Fortinet Unwraps New, Integrated Security Platform

Lawrence Walsh,
Channel News

Fortinet is seeking to expand its footprint in the enterprise and managed services market and capitalise on the IT consolidation trend with the release of its latest operating system, FortiOS 4.0, its security software platform that integrates multiple risk management functions into purpose-built appliances.

Announced today, FortiOS 4.0 incorporates several tightly integrated security technologies, including data loss prevention, SSL decryption and traffic inspection, WAN optimisation and application-layer policy controls, with conventional security solutions, such as stateful-packet inspection firewalls and anti-virus. Capacity, performance and speed is a matter of the appliance – smaller boxes for small offices and larger boxes for enterprise and data centres.

Fortinet says its basic architecture philosophy of providing all of its security technologies in a signal package and the desires of end users to consolidate the number of devices in use will give its solution provider partners an opportunity to optimise their customers’ security infrastructures. Today, layers of security protection are often disaggregated into separate security devices and software packages, which add layers of complexity through disparate management systems.

“Customers should be able to access all of the technology without having to buy different technology,” says Anthony James, vice president of products at Fortinet. “We just can’t keep asking them to buy new and more technology.”

What’s different in FortiOS 4.0 is a tighter integration of different security functions, which gives users a greater degree of control over security management and policy enforcement. For instance, conventional SSL inspection is done independent of other security functions, such as DLP or intrusion prevention. In FortiOS, inspection data collected by the SSL engine is shared with other security functions to provide holistic intelligence and policy enforcement.

Web 2.0 tools, peer-to-peer file sharing and social networking are posing even greater threats to businesses, and firewalls are increasingly inept at blocking traffic that’s simply passing over public ports such as Port 80 (HTTP). FortiOS gets more granular with application policy enforcement, identifying applications by their characteristics rather than port assignments. Fortinet says this gives users a better tool for control over what their users are allowed to access from their work PCs and networks.

Fortinet has enhanced its DLP functions by incorporating sensors for detecting user-defined information leaks by rule sets and profiled policies. The DLP system can automatically quarantine users from access to prevent them from distributing classified materials. Information collected by the DLP module is shared across the security functions for aggregated policy enforcement, and the reporting mechanism is designed to give administrators greater insight into how users are trying to access, use and distribute data.

FortiOS 4.0 includes new identity-based policies, giving organisations the ability to assign access and rights to users based on individual identities, groups or roles; and an endpoint compliance module that checks connecting devices for policy compliance.

Since FortiOS is designed to operate on Fortinet’s purpose-built security appliance, Fortinet believes the new release with its integrated functionality and consolidated management will be attractive options to enterprise customers and managed service providers looking to enhance or replace disparate legacy equipment in their data centres.

“This release makes it easy for our partners to go to market, since this doesn’t require upgrades or add-on equipment,” says Kendra Krause, vice president of channel sales operations. “FortiOS extends the scope of consolidation with Fortinet. For the customer, having more appliances just doesn’t make sense.”

Fortinet believes the new platform will give it and its partners a competitive advantage over offerings by Juniper Networks, Check Point Software Technologies and Cisco Systems in the enterprise market; and SonicWall and WatchGuard Technologies in the SMB market.

Check Point recently announced its new software blades architecture, in which users can apply different security software and management modules to their appliances to meet specific protection needs. Check Point said the new architecture gives partners and users more flexibility in designing integrated, scalable security systems.

Juniper is expected to announce changes to its security product line next week.