AI Powered Application Security

Timo Lohenoja, CISSP Principal Systems Engineer [email protected] 2 Dynamic Cloud Security – support the move to the cloud Ensuring safe and appropriate email communications

3 Dynamic Cloud Security – support the move to the cloud Ensuring safe and appropriate email communications

Fortinet FortiMail SC rate: 99.97% FP rate: 0.00% Final score: 99.9 Malware catch rate: 100.00% Phishing catch rate: 98.15% Project Honey Pot SC rate: 99.99% Abusix SC rate: 99.96% Newsletters FP rate: 0.0% Speed: 10%: ; 50%: ; 95%: ; 98%:

4 Value-added services FortiPhish – Security Awareness Training Service

• Phishing testing service

• Send test emails to internal users

• Report on user awareness

• Train users

5 6 Sophisticated Breach and ransomware incidents Threats continue to increase

Digital Digital Innovation is Attack As the perimeter expands, billions Also Causing Surface of “Security Edges” are formed Increased Risk Cyber threats Ecosystem Too many vendors and too many take advantage Complexity alerts, not enough skilled people of the disruption

Compliance Global, country, province, industry, and government regulation

7 Advanced Threats Continue to Adapt

6B+ 5B 4.7B 5B+

1B+ 39M* 826M 604M 259M 4M 4.37M* 7.47M 67M 147M 3.2M

Cumulative Records Stolen Annual # of Ransomware Attacks

Significant Threat Incidents Melissa Code Red Slammer Sasser Zeus Conficker Stuxnet Cryptolocker Wannacry VPNFilter COVID-19

1990–1999 2000–2001 2002–2003 2004–2005 2006–2007 2008–2009 2010–2011 2012–2014 2015–2017 2018–2019 2020+

*Many undisclosed | Record Stolen Reference—Breach Level Index | Ransomware stats—Statista 8 9 The Future of Threat Intelligence

ACTIONABLE THREAT VISIBILITY INNOVATION INTELLIGENCE

Telemetry Network Web Application Web IPS Anti-Virus Control Filtering Sandbox SECURITY Email Endpoint FABRIC CERTs PROTECTIONS AI / Machine Fortinet Anti- Endpoint Indicators of Learning Distribution Spam Vulnerability Compromise (IoCs) Enforcement Network Partnerships

Zero-Day FortiGuard PROACTIVE Labs RESEARCH Adversary Security Threat Intel Threat Virtual Playbooks Blogs Briefs Signals Patches OSINT Detection and Federated protection in Machine milliseconds Learning CTA feeds THREAT INTELLIGENCE Trusted SERVICES Penetration Phishing Incident Partnerships Testing Service Response

10 Machine Learning for Web Application Protection Reduce friction when deploying web applications

continuous integration and continuous deployment (CI/CD)

11 Machine Learning for Web Application Protection Old Fashioned WAFs add friction

Legacy WAF Blocks Developer Legitimate Requests Pushes Code

Developer WAF Administrator User enjoys the benefits troubleshoots the tunes the WAF of the new code problem

1212 There is a better way . . .

13 Machine Learning for Web Application Protection FortiWeb with Machine Learning Secures your Application without slowing you down

Threats Blocked Developer Pushes Code FortiWeb User enjoys the benefits Enhanced with of the new code Machine Learning protects the 1414 application Machine Learning for Web Application Protection Traditional WAF techniques block some malicious traffic . . .

FortiWeb blocks threats with a combination of: • IP Reputation • DDOS Protection • Protocol Validation • Attack Signatures • Antivirus / DLP

1515 Machine Learning for Web Application Protection Additional layer of machine learning based analysis distinguishes between malicious and benign anomalies

Block malicious

Allow benign

1616 FortiWeb Machine Learning Benefits

Fewer False Positives Less Administrative Overhead

17 FortiWeb Form Factors Multiple options for maximum deployment flexibility

Appliances Virtual Machines Public Cloud SaaS Container

• 7 models • 5 VM models • 4 VM models • Subscription based • 4 virtual appliances

• 25 Mbps to 20 Gbps • CPU-based • BYOL and On-demand • Based on data • 25 Mbps to 2 Gbps consumed and number • Support for 10GE • Perpetual licensing • AWS, Azure, Google of sites • Docker support Cloud, Oracle Cloud • VMware, Hyper-V, • Hosted by Fortinet • AWS ECS Xen, Citrix Xenserver, KVM, VirtualBox • Delivered on AWS, Azure, and GCP

• Purchase with annual contracts or from the public cloud marketplaces 18 FortiWeb Form Factors Multiple options for maximum deployment flexibility

Appliances Virtual Machines Public Cloud SaaS Container

• 7 models • 5 VM models • 4 VM models • Subscription based • 4 virtual appliances

• Purchase with annual contracts or from the public cloud marketplaces 19 FortiWeb Cloud WAF as a Service A Cloud Native Web Application and API Protection Solution

§ Cloud Native » True multi-tenant SaaS solution, delivering elastic capacity § Deployed in the same region as your application » Improved Performance » Simplified regulatory environment » Reduce bandwidth costs § Multi-Cloud » AWS » Azure » GCP

20 FortiWeb as a Service Customer onboarding and provisioning

21 FortiWeb Cloud WAF as a Service – Global CDN

§ Optional and Available at No Additional Charge § Directs requests to the nearest and fastest PoP » Latency based GSLB § World wide distribution » Global distribution of WAF clusters § Sophisticated caching and optimization techniques » Deliver content directly rather than forward to app

22 “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

— Bruce Schneier

23 AI / Machine Learning: what do we expect?

WALKS QUACKS SWIMS

Ducks NOT Ducks

FEATURES – In Machine Learning and pattern recognition, a feature is an individual measurable property or characteristic of a phenomenon being observed.

24 FortiAI Virtual Security Analyst TM Timo Lohenoja, CISSP Principal Systems Engineer [email protected]