Transcript Corporate Presentation Template March 2006

Selling in the Telco sector
JOSE GRANDMOUGIN
EMEA SENIOR CONSULTANT
26. 11. 2009
Security Solutions for Service Providers
• Two discrete solutions for Service Providers
1
2
Protecting the customer
(Managed Security Service Provider)
Protecting the Service Provider’s
Infrastructure
RADIUS SERVER
SGSN
GGSN
Subscriber
Network
Subscriber
Network
Subscriber
Network
MOBILE
NETWORK
Managed Security Services
Traditional CPE / Client Based MSS
Internet
NOC/SOC
4
Virtualized Services
• Per Customer Virtual Domain
• Application Control
• Web Filtering
• AntiVirus / AntiSpyware
• Data Leak Prevention
• AntiSpam
• Intrusion Protection
• VPN (IPSec / SSL)
• Firewall
• Dynamic Routing
5
Security Processing Modules
ADM-XE2 and ASM-CE4
• Intrusion Prevention Offloading
• Inspects traffic traversing network interfaces
for network-based attacks
• Provides protocol anomaly and signaturebased inspection
• Multi-Gigabit performance
ASM-CE4
• Firewall Offloading
• Inspects traffic traversing network interfaces
and blocks/allows according to firewall policy
• Line-Rate performance
• IP Multicast Offloading
• Accelerates and routes IP Multicast traffic
• Contributes to improved performance of video,
voice, and other IP Multicast applications
ADM-XE2
NP4 Based Dual Wide AMC Module
• Compatible with 5001A/3810A
• Firewall and IPSec offload
• 4 x 10G SFP+ Interfaces
• Includes 2xSR SFP+ transceivers
• 20G Firewall Processing
• 8G IPSec VPN Processing
ADM-XD4
7
Value Added Internet Access Services
Customer 1
Customer 2
Internet
Customer 3
COMPETITION
WINNING FACTORS
• Juniper
• CrossBeam
• Cisco
• Protection Profiles and Virtualization
• Routing flexibility
• Hardware scalability
8
Value Added RAS
Client
Internet
Internet
CPE
COMPETITION
WINNING FACTORS
• Cisco
• Features Integration, IPSec, SSL VPN
• Juniper
Antivirus, Web Filtering
• Self Service Management Portal
9
3G High-Performance VAS
3G Network
Internet
COMPETITION
WINNING FACTORS
• Cisco
• Juniper
• Features Integration, Fast Antivirus services
10
• Self Service Management Portal
• 10Gb real throughput
Management Interfaces in the Cloud
Provisioning
Billing
XML API / GUI
Device Group
CUSTOMERS
MGMT
JSON API
Self Service
Portal
Network
XML API
LOG / ARCHIVE
QUARANTINE
Device Group
GUI
CLI / SNMP / GUI
Troubleshooting
NOC / SOC
11
Monitoring
FortiManager Portal User
• Portal Customization
• Development Toolkit
• Provides a full set of customization options
• Function, content, and branding
• Secondary database interfaces
• Consumer Portal
• Simplified option set
• Uses Development Toolkit
• Targets consumer opportunities
• Linked with Dynamic Profile Feature
on FortiOS Carrier
Virtualized Management
Multiple Administrative Domains
• Administrative Domain (ADOM)
• Per Customer / Device Group Policy Management
• Per Customer / Device Report Generation
• Supports VDOM groups and physical device groups
in any combination
Admin 1
Device Group 1
Admin 2
Customer 1
Customer 2
Device Group 2
Dynamic Security Profiles
Dynamic Security Profiles
RADIUS
SERVER
Radius Accounting Message
PORTAL
SERVER
Portal Provisioning
Dynamic Policy Created
Applies to two key target service provider markets
• Managed Security and Mobile
Allows user “Self-Service” automation
• RADIUS Accounting Record attributes used to create a context for a source IP address
• Context can associate IP address with any other RADIUS attribute
• Username, MSISDN, Service Name
• Protection Profile also extracted from the RADIUS record
• Assumes an authentication event has occurred within the Carriers network
• Typical in both fixed (DSL) and mobile environments
DYNAMIC
SECURITY PROFILES
Dynamic Security Profiles
In Home Parental Control*
 Provides an authenticated bypass of the Service Restrictions
 Within a domestic environment
 Both end-points (users) are behind the same NAT boundary
 Clientless solution to differentiate access – no software to ‘hack’
 Parental control is maintained
DSL
Home user 2
(Child)
DSL
Home user 1
(Adult)
*FortiOS Carrier 4.1
NAT
www.badsite.com
DYNAMIC
SECURITY PROFILES
Dynamic Security Profiles
End-Point customisation
• Per end-point Black / White List
• End points (users, MSISDN) can have their own black white list
• No requirement for end user to access FortiGate infrastructure
• Can be populated on Self Service Portal
• Dynamically configured on FortiGate as end points attach
• RADIUS VSA Extension, no fixed limit for URLs
Self Service
Portal
DSL+3G
DYNAMIC
SECURITY PROFILES
www.badsite.com
*FortiOS Carrier 4.2
Infrastructure protection
FortiOS Carrier 4.0 Highlights
Dynamic Profiles
Per user services via a RADIUS API
Protection Profile derived from RADIUS record
Session Initiation Protocol (SIP) Security
Stateful SIP tracking, Malicious SIP message protection , SIP Rate
Limitation
SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing
Geographical Redundancy, SIP Stateful High-Availability
Multimedia Message Service (MMS) Security
Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering)
Sender and Admin notification
GPRS Tunneling Protocol (GTP) Firewall
3GPP 29.060 version 6.9.0, including Overbilling Protection
Protocol Anomaly Checks, IMSI/APN/IE filtering
FortiCarrier SIP Security
VOICE SECURITY
NGN Network Topology
- Call Control
- Routing
- Features
- Billing
- Hosted NAT Traversal
- Call Admission
- Interoperability
- Interworking (IWF)
- Media Pinholing and Policing
- SIP aware Firewall
- Denial of Service prevention
- Message Filtering
- Message rate limiting
- IPS detection and prevention
SIP
Softswitch
Application
Server (AS)
Session Border controller
Signalling
Control
(SIP)
Media
Control
(RTP)
SIP Firewall
SIP
Optional
RTP bypass
RTP
All Traffic – Access and Peering
20
SIP
RTP
Mobile Security
• FortiCarrier also provides:
• MMS Antivirus
• MM1/3/4/7
CONTENT
PROVIDER
MM3
MM7
• Monitor mode
MMSC
• Intercept, Archive, Quarantine, Block Actions
• Sender Notification and alerting
• MMS Antispam
• MM1/4
INTERNET
MM1
MM4
OTHER
OPERATOR
• Duplicate Message, Sender Flooding
• Admin Notification
MOBILE SECURITY
Cloud / Endpoint Managed Services
Global Service Offerings
• FortiGuard™ Global
Research Team provides
original security intelligence
via FortiGuard subscriptions
• Antivirus
• Intrusion Prevention
• Web Filtering
• Antispam
• FortiCare™ Support services
provides technical assistance
anywhere, anytime
• Multiple service levels to meet
customer requirements
FortiMail – Email Security
• Role Based Administrative Domain Management
• Thousands of domains
• LDAP Profiling
• Outsourced policy management / service enablement
• Inbound and Outbound Antivirus and Antispam
• Centralised Quarantine
• Multiple Operating Modes
• Server, Gateway/Relay and Transparent
• Unlimited License Model
• Not per mail box or domain
• Integrated with FortiManager and FortiAnalyzer
• Chassis Blade and Appliance Form Factor
24
FortiClient
Desktop Access to FortiGuard Services
• Antivirus & Antispyware
Protection
• Personal Firewall
• Content Filtering
• Windows Registry Monitor
• IPSec VPN Client
• Private Label Branding
• Microsoft MSI installer for rapid
deployment to many clients
• Client lockout to prevent
unauthorized configuration
• License Control
FortiMobile Security Client Software
•
Symbian Series 60
•
•
•
Windows Mobile
•
•
•
•
2nd Edition: v7.0s, V8.0a, v8.1a
3rd Edition: v9.1, v9.2, v9.3
2003 SE: Pocket PC, PPC Phone
5.x: Pocket PC, PPC Phone, Smartphone*
6.x: Professional, Standard, Classic
Capabilities include
•
•
•
•
•
•
Personal Firewall
VPN (IPSec, SSL)
Incoming Call Filter
SMS Antispam
Antivirus
Phone Security
•
•
(Contact / SMS / Call Log / Data Encryption)
Multi-Language Support
Smartphone support to be added in 4.3
Questions?