Ushering the Era of Hyperscale Security – The New FortiGate 4400F

Fortinet was built on the premise that a network firewall should not just deliver a full range of tightly integrated network and security functions – a goal that many other NGFW solutions still fail to achieve ­– but do so with the scale and performance that today’s most demanding hyperscale environments require. And all at a price point that doesn’t break the bank so that the decision makers don’t have to make a tradeoff between best of security at a scale vs. the cost.

That premise starts with two essential strategies. The first is to offer solutions designed to actually operate together as part of a single security system, sharing threat intelligence to achieve a strong security posture. The second one is to offer scale with not just a collection of mostly isolated security systems wrapped together in a cumbersome and expensive cluster for scale. That first objective is what has driven the development and delivery of the Fortinet Security Fabric. The second strategy involves developing active, purpose-built hardware processors designed to accelerate the performance of essential security functions within a single system.

Announcing the FortiGate 4400F Network Firewall

The truth is, very few vendors have made more than a token effort at achieving the first, and none even seem to have a game plan for achieving the second. And even if they were to start, any sort of solution would be years away. ASIC development is a long and expensive process, and other security vendors are already more than a decade behind. 

Fortinet already has two purpose-built SPUs (Security Processing Units) in place that power our security hardware, with a new hybrid processor designed just for SD-WAN. Our content processors (CPs) are designed to accelerate critical security functions, such as inspecting encrypted traffic, and our network processors (NPs) accelerate networking functions. And these aren’t just fledgling solutions. This past February we released our 7th generation network processor (the NP7). The first FortiGate NGFW solutions powered by NP7 were released soon after, as the FG-1800F and FG-4200F.

Today, the launch of the FortiGate 4400F continues our commitment to delivering SPU-powered products capable of providing the fuel needed for digital innovation. It is positioned to support the most processor-intensive security environments of today – environments that will quickly become the norm of tomorrow.

Today’s Networks Require Security Solutions that Combine Productivity with Hyper-efficiency

Increasing productivity, even with a remote workforce, is a critical goal of many organizations. But with only so many working hours in a day, productivity gains rely exclusively on the efficiency of the tools being used. But in today’s environments, securing the proliferation of new applications is only part of the challenge for today’s firewalls. The volume of data being processed also needs to be addressed, and this is where traditional firewalls fall down flat.

Imagine a cutting-edge pharmaceutical research company looking to build new medicines while delivering value to shareholders. Testing, modeling, and 3D rendering are key to that process. These functions require the processing and transferring of very large datasets – often tens of Terabytes or more – as quickly as possible to AI/ML simulators. This enables new medicines to be developed faster, with lowered costs and reduced risk to human life. 

But that data also needs to be secured. The surreptitious injection of bad data can ruin months or years of research. And competitors and even nation-states may be looking to circumvent the time and expense of research by stealing this intellectual property. But without specially designed security hardware, few security devices on the market are able to keep up.

The FortiGate 4400F changes all of that natively by supporting multiple 100Gbps connections, enabling the inspection and protection of critical Elephant Flows by enabling organizations to make the most efficient use of their existing investments in 40G and 100G WAN links without compromising security at any layer of the network as defined by the OSI model.

But this is only the beginning. The next generation of smart cars, smart cities, and smart infrastructures – including transportation, power grids, manufacturing, and more – all augmented by AI and Machine Learning – will require the management and processing of massive amounts of Big Data. Providing sufficient performance and processing to support these new architectures will require even faster and more efficient infrastructures. And for most security vendors, this is a looming challenge that isn’t even on their drawing boards – which puts the future of the digital revolution at risk.

A Hyperconnected World Requires Hyper-Efficient Firewalls

The transition from 4G to 5G likewise promises huge potential for more efficient systems, the more rapid delivery of increasingly rich media, and a host of new applications and services still unseen that will benefit users and providers equally. But security is lagging from traditional security vendors still relying on off-the-shelf processors to power their devices.

Mobile network operators (MNOs) need a solution like the FortiGate 4400F that can ensure security and business continuity as 4G expands and they evolve their services to include 5G. The evolution of 4G and the introduction of 5G create the perfect storm for new levels of security performance and hyperscale needed to support the exploding number of devices connected to the mobile network. New security performance and scalability standards will need to be met to support the hyperconnected world where users talk to users and machines, where machine to machine communication becomes the norm, and data processing, decision-making, and transactions – often involving massive amounts of data – are measured in microseconds.

Likewise, mobile users adopting broadband wireless in 5G want very quick downloads of rich media, a very fast gaming experience, and the ability to generate ad hoc edge networks. Service providers need security solutions like the FortiGate 4400F to support and secure their massively scalable networks while ensuring fast user connection setup and the lowest possible latency. If not, the user experience will suffer, and revenue loss will follow as customers abandon the provider. 

Securing Data in Transit Remains Pivotal

Enabling providers to scale their radio access networks (RAN) and core infrastructures is already a challenge for nearly all modern security solutions. But adding the delivery of user data by leveraging hardware accelerated Suite-B encryption is an even more daunting task – and one that virtually every traditionally developed security solution fails to deliver. The FortiGate 4400F, however, delivers tens of thousands of tunnels while delivering 420Gbps of IPSec throughput, combined with a security compute rating of 11X better than other solutions for Security Gateway (SecGW) deployments. The versatility and performance of FortiGate Network Firewalls really futureproofs company investments because solutions like the FortiGate 4400F enable them to build high-speed, high-performance Data Center Interconnects. For situations that require encrypting at high speeds, IPsec can be turned on non-intrusively to support high-bandwidth IPsec tunnel flows.

Hyperscalability is as Essential as Hyperperformance

Performance is only half of the equation. Scalability is equally essential. With the greatest vertical scaling capability within a 4RU form factor, the FortiGate 4400F not only supports a very high influx of connections – 10 million connections per second and a security compute rating of 12x – it also reduces power cooling and rack space while offering the industry’s best price performance. And even at that level of scaling, you can still turn on essential Layer 4 firewalling and layer it with volumetric-based DDoS (distributed denial of service) attack prevention without impacting performance – ensuring all of your services are protected from bad actors.

Best-of-Breed Advanced Layer 7 Security for Everyone

FortiGate 4400F offers SSL inspection, including TLS 1.3, that is 6.5x better than competing products to provide full visibility into threats that hide in encrypted channels and the ability to detect unsanctioned applications. Inspection alone, however, is not sufficient. A strong security posture requires both threat protection and detection, and the FortiGate 4400F not only delivers two times the threat protection performance of its competitors, it is also powered by AI-enabled FortiGuard and FortiSandbox services to detect and stop known and unknown attacks. FortiGuard Labs has discovered a whopping 890 zero days – more than most competitors combined – with 104 detected so far just in 2020.

Hyperscale and hyperperformance are table stakes in our new digital world, and the new FortiGate 4400F provides these at a price-performance ratio unmatched in the industry. As organizations plan to move aggressively into the next phase of digital innovation, having a high performance security tool such as this in place is essential so that they never have to make the choice, now or in the future, between being competitive and being safe.

Read more about the announcement and how the FortiGate 4400F delivers security for hyperscale data centers with the industry’s best total cost of ownership (TCO). 

Sourced from Fortinet

Secure SD-WAN Addresses Manufacturing and Services Organization’s Security Challenges

Customer Perspectives

Organizational growth often leads to the rapid expansion of the workforce and the addition of branch offices. This, combined with the transition to a teleworker environment, can place significant demands on existing infrastructure in terms of bandwidth requirements, access control, and secure workflows and transactions that are not only multiplying but now originating from outside the traditional network. And WAN environments that rely on dedicated MPLS connections become increasingly expensive while providing limited flexibility and functionality when it comes to things like cloud access, security, and application performance.

Large distributed enterprises in the manufacturing services industry understand more than most the need for business agility. In today’s increasingly competitive digital marketplace, they need to stay connected to anticipate and respond to shifting consumer demands, provide the best possible experience to their customers, and address the challenges of providing a robust work environment while maintaining reliable business continuity in a time of digital innovation and increasing cyber threats.

SD-WAN to Achieve Business Agility

One large manufacturing and services organization, with a single dedicated WAN link at every branch location, began experiencing frequent outages that had a severe impact on their workforce and customer experience with business-critical applications. Such connectivity issues, especially in an industry that relies on continuously managing the delicate balance between supply and demand, can negatively impact customer satisfaction and business outcomes. 

With over 1,200 employees, and a distributed infrastructure across eastern and central Europe, this organization’s branch offices also had a wide variety of connection types in place, with some branch offices using MPLS/satellite, others using DSL, and a majority using LTE as their only available link for data center connectivity and internet access. 

To sustain and accelerate growth, this organization needed continuous connectivity. In fact, it was a top priority for their Digital Innovation strategy. They also understood that they needed to augment their existing WAN links with LTE backup across all branches to support an active/active load balancing and failover architecture designed to maintain business-critical applications such as Point of Sale, camera feeds, and automation tools. 

They were keen on adopting an SD-WAN solution best suited to their flexible deployment needs. This included a solution that combined connectivity and security through a centralized management interface, application awareness combined with high-speed SSL inspection, and local breakout security for direct cloud access from each branch office. In addition, visibility and control needed to extend across all branch networks, combined with precise segmentation for security policy enforcement across users, applications, and devices. 

Fortinet’s Secure SD-WAN solution fits all of these requirements, and much more.

Fortinet’s Secure SD-WAN Solution for Digital Innovation

With several SD-WAN vendors vying for selection as part of their proof of concept trials, this organization was quick to discover that Fortinet’s robust Secure SD-WAN solution differentiated itself by providing a fully integrated solution that combined business agility, optimal connectivity, strong security, and best user experience into a single form factor that was easy to deploy and manage. 

Fortinet Secure SD-WAN offered hybrid WAN traffic steering, QoS prioritization, application acceleration, and automation combined with a robust Next-Generation Firewall that supported a full stack of enterprise-class security functions. And it was available as a consolidated, powerful desktop appliance that also included built-in LTE. As a result, this organization was able to validate that the Fortinet solution would support all use cases for their current business needs, as well as future innovations—something no other vendor was able to do. 

Secure SD-WAN Key Benefits

A few of the key benefits and immediate business outcomes provided by Fortinet’s Secure SD-WAN solution include:

  • Deep Integration Combined with Product Consolidation: The needs for LTE as primary (replacing satellite-based MPLS links) and secondary links were easily met with FortiGate 40F-3G4G appliance with built-in LTE and the custom-built SD-WAN ASIC chip, the SOC4. And because these appliances include a full stack of security tightly integrated with advanced SD-WAN functionality, they were able to reduce the number of devices that needed to be deployed at each branch office. And with support for active/active load balancing and failover, they could provide consistent connectivity across all branch offices to ensure the best possible performance for their business-critical applications. 
  • Best User Experience: Given the nature of their manufacturing business, their goal was to deploy a streaming camera video feed in the near future aimed at providing connectivity and access control at their branch locations. Fortinet Secure SD-WAN’s ability to prioritize high bandwidth applications and ensure better access control with its branch-to-branch VPN overlay ensured the best user experience combined with reliable, uninterrupted service.
  • Strong Security Posture with Intent-based Segmentation: Secure SD-WAN’s ability to natively support intent-based segmentation enabled this organization to achieve better protection for direct access to cloud and internet resources while enforcing security policies based on the roles of users, devices, and applications. This, combined with a comprehensive, centralized content inspection to provide visibility into traffic, enabled the organization to limit breaches to specific network segments by preventing malicious content from passing over from one network segment to another.
  • Flexible Deployment with Advanced Networking Support: By combining zero-touch deployment for ease of deployment with advanced networking functions, such as advanced dynamic routing with BGP, allowed this organization to seamlessly deploy the Fortinet solution at their data centers, disaster recovery hubs, and many of their branches without having to redesign existing network configurations.
  • Extending Security to Branch Networks with SD-Branch: For those branch offices where outages were not an option, the organization was able to quickly implement hardware redundancy with active/active FortiGate appliances, and securely extend direct internet access via LTE using FortiExtender.
  • Centralized Management and Reporting: Fortinet’s unique single pane of glass management allowed this organizations to easily deploy Fortinet Secure SD-WAN at remote branch locations while maintaining a single, integrated security and networking framework. This reduced the need for additional IT staff while improving visibility and control across the entire network infrastructure.

All Objectives Met, and with Significant Cost Savings

Unlike most SD-WAN solutions, which require the deployment of multiple solutions, including a complex overlay of siloed security solutions, Fortinet’s Secure SD-WAN was able to meet all of the requirements of the multinational manufacturing organization with a single, easy to deploy and manage appliance. Not only were they able to meet their deployment goals, but they also managed to reduce their capital and operational expenses at the same time. That’s because Fortinet offers to most robust and complete SD-WAN solution in the industry.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how De Heus and Burger King Brazil implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet