fortimail fml.pdf · • use of social engineering techniques to get users to open email and...
TRANSCRIPT
![Page 1: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/1.jpg)
FortiMail
Multilayer EMAIL Security
![Page 2: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/2.jpg)
Email is *the* critical threat vector
269 Billions Mail x Day 49.7% Spam 135 Billions 2.3 % Malicious Attach 3,1 Billions
Email is still the Number 1 ThreatVector (80%)
30% of phishingmessages wereopened by theirintended target about 12% percent of
recipients went on to click the maliciousattachment or link thatenabled the attack to potentially succeed
![Page 3: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/3.jpg)
Email is *the* critical threat vector
Malware
• Targets unskilled users thereforeoften volumetric attacks
• Use of social engineeringtechniques to get users to open email and execute malware
• Some zero day, mostly a numbersgame
Email Based Threats
Phishing
• Targets an interest group, organization or individuals (spearphishing) within the organization
• Customised content based on userinterests or role
• Often targeted at C-levels (whaling)• Zero day malware or social
engineering to divulge financial or credential information
• 12% users click on maliciousattachments or links in such mails*
Compliance & Data Loss
• Sending of Personally IdentifiableInformation (PII) via Email
• Sending of corporate confidentialinformation out of the organization
• Corporate espionage• Failure to encrypt sensitive emails• Failure to backup/save/archive
emails to comply with corporate standards
• IRS – 7 years• PCI – 1 year• State depts – 3 years• HIPPA – 6 years
![Page 4: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/4.jpg)
All form factors
Hardware Appliances
• 8 models
• Filter 2.7k to 2m Messages Per Hour
• Support for 10GE
SaaS
• Gateway or Server Mode
• Standard or Premium
• Per User Per Year
Virtual Appliances
• 7 VM models
• CPU- and Domain-based
• Perpetual licensing or Marketplace On-Demand
![Page 5: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/5.jpg)
Detailed Datasheet
![Page 6: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/6.jpg)
Multiple Deployment Scenarios
Gateway Mode• Most common deployment scenario• Mail is delivered to FortiMail, scrubbed of threats and forwarded to
destination mailserver
Transparent Mode• Deployed as a bump in the wire. No configuration changes
required to the email infrastructure.• Commonly utilised in the ISP and Carrier environment.
Server Mode• FortiMail acts as a full mailserver providing POP3, IMAP, Webmail
and calendaring in addition to security functions.
![Page 7: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/7.jpg)
Deploys as Primary or Supplemental Filtering On-premise
FortiGuard
• Antispam• Adult Image Analysis• Antimalware• Virus Outbreak• Optional Sandboxing
Mail Server
FortiMail
FortiSandbox
IoC Distribution• IPs• File Hashes
![Page 8: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/8.jpg)
Or Also Deploy in the Cloud
Mail Server
Cloud SEG & Sandboxing
FortiGuard
• Antispam• Adult Image Analysis• Antimalware• Virus Outbreak• Optional Sandboxing
IoC Distribution• IPs• File Hashes
![Page 9: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/9.jpg)
Security Bundles
Antispam Service
• Sender IP ratings
• Embedded URL ratings
• Content-based hashes for spam and phishing campaigns
• Separate “newsletter” identifiers
Antivirus Service
• One-to-many signatures
• Heuristic rules
• Emulation
• Decrypting/Unpacking
• Patented content pattern recognition language (CPRL)
Outbreak Prevention
• Pre-signature intelligence
• Covers emerging spam and malware campaigns
• Leverages new sandbox and other intelligence
Impersonation Analysis
• Identifies spoofed email
• Dynamically builds protections for common email addresses
• Complements sender authentication
FortiSandboxCloud
• FortiSandbox hosted by Fortinet
• Includes prefiltering, emulation and full instrumented analysis
• Subscription-based
• No separate sandbox required
Content Disarm and Reconstruction
• Removes high risk active content
• Supports Microsoft Office and Adobe
• Can be applied by user, group or policy
• Original documents can be retained and restored
Click Protect
• Dynamic reputation query
• Determines rating at the time of user click
• Identifies recently compromised sites changed shortly after campaigns are launched
Base Bundle
Enterprise ATP Bundle
![Page 10: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/10.jpg)
High Availability and Scalability Options
▪ Active-Passive Cluster• Two-devices, full failover protection• » Heartbeat and Service Monitoring• » Full mailbox, archive, quarantine, log and queue synchronization
▪ Config Only HA• Linear scalability suitable for the largest ISPs and Carriers• » Centralized quarantine, management and IBE• » Enables DR and geographic redundancy• » Load balanced option using FortiADC or third party load balancer
![Page 11: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/11.jpg)
FortiMail
Security Overview
![Page 12: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/12.jpg)
Anti-Spam/Anti-Phishing
▪ FortiGuard Reputation Databases» Cloud database query to identify knowspam IP and content
FortiGuard Antivirus, Anti-Spam and URL FilteringFortiGuard IP Reputation includingBotnets
» Removes volumetric spam at low cost
▪ Advanced Filtering Techniques» Detects new Spam campaigns using a variety of dynamic techniques
Header Analysis Sender ReputationDynamic Heuristics DKIM / SPF / DMARCBehavior AnalysisS suspicious NewsletterGreyware Scanning
![Page 13: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/13.jpg)
Anti-Malware
▪ FortiGuard Anti-Malware (On-box)» One-to-many signature matching (CPRL)» Heuristic detection» Code emulation & Behavioural analysis
▪ Outbreak Protection (Cloud based)» Real-time data analytics on every request to the FortiGuard network to identify 0-day threat outbreaks in minutes
▪ Active Threat Neutralization» Strip active HTML content and attachmentsfrom emails to neutralize potential threats» Deliver neutralized version and forwardoriginal to archive host
File Sample
Take Action Based on ProfilesFile discarded, option to Quarantine and event logged
Outbreak detection
Behavioral Analysis
Code Emulation
Decryption/unpacker System
Signature Match(CPRL/Checksum)
FortiGuard Data Analytics
![Page 14: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/14.jpg)
Content Disarm & Reconstruction
▪ Select URI category to strip when disarming HTML » Select a URL filter to
selectively disarm URLs in CDR
▪ Password Decrypt Office Docs» Password decrypt of Archive and PDF
supported since 5.4 » Extend support to MSOffice Documents
Remove macros
Neutralize URLs
Remove embedded content
![Page 15: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/15.jpg)
URI Click Protection
▪ Rewrite URLs to point at FortiMail» FortiMail rescans when links are clicked to detect status change since first rating » New URL Click Protect License
▪ Benefit » Extends security to the desktop » FortiMail continues to add valuewith Outbreak Protection featurelicense
![Page 16: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/16.jpg)
Business Email Compromise (BEC)
▪ Impersonation Analysis » Identify normal Display Name /
Header Address matches. » Detect inbound email spoofing
and warn recipient» Prevent Whaling attacks against C- Levels» Automatic detection of normal address
format or manual upload
![Page 17: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/17.jpg)
FortiSandbox Action
▪ Separate actions for FortiSandbox scan results(Attachments and URI): » Malicious/Virus» High Risk» Medium risk» Low Risk» No Result
![Page 18: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/18.jpg)
FortiMail
Other Features
![Page 19: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/19.jpg)
Security Fabric Integration
▪ FortiSandbox» Identify previously unknown threats» Return file and URL ratings to FortiMail
▪ FortiGate, FortiClient, Fabric-Ready Partners» Receive IoCs related to attacks starting with email» Increase overall security posture
▪ FortiAnalyzer» Aggregate and correlate security logs from email, network, endpoint and more» Provide a single, enterprise-wide view of the security posture
FortiGateFortiMail
HTTP Traffic
MailServer
FortiSandboxFiles for
Inspection
Fabric Ready Endpoint Partners
Ratings Returned
IoCs to Block
FortiClient
FortiAnalyzer
IoCs to Block
![Page 20: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/20.jpg)
FORTIGUARD ENHANCEMENTS
▪ Email Template Hashing» Some spam content follows a very
common layout format » Content hashes change on each mail but
follows a common format
▪ Enhanced Data Mining Engine » AntiSpam Data Mining Engine
enhancements, over 90% AntiSpamsignatures are now mined/releasedby our AntiSpam Data Mining Engine automatically
FortiGuard HASH
![Page 21: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/21.jpg)
FortiGuard Geo IP
▪ Import Geo IP DB from FortiGuard» IP Based Policy based in
Geo Country / Region» Embellish reports and logs with
region flags
![Page 22: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/22.jpg)
Office 365 API Integration
▪ Office 365 Connector » New feature becomes visible on licensing» Available in Gateway mode » Profiles & Policy are totally separate to the
existing versions
▪ Configuring an Office 365 Account » Add Account » Single Sign-on into Office365 to grant API
access permission
![Page 23: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/23.jpg)
Office 365 API Integration
▪ Scan Policy » On demand: Scans emails post deliverywhen triggered by administrator(useful for POC)
▪ Pattern matching» Similar to Recipient Policy» Defines which recipients and sendersto scan email for
▪ Profiles» Similar to Recipient Policy» Apply security profiles to email flows
![Page 24: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/24.jpg)
Exclusive Networks
Here For You
![Page 25: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/25.jpg)
Excslusive Network Italy Overview
![Page 26: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/26.jpg)
Training Training in aula, online e presso la vostra sede Centro Pearson-VUE, certificazioni in sede Exclusive Networks
Servizi Professionali Professionisti Certificati per support Pre e Post Vendita Installazione, Design, Configurazione, Ottimizzazione Eroghiamo servizi di persona e remotamente
Exclusive Networks per voi
Power Lab Toccare con mano l'integrazione fra diverse tecnologie 20 Brand presenti, scenari con integrazioni reali Possibilità di ospitare Partner e Utilizzatori Finali
![Page 27: FortiMail FML.pdf · • Use of social engineering techniques to get users to open email and execute malware ... IMAP, Webmail and calendaring in ... from email, network, endpoint](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b803617d86b1fe6649f4f/html5/thumbnails/27.jpg)
Next Events
https://tech-experience-2020.sharevent.it/it-IT