Fortinet Enterprise Partner Sales Guide
Comments
Description
ENTERPRISEPARTNER SALES GUIDE ENTERPRISE PARTNER SALES GUIDE FOR INTERNAL USE ONLY TODAY’S ADVANCED THREATS are evolving—their tactics grow more sophisticated with every passing minute. According to a recent Forrester report, 53% of enterprise security leaders say that the rapid advancement of cyber threats presents the greatest challenge to their organizations.1 To keep pace, your customers need comprehensive protection that scales over their entire infrastructure and anticipates risk across the attack surface. Only Fortinet offers a complete, end-to- end architecture for intelligent, automated security from IoT to the cloud—across all applications, users, and data. In this sales guide, we’ll introduce the Fortinet Security Fabric for enterprise customers and briefly review each of the main collaborating solutions. Each section will cover a solution’s key drivers, review product highlights, and provide the relevant positioning and “how-to-sell” suggestions. This guide is for Internal use only by Fortinet and its channel partner sales teams. 1. Forrester report - “Center Security On Advanced Technology,” July 2017 2 CONTENTS INTRODUCTION 4 OUR SOLUTIONS 5 ENTERPRISE FIREWALL 6 ENTERPRISE BRANCH – SECURE SD-WAN 14 ADVANCED THREAT PROTECTION 22 SECURITY OPERATIONS 30 CLOUD SECURITY 37 APPLICATION SECURITY 45 SECURE ACCESS 53 SERVICES 61 SALES TOOLS 62 3 INTRODUCTION On top of a perpetually shapeshifting threat landscape, your A unified, end-to-end security strategy (which can adapt to enterprise customers are also dealing with rapid changes evolving network demands) allows organizations to address the within their own infrastructures. To successfully compete full spectrum of challenges they currently face. The Fortinet today, organizations must become more agile and embrace Security Fabric provides an intelligent architectural approach greater mobility and connectivity. Networks have rapidly that enables enterprises to weave all of their discrete security evolved so that applications, data, and services can flow solutions into an integrated whole. Our Security Fabric is built faster across an increasingly diverse landscape of users, around three key attributes: domains, and devices. §§Broad: It covers the entire attack surface. Security can be As a natural extension of these functional advances, applied to the network, endpoints, access, applications, and networks that previously had well-defined borders have cloud. become increasingly borderless. While IoT devices and §§Powerful: It uses optimized software, often accelerated cloud-based applications offer operational advantages, they further by purpose-built processors, to reduce the burden also greatly expand a company’s attack surface—beyond on infrastructure, delivering comprehensive security without the reach and efficacy of the previous generation’s siloed affecting performance. security products. This may account for the fact that 42% of security leaders have reported that their organizations §§Automated: It enables a fast and coordinated response to experienced a security breach within the last two years.1 threats. All elements can rapidly exchange threat intelligence and coordinate actions. By contrast, siloed security solutions—with separate management interfaces and no meaningful way to gather or share threat information with other devices on the network—are only marginally useful in protecting today’s borderless enterprises across all attack vectors. They cannot offer the broad reach, high performance, or synchronized responses that a security fabric inherently provides. 4 OUR SOLUTIONS The Fortinet Security Fabric presents a compelling approach that connects multiple solutions to form a unified security framework. Wherever security solutions are Advanced Threat deployed across the enterprise infrastructure, they must NOC/SOC Intelligence operate at the speed of business so that protection doesn’t limit productivity. Many Fortinet solutions are based on the fastest, purpose- built security processors (SPUs) in the industry to Client Cloud reduce the burden on infrastructure, allowing organizations to establish comprehensive security without affecting performance. They also include software optimization and cloud platform integration as we did with the SPUs Network for superior performance —up to 10 times faster than equivalent solutions from other vendors— in Infrastructure- Access Application as-a-Service (IaaS) and Platform-as-a-Service (PaaS) environments. We are also firmly committed to independent, third- party testing to demonstrate what organizations should expect when selecting Fortinet security products. This includes participation in a broad set of real-world security Partner API effectiveness tests at places like NSS Labs, Virus Bulletin, ICSA Labs, and AV-Comparatives. 5 ENTERPRISE FIREWALL Cyber criminals continue to launch automated and sophisticated attacks against organizations, threatening the foundation of digital transformation and efficient business operations. The risk of data MARKET DYNAMICS AND DRIVERS breaches is driving enterprises to add more security Rapidly Increasing Adoption of NGFW and visibility at the network perimeter to improve their Gartner reported that less than 50% of enterprise Internet overall security posture. However, many enterprises connections today are secured using NGFWs.2 But with the currently use point security products, which do not increasing need for better security and visibility, this adoption will communicate with each other, lack consistent threat rise to at least 90% of the installed base by year-end 2019. intelligence, and are complex to manage. Both Prevention and Detection of Threats Are Critical The Fortinet Enterprise Firewall solution is powered Most enterprises are looking for prevention against known ex- ploits, malware, and malicious websites as well as to eliminate by FortiGate Next Generation Firewalls (NGFWs) to point products. At the same time, detecting unknown threats provide high performance, consolidated security, using sandbox technology is also becoming an increasingly im- and granular visibility to protect against known and portant part of NGFW offerings. Gartner considers sandboxing unknown advanced cyber attacks. FortiGate firewalls as one of the core features of NGFW products.3 are purpose-built on security processers and deliver the industry’s best performance for advanced Need for Encrypted Traffic Inspection Is Increasing security services and ultralow latency. Encrypted traffic is projected to account for ~50% of total en- terprise traffic.4 Most enterprises don’t decrypt encrypted traffic Based on these capabilities, Fortinet Enterprise due to performance and operational challenges. But with the rise of malware hidden in encrypted traffic, it will be very import- Firewalls enable efficient operations with the best ant for NGFWs to do SSL inspection without causing any per- possible security posture, without compromising formance challenges. In 2017, Gartner Enterprise Firewall Magic on performance. Comprehensive and continuously Quadrant predicted that ~50% of deployments will enable SSL updated threat intelligence reduces the need for point inspection by 2020. products and provides better visibility and control. 2. Gartner Enterprise Firewall MQ 2016 3. Gartner Enterprise Firewall MQ 2017 6 4. Fortinet Threat Landscape Report Q1 2017 RELEVANT DEPLOYMENTS FortiGate Enterprise Firewalls offer the flexibility to be §§High-speed interfaces support future-proof connectivity with deployed in the data center, at the network edge, or in the core. a compact size that enables greener data-center designs Relevant use cases include: §§Highly effective IPS engine targets evasion techniques, Next Generation Firewall (NGFW) reputation awareness, extensive application control §§Security gateway to the Internet for enterprises capabilities, and user/device identification §§Enforces security policies with granular control and visibility Internal Segmentation Firewall of users and devices for thousands of discrete applications §§Segmentation solution for end-to-end protection against threats while meeting compliance requirements §§Identifies and stops threats with powerful intrusion prevention beyond port and protocol by examining the actual content of §§High port density and accelerated traffic processing network traffic capacity protects multiple segments without compromising performance Data Center Firewall and IPS §§Deploys transparently and rapidly into existing environments §§High availability, high throughput, and low latency for data- center edge and core with minimal disruption §§Virtual domains (VDOMs) enable unique security policies per §§High session scale accommodates large network and user traffic for Internet- and cloud-facing data centers segment Next Generation Firewall Data Center Firewall Internal Segmentation (NGFW) and IPS Firewall 7 ENTERPRISE FIREWALL ENTERPRISE FIREWALL PRODUCTS FortiGate FortiGuard FortiOS NEXT GENERATION SECURITY SUBSCRIPTION NETWORK OPERATING FIREWALLS SERVICES SYSTEM FOR FORTIGATE (OS) FortiGate NGFWs are purpose- The FortiGuard team develops FortiOS controls all the security built on security processors effective countermeasures to and networking capabilities to deliver the industry’s best protect more than 310,000 through a single, intuitive threat protection performance Fortinet customers around the operating system. It improves and to defend against the most world. It provides up-to-the- protection and visibility while advanced known and unknown minute threat intelligence updates reducing operating expenses cyber attacks. FortiGate for services such as IPS, AV, Web and saving time by consolidating consistently holds the No. 1 Filtering, Botnet, Sandboxing, hundreds of features. FortiOS market share in unit shipments and many more. Customers enables the Fortinet Security worldwide, as per IDC’s quarterly can purchase individual service Fabric vision for enhanced security appliance tracker. subscriptions or bundles such protection from IoT to cloud. as Enterprise, UTM, and Threat Protection. 8 OTHER PRODUCTS FortiManager Centralized Management and Unified Policy FortiAnalyzer Single Pane of Glass with Centralized Logging and Reporting 9 ENTERPRISE FIREWALL HOW FORTINET’S ENTERPRISE FIREWALL SOLUTIONS ARE UNIQUE Industry’s Best Security Effectiveness Simple and Intuitive Management FortiGuard Labs security services help Fortinet Enterprise FortiGate offers the industry’s best user interface, providing Firewalls protect against known exploits, malware, applications, 360-degree visibility into applications, users, threats, and entire and malicious websites using continuous threat intelligence. topologies to identify issues quickly and intuitively. It also has a They also help detect unknown attacks using dynamic analysis pre-defined compliance checklist that analyzes the deployment and provide automated mitigation to stop targeted attacks. and highlights best practices to improve overall security posture. Furthermore, Fortinet consistently participates in third-party certifications such as NSS Labs, ICSA, and Virus Bulletin and validates for top-level effectiveness. Security Processor-Powered Performance FortiGate NGFWs deliver the industry’s best threat protection performance and ultralow latency using purpose-built security processor (SPU) technology. They also provide industry- leading performance and protection for SSL-encrypted traffic. FortiGates consistently receive the best price/performance ratings in real-world group tests. 10 COMPETITIVE COMPARISON CAPABILITY Fortinet Palo Alto Networks Check Point Cisco Scale from edge to core to internal segments with same product family and OS a Partial Visibility and automatic discovery of users, endpoints, IoT, and network devices a Partial Partial Partial Industry’s best security effectiveness validated by independent third parties (NSS a Partial a Partial Labs, ICSA, VB) Security processor-powered for industry’s best price/ performance a Single pane of glass and centralized management a a Partial a= Provides = Not available This sales guide is for Internal Use Only. 11 ENTERPRISE FIREWALL THIRD-PARTY VALIDATION Fortinet Named a Leader in the 2017 Gartner Magic FortiGate Receives “Recommended” Rating from NSS Quadrant for Enterprise Firewalls Labs for NGFW In the 2017 Gartner Magic Quadrant for Enterprise Firewalls, FortiGate received a fourth-consecutive “Recommended” rating Fortinet made a significant move into the Leaders category, from NSS Labs in their 2017 NGFW Comparative Report and up from the Challenger quadrant in 2016. Fortinet’s FortiGate Security Value Map. Fortinet put its FortiGate 3200D and 600D firewalls are central to the Fortinet Security Fabric—engineered enterprise firewalls to the test against competing solutions, with both to unify and automate multilayered responses to threats in appliances receiving outstanding security effectiveness scores— addition to delivering superior NGFW capabilities. blocking 99.71% of exploits in continuous live testing and stopping 99.47% of all attacks in the NSS exploit library. The FortiGate 3200D also leads in real-world traffic performance testing, while the FortiGate 600D delivered the greatest value per protected Mbps of traffic among all vendors in the Security Value Map. SECURITY VALUE MAP™ NEXT GENERATION FIREWALL (NGFW) 100% Forcepoint Cisco Sophos 90% WatchGuard Check Point 80% Fortinet 3200D Averag Fortinet 600D e 70% 60% Security Effectiveness 50% Average 40% Palo Alto Networks Juniper Networks 30% SonicWall Barracuda Networks NOTE Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017 At the completion of testing, NSS notified the vendors whose 20% products failed to properly handle evasions. The following vendors developed fixes, which NSS has subsequently verified address the identified issues: • Barracuda Networks This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire • Check Point Software Technologies • Palo Alto Networks 10% document. The Gartner document is available upon request from Fortinet • SonicWall For more information please see the individual product Test Reports, or contact NSS Labs. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s $120 $100 $80 $60 $40 $20 $0 research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with TCO per Protected Mbps respect to this research, including any warranties of merchantability or fitness for a particular purpose. 12 QUALIFYING QUESTIONS c Are you looking at replacing legacy firewalls for better threat protection? c Have you had any problems with breaches or cyber security incidents? c Are you concerned about the security of your data-center assets? c Is your NGFW protecting your internal networks from malware and botnets that may be inside your network? c Are your current solutions having issues with performance, especially when you turn on content-processing features? c Do you have too many point products and are looking to reduce complexity? c Are you looking to do SSL inspection with increasing encrypted traffic? NSE TRAINING MODULES §§NSE 2: Enterprise Firewall Solution §§NSE 3: FortiGate Mid-Range §§NSE 3: FortiGate High-End 13 ENTERPRISE BRANCH— SECURE SD-WAN Fortinet’s Secure SD-WAN solution provides next-generation Distributed enterprise branches transitioning to security and networking capabilities to improve WAN efficiency, a digital business model are having a significant without compromising on security. Unlike traditional WAN impact on network topologies. The adoption of architectures, new software-defined WANs are able to cloud services and an increasingly mobile work- dynamically distribute traffic across multiple locations while force accessing applications in the cloud are automatically responding to changing application policies. They accelerating advancements in wide area network allow customers to enable direct Internet access for Software- (WAN) technologies. Traditional WANs have been as-a-Service (SaaS) applications to improve productivity and replace expensive MPLS with cost-effective solutions. considered expensive, complex, and limited in ca- pabilities. With many organizations now evaluating more efficient WAN options, it is becoming critical Our Secure SD-WAN solution is powered by FortiGate to deploy new security strategies designed for the Enterprise Firewalls to provide high performance and top-rated distributed enterprise. security against rising cyber attacks due to direct Internet access. 14 MARKET DYNAMICS AND DRIVERS Increasing Adoption of Cloud Applications the median number of cloud As per Fortinet’s Q1 2017 Threat Landscape Report, the median number of cloud applications 62 applications used per organization was 62—roughly one-third of all applications detected. Many of these organizations are struggling with latency issues and significant used per drops in data visibility. Distributed enterprises want to avoid back-hauling traffic from organization was (Fortinet Threat data centers and start using direct Internet access for cloud applications. Landscape Report 2017) Reducing Complexity and WAN Costs Distributed enterprise branches have many point products for routing and security capabilities. These products have separate management consoles, making it difficult to manage and providing incomplete visibility of the network. As per Gartner, 90% 90% of enterprise of enterprises are looking to consolidate these capabilities to reduce complexity and are looking to improve their security and visibility posture.5 In addition, enterprises are looking to reduce complexity replace expensive MPLS with connections such as Internet and LTE in order to reduce and WAN costs WAN costs and increase availability. (Gartner 2016) Increasing Need of Effective Threat Protection and SSL Inspection Cyber criminals are increasingly targeting new distributed networking paradigms. For example, direct Internet access to SaaS applications, especially when devices are off-network, has made deploying new security strategies designed for the distributed enterprise very critical. Therefore, top-rated threat protection capabilities are needed to prevent known and unknown threats. At the same time, encrypted traffic across the ~55% of total traffic is encrypted distributed network (~55% of total traffic is encrypted), along with malware targeted at across the distributed network SSL traffic, is rising.6 This means that real-time SSL inspection that doesn’t slow down (Fortinet Threat Landscape Report 2017) business-critical traffic will be in high demand. 5. Gartner Market Guide SD-WAN 2016 6. Fortinet Threat Landscape Report Q1 2017 15 ENTERPRISE BRANCH—SECURE SD-WAN ENTERPRISE BRANCH—SECURE SD-WAN PRODUCTS FortiGate FortiOS FortiGuard 30 TO 200 SERIES NEXT NETWORK OPERATING SECURITY SUBSCRIPTION GENERATION FIREWALLS SYSTEM FOR FORTIGATE SERVICES FortiGate Firewalls leverage FortiOS controls all security The FortiGuard team develops purpose-built security processors and networking capabilities effective countermeasures to to deliver the industry’s best with one intuitive operating protect more than 310,000 threat protection performance and system. It improves protection Fortinet customers around defend against most known and and visibility while reducing the world. It provides up-to- unknown advanced cyber attacks. operating expenses and saving the-minute threat intelligence These are available in desktop form time by consolidating hundreds updates for services such as factors and have several variations of functions. Features such IPS, AV, Web Filtering, Botnet, with integrated PoE, 3G/4G, DSL, as IPsec VPN, WAN Path SD- Sandboxing, and many more. and wireless capabilities. WAN controller, SaaS dynamic Customers can purchase database, and SSL inspection individual service subscriptions enable a great fit for secure SD- or bundles such as Enterprise, WAN deployment. UTM, and Threat Protection. 16 OTHER PRODUCTS FortiHypervisor Hybrid virtual appliance to run Fortinet and partner virtual network functions FortiManager Centralized management and unified policy FortiDeploy Zero-touch deployment for FortiGate 17 ENTERPRISE BRANCH—SECURE SD-WAN HOW FORTINET’S ENTERPRISE BRANCH— SECURE SD-WAN SOLUTIONS ARE UNIQUE Industry-Best Security Effectiveness Dynamic Cloud (SaaS) Application Database and WAN Protect against known exploits, malware, applications, and Path SD-WAN Controller malicious websites using continuous threat intelligence FOS 5.6 introduced a new cloud application database that provided by FortiGuard Labs security services. This is critical for supports hundreds of applications and dynamically updates distributed enterprise branches that allow direct Internet access IP addresses and ports for the most efficient routing. This, for SaaS applications. combined with a WAN path SD-WAN controller, enables the best SLA for business-critical applications. High-Performance IPsec VPN and SSL Inspection Performance FortiGate delivers the industry’s highest throughput (~10x higher than other vendors) based on purpose-built security processors. It also provides industry-leading performance and visibility for encrypted traffic. Fortinet is one of the only vendors that publishes both IPsec VPN and SSL inspection performance for every FortiGate Enterprise Firewall. 18 COMPETITIVE COMPARISON Cisco CAPABILITY Fortinet Check Point Palo Alto Networks Meraki / ISR Industry’s best security effectiveness validated by independent third parties (NSS a a Labs, ICSA, VB) Integrated WAN Path SD-WAN Controller a a High-Performance IPsec VPN and SSL Inspection a Integrated 3G/4G, PoE, DSL and Wi-Fi a Centralized Management (10,000+ Offices) and Zero- Touch Deployment a Partial a= Provides = Not available This sales guide is for Internal Use Only. 19 ENTERPRISE BRANCH—SECURE SD-WAN THIRD-PARTY VALIDATION Fortinet Named a Leader in the 2017 Gartner Magic Leading Market Share in Distributed Enterprise Quadrant for Enterprise Firewalls As per IDC’s security tracker, FortiGate Enterprise Firewalls (30 to 200 series) have the No. 1 unit and revenue market In the 2017 Gartner Magic Quadrant for Enterprise Firewalls, share worldwide. Fortinet made a significant move into the Leaders category, up from the Challenger quadrant in 2016. One of the core requirements they call out is the scale of the product to support extended environments such as branch, campus, data center, and cloud. Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 20 QUALIFYING QUESTIONS c Are you rapidly adopting cloud applications but suffering from latency issues? c Are you struggling with a growing WAN budget and complexity? c Do you have too many point products and are looking to reduce complexity? c Have you had any problems with breaches or cyber security incidents? c Are you having performance issues with the current solutions you have in place, especially when turning on content-processing features? c Are you looking to do SSL inspection with increasing encrypted traffic? NSE TRAINING MODULES §§NSE 2: Enterprise Firewall Solution §§NSE 3: FortiGate Entry Level 21 ADVANCED THREAT PROTECTION While ransomware grew exponentially in 2016 and on into 2017 with high-profile exploits like With this in mind, it’s not surprising that a recent survey of WannaCry, we continue to see these attacks chief information security officers (CISOs) found that the evolve. Petya (or NotPetya depending on rapidly evolving nature of cyber threats represented the most your perspective) combines ransomware-like challenging factor in securing their organizations. This was closely followed by the challenge of securing cloud workloads, system disruption with blastware destruction. IoT devices, and a complex IT environment in general. The At the same time, a steady stream of new combination of defending a dynamic and dispersed attack spearphishing and other more traditional attacks surface and increasingly sophisticated cyber criminals means continue to emerge. that business leaders must constantly look for new and better approaches for protecting their networks, data, and people. Fortinet Advanced Threat Protection (ATP) covers network, application, and endpoint layers with top-rated global and local threat intelligence—automatically exchanged between both Fortinet and non-Fortinet components—for a seamless defense against traditional and advanced threats. 22 MARKET DYNAMICS AND DRIVERS The Average Organization Is Already Compromised Email Delivered 66% of Installed Malware Last year, Fortinet conducted nearly 3,000 cyber threat According to the 2017 Verizon Data Breach Investigations Report, assessments in which we closely monitored each organization’s two-thirds of all malware that was successfully installed on traffic with our latest threat intelligence for a period of two systems was initially delivered via email. Furthermore, email and weeks. In doing so, we found that the average organization was the web together deliver 99% of the malware seeking entry to compromised by more than four active pieces of malware or bots. organizations. More Than 1 in 3 Active Bots Were Part of a Malware Leading to Breaches Is Seen for Less Than 60 Ransomware Campaign Seconds Much of the compromised activity was related to ransomware. The 2016 Verizon Data Beach Investigations Report indicated Not only did ransomware routinely fill the top-five malware list that the malware that actually leads to breaches is seen for 58 each quarter in 2016, in Q4 it was associated with 36% of all seconds or less. active botnets detected. Ransomware is Estimated to Have Cost Organizations $1 Billion Malware According to industry sources, the amount of ransoms paid to cyber criminals in 2016 is estimated at $1 billion. This does that actually leads to not reflect additional financial costs from downtime prior to breaches is seen for ransoms paid and system restoration, nor more severe collateral impacts that can occur in industries like healthcare or critical infrastructure. 58 seconds or less (Verizon Data Beach 2016) 23 ADVANCED THREAT PROTECTION ATP PRODUCTS FortiSandbox FortiGate FortiMail FortiWeb ADVANCED THREAT ENTERPRISE SECURE EMAIL WEB APPLICATION DETECTION FIREWALL GATEWAY (SEG) FIREWALL (WAF) FortiSandbox analyzes FortiGate firewalls utilize FortiMail deploys as a FortiWeb protects new files and URLs purpose-built security primary or secondary hosted web applications encountered by processors to deploy solution to inspect from attacks that an organization, from the smallest office email with the top- target known and automatically assigns up to the largest private rated intelligence of unknown exploits. a threat rating, and or public cloud. They FortiGuard Labs and Using multilayered and dynamically generates segment the network FortiSandbox, as well correlated detection local threat intelligence and inspect traffic for as integrated data loss methods, FortiWeb specific for that individual threats based on the prevention technologies defends applications organization to speed global threat intelligence to help stop threats and from both known response and mitigation of FortiGuard Labs, breaches. vulnerabilities and zero- of previously unknown as well as the local day threats. attacks. threat intelligence of FortiSandbox. 24 OTHER PRODUCTS FortiSIEM Security Information and Event Management Fabric-Ready Partners FortiClient Integrated via API with ENDPOINT FortiSandbox PROTECTION PLATFORM (EPP) FortiClient leverages the independently top-rated global intelligence of FortiGuard Labs and local intelligence of FortiSandbox to protect organizations from known and previously unknown threats while on or off the corporate network. 25 ADVANCED THREAT PROTECTION HOW FORTINET’S ATP SOLUTIONS ARE UNIQUE The Only Solution to Fully Cover Network, Application, Available in All Form Factors and Endpoint Attack Vectors While some vendors offer components as only physical Only Fortinet provides components to fully cover the primary appliances and others offer components as only a cloud attack vectors of network, applications (email and web), and service, Fortinet offers every advanced threat protection endpoint. We do so by automatically sharing both global and component in both form factors for the most flexible local intelligence among components that are powerful enough solution in the market. Of note, both the Fortinet FortiGate to deploy anywhere throughout the organization. Fortinet is the with FortiSandbox Cloud and FortiSandbox Appliance with only vendor that offers NSS Labs Recommended components FortiClient are NSS Recommended for Breach Detection. for next-generation and data-center firewall, web application firewall, advanced endpoint protection, and breach detection/ sandboxing. Open Architecture to Include Non-Fortinet Components We are firmly committed to enabling organizations to deploy the Fortinet Security Fabric and Advanced Threat Protection inclusive of both Fortinet and non-Fortinet components. Defined APIs enable organizations to integrate existing network and endpoint components with FortiSandbox to send objects for analysis, receive ratings, and consume dynamic threat intelligence. Our formal Fabric-Ready program can certify an organization’s specific interactions that use these APIs. 26 ATP COMPETITIVE COMPARISON Palo Alto Fortinet FireEye Cisco Check Point Trend Micro Networks Independently Top-rated Sandbox a a a a Integrated Solution Ent FW a a a a a SEG a a a a WAF a EPP a a a a Form Factors Physical a a a a a a Virtual a a SaaS a a a a a Open APIs a a= Provides = Not available This sales guide is for Internal Use Only. 27 ADVANCED THREAT PROTECTION THIRD-PARTY VALIDATION NSS Labs 2016 BDS Recommendation ICSA Advanced Threat Defense Certification—2016/2017 Both the FortiSandbox Appliance (with FortiClient) and Throughout 2016 and into 2017, Fortinet Advanced Threat FortiSandbox Cloud with FortiGate demonstrated 99% Protection (including FortiGate, FortiMail, FortiClient, and effectiveness. Of note, the cloud offering demonstrated the FortiSandbox) continuously earned ICSA Advanced Threat fastest time to detect at less than five minutes and the appliance Defense Standard (Network) and Email certification. showed the highest throughput, supporting 10 Gbps of traffic. 28 QUALIFYING QUESTIONS c How many potential security incidents are you investigating each quarter? c How many of these incidents started with an email? How many were downloaded from the web? How many were downloaded while an employee was on the corporate network vs. off it? c Have you had (or heard of peers experiencing) any incidents of ransomware? If so, what measures do you have in place to reduce your organization's risk? c Have you experienced (or heard of peers who have experienced) a compromised website or web application? c What data, intellectual property, or communications are subject to privacy, security, or other regulatory frameworks? What information is most critical to the success of your business (and closely held)? NSE TRAINING MODULES §§NSE 2: Advanced Threat Protection Solution §§NSE 3: FortiMail §§NSE 3: FortiWeb Web Application Firewall §§NSE 3: FortiClient §§NSE 3: FortiSandbox 29 SECURITY OPERATIONS Organizations typically have both a network operations center (NOC) and a security operations Fortinet’s Security Operations solution covers both IT and center (SOC), but they are typically not correlated security risk management across the entire enterprise, including or integrated. This leaves early indicators of preexisting and future infrastructure. While Fortinet security threats unseen. products are already unified into our Security Fabric with a single OS and shared intelligence, our Security Operations solution includes information from network elements beyond the Fortinet family and breaks down the barrier between NOC and SOC to provide a comprehensive and adaptive view of the entire network for quickly identifying and responding to threats. It also helps manage compliance, application availability, and reducing the complexity of security operations. 30 MARKET DYNAMICS AND DRIVERS Isolated Point Solutions Can Leave Breaches Shortage of Skilled Cyber Security Staff Undetected Additionally, organizations face a growing need for experienced Industry-leading organizations worldwide and from all business cyber security personnel but with a dwindling global supply of verticals suffered network breaches in 2016, with a 40% those resources. Recent reports count over one million unfilled increase year over year. This is due in part to the wide array openings worldwide. Many organizations are either looking to of point solutions deployed (averaging ~30 different vendor outsource NOC and SOC needs or looking for better solutions solutions) in NOCs and SOCs that essentially generate an that can keep pace with an ever-evolving threat landscape. overload of uncorrelated and unprioritized information, leaving many indicators of threats unseen until it is too late. Detection of breaches is still taking hundreds of days, with additional days spent isolating and remediating their causes. 40% of Breaches increase year Over one million over year unfilled Cyber Security (Identity Theft Resource Center 2016) openings worldwide (ISACA 2016) 31 SECURITY OPERATIONS SECURITY OPERATIONS PRODUCTS FortiSIEM FortiAnalyzer FortiManager FortiSIEM provides patented, FortiAnalyzer collects, analyzes, FortiManager provides single- actionable analytics, cross- and correlates log data from pane-of-glass management correlating both NOC and Fortinet firewalls for increased across the extended enterprise SOC data to tightly manage visibility and robust security alert for insight into network-wide network security, performance, information. When combined traffic and threats, and managing and compliance—along with with the FortiGuard Indicators policies. It includes features to adaptive awareness through of Compromise (IOC) Service, it contain advanced threats as well self-discovery of the elements also provides a prioritized list of as industry-leading scalability to attached to the network, all compromised hosts to allow for manage up to 10,000 Fortinet delivered through a single pane rapid action. devices. of glass. 32 OTHER PRODUCTS FNDN Fortinet Worldwide Developer Community 33 SECURITY OPERATIONS HOW FORTINET’S SECURITY OPERATIONS SOLUTION IS UNIQUE Comprehensive and Holistic Approach to Managing Unified Visibility from IoT to the Cloud Risk Fortinet’s Security Operations solution reduces the complexity Fortinet’s Security Operations solution brings together the best inherent in organizations with many security point solutions of security hardware and software for a seamless approach to that need to be monitored by SOC personnel, using a single security operations. It combines the capabilities of FortiManager, interface to the Fortinet Security Fabric through FortiAnalyzer. FortiAnalyzer, and FortiSIEM, along with FortiGuard Threat FortiSIEM provides the additional context with a unified view of Intelligence and IOC Services to deliver: the non-Fortinet devices, for a holistic view of the organization’s threat landscape from IoT to the cloud. §§Adaptive awareness of the threat landscape §§Rapid local and global threat detection for accelerated FortiSIEM Available in All Form Factors responses While many SIEM vendors only offer their products on physical §§Reduced complexity in managing the onslaught of alerts and appliances, and in some cases may require many appliances alarms to support the same functions as FortiSIEM, Fortinet offers §§Reporting and analytics that enable IT, line-of-business FortiSIEM in three formats to allow customers to choose which managers, C-level, and board members to better understand best fits their needs. FortiSIEM is available as a virtual appliance, the organization’s risk profiles allowing customers to place the solution in a virtual machine of their choice. FortiSIEM also offers three new appliance models—one for FortiSIEM Collector efforts and two models to support the FortiSIEM Supervisor efforts. Customers can also choose to deploy FortiSIEM on the AWS cloud via the AWS Marketplace, supporting a “bring-your-own-license” model. 34 COMPETITIVE COMPARISON Fortinet Palo Alto Check Point Cisco splunk Log Rhythm IBM SIEM Solution a a a a Enterprise FW a Partrial a a Cross Security Platform a Real-time Correlation of NOC/SOC Analytics a Device and Configuration Self- Discovery a Dynamic Watch Lists & Threat Intelligence a a a a Audit trail of User Activity a Role Based Access Controls a a= Provides = Not available This sales guide is for Internal Use Only. 35 SECURITY OPERATIONS QUALIFYING QUESTIONS c Have you experienced a breach in the past year? If so, what was the impact and how was it felt? c How many security vendor solutions are you currently using to manage against breaches? c How does your NOC and SOC share data today? c How much time does your security staff invest in manually correlating alerts and log related data? c Are you able to provide your Executives and Board with a clear picture of malicious activity and risk to critical data, applications and assets currently on and connecting to your networks? c Do you have the ability to identify and prioritize high severity issues across physical and virtual networks, on-premise and cloud deployments, as well conventional through to IoT devices? c Do your network and security operations centers share a common view such that they are able to detect and respond to issues efficiently and effectively? c Are you able to proactively discover and manage devices and applications as they connect to your network? 36 CLOUD SECURITY Organizations are rapidly embracing cloud computing, including migrating server workloads to public clouds such as Amazon Web Services or Microsoft Azure, or adopting SaaS applications. At the same time, most enterprises continue to invest in virtualization and software-defined infrastructure to transform data centers into private clouds. The long-term direction is toward a persistent hybrid cloud (and in many cases multicloud) environment, spanning across disparate private and public clouds. Maintaining user privacy and data confidentiality when data resides in IaaS or SaaS clouds is a top IT concern. Therefore, Cloud Security solutions play a critical role in protecting private, public, and hybrid clouds to ensure that enterprise workloads can maintain a consistent security posture regardless of whether they are running on physical, virtual, or cloud infrastructure. 37 CLOUD SECURITY MARKET DYNAMICS AND DRIVERS Rapid Market Growth in the Cloud Space Increased Traffic Flow Within Networks The market for cloud security is expected to grow rapidly As on-premises environments evolve into private clouds, with the adoption of cloud computing infrastructures. Forbes network traffic will increasingly shift from traditional north-south estimates that $141B will be spent annually on public cloud flows to east-west. Studies have shown that 75% of data- services by 2019, while IDC Research projects that more than center traffic in modern virtualized environments is already half of enterprise workloads will be running in public clouds east-west rather than north-south. Properly inspecting all east- within a few years. Gartner Research estimates that security west traffic to ensure proper segmentation of workloads would and management solutions for IaaS and SaaS will expand to easily quadruple today’s $3B market for north-south data-center security. Gartner predicts that 10% of enterprise firewall revenue $11B in this timeframe.7 will be delivered as virtual firewalls by 2019. 10% will be spent 141B annually on public cloud services by 2019 of enterprise firewall revenue will be (Forbes 2017) delivered as virtual firewall by 2019 (Gartner 2017) 7. Gartner Enterprise Firewall MQ 2017 38 CLOUD SECURITY PRODUCTS FortiGate FortiGate FortiGate VM VMX Connectors FortiGate VM is a key foundation Orchestration with software- FortiGate Connectors for Cisco for cloud security. As the virtual defined networking (SDN) further ACI and OpenStack Neutron appliance edition of our award- ensures automatic provisioning provide out-of-the-box integration winning FortiGate physical and scaling of network inspection. with other leading SDN platforms appliances, the FortiGate VM FortiGate VMX is a purpose- to automate firewall and network has the same FortiOS security built version of the FortiGate security insertion into dynamic and management firmware, virtual appliance, providing deep network flows. as well as FortiGuard threat data plane and control plane updates. integration with VMware NSX to deliver advanced security and microsegmentation for vSphere environments. 39 CLOUD SECURITY OTHER PRODUCTS FortiCASB service provides critical visibility of users and data in cloud- based applications. Fortinet Virtual Appliances ensure a broad range of network security for private and public clouds. 40 HOW FORTINET’S CLOUD SECURITY SOLUTIONS ARE UNIQUE Only Fortinet’s Cloud Security solutions can extend visibility and Automated Scaling of Protection for Elastic Cloud control across an organization’s entire private, public, and hybrid Workloads cloud environment with Fortinet Security Fabric integration. With many organizations adopting cloud computing to scale web or other applications elastically, Fortinet ensures user Consistent Security Posture Across Private and and data privacy at cloud scale without slowing down the Public Clouds business. Firewall inspection can be orchestrated into dynamic Fortinet enables secure and compliant policies, as well as fabric applications and software-defined network flows, while visibility, to be applied consistently across physical, virtual, inspection capacity can be automatically scaled up with cloud and cloud infrastructure. Secure site-to-site VPN connectivity applications. Automated provisioning can apply appropriate between on-premises and public clouds ensures secure security policies to new and existing workloads. application and data migration across the hybrid cloud, while also minimizing leakage of confidential data. End-to-End Network Segmentation Within and Across Clouds Fortinet provides powerful inspection capacity to inspect east-west traffic within private and public clouds, mitigating the concentration of risk from threats in highly consolidated virtual and cloud-based environments. Internal segmentation and microsegmentation can be deployed easily into flat, open networks without disruption, providing end-to-end segmentation with fine-grained policies based on users, applications, and data. 41 CLOUD SECURITY COMPETITIVE COMPARISON Fortinet Cisco Check Point Juniper Palo Alto Trend Micro Support for leading public clouds including AWS and Azure a a a a Support for all major hypervisor platforms a a a Support for key SDN platforms including NSX, ACI, and OpenStack a a a Scalable virtual appliance performance and efficiency a a a Wide range of virtualized security offerings a a Gartner Enterprise Firewall MQ Leader a a a a= Provides = Not available 42 42 This sales guide is for Internal Use Only. THIRD-PARTY VALIDATION NSS Labs and Gartner Magic Quadrant Partner Certifications FortiGate virtual appliances are part of the same product family Integration and orchestration of FortiGate with leading private whose hardware has received numerous third-party validations or public cloud platforms has been certified or recognized or recognition, including NSS Labs “Recommended” and Gartner by key partners, including validations for VMware Ready for Magic Quadrant for Enterprise Firewall as a Leader. Networking and Security, VMware Ready for NFV, Cisco ACI, AWS Marketplace, Azure Marketplace, and Azure Security Center. Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 43 CLOUD SECURITY QUALIFYING QUESTIONS c Has your organization been leveraging virtualization, SDN, or other technologies as part of data-center consolidation or transformation projects? c How are you ensuring visibility into increased east-west or inter-VM traffic? c How would your risk be concentrated were a security breach to occur in heavily consolidated virtual environments? c Is your organization adopting public clouds like AWS, Azure, or Google? c How are you ensuring that your apps and data migrated to the cloud have the exact same security posture as if running in your internal data center? c Are you migrating applications and data between on-premises data centers/clouds and the public cloud? c Do you have confidentiality or compliance requirements to ensure data doesn’t leak from on-premises to public clouds, and how are you monitoring and protecting against data leakage? c How do you ensure that only authorized users or employees are accessing data in SaaS environments like Office 365 or Salesforce.com? c How are you ensuring data privacy and compliance with respect to data stored in SaaS applications like Office 365 or Salesforce.com? NSE TRAINING MODULES §§NSE 2: Public Cloud Security 44 APPLICATION SECURITY Web-based applications that are exposed to the Internet are an easy target for hackers. The largest Web-based attacks are a significant issue—as are scale and point of entry for data breaches in the past few reliability for secure web applications. Customers hosting a secure years has been application vulnerabilities that application for thousands or even millions of users need to ensure hackers exploit. In addition, DDoS attacks have that the application infrastructure can meet the demand and evolved from blunt-force instruments designed respond quickly. to overwhelm network resources to sophisticated surgical strikes that target application layer Fortinet’s Application Security solutions include web application services in a data center. firewalls, DDoS attack mitigation appliances, and application delivery controllers to protect applications from vulnerabilities and Layer 7 DDoS attacks, while providing the tools needed to seamlessly scale secure applications to millions of users. For more specialized needs, we also offer web caching and advanced WAN link load balancers to further ensure applications, data, and WAN connections are secure and available. 45 APPLICATION SECURITY MARKET DYNAMICS AND DRIVERS Application Exploits Are a Top Cause for Breaches Verizon reports that application vulnerabilities are the top contributing factor for data breaches. They found that 40% of all breaches were caused by exploits and vulnerabilities in web-based applications in 40% of all breaches were caused by exploits and vulnerabilities in web-based applications their 2017 Data Breach Investigations Report. (Verizon 2017) Encrypted Traffic Growth Outpaces Infrastructure 30% Although not widely reported, encrypted web application traffic is growing at a very fast pace. Sandvine’s 2016 Encrypted Traffic Report showed that 30% of all Internet traffic was encrypted. In the following year, that volume was projected to grow to 50%. Most organizations of Internet traffic are racing to encrypt their sensitive data, even though it is straining was encrypted their existing application delivery infrastructure. (Sandvine 2016) DDoS Is Only Getting Worse In 2016, Verisign reported a 75% increase in DDoS attacks from the year before in their Q2 DDoS Trends Report. Sophisticated Layer 7 DDoS threats continue to grow. In some cases, it only takes a few 75% of kilobytes of traffic to do as much damage as a brute-force attack of DDoS attacks 100 Gbps or higher. Currently, 80% of DDoS attacks are less than 50 from the year before Q2 Gbps—and most successful ones are less than 1 Gbps. (Verisign 2016) 46 APPLICATION SECURITY PRODUCTS FortiWeb FortiDDoS FortiADC WEB APPLICATION ATTACK MITIGATION APPLICATION DELIVERY FIREWALLS APPLIANCES CONTROLLERS FortiWeb protects hosted web Using 100% behavior-based FortiADC solutions optimize applications from attacks that DDoS attack detection, FortiDDoS the availability, user experience, target known and unknown delivers complete attack protection performance, and scalability of exploits. Using multilayered and against Layer 3, 4, and 7 DDoS Enterprise Application Delivery. correlated detection methods, threats. It offers low latency and The FortiADC family of physical FortiWeb defends applications fast DDoS protection compared appliances delivers fast, secure, from known vulnerabilities and to signature- and CPU-based and intelligent acceleration from zero-day threats. solutions. and distribution of demanding applications in the enterprise. 47 APPLICATION SECURITY OTHER PRODUCTS FortiCache Web Content Caching FortiWAN WAN Optimization 48 HOW FORTINET’S APPLICATION SECURITY SOLUTIONS ARE UNIQUE Complete Application Security Solution A Complete, One-Vendor Solution Only Fortinet provides a complete solution that covers the core FortiADC, FortiWeb, and FortiDDoS products are optimized to elements of application security. This includes web application work together with other Fortinet products for management and firewalls, application delivery controllers, DDoS attack reporting. All products share a similar interface to reduce the mitigation, WAN optimization, and web content caching. Most learning curve for support teams. Having only one vendor to other vendors only offer point products, requiring a complex manage simplifies renewals and accountability. multivendor solution that’s difficult to install and manage. Fortinet Security Fabric Integration Our Application Security portfolio is deeply integrated into the Fortinet Security Fabric. We ensure that applications are protected from the latest threats with FortiGuard Threat Intelligence Services—including antivirus, anti-malware, IP reputation, and application attack signatures. Application Security is integrated into other solutions such as FortiGate firewalls, FortiMail, and FortiSandbox for advanced threat protection. It is also integrated with many third-party providers, including HP, IBM, and Verisign. 49 APPLICATION SECURITY COMPETITIVE COMPARISON Fortinet F5 A10 Imperva Arbor Barracuda Independently top-rated security a a a a Complete WAF, ADC, and DDoS solution a a a WAF Only DDoS Only a Part of a broader integrated solution a Available in all form factors a a a a a Gartner Gartner Gartner Gartner Gartner Gartner Challenger Leader Not rated Leader Not rated Challenger Analyst rating (WAF)* NSS NSS NSS NSS NSS NSS Recommended Recommended Not rated Not rated Not rated Not rated a= Provides = Not available 50 50 This sales guide is for Internal Use Only. THIRD-PARTY VALIDATION NSS Labs Recommended 2017 Gartner Magic Quadrant—“Challenger” FortiWeb received a “Recommended” rating from NSS Labs in Fortinet continues as a Challenger in the 2017 Gartner their 2017 Web Application Firewall Comparative Report and Magic Quadrant for Web Application Firewalls for the second Security Value Map. The FortiWeb 3000E was pitted against consecutive year. We believe that integration with the Fortinet five competitors and placed very well overall against the Security Fabric along with continued technology advances competition—passing all tests, tying for first place in Security make FortiWeb an easy choice for security leaders when Effectiveness, and receiving an “Above Average” rating for looking at a web application firewall to protect their web- overall value for 2017. facing applications. Gartner Magic Quadrant for Web Application Firewalls, 7 August 2017 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 51 APPLICATION SECURITY QUALIFYING QUESTIONS c How do you protect your mission-critical, web-based applications from attacks today? c Do you regularly conduct code security reviews and if so, how often? c Do you need to meet PCI DSS compliance standards? What were the results of your last PCI DSS audit? c Are you concerned about data breaches of sensitive customer or proprietary information through your web-based applications? c Are your secure web applications outgrowing your current server load balancer? c Do you need applications to span multiple data centers for disaster recovery of applications? c Are DDoS attacks one of your top data-center threats? c Do you find that your current service-based DDoS mitigation solution is expensive with unpredictable costs? NSE TRAINING MODULES §§NSE 2: Application Security §§NSE 3: Web Application Firewalls (FortiWeb) §§NSE 3: Application Delivery Controllers (FortiADC) §§NSE 3: DDoS Attack Mitigation (FortiDDoS) 52 SECURE ACCESS For many, the primary focus for securing the network focuses on external threats coming from the Internet. However, with a mobile workforce, Our FortiSwitch product line offers a wide variety of switching BYOD policies, and widespread use of thumb capabilities—from top-of-rack (ToR) aggregation applications, drives, threats from internal attack vectors are to distributed enterprises, down to small businesses. Utilizing increasing. Therefore, securing internal access is proprietary FortiLink technology, these switching products extend becoming increasingly important. Fortinet offers the Fortinet Security Fabric down to the Ethernet ports, delivering a a full range of both wired and wireless solutions highly integrated yet easy-to-manage wired solution. with exactly this focus. Fortinet’s wireless product line includes a variety of access points (APs) and three methods of managing them to optimize the solution to a customer’s needs: §§An integrated solution in which switching, WLAN control, and security services are integrated in a single FortiGate §§A more traditional WLAN controller that supports high- density and high-mobility environments with unmatched security services §§A cloud-managed wireless solution providing the simplest deployment option, yet still maintaining the highest level of security 53 SECURE ACCESS MARKET DYNAMICS AND DRIVERS Growth of PoE from IoT More and more devices connecting to wired ports are drawing not only Internet connectivity but also power. Initially, wireless APs used Power Growth of PoE over Ethernet (PoE), but more devices and sensors supporting the Internet of Things (IoT) are relying on their wired connection for power from IoT as well. PoE switch ports are being deployed in increasing numbers for video cameras, building management, and lighting. Shift from 802.11n to 802.11ac to 802.11ac Wave 2 Wireless connectivity remains a core requirement of most companies. Wireless connectivity The increasing speeds and improving reliability from newer standards remains a core have resulted in incremental improvements to Wi-Fi APs. Companies requirement of most are now balancing the cost of the higher throughput APs with more companies affordable options as they plan their wireless networks. Surge in Cloud-Based Management Adoption Cloud management of networks has increased as IT managers have embraced the benefits of anywhere, anytime management and grown comfortable with the perceived risks. Proven, secure solutions have delivered productivity and responsiveness gains, while also shifting Surge in Cloud-Based capex costs to more palatable opex spend. management adoption 54 SECURE ACCESS PRODUCTS FortiAP FortiAP-S FortiSwitch INTEGRATED WIRELESS SECURE REMOTE WIRED SOLUTION WIRELESS SOLUTION SOLUTION THE FortiAP series extends The FortiAP-S series performs FortiSwitch Secure Access the security policies of the real-time security processing at Switches are feature-rich yet cost- FortiGate out to the wireless the AP itself. Combining Wi-Fi effective and address the needs network. Managed by the access and network security into of large enterprise campuses WLAN controller built into the the compact footprint of a single or smaller branch offices. The FortiGate, the FortiAP access AP provides an exceptionally FortiLink protocol enables Zero- points provide visibility and elegant and affordable WLAN touch provisioning, effectively control via a familiar GUI. Ideal solution for SMBs and the extending the FortiGate with for main offices, branch offices distributed enterprise. Remote additional wired ports. With high- and remote offices, with outdoor management available from density 24- and 48-port models options available. FortiGate or FortiCloud. supporting 802.11at PoE, they can power anything from APs to VoIP handsets to surveillance cameras. 55 SECURE ACCESS OTHER PRODUCTS FortiAuthenticator FortiToken FortiClient FortiExtender FortiPresence 56 HOW FORTINET’S SECURE ACCESS SOLUTIONS ARE UNIQUE Balancing Access, Performance, and Protection Supporting Comprehensive Security Across the Without Compromise Infrastructure Today’s enterprises demand fast, transparent access to critical Above all, Fortinet’s Secure Access solution perfectly applications and data—from anywhere and from a range of complements enterprise architectures, extending Fortinet’s devices over which administrators no longer have full control. Security Fabric from the core to the edge and uniting the various solution components to deliver combined benefits greater than Fortinet’s Secure Access solution provides a tightly integrated the sum of their parts. infrastructure—access, networking, and security—capable of meeting these demands without compromising performance or security. As security threats increase in number, risk, and sophistication, Fortinet customers can rest assured that data protection obligations to their customers, business partners, and shareholders can be honored, and that maximum business continuity will be maintained. 57 57 SECURE ACCESS COMPETITIVE COMPARISON Capability Fortinet Cisco HP/Aruba Aerohive Ruckus/Arris Enterprise WLAN a a a a a UTM in Access Point a Enterprise Switching a a a a a UTM a a Gartner MQ WLAN/LAN a a a a a a= Provides = Not available 58 58 This sales guide is for Internal Use Only. THIRD-PARTY VALIDATION 2016 Gartner Magic Quadrant—“Visionary” In the 2016 Gartner Magic Quadrant for Wired and Wireless LAN Access Infrastructure, Fortinet’s Secure Access product line achieved a Visionary rating in the enterprise LAN/WLAN marketplace. “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure,” Tim Zimmerman, Christian Canales, Bill Menezes, Danilo Ciscato, August 2016 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 59 SECURE ACCESS QUALIFYING QUESTIONS c Are you looking for security in addition to access layer components? c Is simplified management a key requirement? c Do you already own a FortiGate? c Do you have many small sites (distributed retail)? c Do you need security at the edge for a small branch? c Do you have a large public venue with stringent RF capabilities? c Do you have minimal staff and need a solution that’s easy to deploy and manage? NSE TRAINING MODULES §§NSE 2: Secure Access Solution §§NSE 2: Wireless Infrastructure Products §§NSE 2: Wireless Integrated Products §§NSE 2: FortiCloud 60 SERVICES FortiGuard FortiCare FortiGuard researchers continuously scour the Security can be complex; creating the best security environment cyber landscape to discover emerging threats requires expertise. Fortinet is immersed in security every day of the year and our professionals know our products in detail. We can and develop effective countermeasures to protect augment the defensive capabilities of any IT organization with a range organizations around the world. They are the of offerings, tailoring our services to the size of the organization and reason that FortiGuard is credited with over 250 the desired level of assistance and monitoring. We can help you ensure zero-day discoveries—a record unmatched by that your customer’s security posture is appropriate to today’s evolving threat environment. any other security vendor. FortiCare services are available on all Fortinet products and include four types of offerings: Our unique combination of in-house research across 10 different security disciplines, §§Product Support Services include device assistance with technical issues as well as firmware updates, and (if necessary) intelligence exchanged with leading industry product replacement. Device monitoring and reporting is also sources, and machine learning are why Fortinet available. Assistance can be provided by phone, email, or chat. security solutions routinely demonstrate such high §§Advanced Support Services provide support on an account basis scores during real-world security effectiveness and include configuration advice and performance review, as well tests at places like NSS Labs, Virus Bulletin, ICSA as training and certification programs. There are both Enterprise Labs, and AV-Comparatives. and Service Provider options. §§Professional Services offer certified experts for onsite training, design, configuration, implementation, and validation for security and infrastructure products. These engagements are custom created and require a statement of work (SOW) to properly scope the activity. §§Premium RMA Services include enhanced warranty returns for faster replacement turnaround, as well as secure disposal options for high-security customers. 61 SALES TOOLS SALES TOOLS We offer a number of tests and other tools to help your Test Your Metal (Malware Scan Effectiveness) potential customers evaluate their current security Attackers get past security measures by hiding malware deep within posture, as well as demos for an assortment of compressed files. Unfortunately, most network security solutions are Fortinet products. regularly fooled by this technique because they can’t analyze a file compressed with any format other than ZIP. There are a number of Cyber Threat Assessment Program legitimate compression formats commonly used and easily opened by Our Cyber Threat Assessment Program (CTAP) is a framework typical end-users on most operating systems other than ZIP (e.g., TAR, designed to offer your prospective customers quick, easy, and GZ, 7Z, CAB). valuable insight into their preexisting security posture. It helps Test Your Metal offers a simple test to see if your network security will you build credibility, establish yourself as a trusted advisor, and catch malware hiding in compressed files. create a strong business case to choose Fortinet solutions to mitigate threats. Website: http://metal.fortiguard.com With a conversion rate of 85%, CTAP is a proven way to Network Testing turn a greenfield opportunity into a long-term customer while Help your customers get the most out of their network devices and demonstrating the value of FortiGate, FortiOS, FortiGuard, and diagnose potential issues with comprehensive performance testing. FortiSandbox in your prospect’s own network environment. FortiTester offers a suite of powerful, yet easy-to-use tests that simulate Website: https://ctap.fortinet.com a variety of typical traffic conditions. It allows you to set performance standards and run audits to make sure your network continues to meet Product Demo Center them. It also stores past tests for easy comparison. Let your prospects see for themselves how our solutions can help solve their security challenges. Our Product Demo Center Website: http://docs.fortinet.com/fortitester/ includes a wide range of Fortinet products, helping customers explore key features and capabilities as well as experience our Training intuitive user interfaces. Network Security Expert (NSE) training is an eight-level certification program designed for technical professionals interested in independent Website: http://www.fortidemo.com validation of their network security skills and experience. NSE training is available via the Fortinet Partner Portal. Website: https://www.fortinet.com/support-and-training.html 62 PARTNER SUPPORT Fortinet provides a wealth of resources for our partners, including services such as sales and Corporate Website product training, opportunity identification, and http://www.fortinet.com advanced technical support as part of the pre- sales process. Fortinet Partner Portal Enterprise customers tend to have specialized https://partners.fortinet.com/ needs with many complexities. Our global teams of account managers and sales engineers are at Training Information the ready to assist you with any of the solutions http://www.fortinet.com/training/index.html presented in this guide. Product Information We also have many online resources to assist you http://www.fortinet.com/products/index.html during the sales process. Fortinet Icon Library Available in the Resources section at http://www.fortinet.com/ FUSE Community https://fusecommunity.fortinet.com 63 This Partner Sales Guide is designed to educate and enable Fortinet channel partners on our leading network security solutions. This is not appropriate as a customer-facing document. Copyright © 2017 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. v2.0 110550 0 0 EN September 15, 2017 10:32 AM
Copyright © 2024 DOKUMEN.SITE Inc.