Showing posts with label Fortinet. Show all posts
Showing posts with label Fortinet. Show all posts

Tuesday, January 14, 2020

GTT adds Fortinet to SD-WAN portfolio

GTT Communications has expanded its SD-WAN service offering by adding Fortinet Secure SD-WAN as a technology option over any last-mile access. It includes Fortinet's integrated next generation firewall and unified threat management functionality combined with an SD-WAN edge device and router.

“Clients rely on GTT to securely connect their locations across the world and to every application in the cloud,” stated Rick Calder, GTT president and CEO. “Our broad portfolio of SD-WAN service options, that now includes Fortinet, ensures that clients can run their applications with superior security, performance and reliability to support their business goals.”

Sunday, January 5, 2020

Blueprint: The Power of Intent-Based Segmentation

by Peter Newton, senior director of products and solutions, Fortinet

Time-to-market pressures are driving digital transformation (DX) at organizations. This is not only putting pressure on the organization to adapt to a more agile business model, but it is also creating significant challenges for IT teams. In addition to having to build out new public and private cloud networks, update WAN connectivity to branch offices, adopt aggressive application development strategies to meet evolving consumer demands, and support a growing number of IoT and privately-owned end-user devices, those same overburdened IT workers need to secure that entire extended network, from core to cloud.

Of course, that’s easier said than done.

Too many organizations have fallen down the rabbit hole of building one security environment after the other to secure the DX project du jour. The result is an often slap-dashed collection of isolated security tools that actually diminish visibility and restrict control across the entire distributed network. What’s needed is a comprehensively integrated security architecture and security-driven networking strategy that ensures that not a single device, virtual or physical, is deployed without there being a security strategy in place to protect it. And what’s more, those security devices need to be seamlessly integrated together into a holistic security fabric that can be centrally managed and orchestrated.

The Limits of Traditional Segmentation Strategies

Of course, this is fine for new projects that will expand the potential attack surface. But how do you retroactively go back and secure your existing networked environments and the potentially thousands of IoT and other devices already deployed there? CISOs who understand the dynamics of modern network evolution are insisting that their teams move beyond perimeter security. Their aim is to respond more assertively to attack surfaces that are expanding on all fronts across the enterprise.
Typically, this involves segmenting the network and infrastructure and providing defense in-depth leveraging multiple forms of security. Unfortunately, traditional segmentation methods have proven to be insufficient in meeting DX security and compliance demands, and too complicated to be sustainable. Traditional network segmentation suffers from three key challenges:

  1. A limited ability to adapt to business and compliance requirements – especially in environments where the infrastructure is constantly adapting to shifting business demands.
  2. Unnecessary risk due to static or implicit trust – especially when data can move and devices can be repurposed on demand
  3. Poor security visibility and enforcement – especially when the attack surface is in a state of constant flux

The Power of Intent-based Segmentation

To address these concerns, organizations are instead transitioning to Intent-based Segmentation to establish and maintain a security-driven networking strategy because it addresses the shortcomings of traditional segmentation in the following ways:

  • Intent-based Segmentation uses business needs, rather than the network architecture alone, to establish the logic by which users, devices, and applications are segmented, grouped, and isolated.
  • It provides finely tunable access controls and uses those to achieve continuous, adaptive trust.
  • It uses high-performance, advanced Layer 7 (application-level) security across the network
  • It performs comprehensive content inspection and shares that information centrally to attain full visibility and thwart attacks

By using business intent to the drive the segmentation of the network, and establishing access controls using continuous trust assessments, intent-based segmentation provides comprehensive visibility of everything flowing across the network, enabling real-time access control tuning and threat mitigation.

Intent-based Segmentation and the Challenges of IoT

One of the most challenging elements of DX from a security perspective has been the rapid adoption and deployment of IoT devices. As most are aware, IoT devices are not only highly vulnerable to cyberattacks, but most are also headless, meaning they cannot be updated or patched. To protect the network from the potential of an IoT device becoming part of a botnet or delivering malicious code to other devices or places in the network, intent-based segmentation must be a fundamental element of any security strategy.

To begin, the three most important aspects of any IoT security strategy are device identification, proper network segmentation, and network traffic analytics. First, the network needs to be able to identify any devices being connected to the network. By combining intent-based segmentation with Network Access Control (NAC), devices can be identified, their proper roles and functions can be determined, and they can then be dynamically assigned to a segment of the network based on who they belong to, their function, where they are located, and other contextual criteria. The network can then monitor those IoT devices based on that criteria. That way, if a digital camera, for example, stops transmitting data and instead starts requesting it, the network knows it has been compromised and can pull it out of production.

The trick is in understanding the business intent of each device and building that into the formula for keeping it secured. IT teams that rely heavily on IoT security best practices, such as those developed by the National Institute of Standards and Technology (NIST), may wind up developing highly restrictive network segmentation rules that lead to operational disruptions. If an IoT device is deployed in an unexpected way, for example, standard segmentation may block some essential service it provides, while intent-based segmentation can secure it in a different way, such as tying it to a specific application or workflow rather than the sort of simple binary rules IT teams traditionally rely on. Such is the case with wireless infusion pumps, heart monitors and other critical-care devices in hospitals. When medical staff suddenly cannot access these devices over the network because of certain rigidities in the VLAN-based segmentation design, patients’ lives may be at risk. With Intent-based Segmentation, these devices would be tagged according to their medical use, regardless of their location on the network. Access permissions would then be tailored to those devices.

Adding Trust to the Mix

Of course, the opposite is true as well. Allowing implicit or static trust based on some pre-configured segmentation standard could expose critical resources to compromise should a section of the network become compromised. To determine the appropriate level of access for every user, device, or application, an Intent-based Segmentation solution must also assess their level of trustworthiness. Various trust databases exist that provide this information.

Trust, however, is not an attribute that is set once and forgotten. Trusted employees and contractors can go rogue and inflict extensive damage before they are discovered, as several large corporate breaches have proven. IoT devices are especially prone to compromise and can be manipulated for attacks, data exfiltration, and takeovers. And common attacks against business-critical applications – especially those used by suppliers, customers, and other players in the supply chain – can inflict damage far and wide if their trust status is only sporadically updated. Trust needs to be continually updated through an integrated security strategy. Behavioral analysis baselines and monitors the behaviors of users. Web application firewalls inspects applications during development and validates transactions once they are in production. And the trustworthiness of devices is maintained not only by strict access control and continuous monitoring of their data and traffic, but also by preventing them from performing functions outside of their intended purpose.

Ironically, one of the most effective strategies for establishing and maintaining trust is by creating a zero-trust network where all access is needs to be authenticated, all traffic and transcations are monitored, and all access is restricted by dynamic intent-based segmentation.

Securing Digital Transformation with a Single Security Fabric

Finally, the entire distributed network need to be wrapped in a single cocoon of integrated security solutions that span and see across the entire network. And that entire security fabric should enable granular control of any element of the network – whether physical or virtual, local or remote, static or mobile, or in the core or in the cloud – in a consistent fashion through a single management console. By combining verifiable trustworthiness, intent-based segmentation, and integrated security tools into a single solution, organizations can establish a trustworthy, security-driven networking strategy that can dynamically adapt to meet all of the security demands of the rapidly evolving digital marketplace.

About the author

Peter Newton is senior director of products and solutions – IoT and OT at Fortinet. He has more than 20 years of experience in the enterprise networking and security industry and serves as Fortinet’s products and solutions lead for IoT and operational technology solutions, including ICS and SCADA.

Tuesday, December 17, 2019

Fortinet tops 21,000 SD-WAN customers

Fortinet announced a company milestone: 21,000 organizations across different industries and verticals have adopted its Fortinet Secure SD-WAN solution.

Fortinet delivers full-featured SD-WAN via the FortiGate next-generation firewall.

Fortinet said its security-driven networking approach to SD-WAN seamlessly integrates enterprise-grade SD-WAN, advanced security, and advanced routing in a unified offering to modernize customers’ WAN edge and help achieve their digital innovation goals with FortiManager Orchestration that can scale to support up to 100,000 SD-WAN sites.

Monday, August 26, 2019

Video - SD-WAN Security: 3 Things Customers Look For - Fortinet

MEF Annual Meeting – July/August 2019, Joan Ross, Field CISO, Fortinet, highlights 3 key things customers are looking for with SD-WAN security and shares her view on the importance of MEF standardization work on the subject.

“MEF’s work is so important right now to SD-WAN and specifically to SD-WAN security….We look at the customers who are using SD-WAN….and how MEF can help drive standards so that across SD-WAN solutions – whether at the customer level or the service provider level – the integration is seamless and security means the same thing across, end to end."

MEF’s Application Security for SD-WAN project – jointly led by Fortinet – is focused on defining policy criteria and actions to protect applications (application flows) over an SD-WAN service. Work includes defining threats, security functions, and security policy terminology and attributes, and then describing what actions a security policy should take in response to certain threats.

Download the SD-WAN Standard
In July 2019, MEF published the industry’s first global standard defining an SD-WAN service and its service attributes to help accelerate SD-WAN market growth and facilitate creation of powerful new hybrid networking solutions that are optimized for digital transformation. MEF’s SD-WAN Service Attributes and Services (MEF 70) standard describes requirements for an application-aware, over-the-top WAN connectivity service that uses policies to determine how application flows are directed over multiple underlay networks irrespective of the underlay technologies or service providers who deliver them. Download here:

To explore the latest on industry innovations and engage with industry-leading service and technology experts, attend MEF19 (, held 18-22 November 2019 in Los Angeles, California.

Wednesday, February 6, 2019

Fortinet intros Intent-based, next-gen firewalls

Fortinet introduced its new line of high-performance FortiGate Next-Generation Firewalls (NGFWs) for intent-based segmentation of security architecture. The idea with intent-based Segmentation is to allow organizations to achieve granular access control, continuous trust assessment, end-to-end visibility and automated threat protection. The new platforms are powered by customized Security Processor Units (SPUs).

Some highlights:
  • FortiGate 3600E Series deliver 30Gbps threat protection performance and 34Gbps SSL inspection performance. With high-density interfaces of 10G, 40G and 100G, it offers product consolidation and meets the needs of diverse deployments. Fortinet’s FortiGate Next-Generation Firewalls offer one of the industry’s highest marked SSL inspection performance and threat protection throughput.
  • The FortiGate 3400E Series provide 23Gbps threat protection performance and 30Gbps SSL inspection performance. Combined with high-density interfaces of 10G, 40G, 100G, the FortiGate 3400E Series meet the needs of a variety of deployments by offering input/output flexibility, reducing complexity to achieve operational efficiency
  • FortiGate 600E Series achieve 7Gbps threat protection and 8Gbps of SSL inspection performance with diverse 1G and 10G interfaces, allowing deployment flexibility.
  • FortiGate 400E Series deliver 5Gbps threat protection and 4.8Gbps SSL inspection performance with high 1G port density to suit the needs of branch offices.
  • The new FortiGate NGFWs, as part of Fortinet’s Security Fabric, leverage Fabric Connectors to seamlessly integrate with external security ecosystems, sharing threat intelligence quickly for automated remediation. Fabric Connectors provide open APIs, allowing the FortiGate NGFWs to integrate with third-party solutions and Fabric-Ready Partners. This gives users advanced high-performance security integration with industry-leading solutions, such as VMWare NSX and Cisco ACI.
"Segmentation is becoming as fundamental as patching vulnerable systems. Intent-based Segmentation aligns business goals with infrastructure changes and ultimately, dynamically separates infrastructure to protect users, data and systems. A fundamental element of Intent-based Segmentation is the high-performance NGFW."

Monday, December 3, 2018

MEF18 PoC - Zero Touch SD-WAN + SECaaS + Virtual Cloud Exchange

MEF18 Proof of Concept, 29 - 31 Oct - Zero Touch Automation for SD-WAN + SECaaS + Virtual Cloud Exchange (VCX). PoC Participants: Tata Communications and Fortinet.

Speakers: Nicolas Thomas, Consulting Systems Engineer, Fortinet and Vineet Anshuman, Global Product Manager, Tata Communications Transformation Services.

The PoC goal is zero touch automation for SD-WAN with Security as a Service and Virtual Cloud Exchange for seamless connectivity to public cloud. The idea is to prove that we can operate in a fully automated service deployment in the cloud as well as multiple branches with secured SD-WAN at the same time. This is zero touch and TOSCA model-driven within the LSO Framework.

A typical use case is: a large, regulated mutli-national enterprise wants to do a confidential townhall live. We will deploy the streaming service and SD-WAN adaptations in the branches from one model to allow a good latency and priority on the day for live streaming. Then another model will change the priority for the replay of the video when normal business resumes.

Fortinet is leading the Security-as-a-Service group in MEF. This is part of the MEF 3.0 SD-WAN sub-committee that is helping shape a fully automated, cross-service provider, software-defined federation of capabilities in order for telcos to provide end-to-end protection and service quality to their end customers.

Tata Communications Transformation Services (TCTS), a 100% subsidiary of Tata Communications Ltd, provides leading business transformation, managed network operations, network outsourcing and consultancy services to telecommunication companies around the world. TCTS delivers operational efficiency, cost transformation and revenue acceleration solutions for all the stages of the carrier process lifecycle, including but not limited to network engineering and design, implementation and operations functions.

Save the date for MEF19, 18-22 November 2019, JW Marriott, LA LIVE, Los Angeles.

Wednesday, October 24, 2018

Fortinet acquires ZoneFox for ML threat detection

Fortinet has acquired ZoneFox Limited, a privately-held cloud-based insider threat detection and response company headquartered in Edinburgh, Scotland. Financial terms were not disclosed.

ZoneFox uses machine learning to automatically detect when a user’s behavior changes, rapidly spot compromised user accounts being used to harvest valuable IP and confidential data, and identify users who present a security threat.

Fortinet said the acquisition enhances its Security Fabric and strengthens its existing endpoint and SIEM security business by providing customers with:

  • Deeper visibility into endpoints and associated data flow and user behavior, both on and off the network
  • Machine learning capabilities able to distill billions of events per day into high-quality threat leads to uncover blind spots and alert users of suspicious activities
  • A unique cloud-based architecture that captures essential data around five core factors - user, device, resource, process, and behavior - to analyze and configure policies easily
  • Full forensics timeline recording of information, combined with a simple search interface that helps analysts quickly determine the actions needed to boost an enterprise’s security posture
  • A zero-configuration agent that is easy and fast to deploy; the solution can scale up to support over 10,000 agents without performance loss
  • Out-of-the-box support for GDPR, ISO 27001, HIPAA and PCI DSS, with “ready-to-go” policies

Dr. Jamie Graves, chief executive officer and founder, ZoneFox said “We’re pleased to join the Fortinet team and bring together our shared vision of alleviating CISO concerns about insider threats. Integrating our solution with the Fortinet Security Fabric will allow us to extend our reach to a broad spectrum of Fortinet and third-party solutions to solve customers’ most difficult challenges in network security.”

Wednesday, June 6, 2018

Fortinet acquires Bradford Network for endpoint visibility

Fortinet has acquired Bradford Networks for an undisclosed sum.

Bradford, which was founded in 2000 and is based in Boston, provides a Network Sentry solution that continuously assesses the risk of every user and endpoint, and automatically contains compromised devices that act as backdoors for cyber criminals.  The platform integrates with leading endpoint security, firewall and threat detection solutions to enhance the fidelity of security events with contextual awareness.

Fortinet said the acquisition enhances its own Security Fabric by converging access control and IoT security solutions to provide large enterprise with broader visibility and security for their complex networks including:

  • Complete, continuous, agentless visibility of endpoints, users, trusted and untrusted devices and applications accessing the network including IoT and headless devices.
  • Enhanced IoT security through device micro-segmentation, dynamic classification of headless devices by type, profile, as well as automatic policy assignment to enable granular isolation of unsecure devices, all using a simple web user interface.
  • Accurate event triage and threat containment in seconds through automated workflow integrations that prevent lateral movement.
  • Easy, cost-effective deployment due to highly scalable architecture that eliminates deployment at every location of a multi-site installation.

“We are excited to join with Fortinet, the leader in network security to deliver exceptional visibility and security at scale to large enterprise organizations. Bradford Networks’ technology is already integrated with Fortinet’s Security Fabric including FortiGate, FortiSIEM, FortiSwitch and FortiAP products to minimize the risk and impact of cyber threats in even the toughest security environments such as critical infrastructure - power, oil and gas and manufacturing,” stated Rob Scott, chief executive officer, Bradford Networks.

Thursday, December 7, 2017

Fortinet presents Secure SD-WAN at #MEF17

Fortinet has just released an SD-WAN solution that provides tight integration of security from Layer 3 to Layer 7.  This makes connectivity to the cloud much more secure, says Sony Kogin, Director of Service Provider Marketing, Fortinet.

See video:

Defining Security as a Service - #MEF17

How do you provide services across secure Service Provider boundaries? Fortinet is working with other MEF members to define Security-as-a-Service, explains Richard Orgias, Director of Segment and Audience Marketing, Fortinet.

See video:

Saturday, October 29, 2016

Fortinet Extends Presence in Azure Government Cloud

Fortinet and Microsoft announced an extension of their partnership to protect the cloud environments of their joint government customers.

Specifically, Fortinet’s Security Fabric solutions for the cloud have been released on the Azure Government Cloud platform to provide comprehensive security, threat intelligence, and the visibility to detect, isolate, and respond to threats in real time for workloads running in the Government Cloud.

This includes virtual security products, such as Fortinet’s enterprise firewall (FortiGate), web application firewall (FortiWeb), mail security (FortiMail), as well as its integrated security management (FortiManager) and analytics (FortiAnalyzer) solutions are now available. Fortinet is also a go-to-market partner with Microsoft’s Azure Security Center.

Fortinet Posts Q3 Sales of $316.6 million, up 22%, but Missing Target

Fortinet reported Q3 revenue of 316.6 million, an increase of 22% compared to $260.1 million in the same quarter of 2015. GAAP net income was $6.3 million for the third quarter of 2016, compared to GAAP net income of $8.2 million for the same quarter of 2015. GAAP diluted net income per share was $0.04 for the third quarter of 2016. GAAP diluted net income per share was $0.05 in the third quarter of 2015.

"While our third quarter results were impacted by a moderated spending environment, extended sales cycles and sales execution challenges, we continued to outgrow the market, as well as add 9,000 new customers," stated Ken Xie, founder, chairman and chief executive officer. "Fortinet remains in a position to benefit from key secular trends such as security vendor consolidation and next generation cloud architectures. We have a strong technology advantage and visionary roadmap in place to help us continue to grow our market position, address our large opportunity, and make progress towards achieving our long term margin targets."

Total billings were $347.5 million for the third quarter of 2016, an increase of 16% compared to $299.6 million in the same quarter of 2015.
Deferred Revenue: Total deferred revenue was $934.8 million as of September 30, 2016, an increase of 32% compared to $706.9 million in the same quarter of 2015. Total deferred revenue increased by $30.8 million compared to $904.0 million as of June 30, 2016.

Thursday, June 9, 2016

Fortinet to Acquire AccelOps for Security Monitoring

Fortinet agreed to acquire AccelOps, a start-up based in Santa Clara, California, that specializes in network security monitoring and analytics solutions. Financial terms were not disclosed.

AccelOps’s virtual appliance software monitors security, performance and compliance in local and virtualized infrastructures, resulting in a unified view of the environment. The software discovers, analyzes and automates IT issues across multi-tenant or single networks, spanning servers, devices, storage, networks, security, applications and users.

Fortinet said the acquisition extends Fortinet’s recently announced Security Fabric strategy by enhancing network security visibility, security data analytics and threat intelligence across multi-vendor solutions. AccelOps solutions will become FortiSIEM and become part of the Fortinet Security Fabric, providing customers with greater visibility across both Fortinet and multi-vendor security solutions.

“Fortinet and AccelOps share a common vision of providing holistic, actionable security intelligence across the entire IT infrastructure. Our mission has always been to help our customers make security and compliance management as effortless and effective as possible. The synergies between AccelOps’s solutions and Fortinet’s Security Fabric vision and thought leadership will ensure that our customers are protected with the most scalable and proven global threat intelligence, security and performance analytics and compliance and control across all types of network environments with multiple security and networking vendor products,” stated Partha Bhattacharya, founder and chief technology officer, AccelOps.

Blueprint: Endpoint Visibility in the IoT

A Five-Step Action Plan for Securing the Network in the Age of IoT by Tom Kelly, CEO, AccelOps A report from BI Intelligence projects that Internet of Things (IoT) deployments will create $421 billion in economic value for cities worldwide in 2019. Cities will enjoy benefits such as improved traffic flow, a reduction in air pollution and better public safety. This is just one example of the advancements the IoT will bring to all sectors. However,...

Blueprint: Three Predictions for Network Monitoring in 2016

by Tom Kelly, CEO, AccelOps Why do armies set up look-outs all around their camps? Why do people read their horoscopes and shake magic eight-balls? Simple: they want to see what’s coming. In business, it’s incredibly helpful to be able to accurately forecast needs and set strategy. In the network security and performance arena of the business, it’s table stakes. While there’s no crystal ball that can tell us everything, one thing is certain:...

AccelOps Builds Threat Intelligence into its Actionable Security Platform

AccelOps, a start-up based in Santa Clara, California, introduced threat intelligence capabilities for its integrated IT and operational visibility platform. The existing AccelOps virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures on a single screen. It automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources,...

Sunday, December 13, 2015

Blueprint: Predictions for 2016 and the Evolving Threat Landscape

by Derek Manky, Global Security Strategist, Fortinet

From the “just when you thought things couldn’t get worse” department…

2015 was not an easy year for cybersecurity, whether you worked for one of the countless organizations that got hacked, had to pay a ransom to decrypt files on your hard drive, or spent your days trying to stay ahead of increasingly sophisticated hackers and well-funded nation states. Unfortunately, 2016 looks to have more of the same in store, as well as new and emerging threats that will challenge both security vendors and the organizations and consumers they work to protect.

That IoT Thing

The Internet of Things (IoT) encompasses far more than just fitness trackers and fancy watches. To date, we’ve seen plenty of vulnerabilities in devices that range from surveillance cameras to industrial control systems to connected vehicles, but haven’t observed much in the way of actual attacks that exploit these vulnerabilities. One exception is Point of Sale (PoS) systems, malware for which now ranks in Japan’s top 10 list of malware in the wild and is a key platform for credit card theft.

However, in 2016, we expect connected devices to become strategic beachheads for attackers to “land and expand”, whether propagating malware among devices or, more likely, using the increasing number of IoT devices to gain entry to the corporate networks they access.  Because these corporate networks are already hardened against attack, new, less secure attack surfaces will be attractive targets for cybercriminals.

In many cases, this will require more sophisticated malware with ever smaller footprints, but we’ve already seen proofs of concept for malware that can persist and propagate on connected devices with miniscule amounts of available memory.  The notion of “headless worms on headless devices” is more than a catchy tag line. If we look back on the damage the Morris Worm was able to do back in 1989 with an attack surface of just 60,000 Unix servers (10% of which it was able to infect), imagine an attack surface of the 20 billion connected devices Gartner is predicting will be online by 2020.

Jailbreaking the Cloud

You’ve heard of jailbreaking your iPhone. Basically you install custom software to unlock all sorts of capabilities that are normally hidden from users. With this extra power comes a host of security risks, not to mention some dire warnings from Apple. This year, though, we expect to see malware begin “jailbreaking the cloud.”

What does that mean, exactly? Consider the Venom vulnerability that made headlines this year: attackers were able to exploit old floppy disk drivers to break out of the hypervisor on a virtualized system and gain access to the host operating system. Malware can (and will) be designed to crack the hypervisor on virtualized systems, making lateral movement to other guest operating systems and tenants much easier.

Because so many public and private clouds rely on virtualization to provide multitenancy, scalability, and agile infrastructure, this can have far-reaching impacts, both in corporate data centers and for cloud providers.

Additionally, many mobile applications, delivered both through public and corporate app stores, access cloud-based and virtualized systems. These systems may drive the user experience, provide data input and output on the back end, or capture data for a wide range of purposes. Compromised apps, then, as well as specific mobile malware, will become less of an annoyance or privacy concern and more of a vector for attackers seeking vulnerabilities in public and private clouds.

New Malware? Yes, Indeed

Vendors have gotten very good at detecting and blocking a range of malware. Standard client anti-virus applications can pick up known viruses and other malicious applications quickly, while cloud-based services and gateway antimalware provide extra layers of protection. The best are performing deep packet inspection to pick out not just known signatures but also suspicious behaviors, traffic associated with command and control servers, and other “indicators of compromise.”

Many companies are also adding sandboxing technologies to their networks that can observe the behavior of unknown or suspicious files in controlled environments before those files are allowed on a network. At the same time, malware authors are building in obfuscation and evasion technologies to make detection more difficult.

So-called “blastware,” for example, like the Rombertik virus that gained media attention this year, can render a vulnerable host computer unusable. This is really only a problem if Rombertik detects that it is being analyzed or altered and many of the headlines about the software were overly sensational, but the concept is important. Malware is getting smarter about the environment in which it is running.

We’ll see this play out more frequently in 2016 in “ghostware” and “2-faced malware”. Ghostware, as its name suggests, is designed to penetrate a system, steal particular types of data, and then leave without a trace, erasing itself and any indicators of compromise that security systems might detect. Without these indicators of compromise, organizations might not even know they had lost data, much less be able to conduct a forensic analysis to determine the extent or nature of the breach.

Two-faced malware detects when it is being examined in a sandbox and behaves like a benign file. When it clears the sandbox, it then completes whatever malicious action it was designed to execute. There are, appropriately, two major challenges associated with 2-faced malware:

  1. It’s very hard to detect, even with sophisticated sandboxing technology and
  2. Sandboxes generally feed threat intelligence back into a larger ecosystem and could result in a particular piece of 2-faced malware being automatically cleared by the system, enabling other instances to pass through security mechanisms unfettered.

Evolution, Not Revolution

2016, then, will be a year of evolving threats. Much of this we’ve seen before, if in less sophisticated forms. The arms race between the bad guys developing smarter and more effective malware and vendors creating more intelligent security products will continue and IoT will move from proof of concept vulnerabilities to a viable attack surface. As threats evolve, though, organizations will need to be increasingly mindful about their deployments, adoptions, and the devices and services on which they rely to conduct business.

About the Author

Derek Manky formulates security strategy with more than a decade of advanced threat research, his ultimate goal to make a positive impact towards the global war on cyber crime. Manky has presented research and strategy world-wide at premier security conferences. As a cyber security expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cyber security. He is involved with several threat response and intelligence initiatives, including FIRST ( and is on the board of the Cyber Threat Alliance (CTA) where he works to shape the future of actionable threat intelligence. Manky’s areas of expertise include FortiGuard, Threat Intelligence, advanced threat research, global war on cyber crime, Cyber Threat Alliance, zero-day vulnerabilities, mitigation advice and threat forecasts.

About Fortinet

Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the globe. The company's fast, secure and global cyber security solutions provide broad, high-performance protection against dynamic security threats while simplifying the IT infrastructure. They are strengthened by the industry's highest level of threat research, intelligence and analytics. Unlike pure-play network security providers, Fortinet can solve organizations' most important security challenges, whether in networked, application, wireless or mobile environments -- be it virtualized/cloud or physical. Nearly 250,000 customers worldwide, including some of the largest and most complex organizations, trust Fortinet to protect their brands. Learn more at, the Fortinet Blog or FortiGuard Labs.

Tuesday, September 29, 2015

XO Launches Managed Security Service over AWS Direct Connect

XO Communications (XO), in collaboration with BAE Systems and Fortinet, announced a Managed Security Bundle for businesses using the Amazon Web Services (AWS) Direct Connect service.

The new AWS Direct Connect-enabled managed security bundle enables XO customers to procure high-speed connectivity to the AWS Cloud with firewall technology and managed security from a single provider.

XO integrates firewall technology from Fortinet and highly-respected managed security services from BAE Systems into the XO MPLS network for customers accessing AWS Direct Connect that sign up for the managed security bundle.

“Our new managed security bundle for AWS Direct Connect is an integral element of our network-enabled cloud strategy helping businesses to effectively and efficiently leverage both public and private cloud services to maximize their business productivity,” said Jake Heinz, senior vice president of marketing and product at XO Communications.  “In today’s environment where data security is a top priority, businesses can effortlessly leverage services designed for a higher level of security for their AWS Cloud data accessed through the XO network.”

XO expanded its AWS Direct Connect capabilities in 2014 and currently offers secure network connectivity for enterprises at speeds ranging from 50 Mbps to 10 Gbps.

Tuesday, September 8, 2015

Fortinet Outlines Software-Defined Network Security Framework

Fortinet introduced its new Software-Defined Network Security (SDNS) framework for providing advanced threat protection in the modern, agile data center.

Fortinet said its goal is to provide actionable steps in delivering a comprehensive approach to securing the data center, while providing the most extensible platform for infrastructure integration with technology partners including HP, Ixia, PLUMgrid, Pluribus Networks, Extreme Networks and NTT.

Highlights of Fortinet's SDN Security framework:

  • Data Plane - the encapsulation of security engines from fixed hardware boxes into logical instances that can be more scalably distributed and embedded deep into virtualized switching fabric and abstracted network flows.
  • Control Plane - the orchestration and automation of security policy with provisioning of elastic workloads to eliminate security and compliance gaps in highly agile, dynamic environments.
  • Management Plane - a 'single pane-of-glass' for security policy and events across physical and virtual appliances, private and public clouds, and throughout converged infrastructure to ensure a consistent and compliant security posture.

"There is likely no single SDN platform that all enterprise and service provider customers are going to standardize on," said John Maddison, vice president of marketing for Fortinet. "Hence the reason we are developing an eco-system to support different SDN platforms through proprietary and open Application Programming Interfaces (API's). The key is providing scalable security modules that can be called on-demand, at the orchestration level."

Fortinet noted that it is working closely with a large number of partners to tightly integrate security within their key infrastructure platforms. These platforms include SDN controllers, orchestration frameworks, hypervisors, cloud management, security management and analytics. Fortinet is currently working with more than two-dozen technology providers to ensure protection from cyber threats through Fortinet's advanced SDN Security.

Thursday, June 25, 2015

Masergy Deploys Commercial NFV at the Network Edge

Masergy, which owns and operates an independent global cloud networking platform for enterprises, has commercially deployed pure-play network functions virtualization (NFV) at the edge of its network using technology from Overture, Brocade, Fortinet  and Intel.

The deployment provides Masergy with greater agility, enabling it to deliver new and advanced premium services quickly and easily.

“Our primary focus is on service agility and our pure-play NFV deployment sets the stage for immediate response to customer requests,” said Tim Naramore, Masergy’s chief technology officer. “Masergy has long been an innovator, providing our customers with solutions that give them real-time control and the ability to get the services they need, when they want them.  With this launch, we’re adding incredibly agile and flexible solutions to our Managed Network f(n) family of distributed, fully managed network functions.”

Masergy’s NFV deployment, Virtual f(n) comprises virtualized network services at the edge of the network and is based on the Overture Ensemble Carrier Ethernet (ECE), Brocade Vyatta 5600 vRouter and Fortinet FortiGate-VM firewall virtualized network functions (VNFs) running on the Overture 65vSE VNF compute node platform, based on the Intel Atom processor, at the customer premise.

“The promise of pure software-based NFV has become a reality. Other operators have been taking a hybrid approach, using software functionality in existing Layer 2 devices or leveraging proprietary features in backbone switching equipment to deliver NFV-like services,” said Prayson Pate, Overture’s chief technology officer. “Masergy’s deployment, with our Ensemble Carrier Ethernet platform as the foundation, shows how a completely software-defined NFV environment can deliver performance comparable to today’s hardware-based solutions.”

“We work closely with Intel Network Builders members, including Overture, to ensure that their NFV solutions meet the stringent requirements of operator networks,” said Lynn Comp, Director of Market Development, Intel Network Platforms Group. “These collaborative efforts with the ecosystem have helped service providers understand the many benefits of running virtual network functions on open, Intel architecture-based systems in their deployments.”

Wednesday, May 27, 2015

Fortinet to Acquire Meru Networks for $44 Million

Fortinet agreed to acquire Meru Networks for approximately $44 million in cash ($1.63 per Meru share).

Meru, which was founded in 2002 and completed its initial public offering in 2010, specializes in enterprise 802.11ac Wi-Fi solutions based on an open-standards-based architecture that is designed to enable unified management of wired and wireless networks. Its end-to-end application QoS enables enforceable service-level agreements. The company is based in Sunnyvale, California, and has more than 300 employees worldwide. For the full year ended December, 2014, Meru reported revenue of $90.9 million.  Meru’s portfolio includes:

  • Access points that deliver wireless connectivity to support data, voice, and video applications with superior performance, low latency and reliability.
  • Controllers to optimize wireless traffic across access points and client devices meeting mission-critical enterprise demands for wireless connectivity.
  • SDN enabled Wi-Fi system software that seamlessly manages and secures wired and wireless LANs, as well as efficiently provisions Wi-Fi enabled end-user devices.
  • Cloud and virtual wireless controllers and appliances that provide unprecedented choice and flexibility in deploying and scaling wireless infrastructure, whether through a data center or private cloud environment.

Fortinet said the acquisition is synergistic with its secure wireless vision and enterprise growth focus, enabling it to address the $5B global enterprise Wi-Fi market with integrated and intelligent secure wireless solutions. Fortinet’s FortiAP secure wireless access points and FortiWiFi integrated security appliances for enterprise branch offices and small businesses have been among the fastest growing products in the company’s “advanced technologies” portfolio. The addition of Meru’s intelligent Wi-Fi solutions to the Fortinet portfolio extends the delivery of a secure, uninterrupted user experience – anytime anywhere – providing peak performance in environments requiring high capacity load and a high-density of wireless users, such as enterprise, education, healthcare, and hospitality.

“The acquisition of Meru Networks maps to our overall security vision of combining strong network security with ubiquitous connectivity,” said Ken Xie, founder, chairman and CEO of Fortinet. “We expect this to accelerate our innovation through the delivery of new solutions and services to help enterprises of all sizes deploy, manage and secure wired and wireless networks in a mobile era. We believe the extension of our market-leading end-to-end security platform will increase our growth opportunities and benefit our customers and partners globally.”

Monday, January 26, 2015

NTT Com Offers Fortinet's Software Security Appliance

NTT Communications has begun offering a software security appliance service that can be deployed in a customer’s private cloud, and in the near future via NTT Com’s WideAngle security service for managed security.

The service, which is offered in collaboration with Fortinet, enables the on-demand use of basic security functions, such as cloud intrusion prevention system (IPS) and filtering, for the unprecedentedly fast, flexible and low-cost implementation of security measures.

NTT Com is the world’s first telecom service provider to launch a one-stop service for managed security service using Fortinet’s software security appliance. It is being offered as a new option in NTT Com’s Enterprise Cloud service for mission critical systems.

NTT Com said its one-stop service combines basic security measures such as IPS and URL filtering, plus antivirus and antispam measures for emails, as well as managed security for virtual environments in a customer’s private cloud and NTT Com’s WideAngle cloud.

Tuesday, January 13, 2015

Blueprint: Round-Two for Next Generation Firewalls

by Casey Quillin, Director at Dell'Oro Group

As the enterprise sector turns to the cloud to deliver applications to mobile users across widely dispersed networks, Cisco and Juniper must catch up with smaller competitors. But how much does time-to-market matter?

Risk is omnipresent in the enterprise sector. Business applications must be protected. Data must be protected. Users and their information must be protected. Business intelligence must be protected. Networks, servers, and infrastructures must be protected. While the fact of risk doesn’t change, the technologies that mitigate risk continue to evolve alongside the players and vendors bringing new solutions to market. Nowhere is this evolution more evident than in the realm of network firewalls.

The market opportunity today, and for the next several years, will be split between the slow and steady tortoises of vendors like Cisco and Juniper, and the sleek, speedy hares that include Check Point Software Technologies, Fortinet, and Palo Alto Networks. The enterprise-class firewall market is robust. Sales eclipsed $3 billion in 2013 and are projected to increase to the high single-digits over the next five years to almost $5 billion.

There are many layers of security. In this article, we are concerned with firewalls—hardware or software that ensures only approved users and data traffic can enter the business network from the “outside” (usually but not exclusively the public Internet) and mitigates inappropriate use of the internal LAN, including removal of information from the network. Over the past three years, firewalls have evolved from protecting networks at the perimeter to protecting the entire network from both external and internal threats.

The network has expanded from a system which allows users to share common resources, to an application delivery platform. Certainly, many applications continue to serve employees and customers from the data center; however, users may also be served from external service providers or cloud providers. End users may be co-located in the building on the LAN, or at home or in offices halfway around the world. Despite this dispersal, users demand the same experience and level of performance they would receive with local application access.

As application delivery platforms, networks continually face new and evolving security risks, as well as substantial changes in the way security policies are created and enforced.  These changes inspired application-aware security platforms (commonly referred to in the industry as “next generation firewalls”), which use deep-packet inspection to identify application traffic and enable both user- and application-layer policies.  Vendors of all sizes are jumping into the new application-aware next generation firewall space.

The next generation firewalls from Check Point, Fortinet, Palo Alto Networks, and others are a great fit for networks whose perimeters have been eroded due to the cloud, and users who now connect to the corporate network from different locations and with a variety of devices (BYOD). Offering nimble, early-to-market products—and without the risk of cannibalizing existing sales or disrupting publicly announced product roadmaps—these firms grabbed mindshare with their innovative technology and compelling use cases.

Like the hare in Aesop’s fable, these companies had a head start and have continued to innovate. Not unexpectedly, Cisco and Juniper, the slower tortoises, have responded in force. Indeed, they have largely closed the functionality gap. With its acquisition of Sourcefire in 4Q13, Cisco launched its new platform optimized for application delivery and enterprise edge-of-network (named ASA with FirePOWER Services).  Juniper has steadily added application-aware features to its SRX platform and is now fully competitive with the new-generation hares.

But, now, with product functionality fairly evenly matched across all enterprise firewall vendors, how will users choose which products to purchase? Previously, the hares with their first-to-market advantage had the most compelling sales propositions.

It would be premature to conclude that the game’s over. In fact, the race for the next-generation firewall is still in its early stages. As vendors market these products, a bifurcation has evolved between the data center and the network edge. Indeed, protecting the data center is a different matter from protecting the network edge. Each site requires the use of different technologies and for the next few years, we believe vendors will be able to excel at either the data center or the network edge—but unlikely at both.  One firewall cannot be optimized for both data center and network edge without sacrificing performance and simplicity of administration.  The intelligent user will optimize his network by deploying best-in-breed products—one class for the data center and another class for the network edge.

In the data center, the number of applications running and the number of users are limited and known. In addition, only a small number of device types are used and these are always connected with cable. Firewall products for the data center do not need to boast best-in-class support for mobile devices, nor do they need to be optimized to distinguish vast numbers of applications connecting via the Internet.  Data center networks are in the midst of a major transition to Software-Defined Networking (SDN) where the administrator will have a global view of the network across multiple platforms and be able to program the network to act upon real time intelligence such as denial of service and resetting traffic paths.

It is unlikely that a rational user would choose a data center firewall product that will have such a global command of the network from a young, small vendor.  The rational user will choose a vendor with years of experience and vast numbers of trained staff—a vendor with the ability to scale. In this scenario, companies such as Cisco and Juniper will have the advantage because they can integrate next-generation firewall functionalities into their broad product lines.

In contrast, the enterprise campus and network edge are tightly focused on ensuring secure access and use of mobile devices. In these deployment locations, firewalls must be able to distinguish an enormous variety of applications running on the Internet. Once an application is identified, a firewall must be able to implement policy user by user. Firewalls in these locations must also be able to provide secure access and context-based authentication to widely different types of mobile devices. In this realm, a vendor gains advantage based on its speed of innovation and the richness of its database of threats.

Let’s look deeper into vendors’ positions. As shown in Figure 1, since 2011 Cisco has maintained a 30% to 32% revenue share in the Enterprise Class Firewall market. Its next closest competitor, Palo Alto Networks, has grown to about 10%, while Fortinet, Huawei, and Juniper are tied in third place.

Cisco’s strength stems from sales to the data center, which have been a strategic focus and growth engine for the company. We estimate that sales to the data center of Cisco’s Ethernet switch and server businesses represent 20% of the company’s overall revenue. There are massive changes taking place in the data center with virtualization and SDN. Change brings opportunity to new entrants. Cisco’s challenge will be to rapidly innovate at the enterprise edge, while protecting its data center business.

Palo Alto Networks has built its reputation as best-in-breed based on its strength at rapid innovation at the enterprise network edge. In February 2014, the company launched its high-end platform, PA-7050, targeting large enterprise and carrier data centers. In order to grow its data center business, Palo Alto’s challenge will be to convince users it has the scale to fulfill the technical and service level demands of supporting data center class deployments.

Fortinet’s pioneering Unified Threat Management (UTM) product carved a powerful brand with its “single pane of glass” approach to managing network security. The company also spearheaded application-aware, enterprise-class firewalls targeting the network edge. Its FortiGate products with custom ASICs earned a reputation for high performance and ease of management at reasonable prices. Fortinet’s stronghold is at the enterprise network edge, a position the company is strengthening with its expansion into Wireless LAN access points.

Of notable mention is Fortinet’s doubling of market share over the past two years. Although the company offers high-end platforms targeting large enterprise and carrier data centers, we envision the same challenges that Palo Alto faces: securing user interest to test and deploy products and scaling to support the data center’s rapidly changing demands.

The foundation of both Huawei and Juniper’s strength is data center deployment, primarily from carrier purchases of the Eudemon8000E-X series and the SRX, respectively. We believe that Juniper’s sales were also bolstered by large enterprises, albeit to a lesser degree. Looking forward, we expect this trend to continue although both firms have deployed competitive, application-aware firewall products for the enterprise edge. Juniper’s challenge will be to shore up its share loss—and quickly—as time is not on its side. The longer it takes the company to get back on track, the greater the difficulty it will face. Huawei’s challenge will be to sell to large enterprises outside of China and to sustain rapid innovation at both the enterprise edge and the data center.

The bottom line is that customers need next-generation solutions that are more powerful than packet-oriented firewalls and unified threat management. These products must penetrate deep into applications without sacrificing performance. Firewalls must be capable of protecting today’s diversified networks—clouds, virtualization, mobile users, and BYOD. At present, the innovators in this area are the smaller players, whose offerings are more compelling to enterprises that understand the risks inherent in the evolving application delivery market. While small companies have the current advantage, the big players are ready to strike back.

Round two of the next-generation firewall race is about to begin. Things are going to get really, really interesting.

About the Author

Casey Quillin joined Dell’Oro Group in 2011. He is responsible for the Data Center Appliance and Storage Area Network market research programs. While at the firm, Mr. Quillin has significantly expanded Data Center Appliance research, including the build-out of Network Security Appliances. Mr. Quillin has over 20 years of experience as an executive manager and entrepreneur in the technology sector. Prior to joining Dell’Oro Group, he held positions with several startups, including Vice President of Engineering at Snapfish, the world’s largest online photo-sharing site, later acquired by HP. He was also CTO of Oasys Networks, an application service provider in the financial services market; Co-founder and CEO of Logic by Design, an interactive media agency; and Managing Partner of Cornice Networks, a network integration and IT consulting firm in San Francisco.

About Dell'Oro Group

As the trusted source for market information about the networking and telecommunications industries, Dell’Oro Group provides in-depth, objective research and analysis that enables component manufacturers, equipment vendors, and investment firms to make fact-based, strategic decisions. For more information, contact Dell’Oro Group at +1.650.622.9400 or visit

See also