secure sd wan · 2019-11-19 · 3 network security leader fortinet is among the top 4 public...
TRANSCRIPT
2
• Fortinet
• Security Fabric
• Secure SDWAN as a part of the fabric
• Beyond SDWAN → SDBRANCH
• Use case:
• Use best connections/path for your application
agenda
3
Network Security Leader
Fortinet is among the top 4
public cybersecurity
companies in the world.
Its broad portfolio of solutions
spans Network, Infrastructure,
Cloud, and IoT Security.
$13.1BMkt Cap
~$1.8B - 2018(revenue)
* As of June 30, 2019
415,000+Customers
4.9M+ Appliances Shipments Worldwide
(+30% units WW)
4
70% of F100 Are Fortinet Customers
TelcoFinancials/
Banking
Technology
RetailAerospace/
Defense
10 of 12
Healthcare
12 of 15
Transportation
3 of 5 9 of 11 3 of 5
9 of 104 of 4 11 of 13 3 of 54 of 5
Financials/Ins Food/Bev
Energy
5
Fortinet is Positioned for a Bigger Total Addressable Market
NETWORK SECURITY
CLOUD SECURITYINFRASTRUCTURE SECURITY
IOT & OT SECURITY
$9B
INFORMATION SECURITY
$59B
$18B
$19B
NAC
Mobile
Endpoint
WiFi
Switch
5G
Identity
Source: Fortinet reclassification of data
from recent analyst research. 2022
opportunity shown.
6
History of Leading Network Security Innovation Number of Patents
Number of patents issued as listed by the U.S. Patent and Trademark Office
Based on information on USPTO website on 06/30/2019
598
182
180
175
81
75
0 100 200 300 400 500 600
Fortinet
FireEye
SonicWall
Palo Alto Networks
Sophos
Check Point
• #1 Security Innovator• Competitor data based on patents issued as
listed by the U.S. Patent and Trademark Office
598 U.S. Patents
30 International Patents
628 Global Patents
7
A Leader in Network Security
Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D'Hoinne, Rajpreet Kaur, 4 October 2018
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advice technology users to select only those
vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should
not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to its research, including any warranties of
merchantability or fitness for a particular purpose.
Gartner Peer Insights reviews constitute the subjective opinions of individual end-users based on their own experiences, and do not represent the views of
Gartner or its affiliates.
©GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates, and is used herein with permission. All rights reserved.
Gartner Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls), Rajpreet Kaur & Claudio Neiva, 20 September 2018
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advice technology users to select only
those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner ’s research organization and
should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to its research, including any warranties of
merchantability or fitness for a particular purpose.
©GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates, and is used herein with permission. All rights reserved.
9
1st Generation Network Security : Connectivity
Networking
ServerPC
Security
Trusted
Firewall
Not
Trusted
Software
<2000Network vs Security
10
Networking Security
2nd Generation Network Security : Content
Devices
>2000
NGFW
Network vs Security
TrustedNot
Trusted
Hardware
11
3rd Generation - Security-Driven Networking
Cloud
WAN Edge
Endpoint
IoTOT
Networking
Exploit
Malware
Insider
Security
SoC 4
Secure SD-WAN
Secure Access
Secure Cloud
Secure 5G
Security-Driven
Networking
5G
Edge
NowNetwork vs Security
12
BroadVisibility of the entire
digital attack surface
IntegratedAI-driven breach prevention
across all devices, networks,
and applications
AutomatedOperations, orchestration
and response
Fortinet Security Fabric
14
Existing WAN Challenges at the Branch – Gartner Survey
Increasing WAN costs
Poor Application Experience
Complex Management
Low Security Posture
72%58%47%34%
Resource: Gartner Survey Analysis: Address Security and Digital Concerns to Maintain Rapid SD-WAN Growth, Naresh Singh, 12 November 2018
15
• Improve Security - application visibility and control
Need fast ramp to Multi-Cloud and Internet services
• Cost effectively scale bandwidth
Optimize application performance
• Reduce management complexity and operation cost
Faster service delivery and flexibility
Digital Transformation creates challenges for customers
Legacy WAN architecture is not optimal for the cloud enterprise
16
Secure Connectivity to Cloud
Better Cloud Application Performance
Dramatically Simplifies traditional WAN Complexity
Lightweight Replacement of traditional routers
SD-WAN is the New Business Outcome Driven WAN
SD-WAN FUNCTIONALITYSIMPLIFICATION
17
Fortinet Secure SD-WAN Use-Cases
Reduce Cost
Enables MPLS to Broadband
transition while keeping the best
security posture at the edge
Enable Cloud Ready Branch
Improves application and user
experience using Cloud on ramp
Simplified Operations
Reduces complexity by consolidating
point products. Enables single pane of
glass management & Analytics FortiGate
FortiManager
FortiGuard Labs
3X Reduce Hardware Cost
30% Reduce WAN Cost
2X Better User Experience
19CONFIDENTIAL© Fortinet Inc. All Rights Reserved.
Enterprise SD-WAN Use CasesInternet SaaS – Application Aware + Path Awareness Intelligence
Internet
ISP-B
Internet
ISP-A
Critical Apps
Best path is chosen depending
on latency, jitter & packet loss
Critical Apps
Redirected to a new link in case the
WAN conditions are better than the
threshold
Office
Not Business App
Less priority. QoS
19
20CONFIDENTIAL© Fortinet Inc. All Rights Reserved.
Enterprise SD-WAN Use CasesMPLS backup with local breakout
MPLS
Branch
HQ
MPLS Dependency
Inflexible, expensive, good
QoS
Critical Apps & Secure access
Redundant path through IPSec
VPN
Direct secure access to Internet,
SaaS and IaaS content
NGFW + SSL Inspection
Internet
20
21CONFIDENTIAL© Fortinet Inc. All Rights Reserved.
Enterprise SD-WAN Use CasesMPLS replacement
Branch
HQ
Critical Apps
Best path is chosen depending
on latency, jitter & packet loss
Critical Apps & Secure access
Redundant path through IPSec
VPN
Internet
Internet
Direct secure access to Internet,
SaaS and IaaS content
Load balanced across different
lines so bandwidth is optimized.
21
22CONFIDENTIAL© Fortinet Inc. All Rights Reserved.
Enterprise SD-WAN Use CasesCentralized Internet Management
Retail
Retail
MPLS
Internet
Internet
Internet
Internet
Internet
Central Traffic Management
Route all the traffic through HQ
HQ
Secure access to Internet, SaaS
and IaaS content
NGFW + SSL Inspection – Load
balance if needed.
22
23CONFIDENTIAL© Fortinet Inc. All Rights Reserved.
Enterprise SD-WAN Use CasesRedundant Public Cloud access
Branch
Internet
MPLS
Public Cloud
Internet
Health-Check
Link Fail Detected
Redundant Access
Traffic through HQ
HQ
Dynamic
Routing
23
25CONFIDENTIAL
FOS 6.2 – FortiGate SD-WAN
Visibility into 3000+ applications
Application-level transaction for better
SLA
Dynamic WAN link selection using SLA
strategies
Automated fail-over capabilities
High-level monitoring of SD-WAN devices on a
map
Detailed application monitoring
Application
Aware
Multi-Path
Intelligence
Simplified
Monitoring
Certified
Security
Multi
Broadband
Supported
Transport independent with support for Ethernet, 3G/4G
Aggregate multiple interfaces into single SD-WAN interface
Most Certified Security such as NSS Labs
High Performance powered by Security
Processor technology
26CONFIDENTIAL
FortiGate Next Generation Firewalls with Integrated SD-WAN
+ + + + + + + +
Secure SD-WAN
Scalable and Easy to Deploy
SD-WAN App
Control
Intrusion
Prevention
Antivirus URL
Filtering
Sandboxing SSL InspectionTraffic
Shaping
VPN
Unprecedented Integration and visibility
SD-WAN NGFW
SD-WAN requires direct internet access which demands security at every branch
90% of the SD-WAN vendors only offer stateful firewalls which is not enough
28CONFIDENTIAL
FortiOS Secure SD-WANManagement & Visibility – Zero Touch Provisioning
CONNECT
Connect Device
CONTACT
Contact made with FortiDeploy
service within FortiCloud
CONFIGURE
Full Device Configuration
from FortiManager
FORTIMANAGER
BRANCH OFFICE
FORTICLOUDFORTIDEPLOY
1
2
3
30CONFIDENTIAL
Gartner : Security is the top concern for SD-WAN
72% of Customers reported
that Security is the top concern
during WAN initiatives
58% of Customers looking for
better application performance
47% of Customers looking for
better TCO while selecting SD-
WAN vendors
31CONFIDENTIAL
Gartner’s 2018 Magic Quadrant for WAN Edge Infrastructure
“Fortinet should be shortlisted for all
WAN edge opportunities globally”
“The vendor’s vision and roadmap to
deliver increasing levels of automation
align with Gartner’s view of emerging
customer needs”
Marked as a “Challenger” with Furthest
“Completion of Vision”
32CONFIDENTIAL
Fortinet SD-WAN Receives “Recommendation” from NSS Labs
Highest QoE for VoIP
Best Total Cost of Ownership
Only Security Vendor to be
Recommended
4.38 out of 4.41
$5@749 Mbps
Blocked 100% Evasions
33CONFIDENTIAL
Why Fortinet for SD-WAN
NGFW 2013 2014 2016 2017
Fortinet Recommended Recommended Recommended Recommended
Palo Alto Networks Recommended Caution Neutral Caution
Checkpoint Recommended Recommended Recommended Recommended
Cisco Recommended RecommendedNeutral/
RecommendedRecommended
Juniper NeutralDid not
participateNeutral Caution
Security Processor delivers
industry’s best NGFW security,
which is far superior to segmentation
NSS Labs recommend Fortinet
for SD-WAN and Security.
Rated leading challenger by
Gartner
NGFW Security Independent ValidationNative SD-WAN
FortiGate provides best of breed
integrated SD-WAN and security
capabilities in a single device.
35CONFIDENTIAL
What is SD-BranchExtension of Secure SD-WAN to a complete SD-Branch solution
SD-Branch
SD-Branch
FortiSwitch
FortiAP
SD-WAN
Secure
SD-WAN
SD-WAN
SD-Branch
36CONFIDENTIAL
Access
Management
WiFi Controller
Firewall
Management
Switching
Multi-vendor Layer Approach = Complexity
Complexity is the Enemy
▪ Multiple point solutions
▪ Multiple platforms
▪ Multiple management consoles
▪ Inconsistent policy and networking
▪ Varying upgrade cycles
▪ Slow and porous threat response
▪ Resources strained to maintain
▪ Prone to configuration complexity
SD-WAN
37CONFIDENTIAL
Access
Management
WiFi Controller
Firewall
Management
Switching
Fortinet’s security fabric = Simplicity
FortiGate Manages it all
▪ FortiLink» Switch ports are an extension of your
NGFW
▪ FortiLink wireless» SSIDs are an extension of your NGFW
▪ No additional licenses
▪ No new UI to learn
▪ Simple deployment
▪ Harmonized configuration
FortiGate
+
SDWAN
+
Switch
+
Access PointsSD-WAN
38CONFIDENTIAL
Secure Unified Access Ethernet
FortiSwitchSecure
Pervasive Security with Fortinet Security
Fabric Integration powered by FortiLink.
Simple
Multiple Simplified Management,
Deployment, and Network Architectures.
Scalable
Stackable up to 300 switches per
FortiGate.
FortiSwitch becomes a logical extension of
the FortiGate when connected via FortiLink
39CONFIDENTIAL
Secure Unified Wireless Access with FortiAP
▪ Secure
» Pervasive security with Fortinet Security Fabric
integration.
▪ Simple
» Plug & Play simplified management with a
single pane of glass for wired, wireless, and
security that requires no additional licenses
▪ Visibility
» See the whole network, and track identity
throughout.
Wireless networks become a logical extension of
the FortiGate when controlled via FortiLink Wireless
FortiAP
40CONFIDENTIAL© Fortinet Inc. All Rights Reserved.
Integration of SD-WAN and LANFortiManager
Switches Access Points
▪ Zero-Touch Deployment
▪ VLAN provisioning
▪ Port Security Policies
▪ Zero-Touch Deployment
▪ SSID Provisioning
▪ Wireless Security
41CONFIDENTIAL
Single Pane of Glass to Manage LAN and WAN Devices at the Branch
Consolidation of Branch Services
CHALLENGES
▪ Multiple management consoles
▪ Complex provisioning to bring up a
new branch
SD- Branch
FortiGate
Secure
SD-WAN
FortiAPFortiSwitch
LAN
WAN
43CONFIDENTIAL
▪Using Cloud SAAS Apps
▪ Analyze behavior of path selection in function of
» SLA type
» Network health
Goal of demonstration
44CONFIDENTIAL
▪Use best connections for the business applications
▪Network services should always be available
▪Use dedicated link for training platform
▪ All other traffic may not influence business application
Business Needs