Challenge: Securing the Application Journey

Applications can live anywhere from the data

center to multi-cloud to edge compute.
Organizations are still dealing with aftermath of
forced acceleration to cloud – amplified security
risks, operational complexity, misconfigurations,
and loss of visibility.
Edge compute emerging to bring applications
and data closer to users / devices
Misconfiguration of cloud security, insecure
interfaces/APIs, exfiltration of sensitive data, and
unauthorized access continue to be top cloud
threats
Organizational preferences, processes, and/or
technical requirements result in too many tools,
solutions, and platforms

Go Back End © Fortinet Inc. All Rights Reserved. 1

The Industry Agrees…

Hybrid / Multi-clouds Data Center Cloud Challenges

76% of organizations are using two or more clouds “The number of data center and edge sites will Lack of visibility (49%), not enough control
for integration of multiple services, scalability or increase to 3.5 million by 2024.” (42%), and lack of staff resources or expertise
business continuity reasons. (40%) remain to be top challenges for
organizations
2022 Cloud Security Report Gartner, Forecast Analysis: Data Center Sites, Worldwide
Cybersecurity Insiders published 13 April 2022
2022 Cloud Security Report
Cybersecurity Insiders

Cloud Threats Cybersecurity Mesh Edge Computing

“Misconfiguration of cloud security remains the “78% of cybersecurity professionals want a single “By 2026, adoption of edge computing
biggest cloud security risk according to 62% of cloud security platform for consistent security applications for new use cases will represent
cybersecurity professionals…followed by policy across all cloud environments.” more than 50% of the infrastructure opportunity,
exfiltration of sensitive data (51%), unauthorized up from 15% in 2021.”
access (50%), and insecure interfaces/APIs 2022 Cloud Security Report
(52%). “ Cybersecurity Insiders Gartner, Emerging Tech Impact Radar: Edge Computing
published 30, September 2022
2022 Cloud Security Report
Cybersecurity Insiders

Go Back End © Fortinet Inc. All Rights Reserved. 2

 Web Applications as the Top Vector for Attackers

Vulnerabilities

69% 42%
Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfigurations
Vulnerable and Outdated Components Web applications are the Web applications are the
Identification and Authentication Failures top Action vector involved top Action vector involved
in incidents.* in breaches.*
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Service-Side Request Forgery (SSRF)
*Verizon Data Breach Investigations Report 2022
Other Vulnerabilities

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 3
Access Limited to Authorized Personnel
 Email’s use as a primary threat vector…

Email Phishing Phishing BEC Ransomware

#1 41% +65% 25%

Phishing is the leading cause of Percent of BEC’s involving Percent increase in Business Email Percent of breaches involved
financial fraud that hit organizations phishing, up from 36% YoY. Compromise (BEC) attacks and ransomware, YoY increase matches
in 2022. $43b in losses worldwide (2016- the past five years combined.
2021).

*FBI IC3 Report 2022 *2022 Verizon Data Breach Report *FBI IC3 Report 2022 *2022 Verizon Data Breach Report

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 4
Access Limited to Authorized Personnel
 Cyber Threat Assessment Program: MS365 Stats

Microsoft Showing Malicious Unknown

365 Malware Attachments Malware

78% 76% 71% 23%

Organizations are using Microsoft Average of organizations on Assessments contained Malicious attachments
365 MS365 malicious attachments containing unknown malware
showing malware*

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 5
Access Limited to Authorized Personnel
Fabric Solution: Secure Application Journey

Consistent Security Everywhere

Gain consistent security and
centralized visibility and management,
Reduction in cost
Platforms everywhere applications live
1 Up to 50% Broad Use Case Coverage
Comprehensive, scalable, and flexible
solutions for securing application
journeys of today and tomorrow

Protected Web
Cloud-native Security
Applications Reduced friction across clouds and
>4200 simplified operations with cloud-native
integrations

Go Back End © Fortinet Inc. All Rights Reserved. 6

Fabric Solution: Secure Application Journey
Consistent, secured, and optimized experience to build, deploy, and run cloud applications across all
cloud and hybrid deployments.

Hybrid Security
Protect and connect networks across clouds,
data centers, hybrid clouds, and edge compute

Web Application & API Protection

Simplify securing applications and APIs with
AI/ML and automation

Cloud-native Protection
Reduce friction across cloud deployments with
security that integrates with and works natively
with cloud services

Workload Protection
Seamlessly protect critical workloads

FortiGuard Services
Real-time protection for applications and
workloads no matter where they live

Go Back End © Fortinet Inc. All Rights Reserved. 7

 Broader Security Fabric Integrations
FortiGate

File Scanning
FortiSandbox /
FortiSandbox Cloud
FortiDevSec FortiDAST
DAST
results/config

Web Vulnerabilities / HTTP Quarantined

custom rules Traffic IPs

File Scanning
Protected FortiClient /
Web Applications FortiClient EMS
ZTNA
FortiWeb Client Verification

FortiWeb Cloud
A FortiWeb can be configured Unified Threat Analytics Threat Analytics
to join a Security Fabric through dashboard

the root or downstream FortiGate. 3rd Party Scanners

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 8
Access Limited to Authorized Personnel
 Comprehensive protection

Detect Building
SECURE INBOUND EMAILS SECURE OUTBOUND EMAILS Operation Modes
Blocks

 Phishing/Spear/Whale Phishing  Responses to malicious emails

 Impersonation  Intentional data exfiltration
Malicious Content
Gateway Transparent
 Business Email Compromise  Data leak prevention
 Advanced/Targeted Attacks  Email encryption
API
Malicious Files
 Email-based Ransomware Threats  Man-in-the-middle attacks
Server O365 API
 Illicit/Adult Content
 Spam Malicious URLs

Deployment Types
Founded in 2002, FortiGuard Labs is Fortinet’s elite cybersecurity threat
intelligence and research organization. A pioneer and security industry
innovator, FortiGuard Labs develops and utilizes leading-edge machine learning
and AI technologies to provide customers with timely and consistently top-rated
protection and actionable threat intelligence. Appliance VM FortiMail Cloud

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 9
Access Limited to Authorized Personnel
 Title
Fortinet Security Purpose-built aligned to NIST-800-50 and NIST 800-16 Guidelines

Awareness
and Training High Quality
Engaging
Communication
Security Training & Reinforcement
Designed by Security
Experts Resources

Created by the Fortinet Training

Institute, the Fortinet Security
Awareness and Training Service helps
IT, Security and Compliance leaders Easy to Use
Active Monitoring
build a cyber-aware culture where Administration &
& Reporting
Management
employees recognize and avoid falling
victim to cyberattacks.
For compliance-sensitive organizations,
the service also helps leaders satisfy
regulatory or industry compliance Your FortiPhish
Integration with
training requirements. Partner Ready Brand Remediation
Here Training

This content is shared exclusively with the CTO Office and Product Management teams and is considered void if transferred to (or presented by) anyone outside of this group.
The contents are for individual use and should not be copied, transferred, uploaded or shared to anyone without written consent. © Fortinet Inc. All Rights Reserved.
CONFIDENTIAL 10
Access Limited to Authorized Personnel