Professional Documents
Culture Documents
1
Business Drivers
Market Trends
Trend: Device Growth Continues
More devices and newer device types are entering the network
3
Business Drivers for Better Visibility & Control
Lost Revenues
Brand/Reputation
Law Suits/Fines
Lost Customers
Lost Suppliers
Unproductive Workers
Impacts on Competitive Positioning
Impacts on Valuation
C-Level/Board Involvement
6
Selling Selling Situations
Compliance
Security Breach
Incident Management
Network Management
Bigger FortiAnalyzer
More…
7
FortiSIEM
Fortinet Security Fabric
The “NEW” SECURITY FABRIC
Protects the Entire Attack Surface
IoT FortiManager
Policy Management FortiAnalyser
Threat Analytics FortiCloud
SIEM Inetgration Applications
Orchestration
9
Fortinet Security Fabric – Protecting from IoT to Cloud
Global Intelligence
Awareness
IoT Cloud Security
Security
Actionable
Open
Fortinet
+ Operational Security Fabric
Local
Intelligence
FortiSIEM
10
FortiSIEM
Core Platform
FortiSIEM Overview
Extensible API’s
1212
FortiSIEM Customers & Partners
FortiSIEM
13
Current Market – IT Network Challenges
Physical
Infrastructure Cloud
Infrastructure
Thousands of Devices
Hundreds of Apps
Physical Physical
Switches Servers
Public Private
Cloud Cloud
Deployed
Virtual
Infrastructure
Generating Billions of Events Hybrid
Moblility/BYOD
Virtual Virtual
Networks Servers
14
Important Security Use cases
Access Control Violations Vulnerabilities
» Excessive logon failure » DNS traffic to malware domain
» Anomalous logon attempt » Outbound traffic to malware IP
» Malware hash match
» Brute force logon success
» Malware found but not cleaned
» Default password usage » Mail attachment/Spyware found not cleaned
» Password scanning » Backdoor/Rootkit/IOC found
» VPN logon from outside home » Scanner found exploitable vulnerability -> external
traffic
» Concurrent logon from multiple cities/countries
» Malware outbreak
15
SIEM vs. FortiSIEM
Single Pane of Glass
Threat Partner
Log Management Intelligence Integrations
Security Fabric
Real-Time Monitoring
Threat Intelligence
16
FortiSIEM Key Differentiators
Multi-Tenant Architecture
Segment network views into physical, logical dashboards
© 2016 AccelOps
1717
Compliance Reporting Built-in
18
Windows Agent
Key features
19
Rapid Flexible Integrations
Context from Hundreds of Sources
20
20
Rapid & Flexible Integrations – Cont’d
21
FortiSIEM
Sandbox
API FortiSIEM
Fortinet Devices
Cloud
22
Deployment Scenarios
Inputs to FortiSIEM
Syslog
SNMP
WMI for Windows
JDBC
HTTP/HTTPS
TCP/UDP
TLS
Windows Agents – Basic and Advance
Netflow/slfow
Active Directory/LDAP
Geolocation
© 2016 AccelOps
2424
FortiSIEM Architecture
(SMB DEPLOYMENT)
Remote/Segregated Networks FortiSIEM Cluster
Public / Private / Hybrid Public / Private Deployments
Firewalls, Routers,
Storage, Servers, Apps
Event
Storage
Local
Firewalls, Routers, Virtual Disk
Storage, Servers, Apps
Collector
TCP 443 (HTTPS)
Supervisor
Hypervisor
25
FORTI-SIEM Service Provider
Architecture Benefits
All customers into the same Rules and reports can be deployed
solution and deployment to one, multiple or all customers.
26
FortiSIEM Architecture
(ENTERPRISE/MSP)
Remote/Segregated Networks FortiSIEM Cluster
Public / Private / Hybrid Public / Private Deployments
Customer X
Firewalls, Routers,
Storage, Servers, Apps Collector
Customer Y
TCP 443 (HTTPS)
Firewalls, Routers,
Storage, Servers, Apps Supervisor Worker 1 Worker N
Collector
Hypervisor NFS
Big Data Event Storage
Customer Z
Firewalls, Routers,
Storage, Servers, Apps
Collector
27
Competitive Landscape
Competitive Analysis
Competitor Competitive Positioning Notable Customer Wins
12 Diverse Open Source Products; low control over product destiny
Lacks deep analytics capabilities that unite multiple sources of
intelligence
Database scalability limited due to Oracle database stack, plus the fact
that a separate log management appliance is required
Extremely expensive to buy and maintain
© 2016 AccelOps
3232
Sizing Guide
Device HW Rate
Super 24GB RAM, 8CPU, 200GB Disk >10K Events Per Second (EPS) – Flow or
Syslog
~100 Windows Devices agentless
~300 Device SNMP
Worker 16GB RAM, 8CPU, 200GB Disk >10K Events Per Second (EPS) – Flow or
Syslog
~100 Windows Devices agentless
~300 Device SNMP
Collector 8GB RAM, 4CPU, 40GB Disk >10K Events Per Second (EPS) – Flow or
Syslog
~100 Windows Devices agentless
~300 Device SNMP
Windows Agent Manager >= Windows 2008, SQL Express, .Net4.5, ~500 Agent per Manager Support
PowerShell 2.0, IIS ~5K EPS
Event Storage is not included in the above disk requirements. 750 EPS = 1.5 TB/year. 100 PAM = 100 GB/year
33
Making Visibility & Control Easy – Today & Into the Future
Secure Cloud
Secure LAN
Access
Email Web
Security Security
Security Fabric
34