Fortinet Unwraps New, Integrated Security Platform

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

FortiOS 4.0 provides more tightly integrated security functionality and intelligence, and gives solution providers and users more options for inspecting and controlling network security. Fortinet believes the new platform gives it a competitive advantage over Juniper and Check Point.

Fortinet is seeking to expand its footprint in the enterprise and managed services market and capitalize on the IT consolidation trend with the release of its latest operating system, FortiOS 4.0, its security software platform that integrates multiple risk management functions into purpose-built appliances.

Announced today, FortiOS 4.0 incorporates several tightly integrated security technologies, including data loss prevention, SSL decryption and traffic inspection, WAN optimization and application-layer policy controls, with conventional security solutions, such as stateful-packet inspection firewalls and anti-virus. Capacity, performance and speed is a matter of the appliance—smaller boxes for small offices and larger boxes for enterprise and data centers.

Fortinet says its basic architecture philosophy of providing all of its security technologies in a signal package and the desires of end users to consolidate the number of devices in use will give its solution provider partners an opportunity to optimize their customers’ security infrastructures. Today, layers of security protection are often disaggregated into separate security devices and software packages, which add layers of complexity through disparate management systems.

"Customers should be able to access all of the technology without having to buy different technology," says Anthony James, vice president of products at Fortinet. "We just can’t keep asking them to buy new and more technology."

What’s different in FortiOS 4.0 is a tighter integration of different security functions, which gives users a greater degree of control over security management and policy enforcement. For instance, conventional SSL inspection is done independent of other security functions, such as DLP or intrusion prevention. In FortiOS, inspection data collected by the SSL engine is shared with other security functions to provide holistic intelligence and policy enforcement.

Web 2.0 tools, peer-to-peer file sharing and social networking are posing even greater threats to businesses, and firewalls are increasingly inept at blocking traffic that’s simply passing over public ports such as Port 80 (HTTP). FortiOS gets more granular with application policy enforcement, identifying applications by their characteristics rather than port assignments. Fortinet says this gives users a better tool for control over what their users are allowed to access from their work PCs and networks.

Fortinet has enhanced its DLP functions by incorporating sensors for detecting user-defined information leaks by rule sets and profiled policies. The DLP system can automatically quarantine users from access to prevent them from distributing classified materials. Information collected by the DLP module is shared across the security functions for aggregated policy enforcement, and the reporting mechanism is designed to give administrators greater insight into how users are trying to access, use and distribute data.

FortiOS 4.0 includes new identity-based policies, giving organizations the ability to assign access and rights to users based on individual identities, groups or roles; and an endpoint compliance module that checks connecting devices for policy compliance.

Since FortiOS is designed to operate on Fortinet’s purpose-built security appliance, Fortinet believes the new release with its integrated functionality and consolidated management will be attractive options to enterprise customers and managed service providers looking to enhance or replace disparate legacy equipment in their data centers.

"This release makes it easy for our partners to go to market, since this doesn’t require upgrades or add-on equipment," says Kendra Krause, vice president of channel sales operations. "FortiOS extends the scope of consolidation with Fortinet. For the customer, having more appliances just doesn’t make sense."

Fortinet believes the new platform will give it and its partners a competitive advantage over offerings by Juniper Networks, Check Point Software Technologies and Cisco Systems in the enterprise market; and SonicWall and WatchGuard Technologies in the SMB market.

Check Point recently announced its new software blades architecture, in which users can apply different security software and management modules to their appliances to meet specific protection needs. Check Point said the new architecture gives partners and users more flexibility in designing integrated, scalable security systems.

Juniper is expected to announce changes to its security product line next week.

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.