transparently identify network users
and enforce identity-driven policy on a
Fortinet-enabled enterprise network
Seamless secure two-factor/OTP
authentication across the organization
in conjunction with FortiToken

Certificate management for enterprise FortiToken

wireless and VPN deployment
Issuing CA

Guest management for wired and

wireless network security

Single Sign On capabilities for both

LDAP FortiAuthenticator
User Database
internal and cloud networks

28
Introducing FortiNAC Appliance Virtual
Machine

Provides Visibility of Users and End points for Enterprise

Networks and Automates Threat Response

Device identification and profiling Continuous device profiling

Simplified guest access with self-

registration 1. Printer 2. MAC 3. FortiNAC 4. FortiNAC
connected notification trap Profiles Informs Fabric to
to network triggers device as allow
Continuous risk assessment FortiNAC printer Printer-type
access to
network
Containment of lateral threats at Edge
Micro-segmentation of endpoints

Automated response to identified risks

1. User brings 2. FGT sends 3. FortiNAC 4. Virus
infected laptop event quarantines the contained
to to FortiNAC laptop at switch
Orchestration of 3rd party devices work at access layer node

29
ON-PREMISE
BLUEPRINT

30
Introducing FortiDeceptor Appliance Virtual
Machine

Automated Detection and Response to External and Internal

Threats
GUI driven threat map quickly
uncovers threat campaigns targeting
your organization
Security infrastructure integration Windows
provides real-time blocking of
Linux and IOT devices
attackers before real damage occurs
Centrally manage and automate the
deployment of deception VMs and
decoys

31
ON-PREMISE
BLUEPRINT

32
Introducing FortiSIEM Appliance Virtual Cloud
Machine

Unified event correlation and risk management for modern

networks

Asset Self-Discovery

Rapid Integrations and Scalability

Automated Workflow with

Remediation Library

Single Pane of Glass to quickly

remediate service issues

Multi-tenancy for role-based access to

a unified platform

33
Introducing FortiSOAR

Security Orchestration, Automation and Response

Manage: Alerts, Incidents, Indicators, Tasks across Tenants

Measure: MTTD, MTTR, ROI, Reports, Dashboards

Respond: Automate, Visual Playbook Designer, Out of Box Connectors

Solutions: SOC Automation, Vulnerability Management and BYOS

34
Introducing FortiAnalyzer Appliance Virtual
Hosted Cloud
Machine

Logging, reporting and analysis from multiple Fortinet devices

Centralized Search and Reports

Real-time and Historical Views into

Network Activity

Scans security logs using FortiGuard

IOC Intelligence for APT detection

Light-weight Event Management

Seamless Integration with the Fortinet

Security Fabric

35
Introducing FortiManager Appliance Virtual
Hosted Cloud
Machine

Tools that effectively manage any size Fortinet security

infrastructure, from a few to thousands of appliances
Easy centralized configuration, policy-
based provisioning, update
management, and end to-end network
monitoring

Segregate management of large

deployments with ADOMs

Single-pane-of-glass manages more

than firewalls

Script and automation support with

JSON/XML APIs with external
systems

36
ON-PREMISE
BLUEPRINT

MPLS

37
Next Generation Firewalls with Integrated SD-WAN
SD-WAN requires direct internet access which demands security at every branch

90% of the SD-WAN vendors only offer stateful firewalls which is not enough

Secure SD-WAN

SD-WAN NGFW

+ + + + + + + +
SD-WAN Traffic VPN App Intrusion Antivirus URL Sandboxing SSL Inspection
Shaping Control Prevention Filtering

Scalable and Easy to Deploy

Unprecedented Integration and visibility

38
Enterprise SD-WAN Use Cases - MPLS Migration
MPLS backup with local breakout
Critical Apps (Voice & Video)
Best path is chosen depending HQ
on latency, jitter & packet loss.

MPLS

Critical Apps (Voice & Video)

Redirected to a new tunnel in case the WAN
Branch
conditions are worse than the threshold.
IPSec VPN

Business Apps
Load balanced across Direct secure access to Internet,
different lines so SaaS and IaaS content
bandwidth is Load balanced if needed.
Public Cloud
optimized.

With an internet breakout, security is critical. Internet

39
Secure SD-Branch
Software Defined Branch SD- Branch

• Single pane of glass management for

SD-WAN, Security and Access layer
(Switch & Wireless)
• Network segmentation
• Guest management FortiSwitch FortiAP
• Network Access Control
• User & Entity Behavior Analytics
• Presence Analytics FortiGate
Secure
• Cameras, VoIP SD-WAN

40
 Virtual Appliance Platforms B BYOL P PAYG

VMWare Citrix Xen Microsoft Nutanix Amazon Microsoft Oracle Google

Xen KVM Aliyun
vSphere Server Hyper-V AHV AWS Azure OPC GCP

FortiGate-VM* ✓ ✓ ✓ ✓ ✓ ✓ B P B P B B P B P

FortiManager-VM ✓ ✓ ✓ ✓ ✓ ✓ B P B B B B

FortiAnalyzer-VM ✓ ✓ ✓ ✓ ✓ ✓ B P B B B B

FortiWeb-VM ✓ ✓ ✓ ✓ ✓ B P B P B B

FortiWeb Manager-VM ✓ B

FortiMail-VM ✓ ✓ ✓ ✓ ✓ B B

FortiAuthenticator-VM ✓ ✓ ✓ ✓ B

FortiADC-VM ✓ ✓ ✓ ✓ ✓ ✓ B B

FortiVoice-VM ✓ ✓ ✓ ✓ B B

FortiRecorder-VM ✓ ✓ ✓ ✓ P

FortiSandbox-VM ✓ ✓ B P P

FortiSIEM ✓ ✓ B

FortiProxy-VM ✓ ✓ B B

* Also support AzureStack and RackSpace (PAYG)

41
 MULTI CLOUDS SaaS
BLUEPRINT FortiGate Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiWeb Cloud
FortiCASB/FortiCWP
Policy Enforcement Connector /
Management and Analytics
Mail Sandboxing
Security Cloud Based Security Management
Remote
Workforce
WAF Cloud Access
Internet
& VPN
Container Security

VPN / SD-WAN

MPLS
Enterprise Data Center / Branch Office

• Block lateral threat propagation in East-West direction • Single Policy Set across all deployments • Policy Enforcement Connector
• Comprehensive protection in North-South direction • Leverage metadata instead of traditional IP in • Management / Analytics
• Advanced security (L7 Firewall, IPS, and ATP) for all security policies • Next Generation Firewall
traffic paths • Automated workload and metadata discovery • Compliance Automation
• Security workflows that adapt to deployment changes AWS Azure • Centralized management & analytics across • Advanced Threat Protection
s
M
V
• Auto-provisioning of security services across all platforms deployments
CFT ARM • VPN IPSec Tunnels
• Intuitive visibility
• Web Application Firewall
• Automated VPN provisioning for multi-cloud
connectivity • Identity and Access Management
• Quarantine infected workloads automatically • Cloud Access Security Broker
• Auto Scaling Security
Terraform Python
• Denial of Service Protection
42
Use cases:
Fortinet for Thailand Acts
พ.ร.บ. การรักษาความปลอดภัยมั่นคงไซเบอร์
NIST Cybersecurity Framework
IDENTIFY PROTECT DETECT RESPOND RECOVER มาตรฐานการรักษาความมั่นคงปลอดภัยสาหรับโปรแกรม
ประยุกต์บนเว็บไซต์
Asset Access Response
(Web Application Security
Management Control Anomalies Planning Recover Standard : WAS)
and Events planning

Awareness
Business and Training Communications
Environment
มาตรฐานการรักษาความมั่นคงปลอดภัยสาหรับเว็บไซต์
Data Security Security
Continuous Improvements (Web Security Standard : WSS)
Governance Monitoring Analysis
Info.
Protection and
Procedures
Risk
Mitigation
Assessment
Maintenance
Detection
Communications
มาตรฐานการรักษาความมั่นคงปลอดภัยตามวิธีการแบบ
Risk Process ปลอดภัย พ.ร.บ. ธุรกรรมทางอิเล็กทรอนิกส์
Management Protective Improvements
Strategy Technology

ทีม่ า NIST (National Institute of Standard and Technology) สถาบันมาตรฐานและเทคโนโลยีแห่งชาติ สหรัฐอเมริกา

ที่มา ETDA
44
 Fortinet สาหรับ พ.ร.บ. ไซเบอร์
Network Endpoint Web Application Advanced
Security Security Security Threat Protection

Multi-Cloud Email Secure Management

Security Security Unified Access - Analytics

FortiGate FortiClient FortiMail FortiWeb FortiAP FortiSandbox FortiAnalyzer

Virtual Firewall EPP Secure Email Web Application Access Point Advanced Threat Central Logging /Reporting
FortiGate Gateway Firewall Protection
Enterprise Firewall

FortiGate FortiSwitch FortiManager

FortiInsight
FortiADC Switching Central Security Management
Cloud Firewall User and Entity FortiDeceptor
Load Balancer
Behaviors Analytics Insider Threat Detection
FortiProxy
Secure Web Gateway

FortiAuthenticator FortiSIEM
FortiCASB Security Information &
FortiNAC FortiDDoS Identity and Access FortiIsolator Event Management
Network Access Control Advance DDoS Management Remote Browser
Protection
45
 Fortinet สาหรับ พ.ร.บ. คุ้มครองข้ อมูลส่ วนบุคคล
Data Loss Prevention, Access Control, Data Integrity, Data Exposure and Data Encryption
Built-In DLP Access Control

FortiGate FortiProxy FortiWeb FortiMail

FortiToken FortiNAC

Data Loss
Prevention

Security Secure Web Web App. Mail Sec.

Gateway Caching Server Firewall Gateway 2 Factor IoT Access
OTP Token Control

Data Access
Encryption PDPA Control Built-In DLP Built-In DLP
Data Integrity

FortiGate Cloud
FortiMail Cloud FortiWeb FortiClient
FortiWeb Cloud
FortiCASB
Data
Integrity
FTNT Hosted
Services
Web App. Endpoint
Firewall Security

Public Cloud 46
Instances
พ.ร.บ. ความผิดเกีย่ วกับคอมพิวเตอร์
ผู้ให้บริการ
เก็บรักษาข้อมูลคอมพิวเตอร์เพื่อ
เข้าสู้อินเตอร์เน็ต หรือให้ ประโยชน์ของบุคคลอื่น
สามารถติดต่อถึงกันได้ (Content Service Provider)
ผูป้ ระกอบกิจการโทรคมนาคมและกระจายภาพ
และเสี ย ง (Telecommunication and
Broadcast Carrier) ต้องเก็บรักษาข้อมูลจราจร
ไว้ไม่น้อยกว่า 90 วัน ใน
ผู้ใ ห้บ ริการเข้า ถึง ระบบเครือข่ า ยคอมพิ ว เตอร์ กรณีจาเป็ น เจ้าหน้าทีส่ ่งั ให้
(Access Service Provider) เก็บเกินกว่า 90 วันแต่ไม่
ผูใ้ ห้บ ริการเช่าระบบคอมพิว เตอร์ หรือให้เช่า เกิน 2 ปี (เฉพาะรายและ
บริการโปรแกรมประยุกต์ต่าง ๆ (Host Service เฉพาะคราวก็ได้)
Provider)
ผู้ ใ ห้ บ ริ ก า ร ร้ า น อิ น เ ต อ ร์ เ น็ ต (Internet 47
Cafe/Game Online)
Fortinet สาหรับ พ.ร.บ. ความผิดเกีย่ วกับคอมพิวเตอร์
เก็นในสื่อ ที่รักษา รักษา ระบุ ถ้าใช้ระบบของ
ความครบถ้วน ความลับ รายละเอียด บุคคลที่สาม ผู้
จัดให้มผี ู้
ถูกต้อง และ และกาหนด ผู้ใช้บริการ ให้บริการต้อง
สามารถระบุตัวตน ประสานงาน เป็ น ดาเนินการให้มีการ
ชั้นความลับ
ผู้เข้าถึง รายบุคคล ระบุและยืนยันตัวตน

LOG

FortiCloud Logs FortiAnalyzer FortiSIEM/SOAR

Central Cloud Central Log &

Log & report report & Incident SIEM/SOAR

48
Summary
 Fortinet Solutions
Network Endpoint Web Application Advanced
Security Security Security Threat Protection

Multi-Cloud Email Secure Management

Security Security Unified Access - Analytics

FortiGate FortiClient FortiMail FortiWeb FortiAP FortiSandbox FortiAnalyzer

Virtual Firewall EPP Secure Email Web Application Access Point Advanced Threat Central Logging /Reporting
FortiGate Gateway Firewall Protection
Enterprise Firewall

FortiGate FortiSwitch FortiManager

FortiInsight
FortiADC Switching Central Security Management
Cloud Firewall User and Entity FortiDeceptor
Load Balancer
Behaviors Analytics Insider Threat Detection
FortiProxy
Secure Web Gateway

FortiAuthenticator FortiSIEM
FortiCASB Security Information &
FortiNAC FortiDDoS Identity and Access FortiIsolator Event Management
Network Access Control Advance DDoS Management Remote Browser
Protection
50
ON-PREMISE
BLUEPRINT

MPLS

51
 IP Reputation

Fortinet Security Fabric Machine

Learning Threat
UEBA
Sharing
Big Data
User &
Content Device
IPS Filter
Code Emulation

Pattern Matching App Ctrl

Neural
AntiVirus Networks
Detonation

Sandbox

Primary
Logging SIEM Intent
Pattern Matching and FORTINET
SECURITY
Signature-based Defense FABRIC

Auth

Encryption

Threat Score
API

Adaptive Integration

Automation
Behavior
52