Fortinet is seeking to expand its footprint in the enterprise and
managed services market and capitalize on the IT consolidation trend
with the release of its latest operating system, FortiOS 4.0, its
security software platform that integrates multiple risk management
functions into purpose-built appliances.
Announced today, FortiOS 4.0 incorporates several tightly integrated
security technologies, including data loss prevention, SSL decryption
and traffic inspection, WAN optimization and application-layer policy
controls, with conventional security solutions, such as stateful-packet
inspection firewalls and anti-virus. Capacity, performance and speed is
a matter of the appliance—smaller boxes for small offices and larger
boxes for enterprise and data centers.
Fortinet says its basic architecture philosophy of providing all of
its security technologies in a signal package and the desires of end
users to consolidate the number of devices in use will give its
solution provider partners an opportunity to optimize their customers’
security infrastructures. Today, layers of security protection are
often disaggregated into separate security devices and software
packages, which add layers of complexity through disparate management
systems.
“Customers should be able to access all of the technology without
having to buy different technology,” says Anthony James, vice president
of products at Fortinet. “We just can’t keep asking them to buy new and
more technology.”
What’s different in FortiOS 4.0 is a tighter integration of
different security functions, which gives users a greater degree of
control over security management and policy enforcement. For instance,
conventional SSL inspection is done independent of other security
functions, such as DLP or intrusion prevention. In FortiOS, inspection
data collected by the SSL engine is shared with other security
functions to provide holistic intelligence and policy enforcement.
Web 2.0 tools, peer-to-peer file sharing and social networking are
posing even greater threats to businesses, and firewalls are
increasingly inept at blocking traffic that’s simply passing over
public ports such as Port 80 (HTTP). FortiOS gets more granular with
application policy enforcement, identifying applications by their
characteristics rather than port assignments. Fortinet says this gives
users a better tool for control over what their users are allowed to
access from their work PCs and networks.
Fortinet has enhanced its DLP functions by incorporating sensors for
detecting user-defined information leaks by rule sets and profiled
policies. The DLP system can automatically quarantine users from access
to prevent them from distributing classified materials. Information
collected by the DLP module is shared across the security functions for
aggregated policy enforcement, and the reporting mechanism is designed
to give administrators greater insight into how users are trying to
access, use and distribute data.
FortiOS 4.0 includes new identity-based policies, giving
organizations the ability to assign access and rights to users based on
individual identities, groups or roles; and an endpoint compliance
module that checks connecting devices for policy compliance.
Since FortiOS is designed to operate on Fortinet’s purpose-built
security appliance, Fortinet believes the new release with its
integrated functionality and consolidated management will be attractive
options to enterprise customers and managed service providers looking
to enhance or replace disparate legacy equipment in their data centers.
“This release makes it easy for our partners to go to market, since
this doesn’t require upgrades or add-on equipment,” says Kendra Krause,
vice president of channel sales operations. “FortiOS extends the scope
of consolidation with Fortinet. For the customer, having more
appliances just doesn’t make sense.”
Fortinet believes the new platform will give it and its partners a
competitive advantage over offerings by Juniper Networks, Check Point
Software Technologies and Cisco Systems in the enterprise market; and
SonicWall and WatchGuard Technologies in the SMB market.
Check Point recently announced its new software blades architecture,
in which users can apply different security software and management
modules to their appliances to meet specific protection needs. Check
Point said the new architecture gives partners and users more
flexibility in designing integrated, scalable security systems.
Juniper is expected to announce changes to its security product line next week.
