Fortinet Network Access Control (NAC) Receives Commendation from Frost & Sullivan

We at Fortinet are very proud of the success that our FortiNAC solution has achieved, including being recognized by Frost & Sullivan as the fastest growing network access control (NAC) solution on the market. We believe our ability to maintain a growth rate over two times higher than the overall NAC market growth rate is a testament to our focus on delivering a solid zero trust architecture and our ability to converge NAC and the Internet of Things (IoT).

Why NAC Matters

With the surge in IoT devices coming onto networks, the ability to see and control everything connecting to the network is more critical than ever. As more and more companies grapple with securing their wired and wireless networks, effective NAC solutions are becoming necessities, not “nice-to-haves.” It’s no surprise that you can’t secure something if you don’t know it exists or can’t quickly identify it. A robust NAC solution is required to see and understand exactly what is on your network.

NAC’s Checkered Past

While NAC has been around for decades, earlier iterations were difficult to deploy and use. A critical flaw in older solutions was the dependence on the 802.1x protocol for authentication. While it worked well for wireless networks, the administrative pain of deploying it on switching networks usually led to project abandonment after months or sometimes even years of trying. 

Issues with Some Current NAC Solutions

Today, some NAC solutions avoid relying on 802.1x by using traffic patterns to identify devices on the network. However, this approach has also led to challenges. Customers who tried these solutions, then turned to us for help, shared that this approach has two main problems. 

  • First, the need to see traffic in order to identify a device means that the device needs to be on the network long enough to generate a significant amount of traffic. Therefore, a device would be on the network for 10 to 30 minutes prior to an identification. Sometimes, devices were so quiet that they were never detected! 
  • Second, traffic sensors are needed in every location. For organizations with multiple locations, this results in high deployment and maintenance costs.

The Fortinet Advantage

FortiNAC does not rely on 802.1x, so it’s easy to implement on both wired and wireless networks. It also only needs to be deployed in one location. A second high-availability unit can be deployed for disaster recovery (DR), if desired.

To discover every user, application, and device, FortiNAC scans your network. With up to 20 different techniques, it can then profile each element based on observed characteristics and responses, as well as calling on FortiGuard’s IoT Services, a cloud-based database, for identification look-ups.

With these technical and architectural advantages, FortiNAC is proving itself and gaining market share. There is also the advantage of seamless integration into the Fortinet Security Fabric. As part of the Fortinet Security Fabric, FortiNAC can take enforcement action in the network based on information gathered by other security products. FortiNAC is also able to extend the power of the Security Fabric to the multiple third-party switching and wireless vendors that FortiNAC supports. 

To learn more, take a look at the full Frost & Sullivan report.

Discover how Fortinet’s Network Access Control solution (FortiNAC) provides organizations with the ability to see and control all the devices and users connected to the network.

Sourced from Fortinet

Fortinet Secures and Simplifies Customer Migration to Oracle Cloud Infrastructure

Customer Perspectives

Organizations are increasingly migrating data and applications to and between public cloud environments. It’s difficult for these organizations to gain visibility and control of their security posture when they rely on disparate solutions that all take different approaches to security and offer different tools. It’s also hard for a strained security team to stay on top of isolated solutions that fail to integrate. 

Through its Dynamic Cloud Security offerings, Fortinet provides customers with solutions that provide centralized management and visibility across public cloud, private cloud, hybrid cloud and multi-cloud. Fortinet integrates with all leading cloud service providers to give customers advanced security to protect their public clouds. Among the cloud providers, Fortinet directly integrates with Oracle Cloud Infrastructure (OCI), delivering the broadest set of security use cases available for OCI.

The following customers selected Fortinet’s Dynamic Cloud Security to secure their OCI workloads or applications:

U.S. Public College Turns to Fortinet’s Dynamic Cloud Security Offerings for Seamless Integration

Located in a hot spot for natural disasters, a U.S. public college decided to migrate some of its key applications to the cloud, starting with its PeopleSoft enterprise resource planning (ERP) application suite. The college wanted to ensure that if its on-campus network was downed by a storm, it would still be able to support its tens of thousands of students, faculty and staff. Because the college began its cloud migration with PeopleSoft—an Oracle solution—they looked to Oracle Cloud Infrastructure (OCI) as a possible cloud service provider. When it came to securing its new deployment, this customer turned to Fortinet’s Dynamic Cloud Security offerings that seamlessly integrate with OCI

A rapid and highly successful proof-of-concept (POC) led to the selection of the FortiGate-VM next-generation firewall (NGFW) on OCI. The FortiGate-VM firewall also enabled the college’s IT team to segment the network into zones, effectively isolating its websites, applications, databases, and administrative domains. This was especially important, as numerous cyberattacks enter on-premises networks through internet-exposed interfaces in cloud environments. Segmentation prevents attacks from spreading, minimizing the risk to the rest of the college network.

Additionally, the college’s DevOps team has also migrated its testing environment to OCI. The DevOps team is benefitting from OCI’s Shapes – templates that determines the number of CPUs, amount of memory, and other resources allocated to a newly created instance – as well as preconfigured Terraform templates for FortiGate NGFWs– simplifying the customer’s secure journey to OCI. They are saving staff hours every time they spin up a test environment, which they do about 12 times a year leading to significant annual productivity gains. In addition, using templates reduces misconfigurations in the cloud, a potential source of firewall breaches.

Large Supermarket Chain Simplifies Migration to Oracle Cloud Infrastructure

A supermarket chain with more than 40 stores was using firewalls in tandem with older-generation equipment. This posed several problems prompting them to search for a cloud platform to host its servers. After the company’s IT team considered different options, it chose Fortinet’s Dynamic Cloud Security offerings which provided the best solution and included a strong recommendation from Oracle. Specifically, this customer deployed Fortinet’s FortiGate-VM in the Oracle Cloud environment. 

As a result of Fortinet and OCI’s seamless integration, this customer was able to establish protection between servers, and created a secure communication channel from the cloud to the data center, allowing information to be exchanged more securely. The IT team instantly saw how Fortinet provided a single management panel with native visibility and control right inside the cloud. 

Working together with the customer and Oracle, Fortinet was able to help the customer migrate more than 40 database workloads in a secure environment to OCI. Overall, the company has been able to simplify its processes and boost network performance, while having confidence that its cloud environment isn’t vulnerable to threats.  

Identity Management Provider Secures Crucial Cloud Environments

An identity management provider had recently transitioned to an OCI-based architecture to streamline IT operations, reduce costs, and improve organizational agility and scalability. It was then looking for a security solution to protect its workloads. The company selected Fortinet’s Dynamic Cloud Security offerings, including FortiGate-VM next-generation firewalls (NGFWs) in a virtual machine (VM) footprint and high-availability configuration, to secure traffic to and from the company’s OCI instance, as well as for internal network segmentation. One differentiator of Fortinet’s offerings was the broadly supported next-generation firewall and Security Management solutions, which run natively in OCI.

The identity management provider had used FortiGate NGFWs to protect its on-premises network for years and they trusted the ability of Fortinet to secure their crucial cloud environments as well. The customer also recognized how Fortinet’s support of multi-cloud environments was beneficial for standardizing solutions across not only its OCI and on-premises environments, but also across other cloud services. 

Fortinet Delivers Dynamic Cloud Security for Customers Using Oracle Cloud Infrastructure

Fortinet Dynamic Cloud Security solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. Ultimately, Fortinet gives customers the confidence to deploy any application on any cloud infrastructure. 

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Read these customer case studies to see how Hillsborough Community College and WeLab implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud. 

Sourced from Fortinet

Ushering the Era of Hyperscale Security – The New FortiGate 4400F

Fortinet was built on the premise that a network firewall should not just deliver a full range of tightly integrated network and security functions – a goal that many other NGFW solutions still fail to achieve ­– but do so with the scale and performance that today’s most demanding hyperscale environments require. And all at a price point that doesn’t break the bank so that the decision makers don’t have to make a tradeoff between best of security at a scale vs. the cost.

That premise starts with two essential strategies. The first is to offer solutions designed to actually operate together as part of a single security system, sharing threat intelligence to achieve a strong security posture. The second one is to offer scale with not just a collection of mostly isolated security systems wrapped together in a cumbersome and expensive cluster for scale. That first objective is what has driven the development and delivery of the Fortinet Security Fabric. The second strategy involves developing active, purpose-built hardware processors designed to accelerate the performance of essential security functions within a single system.

Announcing the FortiGate 4400F Network Firewall

The truth is, very few vendors have made more than a token effort at achieving the first, and none even seem to have a game plan for achieving the second. And even if they were to start, any sort of solution would be years away. ASIC development is a long and expensive process, and other security vendors are already more than a decade behind. 

Fortinet already has two purpose-built SPUs (Security Processing Units) in place that power our security hardware, with a new hybrid processor designed just for SD-WAN. Our content processors (CPs) are designed to accelerate critical security functions, such as inspecting encrypted traffic, and our network processors (NPs) accelerate networking functions. And these aren’t just fledgling solutions. This past February we released our 7th generation network processor (the NP7). The first FortiGate NGFW solutions powered by NP7 were released soon after, as the FG-1800F and FG-4200F.

Today, the launch of the FortiGate 4400F continues our commitment to delivering SPU-powered products capable of providing the fuel needed for digital innovation. It is positioned to support the most processor-intensive security environments of today – environments that will quickly become the norm of tomorrow.

Today’s Networks Require Security Solutions that Combine Productivity with Hyper-efficiency

Increasing productivity, even with a remote workforce, is a critical goal of many organizations. But with only so many working hours in a day, productivity gains rely exclusively on the efficiency of the tools being used. But in today’s environments, securing the proliferation of new applications is only part of the challenge for today’s firewalls. The volume of data being processed also needs to be addressed, and this is where traditional firewalls fall down flat.

Imagine a cutting-edge pharmaceutical research company looking to build new medicines while delivering value to shareholders. Testing, modeling, and 3D rendering are key to that process. These functions require the processing and transferring of very large datasets – often tens of Terabytes or more – as quickly as possible to AI/ML simulators. This enables new medicines to be developed faster, with lowered costs and reduced risk to human life. 

But that data also needs to be secured. The surreptitious injection of bad data can ruin months or years of research. And competitors and even nation-states may be looking to circumvent the time and expense of research by stealing this intellectual property. But without specially designed security hardware, few security devices on the market are able to keep up.

The FortiGate 4400F changes all of that natively by supporting multiple 100Gbps connections, enabling the inspection and protection of critical Elephant Flows by enabling organizations to make the most efficient use of their existing investments in 40G and 100G WAN links without compromising security at any layer of the network as defined by the OSI model.

But this is only the beginning. The next generation of smart cars, smart cities, and smart infrastructures – including transportation, power grids, manufacturing, and more – all augmented by AI and Machine Learning – will require the management and processing of massive amounts of Big Data. Providing sufficient performance and processing to support these new architectures will require even faster and more efficient infrastructures. And for most security vendors, this is a looming challenge that isn’t even on their drawing boards – which puts the future of the digital revolution at risk.

A Hyperconnected World Requires Hyper-Efficient Firewalls

The transition from 4G to 5G likewise promises huge potential for more efficient systems, the more rapid delivery of increasingly rich media, and a host of new applications and services still unseen that will benefit users and providers equally. But security is lagging from traditional security vendors still relying on off-the-shelf processors to power their devices.

Mobile network operators (MNOs) need a solution like the FortiGate 4400F that can ensure security and business continuity as 4G expands and they evolve their services to include 5G. The evolution of 4G and the introduction of 5G create the perfect storm for new levels of security performance and hyperscale needed to support the exploding number of devices connected to the mobile network. New security performance and scalability standards will need to be met to support the hyperconnected world where users talk to users and machines, where machine to machine communication becomes the norm, and data processing, decision-making, and transactions – often involving massive amounts of data – are measured in microseconds.

Likewise, mobile users adopting broadband wireless in 5G want very quick downloads of rich media, a very fast gaming experience, and the ability to generate ad hoc edge networks. Service providers need security solutions like the FortiGate 4400F to support and secure their massively scalable networks while ensuring fast user connection setup and the lowest possible latency. If not, the user experience will suffer, and revenue loss will follow as customers abandon the provider. 

Securing Data in Transit Remains Pivotal

Enabling providers to scale their radio access networks (RAN) and core infrastructures is already a challenge for nearly all modern security solutions. But adding the delivery of user data by leveraging hardware accelerated Suite-B encryption is an even more daunting task – and one that virtually every traditionally developed security solution fails to deliver. The FortiGate 4400F, however, delivers tens of thousands of tunnels while delivering 420Gbps of IPSec throughput, combined with a security compute rating of 11X better than other solutions for Security Gateway (SecGW) deployments. The versatility and performance of FortiGate Network Firewalls really futureproofs company investments because solutions like the FortiGate 4400F enable them to build high-speed, high-performance Data Center Interconnects. For situations that require encrypting at high speeds, IPsec can be turned on non-intrusively to support high-bandwidth IPsec tunnel flows.

Hyperscalability is as Essential as Hyperperformance

Performance is only half of the equation. Scalability is equally essential. With the greatest vertical scaling capability within a 4RU form factor, the FortiGate 4400F not only supports a very high influx of connections – 10 million connections per second and a security compute rating of 12x – it also reduces power cooling and rack space while offering the industry’s best price performance. And even at that level of scaling, you can still turn on essential Layer 4 firewalling and layer it with volumetric-based DDoS (distributed denial of service) attack prevention without impacting performance – ensuring all of your services are protected from bad actors.

Best-of-Breed Advanced Layer 7 Security for Everyone

FortiGate 4400F offers SSL inspection, including TLS 1.3, that is 6.5x better than competing products to provide full visibility into threats that hide in encrypted channels and the ability to detect unsanctioned applications. Inspection alone, however, is not sufficient. A strong security posture requires both threat protection and detection, and the FortiGate 4400F not only delivers two times the threat protection performance of its competitors, it is also powered by AI-enabled FortiGuard and FortiSandbox services to detect and stop known and unknown attacks. FortiGuard Labs has discovered a whopping 890 zero days – more than most competitors combined – with 104 detected so far just in 2020.

Hyperscale and hyperperformance are table stakes in our new digital world, and the new FortiGate 4400F provides these at a price-performance ratio unmatched in the industry. As organizations plan to move aggressively into the next phase of digital innovation, having a high performance security tool such as this in place is essential so that they never have to make the choice, now or in the future, between being competitive and being safe.

Read more about the announcement and how the FortiGate 4400F delivers security for hyperscale data centers with the industry’s best total cost of ownership (TCO). 

Sourced from Fortinet

Secure SD-WAN Addresses Manufacturing and Services Organization’s Security Challenges

Customer Perspectives

Organizational growth often leads to the rapid expansion of the workforce and the addition of branch offices. This, combined with the transition to a teleworker environment, can place significant demands on existing infrastructure in terms of bandwidth requirements, access control, and secure workflows and transactions that are not only multiplying but now originating from outside the traditional network. And WAN environments that rely on dedicated MPLS connections become increasingly expensive while providing limited flexibility and functionality when it comes to things like cloud access, security, and application performance.

Large distributed enterprises in the manufacturing services industry understand more than most the need for business agility. In today’s increasingly competitive digital marketplace, they need to stay connected to anticipate and respond to shifting consumer demands, provide the best possible experience to their customers, and address the challenges of providing a robust work environment while maintaining reliable business continuity in a time of digital innovation and increasing cyber threats.

SD-WAN to Achieve Business Agility

One large manufacturing and services organization, with a single dedicated WAN link at every branch location, began experiencing frequent outages that had a severe impact on their workforce and customer experience with business-critical applications. Such connectivity issues, especially in an industry that relies on continuously managing the delicate balance between supply and demand, can negatively impact customer satisfaction and business outcomes. 

With over 1,200 employees, and a distributed infrastructure across eastern and central Europe, this organization’s branch offices also had a wide variety of connection types in place, with some branch offices using MPLS/satellite, others using DSL, and a majority using LTE as their only available link for data center connectivity and internet access. 

To sustain and accelerate growth, this organization needed continuous connectivity. In fact, it was a top priority for their Digital Innovation strategy. They also understood that they needed to augment their existing WAN links with LTE backup across all branches to support an active/active load balancing and failover architecture designed to maintain business-critical applications such as Point of Sale, camera feeds, and automation tools. 

They were keen on adopting an SD-WAN solution best suited to their flexible deployment needs. This included a solution that combined connectivity and security through a centralized management interface, application awareness combined with high-speed SSL inspection, and local breakout security for direct cloud access from each branch office. In addition, visibility and control needed to extend across all branch networks, combined with precise segmentation for security policy enforcement across users, applications, and devices. 

Fortinet’s Secure SD-WAN solution fits all of these requirements, and much more.

Fortinet’s Secure SD-WAN Solution for Digital Innovation

With several SD-WAN vendors vying for selection as part of their proof of concept trials, this organization was quick to discover that Fortinet’s robust Secure SD-WAN solution differentiated itself by providing a fully integrated solution that combined business agility, optimal connectivity, strong security, and best user experience into a single form factor that was easy to deploy and manage. 

Fortinet Secure SD-WAN offered hybrid WAN traffic steering, QoS prioritization, application acceleration, and automation combined with a robust Next-Generation Firewall that supported a full stack of enterprise-class security functions. And it was available as a consolidated, powerful desktop appliance that also included built-in LTE. As a result, this organization was able to validate that the Fortinet solution would support all use cases for their current business needs, as well as future innovations—something no other vendor was able to do. 

Secure SD-WAN Key Benefits

A few of the key benefits and immediate business outcomes provided by Fortinet’s Secure SD-WAN solution include:

  • Deep Integration Combined with Product Consolidation: The needs for LTE as primary (replacing satellite-based MPLS links) and secondary links were easily met with FortiGate 40F-3G4G appliance with built-in LTE and the custom-built SD-WAN ASIC chip, the SOC4. And because these appliances include a full stack of security tightly integrated with advanced SD-WAN functionality, they were able to reduce the number of devices that needed to be deployed at each branch office. And with support for active/active load balancing and failover, they could provide consistent connectivity across all branch offices to ensure the best possible performance for their business-critical applications. 
  • Best User Experience: Given the nature of their manufacturing business, their goal was to deploy a streaming camera video feed in the near future aimed at providing connectivity and access control at their branch locations. Fortinet Secure SD-WAN’s ability to prioritize high bandwidth applications and ensure better access control with its branch-to-branch VPN overlay ensured the best user experience combined with reliable, uninterrupted service.
  • Strong Security Posture with Intent-based Segmentation: Secure SD-WAN’s ability to natively support intent-based segmentation enabled this organization to achieve better protection for direct access to cloud and internet resources while enforcing security policies based on the roles of users, devices, and applications. This, combined with a comprehensive, centralized content inspection to provide visibility into traffic, enabled the organization to limit breaches to specific network segments by preventing malicious content from passing over from one network segment to another.
  • Flexible Deployment with Advanced Networking Support: By combining zero-touch deployment for ease of deployment with advanced networking functions, such as advanced dynamic routing with BGP, allowed this organization to seamlessly deploy the Fortinet solution at their data centers, disaster recovery hubs, and many of their branches without having to redesign existing network configurations.
  • Extending Security to Branch Networks with SD-Branch: For those branch offices where outages were not an option, the organization was able to quickly implement hardware redundancy with active/active FortiGate appliances, and securely extend direct internet access via LTE using FortiExtender.
  • Centralized Management and Reporting: Fortinet’s unique single pane of glass management allowed this organizations to easily deploy Fortinet Secure SD-WAN at remote branch locations while maintaining a single, integrated security and networking framework. This reduced the need for additional IT staff while improving visibility and control across the entire network infrastructure.

All Objectives Met, and with Significant Cost Savings

Unlike most SD-WAN solutions, which require the deployment of multiple solutions, including a complex overlay of siloed security solutions, Fortinet’s Secure SD-WAN was able to meet all of the requirements of the multinational manufacturing organization with a single, easy to deploy and manage appliance. Not only were they able to meet their deployment goals, but they also managed to reduce their capital and operational expenses at the same time. That’s because Fortinet offers to most robust and complete SD-WAN solution in the industry.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how De Heus and Burger King Brazil implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Automotive Company Selects Fortinet to Provide Robust Security and Connectivity

Customer Perspectives

Distributed enterprises are increasingly shifting data, applications, and workflows to the cloud to meet evolving business requirements and achieve digital innovation goals. However, this can become problematic for branch locations that still rely on traditional MPLS connections to backhaul traffic through the corporate network.

Fortinet recently worked with one organization struggling with this challenge and chose to leverage Fortinet’s robust Security Fabric platform and the Secure SD-WAN solution to address this.

New Requirements for a Distributed Infrastructure

With nearly 100 branch offices, this European automotive company sought a vendor that could secure their entire distributed infrastructure—from their data center to branch locations, to the Azure Cloud. This organization wanted more than just individual security tools that could protect each piece of their environment. They asked for an end-to-end solution that could provide robust security and connectivity across the entire network, and that could all be managed from a single console.

Various vendors presented their solutions to this organization, but they either lacked the security platform approach desired or the robust Secure SD-WAN functionality required. With key advanced networking features like centralized management and local inspection and control of network traffic at the branch, Fortinet’s broad, integrated, and automated Security Fabric was the only solution to check each box on this company’s list—meeting and even surpassing their expectations.

The result of almost 20 years of innovation, the Fortinet Security Fabric is engineered to enable Security-Driven NetworkingZero-trust Network AccessDynamic Cloud Security, and AI-driven Security Operations across the enterprise to help organizations achieve their digital innovation goals and protect the evolving attack surface. And with a robust Security Fabric ecosystem of hundreds of seamless third-party integrations, it can be readily extended throughout an organization’s security architecture while enlisting existing investments into an integrated security framework strategy. This comprehensive approach to cybersecurity helps minimize security gaps, while a single management console provides full visibility and control over the entire network. 

Fortinet Secure SD-WAN, a critical piece of the Security Fabric for this customer, combines security and SD-WAN functionality in a single device to provide enhanced cloud-based application performance, advanced routing capabilities, and enterprise-class security all working together as a single, integrated solution to improve user experience while protecting critical data and resources.

A Fabric Approach to Cybersecurity

With a platform approach to cybersecurity that was able to address all of the varied needs across its infrastructure, Fortinet quickly became the front runner for this organization. Fortinet cybersecurity solutions were able to address the following use cases for this customer:

  • SD-WAN Functionality: This organization was able to leverage Fortinet Secure SD-WAN on the FortiGate NGFW to decrease the amount of MPLS traffic and subsequently reduce costs while establishing a comprehensive security strategy that did not require building and deploying a separate security overlay. Moreover, its ability to provide local inspection and control of network traffic at the branch without requiring additional devices set Fortinet apart from the competition to this company that prefers the use of local breakout connections to access SaaS services.
  • Dynamic Security for Cloud-based Applications: Fortinet Secure SD-WAN not only provides application identification, multi-path control, and application steering to ensure that organizations can access all critical applications and resources in the cloud, but the entire connectivity process is protected with a full stack of security solutions designed to automatically adapt to highly dynamic connectivity environments.
  • Optimizing Connectivity with Azure: Fortinet’s Secure SD-WAN integration with Azure Virtual WAN offers a robust, secure and optimized Cloud On-Ramp to Azure Cloud workloads and services. This helps ensure ease of use, security, quality of experience, and visibility across distributed infrastructures spanning on-premises locations and Azure regional data centers. 
  • Branch Security: This company also leveraged Secure SD-WAN to provide better security across their branch offices. SD-Branch added such functionality as access control for both wired and wireless APs, and protections for onsite IoT and endpoint devices and local LAN infrastructure, thereby increasing visibility and control without requiring additional IT staff on-site. 
  • Time Saved: With Fortinet’s simple, single-pane-of-glass management console that can scale across their entire SD-WAN deployment, the security teams were able to save time deploying, managing, and orchestrating policies across all security devices.
  • Integration: Having recently invested in solutions with Sentinel One, this organization needed a security vendor that could seamlessly integrate with them. Fortunately, Sentinel One is part of Fortinet’s robust Security Fabric ecosystem, with over 360 technology integrations. 

The combination of all these capabilities set Fortinet apart from the competition, making us the obvious choice for an organization looking to protect its infrastructure from its data center out to remote branch locations and across their cloud environment.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how De Heus and Burger King Brazil implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Education Organization Delivers High Performance Security with FortiGate NGFWs

Customer Perspectives

Organizations are continuing to expand and are looking for ways to secure their multiple network locations. There are various challenges to overcome and consider to protect the entire attack surface from internal as well as external threats with advanced security. The digital attack surface is expanding at a rapid rate, making it increasingly difficult to defend against advanced threats. The search for and selection of the right solution that provides comprehensive security is imperative for these organizations aiming for a strong security posture. To achieve this, organizations require a strategy that brings security to the forefront of the network buildout and seamlessly integrates it with the networking stack. The goal is to enable network security practitioners to manage all security risks that are associated with applications and infrastructure in today’s hybrid data centers.

In particular, one specific organization – a cooperative of school boards in primary and secondary education – needed a network security platform that can provide comprehensive threat protection for thousands of primary and secondary schools in multiple network locations. This organization required a solution that could provide IPsec secure access from any school to their data centers and perform a content inspection as traffic leaves for, and enters back from, the Internet. Finally, they also wanted to take their security to a whole new level with advanced security detection and enforcement between all schools – within or across various school boards. 

Delivering High Performance and Advanced Network Security Across Multiple School Zones

In this instance, this large cooperative of school boards selected a security strategy and solution that would enable each education facility to have high-bandwidth internet access with advanced security protection across its numerous locations. This organization’s vision was to serve the needs of almost a million students by building a network that provides massive scale and performance for security and advanced networking capabilities that work together to provide a strong security posture. In addition to reliably securing the numerous school locations, the solution was selected by the group of school boards to lower IT expenditures by building a joint security solution that could benefit from economies of scale and offer a low total cost of ownership. The specific advanced security requirements include turning on application identification, web filtering, an intrusion prevention system, and anti-virus concurrently and having the data center capacity reach 715 Gbps of threat protection that consolidates all of the above-mentioned capabilities. Additionally, all of the existing and future schools that join this partnership will continue to connect using IPsec capabilities to the established data centers. 

Choosing the Right Security Solution to Address Several Complex Business Requirements

This education organization manages two large national data centers – a primary and a secondary data center working in an active-passive arrangement. The participating schools are spread across different school districts that connect to the primary data center using an IPsec tunnel that originates from a FortiGate CPE. The schools route all traffic via the primary data center and when that data center is inaccessible, they automatically fail over via the backup IPsec tunnel to the secondary data center, providing the required performance and reliability. In this scenario, these IPsec tunnels from each school are terminated on a FortiGate Next-generation Firewall that is placed in each data entry as a VPN concentrator. This allows all participating schools to securely backhaul traffic to the two data centers while preserving the confidentiality of the data. 

To ensure better access control, traffic between each school board is segmented using a FortiOS feature called VDOM (Virtual Domain). These virtual domains allow this organization to take a FortiGate and logically partition it, providing each school board the ability to create unique security and network policies that suit its needs while still participate in the knowledge sharing conglomerate of school boards.

The FortiGates seamlessly integrate advanced networking and security capabilities like application identification, web filtering, and intrusion prevention system capabilities for thousands of schools and enable a massively scalable network security platform offering the required performance of 715 Gbps.

This advanced security solution also provides traffic content inspection between any two schools that want to communicate with one another, including schools within the same district. This is paramount to building a strong cybersecurity posture for all schools that fall within this educational organization’s jurisdiction. Although performing SSL/TLS inspection (including TLS 1.3) on encrypted traffic for full visibility was not initially a requirement in the organization’s search for the right solution, Fortinet’s SSL/TLS inspection performance was seen by the organization as a key benefit of Fortinet’s security solution. Moreover, the organization had requirements for centralized management and reporting capabilities to reduce network complexity and risk, while increasing efficiency. By leveraging the Fortinet Fabric Management Center, which is composed of  FortiManager and FortiAnalyzer, this organization can benefit from single pane of glass management across their two data centers to reduce cost and complexity, and streamline operations. Additionally, the Fabric Management Center offers best practices for compliance and workflow automation to provide better protection against breaches.

Fortinet’s ability to build complex, massively scalable, and high-performance Layer 7 advanced security reduced the organization’s security complexity challenges, providing better visibility and heightened performance. True to its goals, the organization will be able to scale to 715 Gbps throughput for its sites within the next few years with the Fortinet solution. 

Furthermore, the organization will have the ability to leverage its existing investment in Fortinet solutions and can simply turn on built-in SD-WAN capabilities to employ additional broadband transports to their WAN infrastructure and preserve user experience while realizing the industry’s best investment protection.

Finding a Proven Partner in Fortinet

Networks are continually growing and evolving, and the adoption of new technologies or workflows can increase the attack surface and open the door to new threats. At the same time, cybercriminals are launching increasingly sophisticated attacks. For this cooperative of school boards, Fortinet provided the network security platform that could seamlessly integrate advanced networking and security capabilities, run multiple best-of-breed security services concurrently and deliver the required scale and performance with industry’s most optimized Total Cost of Ownership (TCO). With Fortinet, this organization will be able to protect up to one million students and has an effectively future-proofed investment that gives them the ability to turn on TLS inspection and Secure SD-WAN on their already deployed FortiGate infrastructure.

Find out how Fortinet’s FortiGate Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Fortinet Acquires Cloud Security and Networking Innovator OPAQ Networks

SASE (Secure Access Service Edge) has become a topic of increased industry discussion and interest for enterprises and partners alike. That’s because today’s organizations require immediate, uninterrupted, and secure access to network and cloud-based resources and data – especially business-critical applications – no matter where their users are located.

Digital innovation creates new challenges for organizations, including dynamically changing network configurations and the rapid expansion of the attack surface. This has resulted in new and incremental opportunities to provide additional levels of protection and access control that these organizations and users require. These are challenges that a SASE solution is designed to address.

However, there are two critical things to remember about the selection and implementation of any SASE solution. The first is that it must be easily integrated into your larger security strategy. If not, you are simply creating yet another set of stand-alone security solutions that require additional attention and resources. The second is that any SASE solution must not only meet current access and flexibility needs, but it must also support a Security-driven Networking strategy so it can quickly and automatically adapt to new network changes and evolving business requirements as they occur while providing robust, continuously-improved security and performance.

Fortinet Delivers the Most Complete SASE Platform on the Market

Because of the broad range of technologies it encompasses, and the variety of environments it needs to support, SASE is not a one-size-fits all secure access solution. Organizations have unique needs, and they need to be able to select and deploy those security offerings that are best-suited to their unique network environments and business requirements.

And yet, for SASE to work well, all of its components still need to interoperate as a single integrated system – connectivity, networking, and security elements alike. Part of the reason that sounds so familiar to us at Fortinet is that we have been delivering the core SASE requirements—plus much more—for years as part of our integrated Security Platform and Security Fabric architecture. A number of our customers looking to understand SASE have found that, with minor adjustments, they already had a SASE solution in place thanks to the power of the Security Fabric.

And now, to expand on the SASE flexibility and functionality already provided to customers and partners, Fortinet today announced the acquisition of OPAQ Networks, a SASE cloud provider. OPAQ’s Zero Trust Network Access (ZTNA) cloud solution protects organizations’ distributed networks – from data centers to branch offices, remote users, and Internet of Things (IoT) devices.

By combining Fortinet’s Security Fabric with OPAQ’s patented ZTNA solution, Fortinet further enhances its existing SASE offering to offer the best-in-class SASE cloud security platform with the industry’s only true Zero Trust access and security solution. It does this by integrating industry-leading next-generation firewall and SD-WAN capabilities, web security, sandboxing, advanced endpoint, identity / multi factor authentication, multi-cloud workload protection, cloud application security broker (CASB), browser isolation, and web application firewalling capabilities with a patented zero-trust cloud architecture to offer a flexible and dynamic SASE solution that can be managed and controlled through a single interface. 

And Fortinet has the R&D scale and focus to deliver continuous innovation, with the best and broadest security “under the hood.” Unlike other cloud providers, who are missing a strong security backbone or a scalable, high performance cloud architecture—or, in some cases, both—Fortinet delivers cloud security, with the security.

“The acquisition of OPAQ further enhances our existing SASE offering. Now, we will deliver the most complete SASE platform on the market with the broadest security offering, industry-leading SD-WAN, and advanced networking solutions to customers and partners through a flexible, cost efficient, and patented zero-trust cloud architecture,” shared Ken Xie, Founder, Chairman of the Board, and CEO of Fortinet.

Moreover, OPAQ’s platform is purpose-built to be partner friendly, empowering MSSPs, carriers, and high value-add partners to easily integrate its multi-tenant SASE platform into their own offering. This enables these service providers to add critical value to their business and government customers through their Network Operations Center and Security Operations Center expertise and advanced professional services.

Given remote workforce trends, with exponentially more users, devices, applications, services, and data now operating outside of the traditional enterprise edge than inside, the integration of Fortinet’s broad Security Fabric with OPAQ’s cloud platform offers customers and partners even more choices as to how they can consume best-of-breed security. And it is yet another unique and differentiated way that Fortinet is empowering customers with the best, and truly integrated security and networking innovation designed to respond to evolving business needs in real-time.

Fortinet Enhances SASE and ZTNA Offerings with Cloud Delivery Enhanced Capabilities

With the OPAQ acquisition, unlike other cloud security providers, Fortinet delivers:

  • The best of scalability, performance, and security compared to any cloud security vendor.
  • A broad and integrated suite of cloud security solutions providing true Zero-Trust security, unlike other ZTNA providers who leave many unprotected gaps in the attack surface.
  • A one-of-a-kind ZTNA solution that includes continuous security innovation at scale, leveraging Fortinet’s market-leading R&D talent to deliver security substance “under the hood.” 
  • The most partner-friendly ZTNA offering in the market that remains true to Fortinet’s ongoing commitment to its value-add services partners. 
  • Fully integrated security and networking, including Fortinet’s industry-leading SD-WAN, furthering the company’s Security-driven Networking approach.

To that last point, Xie added, “The recent SASE market momentum further validates our Security-driven Networking approach and underscores what we’ve been saying for years. In the current era of hyper connectivity and expanding networks, with the network edge stretching across the entire digital infrastructure, networking and security must converge.”

Today’s announcement of the integration of Fortinet’s broad and integrated security offerings with OPAQ’s SASE cloud platform delivers the most complete SASE platform on the market, enabling organizations to more rapidly and securely embrace digital innovation and compete more effectively in today’s digital marketplace.

Learn more about how Fortinet’s acquisiton of OPAQ Networks enhances its existing SASE offering, enabling Fortinet to deliver the most complete SASE platform on the market.

Sourced from Fortinet

Key Use Cases for the Fortinet Fabric Management Center

Customer Perspectives

IT organizations use manageability as a key criterion in selecting security infrastructure. That said, the larger an IT network is, the more critical management efficiency becomes. The Fortinet Fabric Management Center, which combines the FortiManager network management solution and the FortiAnalyzer analytics and log management solution, streamlines deployment and administration across even the largest security infrastructure.

Ensuring Operational Efficiency at Scale

The experience of GPS Hospitality is a case in point. The company owns nearly 500 quick-service restaurants across 11 U.S. states—a size it reached in just seven years by growing through acquisitions. To ensure operational efficiency as it scaled up, GPS Hospitality standardized the IT environment across all its restaurants and engaged IT service provider HonorBuilt for IT deployment and support. 

GPS Hospitality selected Fortinet solutions to secure its geographically dispersed restaurants, in large part because of the Fabric Management Center. Today, each of the company’s restaurants has two FortiSwitch devices, a FortiGate next-generation firewall (NGFW), two FortiAP access points, and a FortiMail secure email gateway. HonorBuilt manages all these solutions, across the entire restaurant footprint, through a single pane of glass.

“For us, as the service provider, global management is the number-one benefit of using the Fortinet solutions,” says Andy Patterson, senior technology consultant for HonorBuilt. “Before using the FortiManager solution, we had no way of pushing out global updates. Now we can do it in minutes, across all 486 GPS Hospitality locations.” HonorBuilt also uses FortiAnalyzer to gain insights into security events across the GPS Hospitality infrastructure.

Just as important as day-to-day management efficiency is the ease with which the Fortinet solutions can be deployed in new locations. Jim Barlow, director of IT for GPS Hospitality, says the Fabric Management Center makes opening a new restaurant “almost cookie-cutter.” This ease of deployment has enabled GPS Hospitality to grow more than 1,000% in its first seven years. 

“Our partnership with HonorBuilt and our use of Fortinet solutions makes it very easy to put our same footprint in every restaurant,” Barlow concludes. “When the technology platform is as standardized as ours, a company can grow very quickly.” 

Visibility and Scalability in Preparation for the Future

Batteries Plus Bulbs has a similar story to tell. Its managed security service provider (MSSP), Leeward Business Advisors, is responsible for the company’s security operations center and network operations center, as well as security, network connectivity, and wireless access in each of Batteries Plus Bulbs’ 740 stores. 

FortiGate NGFWs secure traffic in each store and provide secure software-defined wide-area network (SD-WAN) network connectivity. FortiAP wireless access points provide wireless access within each store, and the FortiGate Unified Threat Management (UTM) bundle gives Batteries Plus Bulbs access to advanced malware protection, web filtering, intrusion prevention system (IPS), and application control. All these solutions rely on threat intelligence from FortiGuard Labs and third-party providers within the Fortinet Security Fabric. 

LeewardBA and Batteries Plus Bulbs staff use the Fabric Management Center to oversee all these solutions. FortiManager VM and FortiAnalyzer “enable us to provide centralized management from a single pane of glass, detailed reporting, workflow automation, and trends analysis,” says Jason Klein, chief technology officer (CTO) for LeewardBA. “This enables the in-house team to get a complete picture of their security posture at a glance, at any time.”

This level of visibility is a major improvement over the company’s legacy security environment, provided by a different MSSP and solution vendor. “We were often in the dark with our prior solution,” says Michael Lehman, vice president and chief information officer (CIO) for Batteries Plus Bulbs. “Our prior MSSP did not provide us with actionable insights about what risks we faced or what we could do about them.”

Dan Dugan, vice president of IT for Batteries Plus Bulbs, sums up the benefits of the Fabric Management Center: “Now we have security information by glancing at a screen, and we can drill down to any level of detail we need. We can take a more proactive stance in managing security. This gives us confidence that we are equipped to manage security threats for the next five to seven years.”

Financial Services Audits Made Easy

The Illinois State Treasurer does not have as many disparate locations as GPS Hospitality or Batteries Plus Bulbs, but as the state’s banking agency, it manages $32 billion in assets. Effective security is imperative—and in order to provide effective security, the agency’s small IT staff requires operational efficiency. That is a primary reason the Treasurer’s office turned to Fortinet. 

The agency deployed FortiGate NGFWs and the FortiSandbox sandboxing solution to protect its infrastructure. The Fortinet Fabric Management Center consolidates information about threat detection and response networkwide, which is essential for securing sensitive data, such as account or routing numbers, and connections with external financial institutions. “Having that single-pane-of-glass visibility makes security management a lot easier,” says Joseph Daniels, CIO for the Illinois State Treasurer. 

To comply with a recent information security audit, Daniels pulled the agency’s weekly FortiGate Cloud security reports, which gave him sufficient information to capably meet the audit requirements. Since then, the agency has deployed FortiAnalyzer analytics, which Daniels says “provides a much deeper dive into our network. … I am looking forward to the next audit that we have. We will be much better prepared.”

The Bottom Line for Automated Network Operations

From state agencies to retail businesses, efficiency is a crucial component of the IT security infrastructure. Many businesses face a resource shortage. Even large organizations may not have large security teams, due to the scarcity of skills available in most job markets. 

Automation, centralization, and other drivers of efficiency in infrastructure management help ensure that network and security teams of all sizes can effectively secure critical resources, potentially across hundreds (or even thousands) of dispersed locations. FortiGate NGFWs reach this level of manageability because of the single-pane-of-glass visibility in the Fortinet Fabric Management Center.

Learn more about how Fortinet’s Fabric Management Center enables enterprise-class automation capabilities while helping network leaders realize industry-leading benefits like improved efficiency, reduced risk, and decreased TCO. 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

ATP 29 Targeting SSL VPN Flaws

United Kingdom’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) have published research into the activity of ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’ who have been targeting various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.

The initial attack vectors for this group has been unpatched vulnerabilities in SSL-VPN solutions including Fortinet. One of the vectors used included a vulnerability resolved by Fortinet in May 2019, allowed an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests as disclosed in FG-IR-18-384 / CVE-2018-13379. At the time of the disclosure Fortinet made available patches for all supported releases (5.4, 5.6, 6.0, 6.2).

Customers were notified at the time via the public PSIRT Advisory system of the need to upgrade immediately and highlighted the same in the release notes.  For those unable to upgrade, mitigations were provided.  For additional transparency, this was again highlighted in a blog in August 2019 after the vulnerabilities were disclosed by the researchers at Black Hat 2019.

For all customers Fortinet recommends the following actions are taken immediately.

  • Upgrade all FortiGate systems to the latest firmware releases. Using the latest security patches for your release is key to protect against attack.
  • Validate that all SSL-VPN local users are expected, with correct email addresses assigned and perform password reset on all users.  If there are any unrecognised local users, follow corporate policy remove them immediately.
  • Preferably migrate to using remote directory system (LDAP,RADIUS) for all user authentication
  • Use multi-factor authentication (two-factor authentication authentication) to reduce the impact of password compromises.

Additional steps can be taken to secure your network against attack including:

  • Prevent and detect lateral movement in your organisation’s networks using tools such as deceptor technology to identify threats early in the threat cycle.
  • Employ Endpoint detection and response to identify and block threats before the have a chance to take hold on the network.

Revision History:

2020-07-16 Initial version

Sourced from Fortinet

Fortinet Unveils Secure SD-WAN For Multi-Cloud

Networking and security teams are constantly trying to maintain a balance between security, complexity, and application experience. This situation has become much more challenging with organizations adopting multiple clouds and hybrid cloud environments for their business needs. Fortinet’s new “Secure SD-WAN for Multi-Cloud” solution addresses these challenges by enabling enterprise IT to build a seamless cloud-to-cloud network and security architecture that is consistent and robust across the different clouds.

Multi-Cloud Comes with Multiple Benefits…and Challenges

Cloud infrastructure spend is rapidly becoming a larger portion of the CIO’s budget, and as a result, enterprises are increasingly adopting a multi-cloud approach for their cloud deployments. A multi-cloud strategy enables these organizations to avoid vendor lock-in and to select the best cloud services to meet the requirements of a particular application or workload. Organizations are also able to choose cost-optimized services and leverage geographically dispersed clouds for disaster recovery, to meet data sovereignty requirements, and to improve overall user experience. And, a multi-cloud model also provides redundancy to reduce the risk of downtime. 

For these reasons and more, enterprises are building their new data infrastructure across multiple clouds. And at the same time, IT continues to constantly evolve their cloud network infrastructure to meet new performance, security, scaling, and cost goals that have a tangible impact on their business outcomes.

However, even with so many benefits and use cases, multi-cloud is not without its challenges.

Firstly, the diversity of cloud platforms is a key challenge for IT since it is difficult to find skilled personnel who are experts in every single cloud environment. This skills gap often results in an IT team’s inability to scale adequately to keep up with the different demands of the large number of cloud service providers being used. Due to fundamental differences between cloud providers, IT typically struggles to deploy a consistent network infrastructure for applications and workloads that are deployed in or that span across multiple clouds. This increased complexity can slow down operations.

Secondly, this same problem also increases security risks. A lack of a consistent security infrastructure that can seamlessly span multiple clouds, especially in terms of policy orchestration and enforcement, results in security gaps that prevent end-to-end visibility and uniform security control.

Previously, to overcome these challenges, enterprises have chosen to backhaul cloud traffic to on-prem data centers or network service/colocation provider points of presence. While the goal is for cloud workload traffic to be centrally inspected and routed between the different clouds, these dedicated backhaul connections are often expensive and can quickly become bottlenecks. And this problem can be exacerbated because backhauling traffic over cloud provider VPN gateways to on-prem data centers can add significant latency and degrade application performance.

All these challenges demand a new approach for establishing secure and high-performance connectivity between multiple clouds—especially without increasing cost and complexity.

Fortinet Secure SD-WAN for Multi-Cloud

Fortinet Secure SD-WAN for Multi-Cloud is a new use case built around a FortiGate-VM next generation virtual firewall combined with a FortiManager central management console.

This new offering enables a unified networking and security strategy with a programmable framework to ensure consistent policies for securing and transporting traffic across multi-cloud environments. This application-aware overlay network can be easily deployed, and operates seamlessly across multiple Public and Private cloud virtual networks. It leverages internet connections as well as collocation and leased line connections to each cloud—including public cloud transport services like direct connect, express route, and interconnect—to offer the option of select different links per application and workload. And to reduce complexity and increase agility, the solution also supports repeatable deployments using automation templates and broad support for public cloud and SDN/SDDC integrations.

Next, this solution—supported by Fortinet fabric connectors that enable full integration with and between cloud providers—automatically updates dynamic addresses of workloads as they are spun up and spun down. Appropriate security policies are then dynamically tied to workloads without the need for manual intervention. In addition, cloud-native integrations, such as tag-based segmentation, enables the application of policies to segment workloads. And with pipelined automation that uses Cloud provider serverless functions, IT can decrease response times to security events through automation applied across multiple FortiGate-VM Secure SD-WAN nodes. And finally, deep packet inspection and advanced security, such as IPS and AV, provide deep visibility into any security threats across the multi-cloud deployment.

This solution can work on either cloud provider direct connections or internet links based on predefined or custom application signatures—and it also utilizes encryption to securely transport application traffic using internet links. And its SD-WAN dynamic path selection capability chooses optimal link(s) to deliver the best application experience. FortiGate-VM also offers over 20Gbps of IPsec performance for fast encrypted connections over internet links to reduce operational costs.

Customer Benefits for Deploying Fortinet Secure SD-WAN

Here are a few of the customer benefits Fortinet Secure SD-WAN for Multi-Cloud provides:

  • Lowers cybersecurity risks and improves compliance by deploying security policies and advanced protection uniformly across multi-cloud deployments, as well as securing application traffic with high speed encryption and traffic inspection.
  • Accelerates time to revenue and improves business productivity by increasing the agility of application deployments across multi-cloud environments, eliminating current limitations while delivering the right application experience at a reduced cost.

Secure SD-WAN for Multi-Cloud Offerings

For those enterprises looking to reduce complexity, increase cost efficiency, and improve application experience when operating multi-cloud environments, Secure SD-WAN for Multi-Cloud offers:

  • An overlay transport that creates a single, seamless network that spans different cloud environments
  • Consistent security controls and visibility in spite of a dynamic application infrastructure
  • High-speed encrypted traffic performance over less expensive internet links and leased lines
  • A scalable and future-proof solution, that enables the implementation of business policies and ongoing management and orchestration of connectivity and security from a single, centralized console.

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Read these customer case studies to see how Hillsborough Community College and WeLab implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud. 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet