FortiClient Presentation

1
The Human Factor

2
Market Trends
The Platform Approach
User Security Gaps

According to Gartner
Through 2021,

4% 99% of vulnerabilities
63% of companies exploited will continue to
can not monitor off- of people will click be ones known by
network endpoints,
over half can’t
on any phishing
campaign 80%
security and IT
of hacking-related
professionals for at least
determine endpoint
breaches
one year.
leveraged weak,
compliance status stolen or compromised
credentials

LACK OF VISIBILITY GULLIBLE END USERS VULNERABLE ENDPOINTS

Sources:
1. The Cost Of Insecure Endpoints, Ponemon Institute, 2017
2. Gartner, How to Respond to the 2018 Threat Landscape, Greg Young, 28 November, 2017
3. Breach Investigation Report, Verizon, 2018
4
Integrated Threat Detections

FILE
THREAT NEXT GEN ENDPOINT ANALYTICS &
DETONATION/
INTELLIGENCE FIREWALL SECURITY UEBA
SANDBOXING

5
 Network Security

Fortinet Security Fabric Multi-Cloud Security

Network Device, Access, and

Operations Application Security

Open Ecosystem

Security Operations
Fabric Fabric
BROAD APIs Connectors

Visibility of the entire

digital attack surface

INTEGRATED Endpoint/Device
Protection
Multi-Cloud
Security
AI-driven breach prevention across Network
devices, networks, and applications Security

AUTOMATED Secure Application

Operations, orchestration, Access Security
and response

Security
Operations
Q1FY19 v1.4.4 6
Fabric Integrated Endpoint Security Network
Operations

Endpoint Visibility

Endpoint telemetry
Security posture
Vulnerability scanning
Endpoint/Device
Protection

Dynamic Access Control

Dynamic grouping
Network
Support intent-based Security
segmentation

Proactive Protection

ML-based AV
Sandbox integration
Anti-exploit
Security
Automated containment Operations

7
FortiClient Components
More than Advanced endpoint protection

Fortinet Security Fabric Integration

FortiGate, FortiSandbox, FortiAnalyzer, FortiAuthenticator
ENDPOINT PROTECTION (EPP)
FortiGuard Services
App FW, Anti-malware, Anti-exploit, Web Filtering
CPRL AV, Web Filtering, App Firewall, Vulnerability
3 Management
ADVANCED THREAT PROTECTION

Sandbox Integration 1 2 3

SECURE REMOTE ACCESS

2
SSL & IPSec VPN, SSO Endpoint/IoT
Visibility and Secure Remote Advanced Endpoint
Control, and Access Protection
FABRIC AGENT Compliance
1
Telemetry, Quarantine, Vulnerability, App Inventory
FortiClient FortiClient FortiClient
FortiGate FortiGate, FortiSandbox
Fabric Partners FortiAuthenticator FortiGuard

8
FortiClient Fabric Agent

More than Advanced endpoint protection Network

Operations

ENDPOINT PROTECTION (EPP)

4
App FW, Anti-malware, Anti-exploit, Web Filtering
Endpoint/Device
ADVANCED THREAT PROTECTION Protection

3
Sandbox Integration

SECURE REMOTE ACCESS Network

2 Security
SSL & IPSec VPN, SSO

FABRIC AGENT
1
Telemetry, Quarantine, Vulnerability, App Inventory

Security
Operations
9
Fabric Agent Use Case

• Risk-based visibility
• Identify unpatched vulnerabilities with patching options
• Software inventory for visibility on installed application and versions

• Dynamic access control

FortiClient
• Integrated and automated
• Integrated with the Security Fabric
• Automated response to contain incidents

FortiGate
• Compatibility

FortiClient
10
Use Case 1- Fabric Agent
Automobile Dealership
Why Fortinet over Check Point, Cisco, ForcePoint

 Integration - Security Fabric architecture

 Vendor consolidation
 Visibility across endpoints and network
 Secure SD-WAN with native NGFW features
 Open eco-system, compatibility

What they Deployed Project Key Requirements

 FortiGate 501E, 101E and 61E  Security upgrade (GDPR)  Strong security
 FortiGate VM (for Azure)  Connectivity – User laptops, all offices  Integrated solution - one vendor to
 FortiClient w/ EMS 2300 licenses locations with Datacenter and public secure datacenter, branch, endpoints.
cloud connectivity  GDPR compliance to ensure data
 FortiManager VM
 Secure datacenter security and data sovereignty
 FortiAnalyzer
 SDWAN  Endpoint visibility/compliance control
 FortiSwitch/ FortiAP
 Compatibility with existing EDR

13
Vulnerability Dashboard

14
Risk Visibility In The Network Context
Endpoint Telemetry
• Device information
• OS
• Co-relate multiple MAC
• FortiClient Status
• Endpoint Vulnerabilities
• Logged-in User
• User Avatar
• Social IDs
• Online/Off-line
• Endpoint events and logs

15
Security Rating

16
Automation
 File quarantine
 Submit files for
Sandbox analysis
 Auto Patching
 Compliance
enforcement
 Endpoint quarantine

17
Dynamic Access Control (Intent Based Segmentation)
Use Case: Block Access for Security Risk Endpoints

Internet

Access Segment
Engineering Denied
ENGINEERING INTRANET

Tag Sales Segment

SALES INTRANET

Finance Segment
FortiClient EMS FortiGate FINANCE INTRANET

Critical
Vulnerability

User: Kate User: Jenny User: Jack 18

Group: Engineering Group: Sales Group: Finance
Dynamic Access Control (Intent Based Segmentation)
Use Case: Access Based on AD Groups

Internet

Access Denied
Engineering Segment
ENGINEERING INTRANET

Tag Sales Segment

SALES INTRANET

FortiClient EMS FortiGate FINANCE INTRANET

Tagging Configuration

User: Kate User: Kate User: Jenny 19

Group: Sales
Group: Engineering Group: Sales
Dynamic Access Control (Intent Based Segmentation)
Use Case: Restricted Access for Unknown Endpoints

Internet

AccessSegment
Finance Denied
ENGINEERING INTRANET

Access Denied
Engineering Segment
SALES INTRANET

Access
Sales Denied
Segment
FortiGate FINANCE INTRANET

BYOD

User: Unknown 20
Group: Unknown
Proactive Endpoint Defense

ENDPOINT PROTECTION (EPP)

4
App FW, Anti-malware, Anti-exploit, Web Filtering
• ML-powered Antimalware—CPRL
ADVANCED THREAT PROTECTION
3 • Anti-exploit
Sandbox Integration
• Web filtering
SECURE REMOTE ACCESS
2
SSL & IPSec VPN, SSO
• Application firewall
FABRIC AGENT • Sandbox integration
1
Visibility, Quarantine, Vulnerability, App Inventory

21
Proactive Endpoint Defense

Mitigate Vulnerabilities Detect & Block Integrated &

& Prevent Exploits Advanced Malware Automated Response

• Vulnerability scanning • Anti-malware • File and endpoint quarantine

• Patching • Anti-Exploit • Auto patching
• Exploit Protection • Web filter • Sandbox integration
• Application firewall • SIEM integration
• Integrated Sandbox

Visibility. Integration. Centralized management.

22
Detect and Block Malware and Advanced Threats
Antimalware
• Pattern-based (CPRL) antimalware engine
• Detect polymorphic malware
• Block known attack channels and malicious website
• Big data analysis, machine learning and AI in the Cloud

Anti Exploits (exploit protection)

• Behavior-based detection
• Can detect Advanced malware and ransomware typically package an exploit
• Prevents attacks that leverage PowerShell or other scripts

Sandbox Integration
• Detect advanced or custom malware
• Automatic file submission for analysis
• Threat intelligence sharing across enterprise

23
Enhanced FortiSandbox Integration (new)

24
Use Case 2- Full Endpoint Protection
Online market place
Why Fortinet over SonicWall

 Security Fabric architecture

 Vendor consolidation, Strong firewall on both AWS and campus
 Visibility across endpoint and network
 Zero-Day/advanced threat protection

What they Deployed Project Key Requirements

 FortiGate VM, SDN Connector AWS  Replace aging SonicWall gears  Vendor consolidation – across Public
 FortiGate 100E,200E, 301Eand.  Ensure Public Cloud (AWS) Cloud, HQ and branches
FortiGuard Services infrastructure and ensure availability and  Enhance security while simplifying the
 FortiSanbox Cloud scalability process

 FortiClient w/ EMS  Enhance connectivity across branch  Enhance endpoint visibility and controls
offices, HQ and Cloud. on remote users
 FortiManager VM
 Ensure endpoint security  Compliance reporting
 FortiAnalyzer VM
 Professional Services and Training

25
Secure Remote Access
Two Factor Authentication Single Sign On
VPN
(2FA) (SSO)

LDAP/ Active
Directory

FortiGate
VPN
Internet Finance
Database
Finance FortiAuthenticator
user
Finance Intranet
FortiToken
• Auto-connect, Always on VPN
SSO • Supports SSL and IPsec VPN
• Dynamic VPN Gateway selection, and split tunneling
• Additional layers of security with two-factor authentication
• Single-Sign-on agent supports FortiAuthenticator

28
Auto Dealership
• Goals • 4000 Employees
• Acquisition – Asset control and endpoint visibility • 175+ locations
• Branch location security and connectivity
• Represent 34 Auto brands
• Challenges
• Rapid expansion and acquisition– unable to get clear
account and protection status on computers KEY TAKE-AWAYS:
• Lack of network visibility across branch offices
1. Customer leverages Security
Fabric to gain visibility and
asset management
2. Remote access with Two
Factor Authentication

29
Another Dealership
Solutions
• FortiClient Fabric Agent:
• Endpoint visibility and compliance/ policy
enforcement ENDPOINT PROTECTION (EPP)
Purchased/
• VPN, SSO Implemented App FW, Anti-malware, Anti-exploit, Web Filtering
• FortiAuthenticator, Token
• FortiGate Future ADVANCED THREAT PROTECTION

• FortiManager, FortiAnalyzer upgrade Cloud Sandbox Integration

Why Fortinet
 Integration and Vendor Consolidation - Security Fabric SECURE REMOTE ACCESS

architecture SSL & IPSec VPN, SSO

Purchased/
 Visibility across endpoints and network Implemented FABRIC AGENT
 Secure SD-WAN with native NGFW features Telemetry, Quarantine, Vulnerability, App Inventory

 Secure remote access with MFA and push token

30
Centralized Management with EMS
Enterprise Management System (EMS)

• Configure, deploy and manage FortiClient

• Integrate with LDAP and other enterprise systems

• Real-time endpoint monitoring

• Threat summary, alert and notification
• Remote actions
• Anti-malware scanning
• Vulnerability scanning
• Endpoint quarantine

• Software Inventory
• File quarantine management
• Highly scalable
31
FortiClient
PROACTIVE SIMPLIFIED
ENDPOINT
ENDPOINT AUTOMATION ENDPOINT
VISIBILITY
PROTECTION MANAGEMENT

• Expanded Visibility Across • CPRL updates derived • Dynamic Access control • Dynamic Endpoint Grouping
all OS – Windows, Mac, from FortiGuard ML
Linux, Chromebook, • Compliance Enforcement • Centralized Quarantine
Android and iOS • Enhanced sandbox Management
integration • Security Fabric IOC
• Software Inventory Quarantine • Single Console Management
• Sandbox analysis report in for all platforms
• Integrated Vulnerability EMS • Support FortiOS group
management with patching policy • Improved Usability with New
• Real time Cloud-based Navigation
threat detection for
emerging threats • Cloud-managed option
coming soon
32
Education
Protecting Students on the Internet

• Students must be protected from inappropriate content

• Internet browsing must be transparent—visible/logged/reported

34
Web Filtering
• 75+ URL categories
• More than 43 million rated websites,
and 2 billion+ web pages
• Works with Google Safe Search
• Includes whitelisting and blacklisting of websites
• Monitor all web browser activity

35
Large School District in California
• Public k-12 school districts
• Schools: 29
Goals • Students: 25,994
• Integration, consolidation, CIPA compliance
• Teachers: 989
Challenges
• Deal Size: 40K endpoints
• Enforce web-filtering policy across different device platforms
• Enhanced security—across mail, gateway, and endpoint

Competition KEY TAKE-AWAYS:

• Sophos, Zscaler…
1. Single management for
windows, Chromebook,
iOS devices
2. Security Fabric
3. ATP
36
Large School District in California

Solutions
• FortiMail
• Purchased/ ENDPOINT PROTECTION (EPP)
FortiClient
• FortiGate 501E, 101E and 61E Implemented App FW, Anti-malware, Anti-exploit, Web Filtering

• FortiGate VM
ADVANCED THREAT PROTECTION
• FortiAuthenticator
Cloud Sandbox Integration

Why Fortinet
 Integration and Vendor Consolidation—Security Fabric SECURE REMOTE ACCESS
architecture
SSL & IPSec VPN, SSO
 Visibility across endpoints and network Purchased/
 Consistent web filtering and security policy on and off Implemented FABRIC AGENT
campus Telemetry, Quarantine, Vulnerability, App Inventory
 Cross platform support—Windows, Mac, iOS, Android,
Chromebook

37
Web Filtering Across all Popular OSs

38
Endpoint & Network Security Integration Check List
Visibility Threat Intelligence Alert Open
Automation
& Control Sharing Resolution Ecosystem
 Can you see all devices and identify them?
 Can you monitor the device and associated risks? i.e. unpatched vulnerability?
Outdated applications? Indicator of compromise?
 Enforce control on a network level? Ensure security hygiene?
 Threats intelligence aggregated to the vendor’s “cloud” then push down?
 Can threats intelligence discovered in one endpoint/location shared in real time instantaneous with
the rest of the enterprise regardless of its location?
 Alert resolution? Threat verification?
 Can you set policy to automate response—contain threats automatically, quarantine compromised
hosts?
 How open is the integration?

40
Leading Fashion Brand
• 10,000 employees
• 1200+ locations
Goals • Deal size: Four million+
• Infrastructure modernization
• Simplification through vendor consolidation

Project KEY TAKE-AWAYS:

• Modernize retail location
1. Customer leverages
• Protecting customer data in the GDPR era
Security fabric through out
• Consolidate and consistent security across datacenter, public the network infrastructure,
Cloud (Azure, AWS), campus and regional branch offices
from retail store, campus to
Competition the Cloud
• Check Point, Cisco
2. FabricAgent combability
with Symantec Endpoint
Protection

41
Leading Fashion Brand
Solutions
• FortiClient
• Compatibility with Symantec Endpoint protection ENDPOINT PROTECTION (EPP)
Provided by
• Endpoint visibility and compliance/policy enforcement
Symantec App FW, Anti-malware, Anti-exploit, Web Filtering
• VPN and Mobility Agent for SSO
• FortiGate ADVANCED THREAT PROTECTION
Future
• FortiWifi/FortiSwitch/FortiAP upgrade Sandbox Integration
• FortiGate VM
• FortiAnalyzer/FortiManager
SECURE REMOTE ACCESS
• FortiAuthenticator
SSL & IPSec VPN, SSO
Purchased/
Why Fortinet Implemented
 Integration and Vendor Consolidation—Security Fabric FABRIC AGENT
architecture Telemetry, Quarantine, Vulnerability, App Inventory

 Visibility across endpoints and network

 Open eco-system, compatibility

42