Fortinet Confidential Bangalore 4 th December 2009 Vishak Raman Regional Director – SAARC & KSA “Security Virtualization”
The Cloud Momentum Virtualization & Network consolidation In the cloud &Data Center –Telco’s Case Study Virtualized Security–An Enterprise case study Fortinet
The Cloud Momentum A cluster of IT – enabled services which can be utilised over the internet (cloud) as a service – ‘re use of IT capabilities’ Where information is permanently stored in servers on the internet and cached temporarily on clients that includes desktop, Entertainment centers, table computers, notebooks, wall computers, handhelds, etc,
Gartner’s Hype Cycle for Cloud Computing
Is the cloud driving …..green IT subtly ? SECURITYSECURITY
Fortinet Confidental 6 Top concerns in IT Security Dynamic threat landscape Continued increase in sophistication and prevalence of threats which require multiple security protections Regulatory compliance pressures (SOX, PCI, etc.) Business Continuity Impact on business of a security breach Higher performance always required to cope with evolution of business applications Distributed networks & mobile users IT budgets: Doing More with Less Rising complexity and cost of managing and maintaining multiple security solutions Increased pressure to improve security service while reducing TCO Reductions in Footprint Physical / Data Center Carbon
The Cloud Momentum Virtualization & Network consolidation In the cloud &Data Center –Telco’s Case Study Virtualized Security–An Enterprise case study Fortinet
Many ways to Virtualization Servers Desktops Applications Networks Storage
Fortinet Confidential Consolidate Physical Resources Logical resources may remain the same! Reduce Power Consumption Streamline System Recovery Control and Provide Growth Simplify system maintenance Optimize Resource Utilization Maintain OS Versions and updates Training The Economist, May 22 nd 2008 Why Virtualize?
Information Security Over head. High availability solutions Separated management Interfaces Troubleshooting madness Training period Updates and upgrades Support ?! Who and for what? Logging a reporting Hardware cost
Virtualized Security must feel with Performance Management Flexibility Content Security Reliability / Density Logging / Reporting
Virtualization Virtual Domains (VDOM) Enable a single hardware system to function as multiple independent virtual systems Multiple VDOMs supported per physical security device
13 Virtualized Architecture Super Admin VDOM Admin Hardware OS Firewall VPN(IPSec/SSL) IPS Web Filtering Gateway AV App Control Routing VLANs Firewall VPN(IPSec/SSL) IPS Web Filtering Gateway AV App Control Routing VLANs Setup 2... Setup 1 MGMT
Security Hardware Scalability
The Cloud Momentum Virtualization & Network consolidation In the cloud &Data Center –Telco’s Case Study Virtualized Security–An Enterprise case study Fortinet
Traditional Data center Environment “In the Cage” Services Internet Dial-up Customers with Mobile VPN Clients www Access Internet Data Center with Multiple LAN’s Admin or ASP Customer Access (WAN link or VPN) Administration Customer -B Customer -A Front End- Web Servers Back-end- Data base Servers Front End-Web Servers Front End Back End High Availability Mode Customer -C
Next generation Cloud based offering using single Chasis..... MSSP – Security Operations Centre Internet FortiManager Fortianalyzer Cust2 Cust1 Cust3 Root Virtual Domain Cust1 Virtual Domain Cust2 Virtual Domain Cust3 Virtual Domain 802.1Q VLAN trunk Core Router Aggregation L2 switch, DSLAM etc MSSP domain Log data with VDOM tagging COMPLETE CONTENT SECURITY SERVICES FIREWALL ANTI VIRUS ANTI SPYWARE & ANTI PHISHING WEB FILTERING IPS MESSAGING FILTERING SPAM FILTERING P2P CONTROL IM CONTROL
18 VAS – High Margin Solutions for TELCO’s Increases ARPU Reduces CAPEX Reduces OPEX
Some Carrier and Service Provider Customers
The Cloud Momentum Virtualization & Network consolidation In the cloud &Data Center –Telco’s Case Study Virtualized Security–An Enterprise case study Fortinet
Airport Infrastructure overview Domestic Security Check Airline Domestic Security Check Final check Aerobridges
Virtualized Airport Security Solution A single device will have separate Virtual UTM for each of the Airline networks High Performance - FW + VPN +IPS+WEB+AS Switch Firewall in HA Internet Air Lines 1 Air Lines 2 Air Lines 3 Air Lines 4 Traveler's LAN Custom’s Office Switch Air Lines 1 Air Lines 2 Air Lines 3 Air Lines 4 Custom’s Office E1 Connectivity VLAN’s on Airport network Airport Network
Multi tenant Security for offshore Development Center (ODC )
Virtualized Security for Space Collaboration Center Multiple Agencies (Domestic /International ) University Space agency Science Academy Public information 11 Payloads developed/ designed with multiple mappings output generation 5 Domestic ( indigenous ) 6 AO international ( collaborative ) It needed logical separation Different access policy / Internal protection Test Data from specific payload Upload /download from the respective servers Secured access & remote connectivity for domestic & international agency
Centralized Internal Security Consolidation Back Bone Switching Centralized Logging and Reporting Out of Band Management Department A HA security solution with Virtual Solutions Department B Department C Project A Project B Project C Server Farm Internet Access INTERNET
Summary Virtualization is here to stay Security & virtualization is a must to offer Cloud based services Data Location Risk Data and Code Portability Risk Data Security (Privacy) Risk New Business Models would evolve in the difficult economic conditions & Virtualization will be a key Virtualization would allow Enterprise to compete in difficult economic conditions & provide highest level of security Datacenter & Telco’s would look at cost saving ( power / cooling) apart from ease of management & deployment
Global Trends Virtualization & Network consolidation In the cloud &Data Center –Telco’s Case Study Virtualized Security–An Enterprise case study Fortinet
Company Overview First Multi-Layered Security Platform provider that leverages ASIC technology Largest private network security company ~ 1300 employees / > 650 R&D 450,000 + FortiGate devices WW Founded in 2000 Global Operations in U.S., EMEA & APAC Independent certifications 8 ICSA certifications (only vendor) Government Certifications (FIPS-2, C C EAL4+) 60+ industry awards 11 patents; 80+ pending Virus Bulletin 100 approved (2005, 06,07) and NSS Certifications
29 Gartner’s Hype Cycle for Infrastructure Protection
30 Threatscape Evolution Connection Based Attacks Layer 2/3/4 Mobile Devices and Crossover Web 2.0 Inappropriate Content Denial of Service Attacks Spam, Phishing Pharming Virus, Spyware, Adware, Trojan, Worm Peer to Peer Botnets Identity Theft Application and System Vulnerabilities
Fortinet High-End Traction Worldwide UTM Revenue Share, 2008 $50,000-99,999 Price Band (Source: IDC, March 2009) Fortinet Secures: Seven of Top 10 Fortune 500 Eight of Top 10 Global 500 in EMEA Eight of Top 10 Global 500 in APAC Six of Top 10 Global 500 Commercial & Savings Banks Seven of Top 10 Global 500 Aerospace & Defense Two of Top 5 Global 500 in IT Services
VPN (IPSec and SSL) Firewall + VPN Firewall Secure Content Management Antivirus Antispyware Web filtering Messaging security Intrusion Detection & Prevention IDS IPS Database Vulnerability Assessment Database Security/Audit Securing Content in Applications/Databases Real-Time Application & Network Protection – Portfolio Endpoint Security Firewall Web filtering Antispyware IPSec VPN Antispam Antivirus
Key Enterprise Customers – 10,000 + installations Manufacturing Banking & Finance Print/ Media / Retail Telecom Software/ITES
Thank You! For more information please visit