Fortinet Named a Challenger with Highest Ability to Execute in the 2019 Gartner WAN Edge Infrastructure Magic Quadrant

Over the last few years, SD-WAN adoption has grown rapidly, becoming one of the fastest growing networking technologies. In anticipation of capturing a share of this large market, over 60 vendors have emerged, making the vendor selection process especially challenging for customers looking to adopt SD-WAN.

By establishing a Magic quadrant for WAN Edge Infrastructure, we believe Gartner has provided a critical tool for helping enterprises wade through the noise of a crowded market and make an informed decision when selecting an SD-WAN solution which enables enterprise-grade routing and advanced security. 

Of the 19 vendors reviewed, Gartner placed Fortinet highest in ability to execute in the Challenger’s quadrant of the 2019 Gartner WAN Edge Infrastructure Magic Quadrant. These Magic Quadrant results align with Fortinet’s recent positioning by Gartner among the top three vendors in worldwide market share for SD-WAN equipment by revenue in 2019, evidenced by our astounding 234% quarter-over-quarter growth rate.

We believe these proof points are evidence of our success at developing a secure and agile SD-WAN solution, which is adopted by over 21,000 customers and designed for today’s digital business requirements. We also believe this reinforces the fact that Fortinet truly understands the needs of the rapidly evolving WAN Edge market.    

Fortinet Secure SD-WAN stands out in the industry for many reasons, and it starts with our security-driven networking strategy. Fortinet has deep roots in enterprise-grade routing and has a long history of enabling advanced networking deployments for distributed enterprises across the globe. One of the most critical challenges faced by organizations adopting SD-WAN technologies is the ability to extend the same level of security posture for direct internet connection that they enjoyed when all connections were routed through the central data center. Most SD-WAN solutions fall short in this area, requiring customers to deploy an overlay security solution that adds layers of management complexity and overhead, undermining the savings in time and money that SD-WAN was supposed to provide. And because security and connectivity are not fully integrated, and cannot be managed through a single interface, it creates lags in visibility and control because security has to continually react to connectivity changes, leaving gaps in protection and impacting performance.

As networks continue to undergo rapid transformation, we are also committed to solving emerging and often unarticulated needs of organizations through our strong commitment to leading through innovation. These include:

Best-of-Breed Security & SD-WAN: We are committed to driving a consistent security posture from the WAN edge to both data center and multi-cloud environments by natively integrated security functions, including NGFW, IPS, anti-virus, anti-malware, web filtering, SSL inspection (including TLS 1.3), and sandboxing. We also provide an integrated CASB service to protect SaaS applications and traffic and to prevent problems related to Shadow IT. Our patented innovation of a purpose-built SD-WAN ASIC enables faster Application Steering, Multi-Path Intelligence, and WAN Path Remediation with forward error correction (FEC) to overcome adverse WAN conditions.

Network Analytics & Automation: Zero-touch deployment, a key feature of Fortinet Secure SD-WAN, simplifies operations by enabling faster branch roll outs and reducing deployment from weeks to minutes. Its unified console for both network and security operations, with role-based access controls for separation of duties is foundational for faster adoption and segmented usage across different functional teams.

Accelerating Cloud Connectivity: Fortinet’s Secure SD-WAN solution enhances the application experience through faster cloud on-ramp connectivity to multi-cloud environments and prioritizing business-critical applications. Fortinet’s Secure SD-WAN solution is available in hardware, virtual form factor, and also available in Azure, AWS, Google Cloud, VMware Cloud, Oracle, and Alibaba marketplaces providing maximum flexibility for organizations with a multi-cloud strategy.

While industry accolades and product details can be valuable, it is just as important to understand what actual customers are saying about the Fortinet Secure SD-WAN solution. Gartner Peer Insights gathers comments from verified customers across a variety of technologies describing their experiences with vendors and solutions. Here are just a couple of examples:

“We did a substantial test with multiple SD-WAN vendors: We liked that Fortinet was able to address all our SD-WAN use cases for voice, video, and cloud. Fortinet offers SD-WAN + Next Gen Firewall with a single appliance…Competitors of Fortinet need separate products and management solutions for NGFW…Customer service response time was fast and high-quality. The overall experience from fast deployment with Zero-Touch deployment, migration from current solutions, and on-going management of the solution has been really smooth.” — Facility Manager/IT in the Manufacturing Industry

“LOVE THE PRODUCT. SD-WAN transforms branches to increase productivity and application performance without compromising on security. With the help of application steering, business-critical applications are always given priority. We are using it for several customers and doing what’s called FULL mesh IPSec tunnels with SD-WAN. Amazing stuff. Why waste money on MPLS when FortiGate comes with SD-WAN?…Good job Fortinet.”   Network Engineer in the Services Industry

The ongoing development and innovation of Secure SD-WAN is a top priority for Fortinet. We are fully committed to solving emerging use cases and accelerate cloud adoption to help organizations truly transform their WAN Edge.

Gartner, Magic Quadrant for WAN Edge Infrastructure, 26 November 2019, Jonathan Forest, Mike Toussaint, Neil Rickard

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.

Download the full Gartner Magic Quadrant for WAN Edge Infrastructure report here.

Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.

Read more about Fortinet’s recent customer momentum to learn why global service providers such as Orange Business ServicesSoftBank Corp, and Ooredoo Kuwait choose Fortinet Secure SD-WAN.

Sourced from Fortinet

New Network Security Use Cases with Amazon VPC Ingress Routing

The introduction of Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing (IR) to the AWS Networking stack introduces the ability to build more flexible yet granularly controlled network security solutions in AWS. Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.

These enhancements are particularly valuable for organizations that implement multi-layer security solutions from both AWS and Fortinet. The VPC IR affects two main network security virtual appliance use cases:

(1) Placing a FortiGate-VM or FortiWeb-VM alongside workloads in the same VPC while selectively routing ingress traffic destined to protected workloads through the relevant Fortinet Network Virtual Appliances (NVA); and

(2) Forcing all traffic entering a VPC to always route through a FortiGate-VM eliminating the concerns of unsecure traffic.

The Fortinet products that can be implemented using VPC IR are primarily FortiGate-VM Next-Gen Firewall, FortiWeb-VM Web Application Firewall and FortiSandbox in routed mode. In this blog, I’ll briefly describe the different use cases and the benefits they offer customers.

In a single VPC Scenario, there could potentially be different protected assets each requiring different security policies or even a different security protection type located in the same VPC. For example, an application could be a web application that has multiple service components such as payments, registration, and file uploads. Using CIDR blocks with a 32 prefix, one can route traffic to the payments service through a FortiWeb-VM, traffic to the file upload server through the FortiSandbox-VM and traffic to the other services simply through the FortiGate-VM for IPS signatures.

The following diagram illustrates the route tables associated with the VPC which in this case has 4 subnets. Both the FortiGate and the FortiWeb have an external elastic network interface (eni) that is associated with the overall VPC network, as well as an internal eni that is associated with protected resources subnets for Web and Payments respectively. In this scenario whenever the Internet Gateway (after performing the EIP to internal IP NAT) receives traffic with a destination to the web servers’ network, it will be routed to the FortiGate-VM whereas when traffic has the destination of the payment’s server network, it will be routed to the FortiWeb. Interestingly enough, there is no need to perform NAT on the Fortinet Network Virtual Appliances allowing for much easier separation of networking and connectivity management from security management.

The second use case is simpler in nature, as it involves only a single VPC and FortiGate, but the simplicity is really what provides much of its value.  Prior to the VPC IR capability, one could not enforce the use of a FortiGate to protect all traffic into and out of a VPC. Any user that has the permissions to create an instance, could spin up a new instance and directly connect it to the internet via the internet gateway. With VPC Ingress routing, the IGW has a route table of its own, which is not something any user will mistakenly manipulate. The ingress routes can be configured to route all ingress traffic to a FortiGate-VM and therefore ingress traffic will always be forwarded to the FortiGate-VM even if a user doesn’t specifically associate the appropriate route table to his newly created instance. As a result, traffic that leaves ingress to the internet directly via the IGW will still get firewalled in the return path back into the VPC eliminating the situation where an instance can potentially gain unprotected access to the internet.

The following diagram illustrates the simplicity of making traffic always route through the FortiGate-VM for any inbound traffic. All incoming traffic which has likely been translated from an EIP to an internal address, let’s assume in the subnet, will first be routed by the IGW to eni-1234 of the FortiGate-VM. And then the FortiGate-VM will forward this traffic on to the relevant server, whether web server or payments server. The return traffic from the servers uses the internal subnet route table to determine that it’s next hop is the FortiGate-VM, and then the FortiGate-VM determines its next hop as the IGW. There is no change in the ingress portion, however the fact that the IGW will always forward traffic that is destined to the servers in network to the FortiGate-VM effectively ensures that no server is placed in this subnet without a security policy.

To summarize – VPC IR is a great step to add a layer of flexibility for customers. This helps organizations design more secure and more operationally viable security solutions in their AWS-based infrastructure. To summarize, the three main benefits are: (1) separation of network management and security management by eliminating the need for NAT in different scenarios, (2) adding the ability to force ingress traffic to protected/sensitive networks through a FortiGate-VM, and ultimately (3) allowing for granular security enforcement to be assigned on a per subnet basis vs. at the entire VPC level. Fortinet is committed to support new developments from AWS in order to help customers better realize the potential cloud computing can offer to accelerate their business.

Learn more about how Fortinet’s dynamic cloud security solutions give organizations the confidence to deploy any application on any cloud infrastructure. 

Read these customer case studies to see how Cuebiq and Steelcase implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud.

Sourced from Fortinet

Helping Government Agencies Adapt at the 2019 Security Transformation Summit

As government agencies undergo digital transformation, their security strategies must align with these new initiatives. Without a security transformation plan in place, private information could be inadvertently put at risk and mission objectives may not be fully met. The challenge is learning how to identify and mitigate new risks in the midst of these transformation efforts.

Security Transformation Summit 2019

At the upcoming Security Transformation Summit, presented by Fortinet, top public and private sector leaders will gather to discuss the evolution of technology – such as automation and the cloud – and the implications for securing these new connected environments. By collaborating with other cybersecurity experts across government, tech, and academia, attendees can play an important role in protecting the public interest.   

This event will be taking place at the Ritz-Carlton Pentagon City on December 3rd.

The speaker lineup for this year’s event is impressive, including leaders in federal and state agencies from across the country. In addition to these leading voices, Fortinet will be participating in panel discussions, fireside chats, and delivering a keynote speech. These sessions will cover a range of topics that will provide key insights into how to effectively protect data and systems amidst digital transformation.

In addition, for every tweet that uses the hashtag #FortinetSecuritySummit, Fortinet will donate $2* to the USO, a nonprofit organization that supports the US military and their families.

Fortinet Sessions at the Security Transformation Summit

Bob Fortna, President of Fortinet Federal, will be leading the opening and closing remarks for this event. In addition, attendees will have the opportunity to hear from other members of the Fortinet team throughout the day. Here are a few key sessions that Fortinet will be participating in on December 3rd.

Are we on the Cusp of a Revolution in Cybersecurity

During his keynote session, Phil Quade, CISO at Fortinet, will speak to the potentially game-changing impact of the intersection of a unified technology platform approach to cybersecurity with artificial intelligence and machine learning (AI/ML).  The convergence of the unified technology platform approach to cybersecurity embodied by Fortinet’s Fabric with increasingly mature AI/ML capabilities has the potential to both top the balance between attackers and network defenders and help overcome the workforce shortage in cybersecurity. The Federal Government has spent years working to generate a common operating picture of activity within its networks and the ability to respond to threats at machine speed and scale.  Learn how the private sector has approached the problem.

Improving Security with AI and Machine Learning 

Keith Rayle, Security Strategist at Fortinet, will be moderating a panel discussion involving several tech professionals, including Ryan Cote, CIO at the DOT, Frank Konieczny, CTO at the U.S. Air Force, and Rick Pińa, Chief Technology Advisor – Public Sector at World Wide Technology. This session will center on the value of incorporating AI and machine learning into one’s security strategy, especially as new technologies are continually introduced to networks. By embracing this advanced approach to cybersecurity, agencies can more easily and quickly identify vulnerabilities and protect critical information. During this panel discussion, attendees will gain a better understanding of why integrating AI and machine learning with security is critical for protecting today’s expanding threat landscape.   

Considerations for Election Security

Jim Richberg, Field CISO at Fortinet, will be sitting down with Thomas Hicks, Commissioner and Chair of the US Election Assistance Commission to discuss election security. What were the lessons learned from the 2019 elections, and what should cybersecurity professionals and election officials prepare for as we look towards 2020? As technologies enable capabilities such as remote voting from personal devices continue to mature, they bring a range of risks ranging from technical to the psychological. This fireside chat will center on these ideas while affording attendees a perspective as to how these concepts might impact their own agencies and operations. 

Security Driven Networking – Going Beyond Zero Trust

Jonathan Nguyen-Duy, VP, Global Field CISO Team at Fortinet, will be speaking to attendees about the need for Security Driven Networking that goes beyond traditional Zero Trust principles. While the Zero Trust model has gained popularity for its prioritization of authenticated traffic, it also has its limitations. By gaining further insight into how to combine the principles behind both Zero Trust and network Segmentation, attendees will be able to enjoy an integrated security architecture that allows their agency networks to defend and secure critical resources while rapidly adapting to change. 

Final Thoughts 

We look forward to participating in this year’s Security Transformation Summit and meeting with leaders to discuss the need for adaptive security across government agencies. By collaborating with other experts and exploring new concepts, attendees will walk away with the knowledge required to keep their agencies and employees, along with the citizens they serve, secure in today’s connected world. 

WhatSecurity Transformation Summit 2019

When: December 3rd, 2019

Where: The Ritz-Carlton, Pentagon City, Arlington, VA

Learn more about Fortinet’s comprehensive, effective, and adaptive security solutions for today’s connected government.

*Up to $5,000 

Sourced from Fortinet

Fortinet to Host Four Regional Accelerate Conferences in 2020

Accelerate is Fortinet’s premier customer and partner event, drawing thousands of attendees from around the world. Each year, security professionals gather to hear from Fortinet executives and industry-leading keynote speakers about security trends and the latest Fortinet product solutions and development strategies, attend classes conducted by security experts, researchers, and product managers, and participate in hands-on labs and workshops run by Fortinet’s top trainers. 

Because demand for these resources continues to grow, Fortinet will be hosting four regional Accelerate conferences in 2020, rather than the traditional single event. This will enable more customers and partners than ever to learn about Fortinet solutions and strategies, attend business and technical training from more than 100 sessions, consult with Fortinet’s security experts, participate in critical hands-on learning labs and workshops, and network with other security professionals from their region.

Accelerate 2020 conferences will be held in EMEA, US East, Latin America, and US West (Silicon Valley). The following dates have been confirmed:

  • Barcelona, Spain – February 15-20, 2020
  • New York City, U.S.A. – May 16-21, 2020
  • Riviera Maya, Mexico – August 3-6, 2020
  • Silicon Valley, U.S.A. – November 7-12, 2020

Each year, some of the most valued Accelerate activities are the Pre-Conference Workshops. Attendance at these workshops has doubled every year for the past few years, and this new regional format will allow the number of possible attendees to double once again. Hosted by the NSE Institute, Pre-Conference Workshops offer some of the most popular NSE training courses, held prior to the main conference.

Fast Track Workshops held during the conference are open to partners and customers at no additional charge. The Fast Tracks are composed of short, comprehensive workshops that cover significant topics in cybersecurity. Led by Fortinet engineers, these 2-4 hour in-person sessions take attendees on a deep-dive into the Fortinet Security Fabric through hands-on labs and use cases.  

Each conference also includes the Accelerate TechExpo, where Fortinet and partners showcase solutions, demonstrate product functionality, and highlight integration with the Fortinet Security Fabric. All Accelerate 2020 attendees will also receive a free NSE exam voucher to be used at the on-site testing center.

This years Accelerate 2020 conference is certain to be one of the most technologically exciting and eye-opening experiences you’ll have all year! To register for one of the Accelerate 2020 regional conferences; to get the latest information on pre-conference workshops, speakers, and sessions; and to see conference details, dates, and locations as they become available, visit

Learn more about Accelerate 2019 and register today. A complete list of sessions is now available.

Follow us and engage on social media using #Accelerate20

Sourced from Fortinet

Fortinet Now Integrates with AWS CloudFormation Registry and CLI to Enhance Cloud Security

Many organizations have adopted Infrastructure as Code (IaC) methodologies and are now leveraging IaC tools to create and manage complex deployments that would otherwise take days or weeks to implement. With the REST APIs and integration with popular IaC tools such as Terraform, Fortinet has enabled organizations to automate the provisioning of security services to various virtualization and cloud platforms.

Recently, Fortinet became an official Terraform provider, allowing users to directly create and manage Fortinet-specific resources, such as system interfaces and firewall policies. Additionally, Fortinet has taken advantage of cloud native IaC tools such as AWS CloudFormation service to build solutions, including CloudFormation templates, that allow automatic deployment of its products along with the required AWS resources. While those ready-made templates automate provisioning of the AWS resources, organizations often need to rely on AWS services and constructs such as User Data and AWS Lambda Function to create third-party specific resources.

Now, with the integration of its newly-launched AWS CloudFormation third-party resource provider framework, Fortinet has taken its IaC and AWS automation offerings to the next level.

What is the AWS CloudFormation Third-Party Resource Provider Framework?

Today, if customers want to automate the configuration of their third-party security services running in AWS accounts, they either rely on User Data and custom scripts to push the configuration during the bootstrapping process, also known as day 0. Or, they need to leverage services such as AWS Lambda Function to interact with third-party resources via an API at some later stage of the application lifecycle.

For example, in order to create a new firewall admin account, after the VM boots up, AWS users would have to run a custom script. However, the recent enhancement to the AWS CloudFormation service allows vendors to model and automate third-party resources, such as a FortiGate admin account, by enabling them as resource providers for the CloudFormation service.

Resource providers are treated as first-class citizens within CloudFormation. One can use CloudFormation capabilities to create, provision, and manage these resources in a safe and repeatable manner, just as you would any AWS resource. Using resource providers for third-party resources provides users a way to reliably manage these resources using a single tool, without having to resort to error-prone and time-consuming methods like manual configuration or custom scripts. An end user would only need to declare these resources in the same manner as they would declare native AWS resources such as EC2 instances.

Third-Party Vendors Can Build Resource Providers Within CloudFormation

A resource provider includes a resource type specification, as well as handlers that control API interactions with the underlying AWS or third-party services. There are three major steps in developing a resource provider:

Model – create and validate a schema that serves as the definition of a resource. The first step in creating a custom resource is modeling that resource, which involves generating a schema that defines the resource, its properties, and their attributes.

Develop – add logic that controls what happens to the resource at each stage in its lifecycle. Once a resource type is modeled its schema is validated, the next step is to develop the resource which consists of implementing “Create”, “Read”, “Update”, and “Delete” handlers.

Register – register the resource provider with CloudFormation in order to make it available for use in CloudFormation templates. Once registered, custom resource providers can be viewed in the CloudFormation registry section of the AWS CloudFormation console.

Additionally, runtime logging via AWS CloudWatch can be enabled. This enables the accessing of resource logs to help diagnose and debug any issues.

Fortinet is Now an Official AWS CloudFormation Provider

As automation has long been one of the main pillars of the Fortinet cloud security strategy, we have now integrated our offerings with the AWS CloudFormation third-party resource provider framework.  The goal is to provide organizations with a seamless experience in automating the creation of Fortinet-specific resources such as system interfaces, and admin accounts.

CRUD handlers for each of these resources have also been implemented to ensure full support for every stage of the lifecycle of a resource. For example, “Create” stack applied to a CloudFormation template that includes a FortiGate (Fortinet Next Generation Firewall) DNS System as a declared resource, will invoke the create handler of that resource. Similarly, “Update” stack operation will result in the invocation of the update handler of the System DNS resource provider.

This new integration simplifies many use cases that have historically relied on manual and/or custom invocation of third-party resources. In the first release, creating three FortiGate resources within the CloudFormation will be supported. These resources are System Interface, System DNS, and Admin Account.

For example, customers can now take advantage of the Fortinet “Admin Account” resource provider to directly create admin accounts on a FortiGate. In the future we plan to support creating Tunnel interfaces on a FortiGate to provision VPN IPsec tunnels between FortiGate devices and AWS-managed services such as the AWS Transit Gateway. Without this resource provider, users would have to write error-prone User Data scripts or custom Lambda Functions triggered by certain events in their AWS accounts.

How This Offering Helps Your Organization

Fortinet’s CloudFormation resource provider support provides organizations with a seamless way to create, update, and delete firewall resources in AWS accounts. It abstracts away the underlying complexity, thereby allowing customers to deploy Fortinet firewall resources in the same way as they would deploy any native AWS resource.

Read about how Fortinet integrates with HashiCorp Terraform.

Visit our AWS resources on GitHub here and read this post on the AWS blog for more information on this integration.

Learn more about how Fortinet’s multi-cloud solutions provide visibility and control across cloud infrastructures to secure applications and connectivity. 

Sourced from Fortinet

Fortinet’s Guide to AWS re:Invent 2019

Don’t Miss the Latest Cloud Security Insights from Fortinet

Once again, this year’s AWS re:Invent conference promises to be the biggest cloud event of the year. Last year’s event was amazing – “jam packed” doesn’t even begin to describe it — and yet, this year’s is looking to be even better!

AWS re:Invent has quickly become the world’s largest Cloud event and is taking place December, 2—6, 2019 in Las Vegas. We are returning to re:Invent, along with thousands of AWS users who will be there to learn and interact with AWS, their peers, and AWS partners like us.

Join Us at Our Booth – #1134

Fortinet is a proud sponsor of re:Invent 2019, and we look forward to welcoming you to our booth, #1134. While there, you can meet with Fortinet cloud experts to help you address your cloud security challenges. We will also have hands-on demo stations available covering the following technologies:

  • Security AutomationFortiGate-VM leverages AWS CloudFormation for provisioning and security lifecycle management for FortiOS devices in AWS.
  • Cloud Workload Protection  – FortiCWP leverages AWS Security Hub & API’s to validate configuration hygiene, Cloud account activity, Cloud data security and Cloud network traffic analysis.
  • FortiWeb WAFaaS on AWSFortiWeb WAF-as-a-Service for Machine Learning-Enabled Web Security for AWS workloads

Stop by to learn how we can help you establish and enforce a consistent security posture that protects your apps and data from malware and data loss on AWS with our broad portfolio of cloud native security solutions. While there, be sure to check out how you can automate many of the manual deployment and security management tasks as a means of embedding security into your cloud workflow.

And because this is all on the cloud, you can try before you go. Dropping in on the AWS Marketplace will give you an idea of the wide range of Fortinet security solutions available for the AWS cloud platform. And each of these are also seamlessly compatible across with widest range of virtual networks and private and public cloud platforms in the industry, so you can avoid the sort of security solution sprawl many organizations wrestle with as their digital attack footprint expands.

Join Us for Sessions, Briefings, Hackathons, and More

Fortinet will also be showcasing our solutions throughout the conference.

  • The AWS Partner Solutions Experience in the Venetian hotel showcases how AWS Marketplace Seller and AWS Partner Network solutions work with AWS to solve real-world challenges. Please visit us on Tuesday, December 3rd from 10:30 AM – 6:00 PM
  • Security Jam is an onsite hackathon that tasks engineers and developers with solving specific security challenges. Participants will be able to leverage Fortinet security technologies in an AWS environment to help achieve their tasks. This not-to-be-missed event takes place at the MGM Grand on Wednesday, December 4th. Session One runs from: 8:30 AM – 12:30 PM, and Session Two runs from 2:30 PM – 6:30 PM

There are also hundreds of informative sessions to learn about new technologies and hear how other companies are innovating using AWS tools. But with hundreds of sessions available, how do you know which ones to attend? Well, we’ve compiled a list of the sessions that we’re planning to attend, along with snippets of their descriptions:

  • NET201 – AWS networking fundamentals: A must for any network security engineer who’s beginning their migration to AWS.
  • NET317 – Connectivity to AWS and hybrid AWS network architectures: Showcases connectivity options for network engineers to help interconnect their existing IT footprint with AWS.
  • NET320 – The right AWS network architecture for the right reason: Examines various VPC connectivity options, and when to use which offering from AWS, such as transit gateway and VPC peering.
  • NET406 – AWS Transit Gateway reference architectures for many VPCs: This is the most common deployment we’re seeing for Enterprises in AWS. This session will help you understand the architecture.

Here is a link you can use to start planning your week. Login to the catalog (there’s a link at the top right) and you’ll be able to flag any sessions that you’re interested in. You can also sign up with AWS to receive conference updates.

Hope to See You There!

Fortinet are proud sponsors of the Security Jams at AWS re:Invent on Wednesday, December 4 from 8:30-6:00pm at the MGM Grand. We will be providing visitors with a wide range of prepared scenarios that represent common use-cases and operational tasks using Fortinet and AWS services to complete the challenges. Work in teams of four to identify what is causing the problems and what would you do differently. Winning teams will win an Amazon Echo!

Visitors can also stop by and visit us at Marketplace’s Partner Solutions Experience on Tuesday, December 3 and Thursday, December 5 from 10:00-6:00pm where we will be showing FortiWeb WAFaaS as well as all of our other fabric-ready solutions.

No matter what your role is in your company’s Cloud efforts, you’ll walk away from this year’s AWS re:Invent conference with the technical knowledge you need to help you and your company refine your Cloud strategy, increase application performance, and ensure that security is a seamless and integral part of that process. And don’t forget to stop by Booth #1134 to visit with Fortinet’s staff of AWS security experts! You’ll be glad you did.

Schedule a meeting with Fortinet during the event. 

Learn more about how Fortinet’s dynamic cloud security solutions give organizations the confidence to deploy any application on any cloud infrastructure. 

Read these customer case studies to see how Cuebiq and Steelcase implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud.

Sourced from Fortinet

Fortinet to Sponsor the MEF19 Global Networking Event

As a Silver Sponsor of MEF19  being held this year at the JW Marriott LA Live hotel in Los Angeles November 18-21, Fortinet will join other service provider industry leaders as MEF showcases its vision of accelerating the networking industry’s transition to dynamic, assured, and certified services across a global federation of automated networks.

With a membership of more than 200 companies, more than half of them service providers, MEF is an industry association focused on orchestrating services across multiple providers and network technology domains. Fortinet has been a member of MEF since 2017 and currently leads a key Initiative in the MEF Applications Committee on Application Security for SD-WAN Services (MEF88).

Fortinet will be an active participant at this year’s event with speakers addressing a range of topics including SD-WAN Application Standards, SD-WAN Security, Edge Computing and SDN/NFV. In addition to event speakers, Fortinet is proud to be a participant in two exciting Proof-Of-Concept (POC) demonstrations and will have SME’s available to discuss a range of security topics at our booth.

If you will be attending the show, we invite you to engage with the Fortinet.

Opportunities to Hear from Fortinet Experts

Session: Application Security for SD-WAN Services (MEF88)
Fortinet Speaker : Nicolas Thomas
Time: Monday November 18th, 10:30am-10:50am PST

Session: The Next Wave of SD-WAN Services & Features – Multi-Cloud, Multi-Vendor, Security & Scalability
Fortinet Speaker : Kelly Brazil

Moderator: Mike Sapien, Chief Analyst, Enterprise Services, Ovum | Michael Martin, Senior Enterprise Architect for Networking and Security Infrastructure, McKinsey & Company | Kelly Brazil – Sr. SE Director, Fortinet | Susan White, Head of SDN/NFV Strategy and Marketing, NEC/Netcracker | Speaker to be Announced, PLDT

Time: Tuesday November 19th, 4:05pm-4:50pm PST
          Monday November 18th, 10:30am-10:50am PST

Session: Security in a Software Defined & Virtualized World
Fortinet Speaker : Kelly Brazil

Moderator: Zeev Draer, Marketing Committee Co-Chair, MEF; VP Global Business Development, Edge Solutions, ADVA | Bob Schroeder, VP Data Product Management, Spectrum Enterprise | Kelly Brazil – Sr. SE Director, Fortinet | Hari Krishnan, Senior Director, Security Product Management, Nuage Networks from Nokia

Time: Wednesday November 20th, 4:10pm-4:50pm PST

Opportunities for Direct Interaction with Fortinet Experts

Fortinet will be a part of the MEF 3.0 PoC Showcase at MEF19 in two groundbreaking demonstrations. We invite you to drop by and chat with our experts.

Security Assurance in SD-WAN Application Flows (“The Protectors”) – Fortinet, Tata Communications Transformation Services (TCTS), and Spirent Communications
This PoC will demonstrate the feasibility and advantages of relying on an SD-WAN service provider for both traffic efficiency (SD-WAN) and Security of application flows.

Slicing the Edge – AT&T, Fortinet, Nokia
Demonstrates how dynamic network slicing combined with compute residing at multiple locations on the edge can provide an enterprise customer with the same level of security, control and flexibility that they have in a bespoke LAN/Wireless LAN configuration without the reliance on shared and congested 2.4/5GHz spectrum or expensive physical infrastructure. The PoC shows multiple types of traffic, each with a dedicated portion of the carrier spectrum, routed to on-premise, network-edge and public cloud resources as required.

Proof of Concept Map

Fortinet Booth

Drop by Fortinet booth #513 to speak with security experts, discuss the latest developments in Fortinet Secure SD-WAN, learn about the Fortinet Security Fabric and hear more about our security solutions that have been earning top industry awards, recognitions, certifications, and accolades. 

Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds. 

Sourced from Fortinet

Graduating from the Fortinet FortiVet Program: A Conversation with Robert Baryo

Can you give us a summary of your background in the military?

I was proud to serve as a Medic/LPN in the Army Reserves for nine years. I was part of some great teams and missions throughout my service and met some amazing people. I served with the 401st Medical Logistics Company most recently. Throughout my service, I was afforded many opportunities to lead and take care of soldiers – and that helped define the man I am today.    

What do you do now?

I recently began working as an IT Specialist for Ground Vehicle System Command (GVSC) at the Detroit Arsenal. It is an honor that I am working with the United States Army again; serving soldiers from the information security side of the organization. I am very thankful for the opportunities afforded to me and for every professional that has taken the time to invest in my development and career.  A main reason I am here today is because of the doors that the FortiVet program opened for me.

How did you get into the FortiVet program?

I was networking and looking for a career change. I began looking at programs that assisted veterans and talking to everyone I could meet to get guidance and perspective on a career in cybersecurity. Thankfully, I was able to find an amazing mentor who introduced me to FortiVet and put me in direct contact with the program lead, and the rest is history.    

Why do you think the program is important to help fill the talent gap in cyber security?

This program helps provide current professionals from ALL backgrounds with perspective and realistic goals to fill the skills gap in the cyber security industry. Additionally, it leverages the training and talents of our veterans to ensure the employers are getting disciplined and competent professionals willing to do what is required to get the job done. FortiVet is unique in that it not only provides mentoring and interview coaching, but the program actively connects you with employers who are part of Fortinet’s partner ecosystem. This greatly helped me in my job search and helped set me up on interviews.

What is the benefit of hiring military veterans?

Veterans, just like many other citizens, vary in skill set. However, veterans are reinforced with the values of the branch they served, in my case, the Army. These principles set veterans apart from other applicants. Companies can rely on the fact that these men and women will apply themselves to achieve the organizations’ objectives.          

What would you say are the benefits to a company for hiring someone from the FortiVet program?

The best part about this program is the individual the company is hiring has been trained both by the branch of service (Army, Marines, Navy, Air Force, or Coast Guard) and the team at Fortinet. FortiVet graduates get the most relevant and up to date cybersecurity education through Fortinet’s certifications training. Additionally, Fortinet’s extensive partner ecosystem and networks is a big advantage when looking for job openings in ones respective field. 

Learn more about Fortinet’s NSE Institute programs, including the Network Security Expert programNetwork Security Academy program and FortiVets program.

Sourced from Fortinet

Customers Choose Fortinet Secure SD-WAN to Enable SD-Branch

How SD-Branch Helped a Major African Retailer Connect Hundreds of Retail Locations with Multiple Data Centers

A secure connection is only as safe as the devices and networks located at either end of that connection. Which is why, for many organizations, dynamic and secure SD-WAN connectivity only addresses part of their challenge. The reality is that there is often a local LAN located behind that WAN connection that also needs advanced network and security support, and very few SD-WAN solutions are in a position to address that problem.

Retail Locations Have Both WAN and Branch Requirements

This is especially true for distributed retail locations. Many times, these locations not only need a fast and reliable connection back to their central network, but they also have a local LAN that includes things like point-of-sale devices, inventory controls, security systems, and other end user and IoT devices. They may also require direct Wi-Fi access to the internet to access applications as well as to support their customers and their mobile devices.

This was the case for a major retailer in Southern Africa with more than 1,000 locations, thousands of employees, and several private brands to manage. Their first objective was to upgrade their current MPLS connections between their retail locations and three different data centers. Their bandwidth requirements varied from 5Mbps to 20Mbps, depending on the services running at the branch, with their most common services being voice, point-of-sale, SAP, and a number of home-grown applications. They also needed direct internet access from each location.

While MPLS provided reliable connections and performance, their roadmap included plans to move their applications to the cloud, and they were looking for a Secure SD-WAN solution that would allow them to reduce their WAN Edge costs while maintaining or improving their current application experience. However, they also realized that connectivity wasn’t their only issue.

Branch LANs Require Advanced Solutions with a Small Total Footprint

As a major retailer, they also have point-of-sale services deployed at a majority of their branch locations. This requires the local LAN in place at these locations to be PCI/DSS complaint, which also requires having specific kinds of security in place to protect the personal data of their customers and to prevent against advanced threats. Unfortunately, most SD-WAN providers were unable to provide a solution to address this challenge without introducing multiple point products at each location. With limited IT resources, there simply wasn’t enough budget or expertise to deploy and maintain such a strategy.

However, because Fortinet’s Secure SD-WAN appliances are built on a FortiGate NGFW framework, the same device used to provide secure SD-WAN connectivity for each retail location is also able to provide essential NGFW and IPS capabilities as part of Fortinet’s SD-Branch solution. This allowed them to achieve their WAN Edge objectives and comply with strict PCI/DSS regulations, while also simplifying their LAN architecture by consolidating networking and security point products into a single device. The result was an integrated network and security solution that provided all of the services needed at every branch location.

The Fortinet team won this opportunity specifically because we were able to consolidate the WAN Edge and LAN architecture across the branch, and then support it through a unified management console. Other vendors, such as Cisco Systems, were simply unable to demonstrate the sort of integrated and cohesive solution that was required. Additionally, the Fortinet solution was also able to recognize and optimize business applications to provide a high quality application experience. And with its integrated security capabilities, the SD-WAN appliance was also able to support and Secure Direct Internet Access from each retail location.

The final end-to-end Fortinet solution deployed two WAN links at each branch with secure support for direct internet access across all branches. These WAN links are internet-based, and use different transport modes – 3G/4G, ADSL, or Fiber – depending on the branch type and location. On the LAN side, this architecture was designed to also provide Secure Wireless Access and Unified Access Switching.  

Providing a Complete Solution

The key drivers that put Fortinet above the competition in this opportunity included:

Consolidation of WAN and LAN Functions at a lower TCO: We were able demonstrate our ability to consolidate our SD-WAN solution with LAN Wireless and Access Switching requirements to reduce costs and simplify operations across 1000+ branches. This was key requirement.

Optimize Application Experience for Multi-Cloud: We also showcased our ability to provide an optimized quality of experience for business-critical applications using our Secure SD-WAN Multi-Path intelligence capabilities, which optimize critical connections even over internet links and across different transport modes, including 3G/4G, DSL, and Fiber. And with their strong cloud migration roadmap, our ability to futureproof their solution using things like our unique cloud optimizing capabilities for applications that span Multi-Cloud environments was a compelling solution.  

PCI/DSS compliance requirement: Fortinet was not only able to demonstrate significant cost savings by enabling Secure Direct Internet Access at branch locations using our Secure SD-WAN platform, but also showcase its ability to meet PCI/DSS compliance requirements at branch locations without the need to introduce new point products.

Retail locations often have unique requirements that not only include all of the usual SD-WAN connectivity functionality and access to critical applications, as well as essential security to secure those communications, they also have local networks at each branch that need to be managed and secured. Resolving those issues cannot involve a collection of point products that each require configuration, optimization, and monitoring, as retailers simply do not have the technical resources on-site to manage or troubleshoot those resources. Fortinet’s Secure SD-WAN and SD-Branch solutions provide the full range of networking, access control, and security solutions in the smallest possible appliance footprint to help organizations better compete in today’s digital economy.

Find out how you can consolidate branch services while delivering security, agility, and performance with Fortinet SD-Branch.

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.  

Sourced from Fortinet

Smart Buildings – Securing Your New Attack Surface

The potential attack surface continues to expand with virtual and multi-cloud networks, connected branch offices, growing volumes of IoT and endpoint devices, new SaaS applications, and the growth of Shadow IT. Most security teams, already suffering from understaffing and the looming cybersecurity skills gap, are struggling to keep up. The convergence of IT and OT is likewise adding to the challenges of securing today’s constantly evolving digital landscape. Everything from critical infrastructures, manufacturing floors, and transportation systems are being impacted. At the same time, new smart buildings are adding to the challenge, and many of these new interconnected environments are getting overlooked from a security perspective.

Smart Buildings Interconnect Traditionally Isolated Systems

Smart buildings are part of a new trend in digital innovation that integrates technology into traditionally isolated devices and systems such as appliances, automobiles, and even entire cities. These things have historically been comprised of completely separate elements. Buildings are a perfect example. Lights, elevators, HVAC systems, physical access to rooms, floors, or the building itself, emergency and alarm systems, and security devices, to just name a few, all largely operate as independent systems that often don’t receive the same security attention as other IT-connected resources, such as financial or manufacturing systems. This has to change.

IoT and cloud computing are disrupting the construction industry as more organizations are looking to retrofit or build out new smart buildings. The benefits range from ensuring occupant comfort and safety to improved efficiency and sustainability and lower power consumption. However, connecting smart building technology to the IT infrastructure, or directly to the internet, increases the risk of a cyberattack. If cyber terrorists are able to remotely lock doors and disable fire suppression systems, for example, this could be a formula for disaster.

Steps for Securing a Smart Building’s Cyber Environment

Smart building cyber security has generally not been included in the design, selection, or deployment of smart building technologies. The challenges of this approach are highlighted in a recent IDC report, sponsored by Fortinet, that not only examines a number of industries that have embraced smart building technology, but also identifies associated security implications and challenges and provides essential guidance for how to establish a security-first approach to smart building strategies.

  1. Organizations must adopt a long-term strategy that addresses both physical and cyber security. So it is essential that all key stakeholders are involved early in the process so that they understand the security implications, can identify critical systems and resources that need to be protected and can build consensus around a common security strategy built around a single, integrated security fabric.
  2. Because the list of integrated devices and automated systems designed to improve building and facility operations expands every day, the next consideration is to establish and maintain an inventory of all connected systems. Smart components include lighting, parking, HVAC systems, elevators, and building automation. In addition, building access control, air quality monitoring, fire and safety systems, solar energy systems, and communications systems are not only connected to IT, but in many instances, also interconnected to each other through a central building maintenance and management console – which means that the entire system is only as secure as its weakest system. The challenge is compounded further when smart buildings become smart campuses of an interconnected building due to a much larger potential attack surface. 
  3. Organizations also need to develop an understanding of the vulnerabilities these solutions are subject to and the risks that a compromise can introduce. Weak passwords for building automation systems (BAS) and industrial control systems (ICS), unpatched operating systems embedded in control devices and vulnerable IoT devices, such as cameras and sensors, and back doors between devices and manufacturers for remote troubleshooting not only put the building and its occupants at risk, but can also be a conduit into the IT network and its valuable data and other digital resources. A number of high-profile network breaches began by cybercriminals hacking through connected buildings, including HVAC systems, digital cameras, and integrated IoT devices.
  4. Other considerations include consolidating security solutions used for both physical and IT systems to reduce the complexity in management and maintenance that is often the result of uncontrolled vendor sprawl. Use threat intelligence to track vulnerabilities and attacks and map them to devices to prioritize essential security functions such as patching, updating, and replacing vulnerable systems. Implement strict segmentation to isolate critical functions so that a compromise to one system does not represent an existential threat to the entire smart building and IT environments. For devices and systems that cannot be patched for a variety of reasons – headless IoT devices, embedded operating systems that can’t be modified, or mission-critical devices that simply can’t be taken offline, organizations need to ensure that strict proximity controls are in place to secure and isolate them.

Smart Building Require a Security-First Strategy

Smart buildings expand the potential attack surface and increase risk due to the increased numbers of devices and connected assets involved. At the same time, security resources are already overtaxed and simply do not have the time or resources to bolt security into the smart building environment after the fact. Instead, smart building technology investments must begin with security front and center, with both physical security and cybersecurity being the highest priority as well as the core building block when developing s smart building. 

Read the full IDC report on securing smart buildings.

Learn more about how Fortinet’s ICS/SCADA security solution designs security into complex OT infrastructures, extending security from the data center, to the cloud, to the network perimeter.

Read these customer use cases to find out how Echoenergia and this major oil and gas company used Fortinet’s OT Security Solutions to protect their distributed networks and critical infrastructure.

Sourced from Fortinet