AI Powered Application Security
Timo Lohenoja, CISSP Principal Systems Engineer [email protected] 2 Dynamic Cloud Security – support the move to the cloud Ensuring safe and appropriate email communications
3 Dynamic Cloud Security – support the move to the cloud Ensuring safe and appropriate email communications
Fortinet FortiMail SC rate: 99.97% FP rate: 0.00% Final score: 99.9 Malware catch rate: 100.00% Phishing catch rate: 98.15% Project Honey Pot SC rate: 99.99% Abusix SC rate: 99.96% Newsletters FP rate: 0.0% Speed: 10%: ; 50%: ; 95%: ; 98%:
4 Value-added services FortiPhish – Security Awareness Training Service
• Phishing testing service
• Send test emails to internal users
• Report on user awareness
• Train users
5 6 Sophisticated Breach and ransomware incidents Threats continue to increase
Digital Digital Innovation is Attack As the perimeter expands, billions Also Causing Surface of “Security Edges” are formed Increased Risk Cyber threats Ecosystem Too many vendors and too many take advantage Complexity alerts, not enough skilled people of the disruption
Compliance Global, country, province, industry, and government regulation
7 Advanced Threats Continue to Adapt
6B+ 5B 4.7B 5B+
1B+ 39M* 826M 604M 259M 4M 4.37M* 7.47M 67M 147M 3.2M
Cumulative Records Stolen Annual # of Ransomware Attacks
Significant Threat Incidents Melissa Code Red Slammer Sasser Zeus Conficker Stuxnet Cryptolocker Wannacry VPNFilter COVID-19
1990–1999 2000–2001 2002–2003 2004–2005 2006–2007 2008–2009 2010–2011 2012–2014 2015–2017 2018–2019 2020+
*Many undisclosed | Record Stolen Reference—Breach Level Index | Ransomware stats—Statista 8 9 The Future of Threat Intelligence
ACTIONABLE THREAT VISIBILITY INNOVATION INTELLIGENCE
Telemetry Network Web Application Web IPS Anti-Virus Control Filtering Sandbox SECURITY Email Endpoint FABRIC CERTs PROTECTIONS AI / Machine Fortinet Anti- Endpoint Indicators of Learning Distribution Spam Vulnerability Compromise (IoCs) Enforcement Network Partnerships
Zero-Day FortiGuard PROACTIVE Labs RESEARCH Adversary Security Threat Intel Threat Virtual Playbooks Blogs Briefs Signals Patches OSINT Detection and Federated protection in Machine milliseconds Learning CTA feeds THREAT INTELLIGENCE Trusted SERVICES Penetration Phishing Incident Partnerships Testing Service Response
10 Machine Learning for Web Application Protection Reduce friction when deploying web applications
continuous integration and continuous deployment (CI/CD)
11 Machine Learning for Web Application Protection Old Fashioned WAFs add friction
Legacy WAF Blocks Developer Legitimate Requests Pushes Code
Developer WAF Administrator User enjoys the benefits troubleshoots the tunes the WAF of the new code problem
1212 There is a better way . . .
13 Machine Learning for Web Application Protection FortiWeb with Machine Learning Secures your Application without slowing you down
Threats Blocked Developer Pushes Code FortiWeb User enjoys the benefits Enhanced with of the new code Machine Learning protects the 1414 application Machine Learning for Web Application Protection Traditional WAF techniques block some malicious traffic . . .
FortiWeb blocks threats with a combination of: • IP Reputation • DDOS Protection • Protocol Validation • Attack Signatures • Antivirus / DLP
1515 Machine Learning for Web Application Protection Additional layer of machine learning based analysis distinguishes between malicious and benign anomalies
Block malicious
Allow benign
1616 FortiWeb Machine Learning Benefits
Fewer False Positives Less Administrative Overhead
17 FortiWeb Form Factors Multiple options for maximum deployment flexibility
Appliances Virtual Machines Public Cloud SaaS Container
• 7 models • 5 VM models • 4 VM models • Subscription based • 4 virtual appliances
• 25 Mbps to 20 Gbps • CPU-based • BYOL and On-demand • Based on data • 25 Mbps to 2 Gbps consumed and number • Support for 10GE • Perpetual licensing • AWS, Azure, Google of sites • Docker support Cloud, Oracle Cloud • VMware, Hyper-V, • Hosted by Fortinet • AWS ECS Xen, Citrix Xenserver, KVM, VirtualBox • Delivered on AWS, Azure, and GCP
• Purchase with annual contracts or from the public cloud marketplaces 18 FortiWeb Form Factors Multiple options for maximum deployment flexibility
Appliances Virtual Machines Public Cloud SaaS Container
• 7 models • 5 VM models • 4 VM models • Subscription based • 4 virtual appliances
• 25 Mbps to 20 Gbps • CPU-based • BYOL and On-demand • Based on data • 25 Mbps to 2 Gbps consumed and number • Support for 10GE • Perpetual licensing • AWS, Azure, Google of sites • Docker support Cloud, Oracle Cloud • VMware, Hyper-V, • Hosted by Fortinet • AWS ECS Xen, Citrix Xenserver, KVM, VirtualBox • Delivered on AWS, Azure, and GCP
• Purchase with annual contracts or from the public cloud marketplaces 19 FortiWeb Cloud WAF as a Service A Cloud Native Web Application and API Protection Solution
§ Cloud Native » True multi-tenant SaaS solution, delivering elastic capacity § Deployed in the same region as your application » Improved Performance » Simplified regulatory environment » Reduce bandwidth costs § Multi-Cloud » AWS » Azure » GCP
20 FortiWeb as a Service Customer onboarding and provisioning
21 FortiWeb Cloud WAF as a Service – Global CDN
§ Optional and Available at No Additional Charge § Directs requests to the nearest and fastest PoP » Latency based GSLB § World wide distribution » Global distribution of WAF clusters § Sophisticated caching and optimization techniques » Deliver content directly rather than forward to app
22 “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”
— Bruce Schneier
23 AI / Machine Learning: what do we expect?
WALKS QUACKS SWIMS
Ducks NOT Ducks
FEATURES – In Machine Learning and pattern recognition, a feature is an individual measurable property or characteristic of a phenomenon being observed.
24 FortiAI Virtual Security Analyst TM Timo Lohenoja, CISSP Principal Systems Engineer [email protected]