Hoe kan u zich beschermen tegen hackers * of uw
advertisement
Bescherm uw infrastructuur tegen hackers … en uw studenten Geoffrey Van Beylen – Manager Systems Engineering BeLux 15 October 2015 © Copyright Fortinet Inc. All rights reserved. Who is Fortinet? Education sector challenges Fortinet’s Advantages » Consolidation » Security » Infrastructure management Confidential 2 A Global Leader in Network Security $713 Global presence and customer base • Customers: 225,000+ • Units shipped: 1.9 Million+ • Offices: 30+ worldwide Platform Advantage $615 Revenue $M $534 $434 $325 $252 built on key innovations • FortiGuard: industry-leading threat research 2009 2010 2011 2012 2013 2014 • FortiOS: tightly integrated network + security OS $991 • FortiASIC: custom ASIC-based architecture $843 • Market-leading technology: 196 patents, 162 pending 2000, 1st product shipped 2002, IPO 2009 HQ: Sunnyvale, California Employees: 3000+ worldwide Consistent growth, gaining market share Strong positive cash flow, profitable $740 Cash $M $539 Founded $387 $260 2009 2010 2011 2012 2013 2014 3 Wall of Fame ….. FortiWall of Patents #1 in Network Security Appliance Unit Share 5 IDC New Security appliances BeLux …. 2014 Q1 2015 Q2 2015 6 Education IT Challenges Education Challenges: Protecting the Infrastructure Today’s sophisticated threats are causing more damage than ever, and a growing set of security technologies is needed to stop them. Most security vendors outsource or lack critical pieces of the puzzle Schools try to piece together a solution on their own 2000 2003 2005 2007 2011 Today Increasing Damage Hackers FIREWALL Layer 1-2 Intrusions Worms VPN IPS Viruses Spyware Botnets Spam Malicious URLs Malicious Apps Advanced Persistent Threats Anti Malware AntiSpam Web Filter App Control Advanced Threat Protection Increasing Performance Requirements THREAT TIMELINE Content & Application (Layer 3-7) 8 Schools Face Many Challenges – Complexity Too Many Point Solutions Over time, point solutions have been deployed in response to evolving threats Platforms vary across deployment scenarios Management Numerous management consoles Inconsistent policy and networking function SaaS Gateway Web Filtering Varying upgrade cycles Slow and porous response to threats Too many resources required to maintain VPN WAN Acceleration Application Control Firewall IPS Advanced Threat Protection Antivirus WiFi Controller Poor user experience, complaints 9 Fortinet Advantages – Secure Ecosystem Consolidation and Advanced Integration Fortinet Advantage - GLOBAL Platform A new approach to securing Education Single management console Management Optimum-Pass-Processing UTM/NexGen architecture for maximum integration Common platform across all size deployments Firewall VPN Application Control IPS Web Filtering Cost efficient licensing - no user limits – predictable cost structure Consolidated infrastructure – wired & wireless Anti-malware WAN Acceleration Data Leakage Protection WiFi Controller Advanced Threat Protection Faster and more robust response to threats, decreased risk exposure Deploy what you need, where you need it Lower administrative burden. Better use of IT personnel. 11 Fortinet Secure EcoSystem Securing From the Inside Out FAST. SECURE. GLOBAL. FortiPresence FortiCloud FortiSandbox FortiAuthenticator FortiToken Active Directory Analyses customer presence in your retail stores and leverages powerful data mining capabilities to provide business intelligence Provides cloud-based logging and centralized access point management FortiGate FortiDDoS Detonates malware and detects zero-day and advanced attacks. Prevents your organization from making the news. FortiADC FortiGate Identifies users wherever they are, and enforces strong authentication FortiMail FortiAP Secures against Ensures protection Ensures WAN link malicious websites, against application redundancy and undesirable applications, provides inbound level denial of client targeting attacks GSLB load service attacks and malware balancing FortiExtender Retail Location Provides reliable LTE coverage by ensuring adequate placement of your LTE backhaul link FortiManager FortiAnalyzer Servers Secures against email threats and prevents SPAM and virus alike from reaching your users FortiADC FortiWeb Ensures your assets remain available Product List FortiGate FortiAnalyzer FortiManager FortiWeb FortiADC FortiDB FortiMail FortiAuthenticator FortiToken FortiSandbox FortiAP FortiExtender FortiPresence FortiCloud FortiDDoS NGFW Log Analysis Centralized Management Web App Firewall App Delivery Controller Database security Email Security 2FA and SSO Token 2FA ATP Wifi AP 3G/LTE termination Presence Analytics Cloud Logging DDoS Prevention FortiGate FortiAP Centralized policy management and offers a single pane of glass for your security configuration, logging and reporting Prevents web application attacks against your critical web assets Databases FortiDB Provides secure, scalable wireless access to your users leveraging native firewalling on FortiOS Inspects and monitors database transactions and ensures your database, and its data, do not fall in the wrong hands Branch Office Enterprise 12 Fortinet Advantages - Segmentation Secure Network Segmentation for wired and wireless Secure Wireless Architecture Most comprehensive secure wireless portfolio 1 Infrastructure Security 2 Integrated 3 Cloud Security + Controller Controller Cloud On Premise Management Cloud Management On Premise Management AP AP AP + Security 14 Meru - Microcell t.o.v. Virtuele Cell 3e Generatie: Micro Cell •802.11b/g •1 •6 •11 •802.11a •802.11n •36 •40 •44 •48 •52 •56 •60 •64 4te Generatie: Virtuele Cell •802.11b/g •1 •1 •1 •802.11a •40 •40 •40 •40 •40 •40 •40 •40 •802.11n > Wisselend zendvermogen AP’s > Hoe meer AP’s in 1 netwerk des te meer cochannel interference aanpassingen nodig > Aanpassingen betekent opnieuw beginnen met netwerk design > Wi-Fi clients in controle (sticky clients, hoge latency) > Functioneert als een hub > AP’s op 100% of vast% geeft een rustig RF beeld > Netwerk in controle (Virtuele Cell) > Wi-Fi client ziet 1 virtuele AP waardoor probe requests worden getemperd > Wi-Fi netwerk bepaalt waar, welke Wi-Fi client wordt verbonden, middels soft hand-over > Automatische load balancing tussen AP’s > Seamless roaming (2.4ms / MOS score 4.38) > Functioneert als een switch 15 Simpel, snel, veilig en flexibel met Meru Multi-Channel * 3 kanalen nodig voor 1 volledig netwerk * Hoe meer AP’s, des te complexer * Netwerk aanpassing betekent: opnieuw beginnen met plannen/RF design etc. Single Channel & Virtual Cel Combinatie Single Channel + Virtual Cell * 1 kanaal nodig voor 1 volledig netwerk * Beperkte beschikbaarheid kanalen in 802.11ac geen probleem * Enige leverancier die 802.11ac met 80Mhz kan uitrollen (high performance) * Capaciteit eenvoudig toe te voegen * 100% fysieke verkeersscheiding mogelijk tussen studenten en leraren 36 36 36 48 36 36 36 36 36 44 44 36 36 36 40 36 36 48 36 36 36 36 44 44 36 44 44 36 36 36 40 36 44 36 36 40 42 40 40 42 40 40 44 44 40 42 40 40 40 40 16 Introducing FortiSwitch Integrated management via FortiGate controller & FortiLink Supports all security and authentication features via smart vlan redirects to FortiGate. 802.1x port access control, supports 2FA & single sign on POE support for wireless access points connectivity FSW-28C FSW-80-POE FSW-124B-POE FSW-224B-POE FSW-324-POE FSW-348B FSW-448B 17 Infrastructure Wireless Deployment Diagram Meru Connect Security Wireless Wireless LAN Controller FortiGate NGFW/UTM SC/MC ATC/ATF Access Points FortiSwitch POE(+) Wireless Plane Access Points Data Control Management 18
