Fortinet Unveils New FortiGate 1800F Appliance and NP7 Network Processor

Enabling High Performance and Dynamic Internal Segmentation in the Data Center

Digital innovation is proceeding at a breakneck pace. It is enabling organizations and individuals alike to have unprecedented access to data, rich streaming media, and business-critical applications. It is also enabling dynamic connectivity between individual devices, networks, branch offices, and multiple clouds – as well as the lightning-fast speed and massive scalability required by data centers. These massive data center architectures require ever-increasing bandwidth and throughput to support things like segmenting massively scalable services co-hosted on physical and virtualized infrastructure. 

It is not an overstatement to declare that these demands on today’s data centers are completely transforming today’s digital landscape. 

Flat Networks Efficiency – Is it Worth the Security Tradeoff?

Because of the rate at which applications, workflows, and transactions need to occur, and to accommodate the need for interoperability and communication between devices, many organizations are reverting to flat, open networks to accelerate transactions, applications, and workflows. And a growing number of these networks are being built around high-performance routing and switching infrastructure that don’t include security due to the performance limitations inherent of traditional security solutions. Instead, they are relying on VLANs and Layer 4 access lists to do the heavy lifting required to protect these environments.

From a security perspective, this can be disastrous. Breaching the network perimeter of a flat network allows hackers to establish a beachhead and then move laterally to gain access to credentials, resources, and data. And worse, the lack of an internal security infrastructure also significantly limits the organization’s visibility into traffic behaviors and data flows, which further hinders the ability to detect a breach. It’s the reason why the average mean time to identify a threat in today’s networks is 197 days, with another 69 days required to contain and eliminate it. And for small to medium-sized businesses that have fewer security resources available, the problem is even worse, with dwell times exceeding two years. 

To address these security challenges while maintaining an architectural design that offers flexibility and the need for accelerated interoperability between all IT resources, these flat networks require segmentation and automated workflows. This ensures that any device connecting to the network is identified and assigned to only those resources it requires to do its job, and that individual or groups of devices can securely communicate across an open infrastructure without exposure to risk through the implementation of automatically secured workflows that can keep pace with network and application performance demands.

Accelerating Security Performance in the Data Center

Because new environments, applications, and workflows have outpaced the performance abilities of traditional security solutions, organizations seeking to handle the unprecedented user consumption of online services while maintaining an excellent customer experience are left with two choices: either slow down their networks and make the user experience suffer, or sacrifice security to maintain performance. 

Both of those are terrible options.

The problem is that traditional security appliances built with off-the-shelf CPUs and hardware to process network and security traffic are now an infrastructure bottleneck. Simply put, yesterday’s security performance is no longer enough to secure and enable enterprises to operate at the pace of today’s business innovation. But you can’t achieve the performance and protections of tomorrow using yesterday’s technology.

Introducing the New Fortinet FortiGate 1800F Next-Generation Firewall (NGFW)

To address this challenge, Fortinet has engineered and released its groundbreaking 7th Generation Network Processor – NP7, and introduced the FortiGate 1800F NGFW appliance. The FortiGate 1800F will be the first of many FortiGate NGFWs that are powered by NP7. 

FortiGate 1800F enables a Security-driven Networking approach and is engineered to enable large enterprises to handle unprecedented levels of data and application demands. FortiGate 1800F series offer today’s largest organizations the ability to segment and launch services, manage internal and external risks, and preserve user experience. 

FortiGate 1800F is also an integral part of the Fortinet Security Fabric, and enables several of the highest Security Compute Ratings* to meet the industry’s extraordinary data center security demands. 

The newly released FortiGate 1800F, built around our new NP7 processor, provides advanced levels of security performance and scalability that no other solution on the market is able to match. Compared to the industry average, the FortiGate 1800F supports multiple 40G elephant flows**, provides a Security Compute Rating of 14X the firewall performance, 14X greater IPSec performance, 4X more concurrent connections, and a remarkable 20X increase in the inspection of SSL-encrypted traffic over comparable solutions.

Fortinet’s NP7 provides unmatched scale, performance, and acceleration capabilities for securing large enterprise data centers and related ultra-high-performance use cases. The speed and agility that NP7 offers provides significant performance increases for the massive capacity requirements these large enterprises face today.

According to John Maddison, EVP of Products and CMO at Fortinet, “The FortiGate 1800F powered by NP7 has a Security Compute Rating ranging from 3x to 20x faster than the comparable product from our competition. This allows our customers to deploy FortiGate 1800F as an internal segmentation firewall and effectively strengthen their security posture.”

This advancement is also fundamental to Fortinet’s Security-Driven Networking approach that not only inspects traffic – even encrypted traffic – in real time, but also provides full visibility of network flows through high-performance SSL inspection of encrypted traffic, including the industry’s latest TLS 1.3 standard for automated threat protection. 

All of this requires processing power that is simply unavailable using off-the-shelf CPUs and hardware, even if you implement tricks like chaining hardware components together or implement software shortcuts such as parallel processing to compensate for inherent hardware performance limitations. Instead, security tools require specialized hardware designed to support complex environments, so organizations don’t have to make a Sophie’s Choice between performance and protection.

FortiGate 1800F NGFW Use Cases and Benefits:

Fortinet’s FortiGate 1800F NGFW is engineered for large enterprises to quickly and securely drive digital innovation by offering capabilities to meet the huge capacity and performance demands of critical business operations such as:

Managing Internal Security Risks: Most firewalls simply cannot perform fast enough to enable internal segmentation. With multiple high speed 40G interfaces and the industry’s best threat protection performance with a Security Compute Rating of 3x, FortiGate 1800F enables enterprises to properly segment their network to manage internal security risks. Additionally, FortiGate 1800F intelligently adapts to segmented users, devices, and applications – regardless of their location, whether on-premise or in multiple clouds – providing automated threat detection and enforcement. 

Accelerating the Cloud On-Ramp: IPsec encryption must be high performing to enable and accelerate the cloud on-ramp for organizations adopting multiple clouds for IaaS and SaaS services. FortiGate 1800F offers the highest Security Compute Rating of 14x for IPsec encryption when benchmarked against competitors, enabling the required speed, scale, and availability organizations need when on-ramping to the cloud.

Removing Blind Spots: With as much as 60 percent of encrypted traffic containing malware, SSL inspection performance has become critical to properly secure the network. FortiGate 1800F offers the industry’s highest SSL inspection performance with a Security Compute Rating of 20x, as well as support for the industry’s latest TLS 1.3 standard, to eliminate network blind spots by enabling full visibility of clear-text and encrypted network flows.

Securing Services Across Hybrid Architectures: Traditional software-based security solutions have low performance and high latency, which increases time to service and provides a poor user experience. The FortiGate 1800F’s hardware-accelerated Virtual Extension LAN (VXLAN) feature enables massively scalable, adaptable internal segmentation and allows super-fast communication between enormously scaled services, such as compute, storage, and applications that are co-hosted on physical and virtual platforms. This allows organizations that leverage a highly scalable virtual services architecture to launch services and applications in the most agile fashion possible to increase productivity and revenue opportunities.

Enabling Secure Advanced Research: Organizations often transition their research to AI and ML simulations to allow for faster discovery of their objectives. For example, pharmaceuticals can measure the effectiveness of new drugs or develop drugs faster with reduced risks and potentially with lower costs. AI/ML simulations require the transfer of huge datasets (e.g. 10+ TB files), called an elephant flow, that today’s data centers struggle to securely transfer, bringing research and collaboration to a crawl. The performance capabilities of FortiGate 1800F allow research organizations to perform big data analysis and natural language processing at unprecedented speeds where a single elephant flow can reach up to 40Gbps. Just as important, with FortiGate 1800F NGFWs, these elephant flows are secured using high-performance encryption to ensure privacy and compliance.

Securing the New Age of Digital Innovation

The adoption of digital innovation has ushered in an era of significant and ongoing transformation within data centers. To remain competitive in this era of explosive demands for unprecedented scale, availability, and application delivery requirements, some of the largest enterprises in the world are developing architectures — hyperscale architectures — within their data centers that are capable of rapidly expanding to millions of physical and virtual instances in order to meet massive demand. 

With its unmatched scale, performance, acceleration, internal segmentation capabilities, and speed and agility, NP7-powered FortiGate 1800F NGFWs provide these large organizations with the ability to develop and segment services, manage internal and external risks, and preserve user experience. NP7 will also power future FortiGate appliances to enable agile, high-performance security for hyperscale data centers and other environments where hyperscale, hyperconnectivity, and hyperperformance are table stakes. 

*Security Compute Rating is the benchmark (performance multiplier) that compares Fortinet’s purpose-built ASIC-based FortiGate NGFW performance vs the industry average of competing products across various categories that fall within the same price band that utilize generic CPUs for networking and security capabilities. 

**An elephant flow is a single session that consumes a large amount of bandwidth.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Click here for more information about the new FortiGate 1800F and here for more information about the next-generation Fortinet NP7 processor. The combination offers unprecedented performance and FortiGate’s wide range of market-leading security solutions and service.

Sourced from Fortinet

Every Second Counts in Endpoint Protection: Why Real Time Matters

When dealing with wildfire – such as the raging fires that have devastated large parts of Australia, or the chronic fires that have been plaguing both Southern and Northern California the past several years – every second counts. 

Seasoned firefighters need to do much more than simply douse a fire with water. Essential firefighting resources need to be stockpiled in the areas of most risk and properly distributed. Firefighting teams need to coordinate information between weather experts and firefighters on the ground and in the air to predict the direction a fire will head and then cut it off with fire breaks and retardants. Extra efforts need to be made to protect valuable structures and critical infrastructure, and that can only happen of those landmarks are identified before a fire starts. And evacuation plans and escape routes need to be pre-designated and protected, with alternative routes in place, so victims can get clear of danger.

Of course, the best firefighting strategy always starts with prevention. Underbrush is cleared away, break lines are already in place, homes are mapped and separated from vulnerable areas by clear-cutting forests back from property lines. But in spite of the best preparations, high winds and dry tinder are simply always going to make some regions of the world more prone to wildfires.

From Wildfires to Endpoints – The Principles Remain the Same

The exact same principles apply to endpoint security. When a device is targeted with malware, especially ransomware, if you don’t react immediately the fight is over – and you will have lost. Consider that WannaCry takes a mere 3 seconds to encrypt a file. And NotPetya, the cyber weapon designed to spread automatically and rapidly, was the fastest moving attack to date. By the time its victims saw the warning on their screen, their data center was already gone. 

And worse, such an attack can quickly spread to other devices, and without an intervention plan in place, you will lose the chance to stop those threats from spreading like wildfire through your organization. 

Because of these and literally thousands of other high-profile endpoint attacks, everyone should already know that endpoints are just one of those places in the network loaded with dry tinder and high winds waiting for a spark to set it off. In fact, according to a report from IDC, 70% of all successful network breaches start on endpoint devices. The number of exploitable operating system and application vulnerabilities – most of them unpatched – simply make endpoints an irresistible target for cybercriminals. 

And while most CISO’s would agree that prevention is important, 100% effectiveness is simply not realistic. Not only is patching is intermittent, but all security updates trail behind threat outbreaks, zero day attacks can slip past security systems, and there will always be those few folks in your organization who won’t be able to resist clicking on that malicious email attachment. As a result, security teams need to operate under the assumption that their endpoints will eventually be compromised. And that’s why, in addition to prevention, real time detection and containment is critical. 

Lag Times in Detection and Response Keep Organizations at Risk

The first step is to understand the kinds of threats in play. From a timing standpoint, there are the wildfires, such as ransomware, that can ruin a system in seconds. And then there are the slow-burn threats designed to steal data slowly and over time. In spite of all the press that ransomware attacks get, most confirmed data breaches have a long dwell time. In fact, the average mean time to identify a threat is 197 days, and another 69 days to contain a breach

Unfortunately, this is the bench mark that first-generation Endpoint Detection and Response (EDR) tools were designed for. The assumption was that there was enough time to manually respond to a slow-burn threat. And, in fact, the endpoint security industry has made important progress on detection speed (mean time to detect or MTTD), reducing detection times from weeks to days or even hours. But that is hardly comforting for organizations staring a high-speed ransomware attack in the face. And even if an EDR tool is able to detect an attack in real time, what good is that if it then takes an hour or more to manually contain the threat? If the case of a ransomware attack, your data is already gone and you don’t need the EDR’s help with detection.

The Power of Fortinet’s Endpoint Detection and Response Solution

FortiEDR was designed with a single clear goal in mind – stopping attackers from achieving their goals, whether data exfiltration or sabotage, by stopping their attack. By understanding the nature of ransomware behavior and similar high-speed attacks, FortiEDR has the unique ability to defuse and disarm a threat in real time, even after an endpoint is already infected.

FortiEDR does this with its OS-centric code-tracing technology, enabling it to immediately detect suspicious processes and behaviors, including in-memory attacks. As soon as FortiEDR detects something suspicious, it doesn’t wait. It immediately moves to defuse a potential threat by blocking external communications to the command and control server (C&C) and denying access to the file system. These steps immediately prevent data exfiltration, lateral movement, and ransomware encryption, thereby protecting you from data loss. 

Addressing False Positives

Of course, if you’re paying attention you are probably wondering about false positives. If FortiEDR has to react in real time, what happens to legitimate application activities that raise a flag that results in suspension? This is why FortiEDR deploys a block without terminating the process or quarantining the endpoint. At least not yet.  

Blocking a potential threat enables a split-second thorough assessment of the event in question. The FortiEDR backend cloud service quickly gathers additional information to classify the event as a threat or a benign process. If benign, the block is released with no detectable end user impact. However, if the event is confirmed as malicious, FortiEDR can respond with an automated action, such as terminating processes, removing malicious or infected files, endpoint isolation, notifying users, and opening a Help Desk ticket. Which response FortiEDR uses is based on playbooks provided by Fortinet that your security team can customize. This allows them to tailor automated responses to the unique requirements of their environments as well as specify actions based on things like endpoint groups and threat categories.

Five Stages of FortiEDR Protection

To dig a little deeper into the process, FortiEDR protects endpoints in the following FIVE stages:

Discover and Predict – FortiEDR proactively discovers and mitigates the endpoint attack surface. It does this by providing visibility into rogue devices and applications, identifying vulnerabilities in systems or applications, and proactively mitigating risks with virtual patching. 

Prevent – Kernel-based next-generation AV provides automated prevention of file-based malware. When combined continuously updated cloud-based threat intelligence feeds and machine learning, FortiEDR will also become smarter over time to more effectively identify threats. 

Detect and Defuse – Using behavioral based detection, FortiEDR is the only solution that provides post-infection protection to stop breach and ransomware damage in real time. 

Respond and Remediate – Using its playbooks, security teams can orchestrate incident response operations, streamline and automate incident response and remediation processes, and keep affected machines online to prevent interrupting users and disrupting business without exposing the network to risk.

Investigate and Hunt – FortiEDR provides detailed information on threats to support forensics investigation. Its unique guided interface provides helpful guidance, best practices and suggests the next logical steps for security analysts. 

Elegant and Effective Protection of Devices and Productivity

FortiEDR provides a much more elegant and effective solution over traditional endpoint protection solutions, especially when compared to the draconian response of endpoint isolation. Any security team would hesitate to impose a blunt tool to automate a response process like endpoint isolation due to the impact in can have on a user or department – especially given the concern of false positive. They would quickly lose organizational support if they just turned computers into bricks every time they detected a suspicious event. 

But with the ability to simply defuse an event by cutting off communications and access to files, FortiEDR is able to effectively disarm the threat so it can no longer do any harm – it can’t touch your files and it can’t phone home – so your production systems on the manufacturing floor remain on-line, and your users can continue to stay productive. And by comprehensively securing endpoints in real time – both pre- and post-infection – FortiEDR also eliminates alert fatigue and breach anxiety, standardizes your incident response procedures, and optimizes your security operation resources with advanced automation.

The impact that FortiEDR can have on an organization is hard to overstate. One customer lauded that “enSilo (the former name of FortiEDR) is the first product in my 15-year career that makes me thing we have a chance”. 

Win the race against time! Watch the video to see how FortEDR protects against attacks in real time, and while you’re there, register for a test drive.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.  

Find out how Echoenergia and New Zealand Red Cross used Fortinet’s Security Fabric for end-to-end network protection.

Sourced from Fortinet

Defining Security-driven Networking

Secure and Accelerate the Network and User Experience

Digital transformation has changed networks so thoroughly and so rapidly that traditional security tools can no longer provide the consistent security that networks require. Fortinet’s Security-driven Networking is defining a new, third generation of security solutions and strategies designed to meet the security and networking demands of today’s highly dynamic and hybrid networks. 

Traditionally, security solutions could be easily deployed after a network was designed and deployed because all needed to do was secure fixed perimeters and monitor the predictable traffic and workflows moving between static network servers and devices. But the last decade has put increasing pressure on this model. 

The traditional network is being replaced by the acceleration of digital transformation, including the transition to virtualization and the cloud, the rapid adoption and integration of IoT, and the reliance on applications as a central pillar of modern business. And as Big Data, hyperscale architectures, SD-WAN, 5G, Edge networking, and smart systems such as cars, cities, and infrastructures become mainstream, networks will be forced to change even further.

Security-driven Networks are Designed for Today’s Digital Business

Fortinet’s Security-driven Networking strategy tightly integrates an organization’s network infrastructure and security architecture, enabling the network to scale and change without compromising security. This next generation approach is essential for effectively defending today’s highly dynamic environments – not only by providing consistent enforcement across today’s highly flexible perimeters, but by also weaving security deep into the network itself.

Fortinet’s Security-driven Network is the first security strategy designed to encompass the entire network development and deployment life cycle, ensuring that security functions as the central consideration for all business-driven infrastructure decisions. With security at the core, networks can evolve, expand, and adapt without concerns that an expanded attack surface or security gap could compromise the organization.

Security-driven Networking encompasses five critical network elements:

Planning and Design: A Security-driven Networking strategy starts in the planning stages, where everyone agrees that new infrastructures and applications and devices need to meet and support a central security strategy built around a Security Fabric. Want a new cloud infrastructure? It not only needs to be secure, it needs to be built using an integrated Security Platform to ensure it is part of the central Security Fabric. New application? The Security Fabric not only needs to be able to see and inspect it, but it should also be built using the same security tools used to protect the rest of the network. And when virtual devices need to spin up or out, or when connections between a branch office and business applications in the cloud need to roll over, the Security Fabric needs to literally be part of that process so security is never forced to try and keep up.

Access Control and Segmentation: When new devices are added to the network, FortiNAC ensures they are automatically identified and rules related to accessing network resources are applied. Fortinet’s Intent-Based Segmentation ensures they are automatically assigned to secured network segments that have been enhanced with authentication for increased control and flexibility. These network segments are then monitored by the Security Fabric to prevent unauthorized behaviors, inspect applications, and secure workflows. And because security and networking are tied together, changes to the network infrastructure automatically include changes to security.

Consistent Protection for Workflows and Applications: Data never stays in one place. It gets shared, cross-referenced, mined, and processed. Security-driven Networking protects data, applications, and workflows along their entire data path through the implementation of a single, integrated Security Fabric. This fabric relies on integrated security platforms deployed across the network to consistently secure that traffic even as it passes across and between different network segments, dynamic multi-cloud environments, data centers, and devices. 

The Expanding Perimeter: Todays new perimeter is not only expanding outward as organizations embrace new devices, new network platforms, and new compute and application models, but it is also expanding into the network through the adoption of connected IoT devices, the extension of the network across multiple network environments, and the interconnection of networks to support smart systems. Security-driven Networks, powered by a uniform fabric of connected platforms deployed in every possible environment, provide consistent visibility across the entire perimeter as it adapts and changes.

Branch Offices and Secure SD-WAN: The best example of the implementation of Security-driven Networking is currently realized in Fortinet’s Secure SD-WAN solution. Traditional MPLS connections limit application performance and dynamic communications. Fortinet’s Security-driven Networking approach combines the built-in protections of a FortiGuard NGFW appliance with advanced SD-WAN networking capabilities to eliminate MPLS-required traffic backhauling, prioritize business-critical applications, and improve overall user experience without ever compromising on security. 

By integrating security and networking in this way, hundreds of SD-WAN deployments can be controlled through a single management interface to ensure that networking and security services are always in sync. And by integrating Secure SD-WAN into the wired and wireless access points of the branch office, network security and network controls can be easily extended into the branch LAN to enable deeper integration, stronger authentication, dynamic access control and network segmentation, and consistent security enforcement.

Next Generation Networks Require a New Generation of Security

Security-driven Networking is an essential strategy for securing today’s dynamic and evolving digital infrastructures. Security platforms integrated into a unified Security Fabric enable organizations to embrace digital innovation and expand their digital footprint without exposing critical resources to new risks compounded by the loss of visibility and control – expanding and adapting in tune with the network while traditional security solutions fail to provide the flexible protections and controls today’s digital businesses require.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Sourced from Fortinet

Protecting Today’s Networks with Dynamic Cloud Security

In today’s networks, organizations have to figure out how to secure data that is regularly moved back and forth between private and public clouds. Complicating things further, a growing number of cloud compute infrastructures also rely on hyperscale to manage and process often massive amounts of data. Not only do workflows and applications need to securely travel across and between different clouds, data centers and devices to accomplish their tasks, but security also needs to scale to secure the north-south, as well as east-west traffic. 

While these environments enable businesses to compete more effectively in today’s global digital marketplace, they also increase business risks by expanding the potential attack surface. New business applications that rely on these cloud-based environments and resources are one example of this new risk if not secured properly. According to Gartner, by 2021, 90% of all web-enabled applications will have more surface area for attack due to exposed APIs, rather than just the user interface – up from just 40% in 2019. And the lack of professionals skilled in both cloud and security strategies and technologies reintroduces a risk to the network that seasoned security professionals have managed to overcome in traditional networks. 

Of course, the growing security skills gap compounds the challenge of implementing an effective cloud security strategy even further, affecting organizations across all regions. But this skills gap is most acutely felt in specialized areas such as security data analysis, securing and managing multi-cloud infrastructures, and within DevOps teams tasked with developing business-critical applications. Additionally, new initiatives such as migrating or extending data and other resources from public clouds back to private clouds, rolling out new cloud-based applications, and implementing SaaS solutions, such as Salesforce, Office 365, or unified communications, makes developing a consistent and easy-to-manage cloud security strategy increasingly important.

Dynamic Cloud Security Addresses Network and Application Challenges

Fortinet has addressed these challenges with its unique Dynamic Cloud Security strategy that brings together network and application security solutions into a unified system – combined with visibility and control designed to span the entire multi-cloud infrastructure. It begins with Fortinet’s market-leading security platform – the Fortinet Security Fabric – that offers a full range of essential security tools built on a common operating system to deliver broad and integrated security, as well as unified management. 

Fortinet’s security platform is available in a variety of virtual form factors, including versions designed to run as cloud native and containerized solutions, to ensure the broadest possible deployment. These different platform configurations leverage Fortinet’s cloud connector technologies to enable them to be tightly integrated together into a unified Security Fabric platform that can consistently protect the entire dynamic cloud network with uniform policy enforcement, centralized event correlation and management, and coordinated threat response. 

Tying this all together is Fortinet’s unique single-pane-of-glass management that can see every deployment to streamline operations, use unified workflows to ensure consistent policy enforcement, standardize configurations to guarantee uniform compliance, and maintain deep visibility to detect and respond to threats with a single, coordinated strategy. 

Fortinet’s Dynamic Cloud Security is Built on a Unified Security Fabric

By building and deploying an integrated Security Fabric designed to protect dynamic cloud environments – private, public, multi-cloud and hybrid – organizations are able to unlock business agility without exposing themselves to the additional risks that come from expanding their potential attack surface. 

A unified Security Fabric not only protects data and connected resources from multiple threat vectors, it also provides a consistent operational model across clouds and locations to simplify management and reduce planning, design, deployment, and optimization overhead. This value is extended further through the use of APIs and common standards that enable third-party solutions to integrate with the security platform and extended Security Fabric.

Fortinet’s Dynamic Cloud Security strategy provides critical key differentiators every organization needs to seriously consider. From a network security perspective, the Security Fabric provides the most scalable multi-cloud solution in the industry – scaling things like VPN, NGFW, IPS, and application control both up and out – to support and secure today’s dynamic cloud environments. And physical and virtual device management combined with dynamic network segmentation and microsegmentation establishes and ensures ongoing network control. Application security is similarly comprehensive with form factor flexibility (Docker for CI/CD, SaaS, etc.), machine learning for simplicity and accuracy, and extensive web application and API protections (WAAP).

These cloud-based deployments are then integrated into a single, unified security strategy using Fortinet’s cloud and cross-organization connectors to weave security into an integrated fabric that includes tiered visibility and management for managed services environments. Multi-cloud dashboards also provide a consistent view across your extended deployment, combined with granular visibility into each unique cloud. And integration with FortiGuard Labs ensures advanced threat protection for a rapidly evolving threat landscape, while Security Fabric intelligence can be seamlessly integrated into a SOC environment to ensure the broadest possible controls. 

Dynamic Cloud Security for Any Cloud Strategy

Fortinet’s Dynamic Cloud Security strategy enables organizations to develop dynamic cloud-based business infrastructures without ever compromising the protection of users, data and connected resources. The result is a complete solution for even the most dynamic cloud environments, with visibility and control delivered across the extended dynamic cloud environments – private, public, and hybrid.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Read these customer case studies to see how Cuebiq and Steelcase implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud.

Sourced from Fortinet

Fortinet Redefines the Open Security Platform

Fortinet uniquely delivers an effective security platform – the Fortinet Security Fabric – built around three critical principles: 

Broad – Visibility and protection need to extend across the entire digital attack surface. With data and workloads crossing between a variety of device form factors and network ecosystems, platforms need to provide a holistic view into devices, traffic, applications and events, while also stopping threats.

Integrated – The integration of tools and systems using open standards, common operating systems and unified management platforms enables the sharing and correlation of real-time threat intelligence. This common framework also supports the coordinated detection of advanced threats through sophisticated, centralized analytics that are difficult or impossible to achieve using traditionally isolated security deployments.

Automated – Like today’s digital business, cyber crime happens at digital speeds. The time between a network breach and the compromise of data or systems will soon be measured in microseconds. Security systems need to automatically provide continuous assessment and then provide an immediate, coordinated response of detected threats.

Effective security platforms also need to be open. That means they are built using an open architecture and industry standards, and provide Application Programming Interfaces (APIs) to ensure that third-party solutions that weren’t natively installed on the platform can still be easily incorporated into a unified platform. This ensures that no security tool ever functions in isolation, but as part of an integrated security framework by sharing threat intelligence and participating in coordinated responses to detected threats.

Fortinet’s Open Fabric Ecosystem Spurs Digital Innovations

Fortinet is deeply committed to the idea of an open security environment. The Fortinet Fabric-Ready Alliance Partner Program brings together a community of technology alliance partners to enable comprehensive solutions. It provides alliance partners with resources and tools, enabling them to integrate with the Fortinet Security Fabric and be part of the Fortinet Open Fabric Ecosystem. Fortinet’s Open Fabric Ecosystem just passed the threshold of more than 355 technology integrations, making it one of the most extensive cybersecurity ecosystems in the industry.

Fabric-Ready technology alliance solutions provide customers with more effective security, and are pre-integrated, saving customers time and resources in deployment, operations and support.  

By removing complexity and unifying fragmented solutions, the Fortinet Open Fabric Ecosystem spurs digital innovations faster and more securely.  Fortinet’s Open Fabric Ecosystem approach extends the Security Fabric to technology partners through Fabric ConnectorsFabric APIs and DevOps tools:

Fabric Connectors: Fortinet Fabric Connectors are Fortinet-developed deep integrations with technology partners to automate security operations and policies. This also enables Fortinet to interconnect with a customer’s multi-vendor ecosystem to synchronize security with operational changes, automate security tasks, and supports DevOps processes – all while ensuring protection of the entire attack surface, from Internet of Things (IoT) devices to the cloud.

Fabric APIs: Fortinet’s technology alliance partners can use Fabric APIs to develop integration with the Fortinet Security Fabric to actively collect and share threat and mitigation information. This improves threat intelligence, enhances overall threat awareness, and broadens end-to-end threat response. These APIs also enable automated operations through the sharing of local and global threat intelligence across security components, allowing them to orchestrate a coordinated, rapid threat response to cyber threats.

Fabric DevOps: Providing community-driven automation scripts on open source platforms enables automated network and security provisioning, configuration, and orchestration. DevOps tools and scripts developed by Fortinet, technology partners and customers leverage the Security Fabric and provide full automation of Fortinet security provisioning and configuration management. DevOps tools and scripts enable community-driven security innovation and accelerate time to deployment. They are published on the Fortinet Developer NetworkGitHub, and other online repositories.

Open Platforms are Essential for Securing Digital Business

As the number of connected devices and the implementation of new edges grows, the attack surface is expanding, making it challenging for organizations to protect and manage their network. And far too many organizations are trying to secure these digital transformation efforts with security solutions that don’t communicate with each other, fragmented management tools, and have low visibility of workflows and policies.

In such an environment, the value of an open security platform cannot be overstated. Security tools that cannot see each other or work together to identify and mitigate threats can actually reduce visibility and control, enabling threats to slip through the confusion. And as networks continue to expand and transform to keep up with the demands of today’s digital economy – and exponentially expand their potential attack surface in the process – organizations need more visibility, not less, combined with the ability to automatically deliver a rapid, coordinated response to threats, anywhere and everywhere they occur.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.

Find out how Echoenergia and New Zealand Red Cross used Fortinet’s Security Fabric for protection from the network edge to core.

Sourced from Fortinet

Hyperscale Security Enables “The Art of What’s Possible”

Hyperscale security is actually possible.

Of course, that’s probably not been your experience. You are probably imagining having to duct tape together a stack of firewall appliances and run them as an expensive and complex Frankenstein cluster to achieve hyperscale security. That’s no longer true.

In fact, it’s just the opposite. Instead, you need to consider the power of a single chip. Fortinet recently launched the NP7 (Network Processor 7) – the industry’s most powerful Application-Specific Integrated Circuit (ASIC). The NP7 is part of Fortinet’s Security Processor Units (SPUs), and is the latest example of Fortinet’s long history and commitment to building purpose-built ASICs to accelerate network and security at very high-performance levels.

The NP7 is Fortinet’s 7th generation ASIC, designed to accelerate essential network functions such as IPv4, IPv6, Unicast, Multicast, Anycast, and IPsec decryption, to name a few. Fortinet’s new NP7 provides all the functionality and performance of the NP6, but it does so at exponentially higher speed, scale, and performance. For example, the NP7 can now support elephant flows, which are single sessions that consume a large amount of bandwidth. 

Of course, the NP6 also supports multiple 10Gbps bidirectional elephant flows. And, depending on your environment, it may be able to provide this at a performance level you need to transfer your large files over a single session. But for those organizations that need astronomically more performance – as many hyperscale architectures now require – the NP7 chip is the answer. Fortinet NP7 is the first purpose-built security ASIC to take performance to a previously unimagined level, supporting up to 100Gbps of data flows – an exponentially greater performance level than then NP6!

What’s more, a single NP7 chip supports 2 million connections per second session setup speeds for firewall and NAT sessions. 

This means that FortiGate NGFWs powered by the NP7 processor, such as the new FortiGate 1800F, are not constrained by the slow processing power of off-the-shelf hardware that other industry Next-Generation Firewalls (NGFWs) employ. For example, decrypting and inspecting IPSec-encrypted traffic takes such a toll on traditional CPU-designed NGFWs that most security vendors won’t even publish their performance numbers. But a single NP7 can perform this same function at 75Gbps – something no other vendor can come close to providing.

Which makes it ideal for today’s extreme scenarios – such as massively scaled services, such as compute, storage, and applications, co-hosted on physical and virtualized platforms that not only need to be protected, but also segmented for better control. The NP7 is able to accelerate VXLAN termination/re-origination to enable massively scalable and highly adaptable internal segmentation, while securely enabling super-fast communication among all segments. And if that wasn’t enough, the NP7 can also perform hardware-based logging and DDoS protection from volumetric attacks. 

Hyperscale Data Centers Require Hyperscale Security

Which brings us back to the challenge of hyperscale data centers requiring hyperscale security. Because delivering this level of performance is simply beyond the ability of even the most expensive data center-focused NGFW appliances, a growing number of organizations feel pressured by business demands to forgo security safeguards, and instead rely on the likes of routers and switches to front end their networking infrastructure protection.

Many of today’s extreme data centers rely on routers and switches because they fear that putting one of the currently available security devices – such as an NGFW – at the edge of the network will create a choke point for all of their hyperscale traffic entering and exiting the data center. This will bring their business to a crawl – translating directly to a loss in both competitiveness and revenue. As a result, they are rolling the dice that letting all traffic in and out of their network through routers and switches armed with nothing more than ACLs, rather than deploying performance-hogging Next-Generation Firewall security inspection, will enable them to meet their high-performance demands. They then just hope that security workarounds deep inside their networks will be sufficient to protect themselves from attack.

But the reality is, organizations are regularly attacked right at edge of their network, and the consequences are often serious. Such attacks can severely damage their brand and reputation, force the loss of revenue, and even completely shut down their business due to extended downtime.

FortiGate 1800F NGFW Accelerates Advanced Research

As part of the company’s new FortiGate Series, the FortiGate 1800F is designed to meet unprecedented business demands by providing massive capacity and astronomical performance across a variety of use cases. These advanced capacities are essential for supporting elephant flows.

Imagine you are a multi-national pharmaceutical company who participates in Pharmacovigilance – the practice of studying and managing drugs after they have been licensed for use, especially to identify and evaluate previously unreported adverse reactions. As part of this practice, you have to transfer extremely large data sets across geographically dispersed sites to leverage AI/ML simulations. This not only enables your business to detect potentially adverse reactions, but also helps ensure that the discovery of new medicines is faster, and with lowered costs and reduced risk to human life. These very large data sets are an example of an elephant flows.

Similarly, the oil and gas industry require high-throughput connections to share massive amounts of exploration information (datasets) across different sites. These data sets are used for AI and ML analytics and 3D modeling to accelerate the discovery of resources directly tied to business outcome, such as adding more capacity to serve a larger market than they are currently able to do. And larger markets mean larger market share, which potentially means more revenue.

These are just two examples of the increasing reliance on massive data sets used by organizations to perform tasks that were previously prohibitively time-intensive or expensive. Advances in aeronautics, space exploration, oceanography, climate change monitoring, and bioengineering all rely on data sets that are not only immense, but that also need to be protected against attacks and the theft of highly valuable intellectual property.

Powered by NP7, the FortiGate 1800F series NGFW provides a solution to this problem by providing multiple, very high-speed ports that are capable of handling parallel 40Gbps Elephant flows. This support for multiple, parallel 40 Gbps flows per chip can dramatically increase the rate of data transfer, providing up to 195 Gbps of throughput between research centers. With the NP7-powered FortiGate 1800F, massive multiple datasets can be transferred very quickly at very high speeds and still be fully secured with high performance IPsec encryption.

NP7-powered FortiGates also enable the implementation of Layer 4 access security policy (who or what is allowed versus not allowed) and provide hardware-based DDoS protection from volumetric attacks. 

The NP7’s performance and hyperscale security advancements also deliver significant business and productivity impact, as researchers no longer need to wait for network flows to complete or schedule them during off hours. This ultimately equates to increased capacity, faster time to market, and increased profitability. NP7-powered FortiGate appliances support very high-performance security to enable “the art of what’s possible.”

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Read more about the FortiGate 1800F Next-Generation Firewall, powered by our groundbreaking NP7, in our newsroom and on our blog.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Know “Who” and “What” With Zero-trust Network Access

Identify and Secure Users and Devices, On and Off Network

When security is focused primarily on the perimeter, those attackers, malware, and infected devices that manage to bypass edge security checkpoints often have free access to the flat network or network segment inside. They can take their time to establish a beachhead, escalate privileges, spread laterally across the network, and identify and exploit the data and resources they want to steal, hijack, or destroy. Perimeter-focused security, combined with flat and open network environments are the reason why the average mean time to identify a threat is 197 days, with another 69 days required to contain a breach, usually because it has spread so far and deep into the network.

The common issue is one of trust. When you automatically extend trust to any device or user in your network, you put your organization at risk when either becomes compromised, whether intentionally or unintentionally. Fortinet’s Zero-trust Network Access framework specifically addresses this challenge by shifting the fundamental paradigm open networks built around inherent trust, to a zero-trust framework through the adoption of rigorous network access controls. 

The core assumption is that every device on your network is potentially infected, and any user is capable of compromising critical resources. With that new paradigm in place, organizations need to know exactly who and what is on their network at any given moment. Next, they need to ensure that those users and devices are only provided with the minimum level of network rights necessary for them to do their job. And finally, any resources they need should only be accessed on a “need to know” basis, regardless of their location or function.

Fortinet’s unique Zero-trust Network Access framework leverages a tightly integrated collection of security solutions to enable organizations to identify and classify all users and devices seeking network access, assess their state of compliance with internal security policies, automatically assign them to zones of control, and then continuously monitoring them both on and off the network. Achieving this starts with three essential functions:

Knowing WHAT is on Your Network

The first objective of a Zero-trust Network Access strategy is to establish a running inventory of all devices on the network. FortiNAC accurately discovers and identifies every device on or seeking access to the network, scans it to ensure that it hasn’t already been compromised, and profiles it to establish its role and function – whether an end user’s phone or laptop, a network server, a printer, or a headless IoT device such as an HVAC controller or security badge reader. 

FortiNAC then uses dynamic network micro-segmentation to assign each device to an appropriate network zone based on a number of factors, including device type, function, and purpose within the network. It can also support Intent-Based Segmentation provided by a FortiGate NGFW platform to intelligently segment devices based on specific business objectives, such as compliance requirements like GDPR privacy laws or PCI-DSS transaction protection. With Intent-Based Segmentation in place, assets are tagged with compliance restrictions that are enforced regardless of their location in the network, helping to reduce the time and cost of compliance implementation.

And finally, FortiNAC provides continuous monitoring and response for these devices. Those devices that begin to behave abnormally can be quickly identified, allowing FortiNAC to take a variety of countermeasures, such as reassigning them to a quarantine zone so they cannot achieve their objectives or infect other devices. 

Knowing WHO is on Your Network

User identity is the other cornerstone of an effective Zero-trust Network Access strategy. The objective of Zero-trust Network Access is to determine who every user is and what role they play within an organization and then establishing a “least access policy” that only grants access to those resources necessary for their role or job, with access to additional resources only provided on a case-by-case basis. 

Tools like FortiToken, for two-factor authentication, and FortiAuthenticator for AAA services, access management, and single sign-on (SSO) are used to identify and apply appropriate access policies to users based on their role within the organization. They also support SAML implementations to exchange authentication and authorization data between parties, enabling users to securely access SaaS solutions such as Salesforce, ADP, or Office365.

User identity can be further authenticated through such things as user log-in, multi-factor input, or certificates, and then tied to role-based access control (RBAC) to match an authenticated user to specific access rights and services. 

Protecting Assets ON and OFF the Network

Monitoring assets that remain on the network is pretty straightforward. The challenge is that many of them are mobile, including BYOD devices owned by employees. They serve multiple purposes for their users, bridging their personal and business lives. They are used to browse the internet, interact on social media sites, and receive personal and business email when not logged into the network – which means they are often exposed to threats that can be dragged back into the network, exposing other devices and resources to risk.

According to one Ponemon Institute report, 63% of companies are unable to monitor off-network endpoints, and over half can’t determine the compliance status of endpoint devices. When you combine that with Gartner’s warning that 30% of breaches involve insiders (whether or not they are malicious), it is imperative that endpoint devices that have access to critical network resources are also protected when they are off-network.

Zero-trust Network Access addresses the challenge of off-network devices with client- and cloud-based solutions. FortiClient, including the Fabric Agent, combined with cloud-based FortiGuard Cloud, provides continuous endpoint protection to prevent device compromise whether on or off network. It also enables secure remote access to networked resources via VPN connectivity, scanning of traffic, URL filtering, sandboxing as well as sharing endpoint security status as part of the authentication and authorization process. This includes endpoint telemetry such as device OS and applications, known vulnerabilities, and patches, as well as security status to refine the access rules applied to the device. 

The Advantages of a Zero-trust Network Access Strategy

By transitioning to a zero-trust network access framework that identifies, segments, and continuously monitors all devices, organizations can replace their high-risk, flat networks to ensure that internal resources remain secured, and that data, applications, and intellectual property remain protected. This strategy not only reduces many of the risks an organization faces due to a perimeter-centric security strategy, but also magnifies visibility and control across the organization – including off-network devices – while simplifying overall network and security management.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.  

Find out how Echoenergia and New Zealand Red Cross used Fortinet’s Security Fabric for end-to-end network protection. 

Sourced from Fortinet

Enhancing Your Security Team with AI-Driven Security Operations

Automatically Prevent, Detect, and Respond to Cyber Threats

Managing security, regardless of the size of the organization, has always been a complicated task. This is usually the result of a number of factors, ranging from not having enough skilled people on the IT staff to analyze the data to simply having too much data to analyze. The result, however, is that threats get missed, or they get discovered too late to do anything about them but clean up the mess. 

The Challenge of Complexity

Complexity can be broken down into four key challenges:

Too Many Vendors: The first challenge is the result of vendor and solution sprawl. For decades, the answer to any new security problem was to stick yet another specialized security tool in the wiring closet. In one recent study, 14% of responding CISOs indicated that they had solutions from more than 20 different security vendors installed in their networks, and 3% indicated that they had more than 50.  Unfortunately, most of these products were never designed to communicate with each other, which means they also have no ability to create automated workflows or coordinate policy changes. And as networks become increasingly complex through things like digital transformation, and the number of vendors in place continues to increase, valuable threat intelligence is more likely than ever to get lost in the noise.

Too Many Alerts: A related problem is that each of these devices also generates alerts. In the same study cited above, 35% of organizations see between 10,000 and a staggering 500,000 alerts every day that need to be tracked down and confirmed. And since less than 1 in 4 investigated alerts turn out to be legitimate, it is an enormous tax on an already overburdened IT staff.

Manual and Slow Response: To make matters worse, 79% of respondents said that it was “somewhat or very challenging” to orchestrate alerts from multiple vendors, meaning that correlating alerts, log files, and other threat intelligence – often in completely different formats – has to be done by hand. As a result, threats are detected late and responses are often incomplete. It’s part of the reason why the average mean time to identify a threat is nearly 200 days, and requires another nearly 10 weeks to contain a breach.

Lack of Trained Personnel: Compounding these problems further is the ongoing cybersecurity skills gap. There simply aren’t enough people with the general security skills necessary to manage and maintain all of the point products in place, let alone the highly prized security analysts needed to identify, process, and orchestrate an effective response to complex threats.

Machine Learning AI-Driven Security Operations Eliminate Complexity and Reduce Overhead

Fortunately, this is where technology is able to step in. Machine Learning (ML) and Artificial Intelligence (AI) are being rapidly adopted by organizations to perform mundane tasks that bog down security teams, such as correlating log files or performing device patching and updating. But while offloading such tedious tasks from your security staff is beneficial, it is a lot like using a race car to plow a corn field.

Fortinet’s ML and AI-driven Security Operations go well beyond the simple tasks most intelligent solutions have been designed for. The ML systems woven into our global FortiGuard Labs services, for example, constantly assess new files, web sites, and network infrastructures to identify malicious components of cybercrime campaigns, as well as dynamically generate new threat intelligence that allow organizations to predict and prevent cyberthreats.  

This intelligence is then delivered through FortiGuard’s subscription services (anti-malware, web filtering, etc.) available for our threat prevention products, including our flagship FortiGate security platforms. And this same Machine Learning is also built directly into many of our customer-deployed offerings to automatically detect previously unknown attacks that may reach the customer ahead of global threat intelligence updates.  

It is also a key element of advanced Expert Systems designed to aggregate, analyze, enrich, and alert on threats culled from the large volume of information received from an organization’s IT and security infrastructure, with the option to orchestrate and/or automate response to improve the efficiency of security operations. 

These groundbreaking advances in artificial intelligence (AI) enable the automatic prevention, detection, ​and response to cyber threats​ that human resources and siloed management platforms are unable to achieve. AI-driven Security Operations enable organizations to not only manage the sprawling collection of security devices they have in place, but also see and protect the data, applications, and workflows spread across thousands or millions of edges, users, systems, devices, and critical applications.  

By building AI functionality directly into Fortinet’s security solutions, they can be integrated and deployed across a highly distributed network in a variety of form factors to create a unified and intelligent Security Fabric. These platforms range from ultra-high performance devices designed for hyperscale data centers and architectures, to virtualized platforms deployed as cloud-native solutions in private and public multi-cloud environments. 

By weaving AI across the network through the Security Fabric, organizations not only enjoy comprehensive visibility and protection across all devices, users, endpoints, and environments. Centralized AI-driven Security Operations can also collect, correlate, and communicate across the security fabric to ensure faster and more comprehensive response and remediation than any human-led effort could possibly provide.

As a result, Fortinet customers benefit directly from the advanced artificial intelligence used in our Labs in their own organizations, enabling their cybersecurity systems to act like human cybersecurity professionals, including threat researchers, security analysts, incident responders, and more. This enables the organization to reduce the risk and potential impact of security incidents by blocking more, detecting sooner and responding faster, while also improving the overall efficiency and cost of their security operations.

Fortinet’s AI-Driven Security Operations Puts Organizations Back in Charge

By driving Fortinet’s AI-Driven Security Operations and advanced AI technologies deep into the distributed Security Fabric, organizations are able to significantly enhance their ability to detect and respond to threats and adapt security policies and protocols to network and connectivity changes in real time. This, in turn, amplifies and accelerates the services of on-staff threat researchers and data analysts, enabling them to correlate and process threat intelligence in real time, ensuring that they can more consistently and efficiently keep their organization out of harm’s way.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Find out how Fortinet integrates AI and machine learning capabilities across our Security Fabric to detect, identify, and respond to threats at machine speed.

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and Infosec Partners are using AI to efficiently collect, analyze, and classify cyber threats to protect their networks.

Sourced from Fortinet