ondrej stahlavsky - itapasecurity still the no.1 inhibitor iot 35b devices, mostly headless...
TRANSCRIPT
![Page 1: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/1.jpg)
© Copyright Fortinet Inc. All rights reserved.
Fortinet Security Fabric
Ondrej Stahlavsky
Regional Director CEE
![Page 2: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/2.jpg)
2
Infrastructure. Constant Change.
GreenGoogle’s 13 data
centers use 0.01%
of global power
SDN/NFVSoftware-defined
everything. SD WAN
SaaSOn average, companies
have 10+ applications
running via the Cloud
IaaSSecurity still the
No.1 inhibitor
IoT35B devices, mostly
headless attaching
to the network
Virtualization80% of data center
apps are virtualized
MobileNo control of
endpoints (BYOD)
SocialBandwidth ever
increasing
BandwidthWi-Fi speeds rival LANs.
100G networks here
AnalyticsBig Data
Internet 2100 Gbps and
UHDTV
5GWireless
FUTURE
100G
![Page 3: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/3.jpg)
3
Accidental Architecture
Routers
Switches
Wireless Access
NETWORK
TEAM
ICSTEAM
SECURITY TEAM
OS TEAM
Firewall
IPS
Web Application
Desktop OS
Antivirus
Mobile Device Mgmt
ICS
SCADA
Many Isolated Point Solutions
![Page 4: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/4.jpg)
4
The attack surface has increased dramatically, everywhere, inside and out.
PoS
IoT
UTM
NGFW
Campus
Mobile
Endpoint
Data Center
DCFWBranch
Office
Internal External
![Page 5: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/5.jpg)
5
Growing malicious activity
![Page 6: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/6.jpg)
6
Security Threat Mitigation
PrepareSegmentation
Processes
Training
PreventHarden
Isolate
Network
Application
Endpoint
DetectATP
SIEM
TIS
RespondContain
Remediate
Clean
1
2
34
![Page 7: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/7.jpg)
7
End-to-End Segmentation
Branch
Office
PoS
IoT
UTM
Data Center
Cloud
SDN Orchestration
NGFW
Campus
Mobile
Endpoint
Data Center
DCFW
Internal
External
![Page 8: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/8.jpg)
8
Fortinet Security Fabric
AccessEndpoint Application Cloud
NOC/SOCAdvanced
Threat Intelligence
Network
Fabric Ready
• Scalable
• Aware
• Secure
• Actionable
• Open
![Page 9: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/9.jpg)
9
Parallel Path Processing (PPP)
Packet
Processing
Content
Inspection
Policy
Management
Scalable - The Fabric covers the entire network attack surface (From IoT to Cloud)
Slow is Broken
CPU Only
Policy Management
Packet Processing
Deep Inspection
More Performance
Less Latency
Less Power
Less Space
CPU
Optimized
SoC
CP 9 SoC 3
![Page 10: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/10.jpg)
10
Fabric Attributes – Awareness
Visibility SegmentationAutomated
Operation
Security
Audit
Fabric wide policy control
Synchronized configuration
Single Pane of Glass
Performance
Discovery
Co-operation
Recommendations based
on security posture
Policy Audit
Vulnerability awareness
All Elements
Visualization
Interaction
![Page 11: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/11.jpg)
11
Device Access Network Cloud
Distributed
Enterprise
Edge Segmentation
Branch
Data Center
North-South
Carrier Class
SDN/NFVPrivate Cloud IaaS/SaaS
WLAN / LAN
Rugged
Embedded System on a Chip Packet and Content Processor ASIC Hardware Dependent
Device
>1G
Appliance
>5G
Appliance
>30G
Appliance
>300G
Chassis
>Terabit
Virtual Machine
SDN/NFV
Virtual Machine
On Demand
Client
Endpoint/IoT Application
Security
FLOW
Appliance
Virtual
Cloud
Secure – The Fabric cover all the possible attack vectors such as Network, Endpoint Access, Web, Email and Cloud
Security
UpdatesIPS AVAPPFW VPN
![Page 12: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/12.jpg)
12
FortiMail
FortiClient
FortiGateAdvanced
Threat
Protection
Appliance Virtual Cloud
App Control Antivirus Anti-spam
IPS Web App Database
WebFiltering
VulnerabilityManagement
BotnetMobile
Security
CloudSandbox
DeepApp Control
Partner
FortiWeb
Actionable – The Fabric cuts Time to Protect from hours to seconds
![Page 13: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/13.jpg)
13
Open – The Fabric allows integration of existing security solutions
SIEM
Private
Cloud
(SDN)Endpoint
Public
Cloud
Vulnerability
Management
![Page 14: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/14.jpg)
14
Cloud SDN Sandbox
Test/SSO System Integrator SIEM Management
Ecosystem Integration Points
![Page 15: Ondrej Stahlavsky - ItapaSecurity still the No.1 inhibitor IoT 35B devices, mostly headless attaching to the network ... ICS SCADA Many Isolated Point Solutions. 4 The attack surface](https://reader034.vdocuments.us/reader034/viewer/2022050102/5f41a75f51b278367b6260b8/html5/thumbnails/15.jpg)