1 / 27

Selling in the Telco sector

Selling in the Telco sector. JOSE GRANDMOUGIN EMEA SENIOR CONSULTANT . 26. 11. 2009. Security Solutions for Service Providers. MOBILE NETWORK. Two discrete solutions for Service Providers. 2. 1. Protecting the Service Provider’s Infrastructure.

blade
Download Presentation

Selling in the Telco sector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Selling in the Telco sector • JOSE GRANDMOUGIN • EMEA SENIOR CONSULTANT 26. 11. 2009

  2. Security Solutions for Service Providers MOBILE NETWORK Two discrete solutions for Service Providers 2 1 Protecting the Service Provider’s Infrastructure Protecting the customer (Managed Security Service Provider) Subscriber Network Subscriber Network Subscriber Network RADIUS SERVER SGSN GGSN

  3. Managed Security Services

  4. Traditional CPE / Client Based MSS Internet NOC/SOC 4

  5. Virtualized Services Per Customer Virtual Domain Application Control Web Filtering AntiVirus / AntiSpyware Data Leak Prevention AntiSpam Intrusion Protection VPN (IPSec / SSL) Firewall Dynamic Routing 5

  6. Security Processing Modules ADM-XE2 and ASM-CE4 Intrusion Prevention Offloading Inspects traffic traversing network interfaces for network-based attacks Provides protocol anomaly and signature-based inspection Multi-Gigabit performance Firewall Offloading Inspects traffic traversing network interfaces and blocks/allows according to firewall policy Line-Rate performance IP Multicast Offloading Accelerates and routes IP Multicast traffic Contributes to improved performance of video, voice, and other IP Multicast applications ASM-CE4 ADM-XE2

  7. NP4 Based Dual Wide AMC Module Compatible with 5001A/3810A Firewall and IPSec offload 4 x 10G SFP+ Interfaces Includes 2xSR SFP+ transceivers 20G Firewall Processing 8G IPSec VPN Processing ADM-XD4 7

  8. Value Added Internet Access Services Customer 1 Customer 2 Customer 3 Internet COMPETITION • Juniper • CrossBeam • Cisco WINNING FACTORS • Protection Profiles and Virtualization • Routing flexibility • Hardware scalability 8

  9. Value Added RAS Client Internet Internet CPE WINNING FACTORS • Features Integration, IPSec, SSL VPN Antivirus, Web Filtering • Self Service Management Portal COMPETITION • Cisco • Juniper 9

  10. 3G High-Performance VAS Internet 3G Network COMPETITION • Cisco • Juniper WINNING FACTORS • Features Integration, Fast Antivirus services • Self Service Management Portal • 10Gb real throughput 10

  11. Management Interfaces in the Cloud Network Provisioning Billing XML API / GUI Device Group CUSTOMERS MGMT JSON API Self ServicePortal XML API Device Group LOG / ARCHIVE QUARANTINE GUI CLI / SNMP / GUI Troubleshooting Monitoring NOC / SOC 11

  12. FortiManager Portal User Portal Customization Development Toolkit Provides a full set of customization options Function, content, and branding Secondary database interfaces Consumer Portal Simplified option set Uses Development Toolkit Targets consumer opportunities Linked with Dynamic Profile Featureon FortiOS Carrier

  13. Virtualized Management Multiple Administrative Domains • Administrative Domain (ADOM) • Per Customer / Device Group Policy Management • Per Customer / Device Report Generation • Supports VDOM groups and physical device groupsin any combination Admin 1 Device Group 1 Admin 2 Device Group 2 Customer 1 Customer 2

  14. Dynamic Security Profiles

  15. Applies to two key target service provider markets Managed Security and Mobile Allows user “Self-Service” automation RADIUS Accounting Record attributes used to create a context for a source IP address Context can associate IP address with any other RADIUS attribute Username, MSISDN, Service Name Protection Profile also extracted from the RADIUS record Assumes an authentication event has occurred within the Carriers network Typical in both fixed (DSL) and mobile environments Dynamic Security Profiles PORTALSERVER RADIUSSERVER Radius Accounting Message Portal Provisioning Dynamic Policy Created DYNAMIC SECURITY PROFILES

  16. Dynamic Security ProfilesIn Home Parental Control* DSL DSL • Provides an authenticated bypass of the Service Restrictions • Within a domestic environment • Both end-points (users) are behind the same NAT boundary • Clientless solution to differentiate access – no software to ‘hack’ • Parental control is maintained Home user 2 (Child) NAT Home user 1(Adult) DYNAMIC SECURITY PROFILES www.badsite.com *FortiOS Carrier 4.1

  17. Per end-point Black / White List End points (users, MSISDN) can have their own black white list No requirement for end user to access FortiGate infrastructure Can be populated on Self Service Portal Dynamically configured on FortiGate as end points attach RADIUS VSA Extension, no fixed limit for URLs Dynamic Security ProfilesEnd-Point customisation DSL+3G RADIUS Self ServicePortal DYNAMIC SECURITY PROFILES www.badsite.com *FortiOS Carrier 4.2

  18. Infrastructure protection

  19. FortiOS Carrier 4.0 Highlights Dynamic Profiles Per user services via a RADIUS API Protection Profile derived from RADIUS record Session Initiation Protocol (SIP) Security Stateful SIP tracking, Malicious SIP message protection , SIP Rate Limitation SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing Geographical Redundancy, SIP Stateful High-Availability Multimedia Message Service (MMS) Security Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering) Sender and Admin notification GPRS Tunneling Protocol (GTP) Firewall 3GPP 29.060 version 6.9.0, including Overbilling Protection Protocol Anomaly Checks, IMSI/APN/IE filtering

  20. FortiCarrier SIP Security VOICE SECURITY NGN Network Topology • Call Control • Routing • Features • Billing Softswitch SIP Application Server (AS) Session Border controller • Hosted NAT Traversal • Call Admission • Interoperability • Interworking (IWF) • Media Pinholing and Policing Signalling Control (SIP) Media Control (RTP) SIP Firewall • SIP aware Firewall • Denial of Service prevention • Message Filtering • Message rate limiting • IPS detection and prevention Optional RTP bypass RTP SIP SIP RTP All Traffic – Access and Peering • 20

  21. Mobile Security FortiCarrier also provides: MMS Antivirus MM1/3/4/7 Monitor mode Intercept, Archive, Quarantine, Block Actions Sender Notification and alerting MMS Antispam MM1/4 Duplicate Message, Sender Flooding Admin Notification CONTENTPROVIDER INTERNET MM3 MM7 MMSC MM4 MM1 OTHEROPERATOR MOBILE SECURITY

  22. Cloud / Endpoint Managed Services

  23. Global Service Offerings FortiGuard™ Global Research Team provides original security intelligence via FortiGuard subscriptions Antivirus Intrusion Prevention Web Filtering Antispam FortiCare™ Support services provides technical assistance anywhere, anytime Multiple service levels to meet customer requirements

  24. FortiMail – Email Security Role Based Administrative Domain Management Thousands of domains LDAP Profiling Outsourced policy management / service enablement Inbound and Outbound Antivirus and Antispam Centralised Quarantine Multiple Operating Modes Server, Gateway/Relay and Transparent Unlimited License Model Not per mail box or domain Integrated with FortiManager and FortiAnalyzer Chassis Blade and Appliance Form Factor 24

  25. FortiClientDesktop Access to FortiGuard Services Antivirus & Antispyware Protection Personal Firewall Content Filtering Windows Registry Monitor IPSec VPN Client Private Label Branding Microsoft MSI installer for rapid deployment to many clients Client lockout to prevent unauthorized configuration License Control

  26. FortiMobile Security Client Software Symbian Series 60 2nd Edition: v7.0s, V8.0a, v8.1a 3rd Edition: v9.1, v9.2, v9.3 Windows Mobile 2003 SE: Pocket PC, PPC Phone 5.x: Pocket PC, PPC Phone, Smartphone* 6.x: Professional, Standard, Classic Capabilities include Personal Firewall VPN (IPSec, SSL) Incoming Call Filter SMS Antispam Antivirus Phone Security (Contact / SMS / Call Log / Data Encryption) Multi-Language Support Smartphone support to be added in 4.3

  27. Questions?

More Related