APPLICATION CONTROL Traditional controls on the network had been based on IP, protocol and port numbers.

Before now, this has been enough as applications run on specific ports as defined by respective rfcs. This has changed over the years. Its no longer enough to stop email by just blocking access to tcp/25 port. In view of this, theres a growing need to have controls implemented beyond layer 3 of the OSI. Of specific importance is the layer 7, which is the application layer. This is even more through given the emergence of web 2.0 and an era where we see a daily growth in the shift from even software to apps on PCs and a large array of mobile devices. Application Control deals with mitigating threats and attacks at this layer 7 by having a deep packet visibility of traffic on the network. Instead of processing packets as separate individual event, there will be need to fully reconstruct flows and layer 7 state of each application. Benefits: Complex threats and malware introduce by web 2.0 applications such as facebook, twitter etc can be stopped. Malicious content from application running on non-standard ports can be blocked Effectively enforce QoS policies for applications on the network. Monitor application usage and anomalies

Bring Your Own Device BYOD Bring your own device refers to employees using their own personal mobile devices smartphones and tablets for business use in accessing company resources. Companies want to reduce complexity and cost of managing mobility while employees want to use the most popular devices that they us as consumers. This is becoming a big challenge for organizations today, having to manage a wide array of devices/platform and operating systems running on them. Policies stopping employees from bringing their devices is not going to stop this as revealed by a survey carried by Fortinet in 15 countries, examining more that 3,800 employees has revealed. Arguments have been made that BYOD will greatly improve employee productivity. While this is true, it has also result in an crease in the attack landscape of business. As the saying goes, a chain is only as strong as its weakest link. It therefore has become expedient for business to take over the management and security of these personal device. A few of the challenges posed are: As the number of devices increase, there will be need to increase network capacity to accommodate the growth in bandwidth. Web site filtering, spam filtering, data leak protection and application control technologies will become even more important as information is transferred to and from each users individual device. These devices will utilize Wi-Fi to access network resources, hence the need to tightly secure the Wi-Fi infrastructure. Good news is that Fortinet is at the forefront of ensuring that business takes advantage of the benefits of BYOD without compromising security. The approach taken by Fortinet is in 3 folds: 1. Control the Network. The network is the core component of an organization. Any disruption to the network is a disruption of services for

users and the business. provides the following: I. II. III. Firewall

Fortinet was built to effectively defend the

network from a wide variety of threats and every Fortinet appliance

Intrusion Prevention Antimalware and Antivirus

2. Control the Application. Next to the availability of services, the data is the next critical component for organizations. A loss of data can mean a violation of compliance mandates, the loss of critical intellectual property, and most importantly, the loss of customer trust. Fortinet provides granular protection of an organizations most sensitive data through a variety of controls including: I. II. Application Control Data Loss Prevention

3. Control the user Behavior. Finally, the mobile client itself is at risk from attack when off the home network. Fortinet secures mobile clients laptops, smartphones, and tablets protecting end users while they are travelling or simply working from outside the office with the following solutions: I. II. III. Web Content Filtering SSL and IPSec VPN Endpoint Protection