© Copyright Fortinet Inc. All rights reserved. © Copyright Fortinet Inc. All rights reserved.

Advanced Threat Protection

Telling and Selling the $20b Story

January 2016

2 2

Agenda

Telling the Story

Selling the Story

Recap/Resources

Telling the Story

4 4

The Problem: Breaches, Breaches and More Breaches

2014: 79,790 security

incidents

2015: CEOs, CIOs and

CISOs who resigned

All organizations should now assume

that they are in a state of continuous

compromise. — Gartner, 2/14/14

Sources: Verizon 2015 Data Breach Investigations Report, April 2015

Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks. February 2014.

IDG Media. IT Security Priorities and Next-Generation Firewall Deployment. January 2016.

5 5

Random Detection (average ~200 days,

prior to response)

DURATION

IMP

AC

T

The Impact: Extended Compromise, Data Loss, Headlines…

6 6

The Impact: Extended Compromise, Data Loss, Headlines…

Sources: Verizon 2015 Data Breach Investigations Report, April 2015

7 7

Known

Good

Known

Bad

Probably

Good

Very

Suspicious

Somewhat

Suspicious

Might be

Good

Completely

Unknown

Whitelists Reputation:

File, IP, App, Email

App Signatures

Digitally signed files

Blacklists

Signatures

Heuristics

Reputation:

File, IP,

App, Email

Generic Signatures

Code Continuum

Security Technologies

A Root Cause: “Idon’tknowware”

70-90%

OF MALWARE SAMPLES

ARE UNIQUE TO AN

ORGANIZATION

8 8

Whitelists Reputation:

File, IP, App, Email

App Signatures

Digitally signed files

Blacklists

Signatures

Heuristics

Reputation:

File, IP,

App, Email

Generic Signatures

Code Continuum

Security Technologies

Sandboxing

A Solution: Behavior-based Sandboxing of the Unknown

Sources: Verizon 2015 Data Breach Investigations Report, April 2015

70-90%

OF MALWARE SAMPLES

ARE UNIQUE TO AN

ORGANIZATION

Known

Good

Known

Bad

Probably

Good

Very

Suspicious

Somewhat

Suspicious

Might be

Good

Completely

Unknown

9 9

Why? It Provides Information to Stop Advanced Threats

Source: Forrester Sandbox Survey. November 2015.

Worldwide Specialized Threat Analysis and Protection Revenue,

2011-2019: Comparison of August 2013 and May 2015 Forecasts

May 2015 forecast

August 2013 forecast

2011 2012 2013 2014 2015 2016 2017 2018 2019

($M

)

3,500

3,000

2,500

2,000

1,500

1,000

500

0

10 10

What You Need to Know About FortiSandbox

1. Analyzes Activity

2. Provides Data, Dynamic Updates

3. Independently Validated

4. Cloud or On-Premise Options

5. Integrated and Automated

11 11

Random Detection (average 200 days,

prior to response)

DURATION

IMP

AC

T

Sandbox Only Detection &

Response (days)

Why? A Good Sandbox Reduces Dwell Time, Risk, Impact

12 12

Experienced Sandbox Users Seek Integration and Automation

Base: 150 IT security decision-makers at US-based enterprises that have implemented or evaluated sandbox technology

Source: A commissioned study conducted by Forrester Consulting on behalf of Fortinet, August 2015

13 13

Integrating A Sandbox with NGFW/WAF Speeds Response

Random Detection (average 229 days,

prior to response)

DURATION

IMP

AC

T

Sandbox Only Detection &

Response (days)

Sandbox +

NGFW/WAF Detect & Respond

(minutes)

14 14

What You Need to Know About FortiGate as NGFW

1. Independently Top Rated Prevention

2. Send Unknown Items to FortiSandbox

3. One-Click Quarantine

4. Automatic, Local Updates

5. Detects Advanced Threats

15 15

What You Need to Know About FortiWeb

1. Shields Web Servers From Exploit

2. Fastest Performance, Lowest TCO

3. Sends Items to FortiSandbox

4. Removes Files Based on Results

5. Detects Advanced Threats for One Attack Vector

16 16

How To Move From Detection/Response To Prevention?

Random Detection (average 229 days,

prior to response)

DURATION

IMP

AC

T

Sandbox Only Detection &

Response (days)

Sandbox +

SEG/EPP

Prevention (0-second)

Sandbox +

NGFW/WAF Detect & Respond

(minutes)

17 17

What You Need to Know About FortiMail SEG

1. Top rated Threat + Data Protection

2. On-premise or Cloud Service

3. Holds Messages for Analysis

4. Sends Items to FortiSandbox

5. Provides Advanced Threat Prevention

for One Attack Vector

18 18

What You Need to Know About FortiClient

1. Unified Client Software

2. Top-rated with New Central Management

3. Sends Items/Acts Before or After Install

4. Receives All FortiSandbox Results

5. Advanced Threat Prevention for All

Vectors…but Seen by Every User

19 19

Hand off : High risk items

Hand off : Provide

ratings

& results

Hand off : Creating a

fix & update

prevention

FortiSandbox & everything that is

behavior based

FortiGate & everything that

can enforce a

security policy

FortiGuard teams and automation

This is our Fortinet Advanced Threat Protection Framework

Selling the Story

21 21

Customer Concern: Advanced Threats on the Web

22 22

Recent $2.2m investment in Fortinet

Initial $10m quote from FireEye

Won Fair PoC: coverage, cost

Sales Motion: Add Sandbox to FortiGate NGFW

23 23

Customer Concern: Targeted Email Attacks

24 24

Director favored FireEye

Fortinet won with: » Better detection

» FortiGate/FortiMail integration

» Flexible deployment options

Sales Motion: Add SEG + Sandbox

25 25

Customer Concern: Advanced Attacks via Web and Email

26 26

Sales Motion: Net New NGFW+ SEG + Sandbox

FireEye was dismissed due to the

distributed environment.

FortiGate + FortiSandbox stopped

spearphishing

FortiMail integration is first in 2016.

27 27

Customer Concern: Advanced Attacks Via Web, Email, Web Apps

28 28

Sales Motion: Net New NGFW + SEG + WAF + Sandbox

End to end solution

NSS certification

29 29

Customer Concern: Exposed Endpoints

30 30

Sales Motion: Net New Sandbox + Client

Full featured client reduces agents

Caught thousands of malwares

missed by SCEP

Stops zero-days with FSA

31 31

Customer Concern: Strongest Defense Against APTs

32 32

The $20bn Opportunity…This Year

Sandbox ($2bn)

33 33

The $20bn Opportunity

Sandbox ($2bn)

NGFW/UTM ($8.5bn)

34 34

The $20bn Opportunity

Sandbox ($2bn)

NGFW/UTM ($8.5bn) SWG

($2bn

)

SEG

($2bn)

35 35

The $20bn Opportunity

Sandbox ($2bn)

NGFW/UTM ($8.5bn) SWG ($2bn)

Endpoint ($4.6bn) SEG

($2bn) WAF ($800m)

36 36

Recap

Every Organization Should Have a Sandbox » New and Necessary Technology

» Can be affordable and manageable when integrated

It’s part of the only ATP Solution NSS Recommended Edge to Endpoint

Pick the point(s) of integration that make sense for your customers

37 37

Recap

Concern ATP Component Pro Con

Breaches/Headlines FortiSandbox Detects the Unknown

Enables Response and Mitigation

Requires Response

Web-based Threats,

Broad Coverage

FortiGate NGFW +

FortiSandbox

Extends Sandbox Coverage,

Speeds Response and Mitigation

Detection Only

Web App Exploits FortiWeb WAF +

FortiSandbox

Covers a Top Attack Vector,

Speeds Response and Mitigation

One Vector Only

Targeted Email Attacks,

Prevention

FortiMail SEG +

FortiSandbox

Prevention for a Top Attack Vector One Vector Only

Exposed Endpoints,

Manual response

FortiClient EPP +

FortiSandbox

Prevention for All Vectors Visible to all End Users

38 38

Additional Resources http://www.fortinet.com/solutions/advanced-threat-protection.html

Breaking the Kill Chain video http://www.fortinet.com/videos/breaking-kill-chain-advanced-attacks.html

Forrester Sandbox Survey Exec Summary http://www.fortinet.com/resource_center/analyst_reports/sandbox-technology-breach-detection-response-strategy.html

ATP Framework paper http://www.fortinet.com/sites/default/files/whitepapers/ATP-Framework.pdf

CTAP http://www.fortinet.com/how_to_buy/request-cyber-threat-assessment.html

Fuse Community- Advanced Threat Protection https://fuse.fortinet.com/p/fo/si/topic=438

39 39