Showing posts with label Fortinet. Show all posts
Showing posts with label Fortinet. Show all posts

Monday, July 20, 2020

Fortinet acquires OPAQ Networks for SASE

Fortinet has acquired OPAQ Networks, a Secure Access Service Edge (SASE) cloud provider based in Herndon, Virginia. Financial terms were not disclosed.

OPAQ’s Zero Trust Network Access (ZTNA) cloud solution protects organizations’ distributed networks – from data centers, to branch offices, to remote users, and Internet of Things (IoT) devices.

Fortinet said OPAQ’s patented ZTNA solution enhances its own SASE offering to form the best-in-class SASE cloud security platform with the industry’s only true Zero Trust access and security by providing industry-leading next-generation firewall and SD-WAN capabilities, web security, sandboxing, advanced endpoint, identity/multi factor authentication, multi-cloud workload protection, cloud application security broker (CASB), browser isolation, and web application firewalling capabilities.

Ken Xie, Founder, Chairman of the Board, and CEO, states: "The recent SASE market momentum further validates our Security-driven Networking approach and underscores what we’ve been saying for years. In the era of hyperconnectivity and expanding networks, with the network edge stretching across the entire digital infrastructure, networking and security must converge. In fact the acquisition of OPAQ actually further enhances our existing SASE offering. Now, we will deliver the most complete SASE platform on the market with the broadest security and industry-leading SD-WAN and networking offerings that can all be delivered to customers and partners through a flexible, cost efficient and patented zero-trust cloud architecture."

Wednesday, June 10, 2020

Spark NZ picks Fortinet Secure SD-WAN

Spark NZ has chosen Fortinet Secure SD-WAN to expand and differentiate its service offerings to corporate, enterprise and government customers. 

Fortinet is building on a partnership with Spark that, most recently, resulted in delivering one of the largest technology migrations in New Zealand. The physical migration of 2,500 sites, many in remote locations, was aided by API-driven automation to successfully and seamlessly finish ahead of schedule. Fortinet is now partnering with Spark to achieve complete WAN transformation for a number of other major clients across New Zealand.

In addition to leveraging Fortinet Secure SD-WAN to deliver services to their customers, Spark has also chosen to deploy Fortinet Secure SD-WAN across their own retail locations, resulting in improved performance, strengthened services from an infrastructure perspective, and increased network stability.

“We’re proud to partner with Spark NZ and share its commitment to delivering security-driven networking solutions. Fortinet Secure SD-WAN offers service providers like Spark the ability to onboard customers faster and deliver a solution that enhances customers’ application and cloud experience,” states John Maddison, EVP of products and CMO at Fortinet.

NTT West picks Fortinet Secure SD-WAN and SD-Branch


NTT West has selected Fortinet’s Secure SD-WAN and SD-Branch solutions as the foundation of its "FLET’S SDx" subscription service. NTT West's service, which enables centralized management of both WAN and LAN, comes with built-in security features enabled by Fortinet’s FortiGate Next-Generation Firewall (NGFW) to provide customers with a flexible, secure network environment that adapts rapidly to change. Fortinet cited the following advantages to...


Thursday, May 7, 2020

NTT West picks Fortinet Secure SD-WAN and SD-Branch

NTT West has selected Fortinet’s Secure SD-WAN and SD-Branch solutions as the foundation of its "FLET’S SDx" subscription service.

NTT West's service, which enables centralized management of both WAN and LAN, comes with built-in security features enabled by Fortinet’s FortiGate Next-Generation Firewall (NGFW) to provide customers with a flexible, secure network environment that adapts rapidly to change.

Fortinet cited the following advantages to its platform:


  • Centralized management for the entire branch: Organizations can manage both their WAN Edge and LAN from a central location, which consolidates the entire branch operations and improves visibility, control, and operational efficiency.
  • Automation-driven operations: As part of its Secure SD-WAN solution, Fortinet offers zero-touch provisioning, which eliminates the need for local configuration even at remote office locations, reducing the need for additional IT personnel.
  • Integrated Security: Advanced security features such as next-generation firewall, antivirus, web filtering, intrusion prevention and application control are integrated into the FLET’s SDx service to protect enterprise networks.

“Through our Secure SD-WAN and SD-Branch solutions, Fortinet is positioned to support NTT West as it delivers a flexible, agile solution to customers,” said John Maddison, EVP of Products and CMO of Fortinet. “By leveraging a security-driven networking approach, Fortinet’s solution addresses multiple uses cases and can grow with businesses as they require further connectivity to multiple clouds, open new branch offices, and adapt to digital innovation requirements.”

Fortinet reports Q1 sales of $576.9 million, up 22% YoY

Fortinet reported Q1 2020 total revenue of $576.9 million, an increase of 22.1% compared to $472.6 million for the same quarter of 2019. GAAP net income was $104.0 million for the first quarter of 2020, including $28.3 million from gain on intellectual property matter, net of tax, compared to GAAP net income of $58.8 million for the same quarter of 2019. Non-GAAP net income was $104.4 million for the first quarter of 2020, compared to non-GAAP net income of $80.8 million for the same quarter of 2019.

“Our strong first quarter performance is the result of strategic internal investments we made to deliver industry-leading products and services, expand into adjacent addressable markets, grow our global sales force and invest in the channel,” said Ken Xie, Founder, Chairman and Chief Executive Officer. “Fortinet is an important strategic partner to our customers. Our proprietary FortiASIC security processing unit (SPU) can deliver 10 times the VPN throughput capacity of comparable competitor solutions to support teleworkers. This significant competitive advantage is one reason we believe we will continue to gain market share during a period of tougher economic conditions. We believe our industry-validated teleworker and secure SD-WAN offerings, along with our SPU-driven FortiGates, Security Fabric platform and hybrid- and multi-cloud offerings, provide companies with more cost-effective solutions across their entire digital infrastructure.”

Some highlights:

  • Product revenue was $192.3 million for the first quarter of 2020, an increase of 18.2% compared to $162.7 million for the same quarter of 2019.
  • Service revenue was $384.6 million for the first quarter of 2020, an increase of 24.1% compared to $309.9 million for the same quarter of 2019.


Tuesday, January 14, 2020

GTT adds Fortinet to SD-WAN portfolio

GTT Communications has expanded its SD-WAN service offering by adding Fortinet Secure SD-WAN as a technology option over any last-mile access. It includes Fortinet's integrated next generation firewall and unified threat management functionality combined with an SD-WAN edge device and router.

“Clients rely on GTT to securely connect their locations across the world and to every application in the cloud,” stated Rick Calder, GTT president and CEO. “Our broad portfolio of SD-WAN service options, that now includes Fortinet, ensures that clients can run their applications with superior security, performance and reliability to support their business goals.”

Sunday, January 5, 2020

Blueprint: The Power of Intent-Based Segmentation

by Peter Newton, senior director of products and solutions, Fortinet

Time-to-market pressures are driving digital transformation (DX) at organizations. This is not only putting pressure on the organization to adapt to a more agile business model, but it is also creating significant challenges for IT teams. In addition to having to build out new public and private cloud networks, update WAN connectivity to branch offices, adopt aggressive application development strategies to meet evolving consumer demands, and support a growing number of IoT and privately-owned end-user devices, those same overburdened IT workers need to secure that entire extended network, from core to cloud.

Of course, that’s easier said than done.

Too many organizations have fallen down the rabbit hole of building one security environment after the other to secure the DX project du jour. The result is an often slap-dashed collection of isolated security tools that actually diminish visibility and restrict control across the entire distributed network. What’s needed is a comprehensively integrated security architecture and security-driven networking strategy that ensures that not a single device, virtual or physical, is deployed without there being a security strategy in place to protect it. And what’s more, those security devices need to be seamlessly integrated together into a holistic security fabric that can be centrally managed and orchestrated.

The Limits of Traditional Segmentation Strategies

Of course, this is fine for new projects that will expand the potential attack surface. But how do you retroactively go back and secure your existing networked environments and the potentially thousands of IoT and other devices already deployed there? CISOs who understand the dynamics of modern network evolution are insisting that their teams move beyond perimeter security. Their aim is to respond more assertively to attack surfaces that are expanding on all fronts across the enterprise.
Typically, this involves segmenting the network and infrastructure and providing defense in-depth leveraging multiple forms of security. Unfortunately, traditional segmentation methods have proven to be insufficient in meeting DX security and compliance demands, and too complicated to be sustainable. Traditional network segmentation suffers from three key challenges:

  1. A limited ability to adapt to business and compliance requirements – especially in environments where the infrastructure is constantly adapting to shifting business demands.
  2. Unnecessary risk due to static or implicit trust – especially when data can move and devices can be repurposed on demand
  3. Poor security visibility and enforcement – especially when the attack surface is in a state of constant flux

The Power of Intent-based Segmentation

To address these concerns, organizations are instead transitioning to Intent-based Segmentation to establish and maintain a security-driven networking strategy because it addresses the shortcomings of traditional segmentation in the following ways:

  • Intent-based Segmentation uses business needs, rather than the network architecture alone, to establish the logic by which users, devices, and applications are segmented, grouped, and isolated.
  • It provides finely tunable access controls and uses those to achieve continuous, adaptive trust.
  • It uses high-performance, advanced Layer 7 (application-level) security across the network
  • It performs comprehensive content inspection and shares that information centrally to attain full visibility and thwart attacks

By using business intent to the drive the segmentation of the network, and establishing access controls using continuous trust assessments, intent-based segmentation provides comprehensive visibility of everything flowing across the network, enabling real-time access control tuning and threat mitigation.

Intent-based Segmentation and the Challenges of IoT

One of the most challenging elements of DX from a security perspective has been the rapid adoption and deployment of IoT devices. As most are aware, IoT devices are not only highly vulnerable to cyberattacks, but most are also headless, meaning they cannot be updated or patched. To protect the network from the potential of an IoT device becoming part of a botnet or delivering malicious code to other devices or places in the network, intent-based segmentation must be a fundamental element of any security strategy.

To begin, the three most important aspects of any IoT security strategy are device identification, proper network segmentation, and network traffic analytics. First, the network needs to be able to identify any devices being connected to the network. By combining intent-based segmentation with Network Access Control (NAC), devices can be identified, their proper roles and functions can be determined, and they can then be dynamically assigned to a segment of the network based on who they belong to, their function, where they are located, and other contextual criteria. The network can then monitor those IoT devices based on that criteria. That way, if a digital camera, for example, stops transmitting data and instead starts requesting it, the network knows it has been compromised and can pull it out of production.

The trick is in understanding the business intent of each device and building that into the formula for keeping it secured. IT teams that rely heavily on IoT security best practices, such as those developed by the National Institute of Standards and Technology (NIST), may wind up developing highly restrictive network segmentation rules that lead to operational disruptions. If an IoT device is deployed in an unexpected way, for example, standard segmentation may block some essential service it provides, while intent-based segmentation can secure it in a different way, such as tying it to a specific application or workflow rather than the sort of simple binary rules IT teams traditionally rely on. Such is the case with wireless infusion pumps, heart monitors and other critical-care devices in hospitals. When medical staff suddenly cannot access these devices over the network because of certain rigidities in the VLAN-based segmentation design, patients’ lives may be at risk. With Intent-based Segmentation, these devices would be tagged according to their medical use, regardless of their location on the network. Access permissions would then be tailored to those devices.

Adding Trust to the Mix

Of course, the opposite is true as well. Allowing implicit or static trust based on some pre-configured segmentation standard could expose critical resources to compromise should a section of the network become compromised. To determine the appropriate level of access for every user, device, or application, an Intent-based Segmentation solution must also assess their level of trustworthiness. Various trust databases exist that provide this information.

Trust, however, is not an attribute that is set once and forgotten. Trusted employees and contractors can go rogue and inflict extensive damage before they are discovered, as several large corporate breaches have proven. IoT devices are especially prone to compromise and can be manipulated for attacks, data exfiltration, and takeovers. And common attacks against business-critical applications – especially those used by suppliers, customers, and other players in the supply chain – can inflict damage far and wide if their trust status is only sporadically updated. Trust needs to be continually updated through an integrated security strategy. Behavioral analysis baselines and monitors the behaviors of users. Web application firewalls inspects applications during development and validates transactions once they are in production. And the trustworthiness of devices is maintained not only by strict access control and continuous monitoring of their data and traffic, but also by preventing them from performing functions outside of their intended purpose.

Ironically, one of the most effective strategies for establishing and maintaining trust is by creating a zero-trust network where all access is needs to be authenticated, all traffic and transcations are monitored, and all access is restricted by dynamic intent-based segmentation.

Securing Digital Transformation with a Single Security Fabric

Finally, the entire distributed network need to be wrapped in a single cocoon of integrated security solutions that span and see across the entire network. And that entire security fabric should enable granular control of any element of the network – whether physical or virtual, local or remote, static or mobile, or in the core or in the cloud – in a consistent fashion through a single management console. By combining verifiable trustworthiness, intent-based segmentation, and integrated security tools into a single solution, organizations can establish a trustworthy, security-driven networking strategy that can dynamically adapt to meet all of the security demands of the rapidly evolving digital marketplace.

About the author

Peter Newton is senior director of products and solutions – IoT and OT at Fortinet. He has more than 20 years of experience in the enterprise networking and security industry and serves as Fortinet’s products and solutions lead for IoT and operational technology solutions, including ICS and SCADA.

Tuesday, December 17, 2019

Fortinet tops 21,000 SD-WAN customers

Fortinet announced a company milestone: 21,000 organizations across different industries and verticals have adopted its Fortinet Secure SD-WAN solution.

Fortinet delivers full-featured SD-WAN via the FortiGate next-generation firewall.

Fortinet said its security-driven networking approach to SD-WAN seamlessly integrates enterprise-grade SD-WAN, advanced security, and advanced routing in a unified offering to modernize customers’ WAN edge and help achieve their digital innovation goals with FortiManager Orchestration that can scale to support up to 100,000 SD-WAN sites.



https://nginfrastructure.com/sd-wan/

Monday, August 26, 2019

Video - SD-WAN Security: 3 Things Customers Look For - Fortinet



MEF Annual Meeting – July/August 2019, Joan Ross, Field CISO, Fortinet, highlights 3 key things customers are looking for with SD-WAN security and shares her view on the importance of MEF standardization work on the subject.

“MEF’s work is so important right now to SD-WAN and specifically to SD-WAN security….We look at the customers who are using SD-WAN….and how MEF can help drive standards so that across SD-WAN solutions – whether at the customer level or the service provider level – the integration is seamless and security means the same thing across, end to end."

MEF’s Application Security for SD-WAN project – jointly led by Fortinet – is focused on defining policy criteria and actions to protect applications (application flows) over an SD-WAN service. Work includes defining threats, security functions, and security policy terminology and attributes, and then describing what actions a security policy should take in response to certain threats.

Download the SD-WAN Standard
In July 2019, MEF published the industry’s first global standard defining an SD-WAN service and its service attributes to help accelerate SD-WAN market growth and facilitate creation of powerful new hybrid networking solutions that are optimized for digital transformation. MEF’s SD-WAN Service Attributes and Services (MEF 70) standard describes requirements for an application-aware, over-the-top WAN connectivity service that uses policies to determine how application flows are directed over multiple underlay networks irrespective of the underlay technologies or service providers who deliver them. Download here: https://www.mef.net/resources/technic...

To explore the latest on industry innovations and engage with industry-leading service and technology experts, attend MEF19 (http://www.MEF19.com), held 18-22 November 2019 in Los Angeles, California.

Wednesday, February 6, 2019

Fortinet intros Intent-based, next-gen firewalls

Fortinet introduced its new line of high-performance FortiGate Next-Generation Firewalls (NGFWs) for intent-based segmentation of security architecture. The idea with intent-based Segmentation is to allow organizations to achieve granular access control, continuous trust assessment, end-to-end visibility and automated threat protection. The new platforms are powered by customized Security Processor Units (SPUs).

Some highlights:
  • FortiGate 3600E Series deliver 30Gbps threat protection performance and 34Gbps SSL inspection performance. With high-density interfaces of 10G, 40G and 100G, it offers product consolidation and meets the needs of diverse deployments. Fortinet’s FortiGate Next-Generation Firewalls offer one of the industry’s highest marked SSL inspection performance and threat protection throughput.
  • The FortiGate 3400E Series provide 23Gbps threat protection performance and 30Gbps SSL inspection performance. Combined with high-density interfaces of 10G, 40G, 100G, the FortiGate 3400E Series meet the needs of a variety of deployments by offering input/output flexibility, reducing complexity to achieve operational efficiency
  • FortiGate 600E Series achieve 7Gbps threat protection and 8Gbps of SSL inspection performance with diverse 1G and 10G interfaces, allowing deployment flexibility.
  • FortiGate 400E Series deliver 5Gbps threat protection and 4.8Gbps SSL inspection performance with high 1G port density to suit the needs of branch offices.
  • The new FortiGate NGFWs, as part of Fortinet’s Security Fabric, leverage Fabric Connectors to seamlessly integrate with external security ecosystems, sharing threat intelligence quickly for automated remediation. Fabric Connectors provide open APIs, allowing the FortiGate NGFWs to integrate with third-party solutions and Fabric-Ready Partners. This gives users advanced high-performance security integration with industry-leading solutions, such as VMWare NSX and Cisco ACI.
"Segmentation is becoming as fundamental as patching vulnerable systems. Intent-based Segmentation aligns business goals with infrastructure changes and ultimately, dynamically separates infrastructure to protect users, data and systems. A fundamental element of Intent-based Segmentation is the high-performance NGFW."

Monday, December 3, 2018

MEF18 PoC - Zero Touch SD-WAN + SECaaS + Virtual Cloud Exchange



MEF18 Proof of Concept, 29 - 31 Oct - Zero Touch Automation for SD-WAN + SECaaS + Virtual Cloud Exchange (VCX). PoC Participants: Tata Communications and Fortinet.

Speakers: Nicolas Thomas, Consulting Systems Engineer, Fortinet and Vineet Anshuman, Global Product Manager, Tata Communications Transformation Services.

The PoC goal is zero touch automation for SD-WAN with Security as a Service and Virtual Cloud Exchange for seamless connectivity to public cloud. The idea is to prove that we can operate in a fully automated service deployment in the cloud as well as multiple branches with secured SD-WAN at the same time. This is zero touch and TOSCA model-driven within the LSO Framework.

A typical use case is: a large, regulated mutli-national enterprise wants to do a confidential townhall live. We will deploy the streaming service and SD-WAN adaptations in the branches from one model to allow a good latency and priority on the day for live streaming. Then another model will change the priority for the replay of the video when normal business resumes.

Fortinet is leading the Security-as-a-Service group in MEF. This is part of the MEF 3.0 SD-WAN sub-committee that is helping shape a fully automated, cross-service provider, software-defined federation of capabilities in order for telcos to provide end-to-end protection and service quality to their end customers.

Tata Communications Transformation Services (TCTS), a 100% subsidiary of Tata Communications Ltd, provides leading business transformation, managed network operations, network outsourcing and consultancy services to telecommunication companies around the world. TCTS delivers operational efficiency, cost transformation and revenue acceleration solutions for all the stages of the carrier process lifecycle, including but not limited to network engineering and design, implementation and operations functions.

Save the date for MEF19, 18-22 November 2019, JW Marriott, LA LIVE, Los Angeles.

https://youtu.be/e8Bf_iPM9hk


Wednesday, October 24, 2018

Fortinet acquires ZoneFox for ML threat detection

Fortinet has acquired ZoneFox Limited, a privately-held cloud-based insider threat detection and response company headquartered in Edinburgh, Scotland. Financial terms were not disclosed.

ZoneFox uses machine learning to automatically detect when a user’s behavior changes, rapidly spot compromised user accounts being used to harvest valuable IP and confidential data, and identify users who present a security threat.

Fortinet said the acquisition enhances its Security Fabric and strengthens its existing endpoint and SIEM security business by providing customers with:

  • Deeper visibility into endpoints and associated data flow and user behavior, both on and off the network
  • Machine learning capabilities able to distill billions of events per day into high-quality threat leads to uncover blind spots and alert users of suspicious activities
  • A unique cloud-based architecture that captures essential data around five core factors - user, device, resource, process, and behavior - to analyze and configure policies easily
  • Full forensics timeline recording of information, combined with a simple search interface that helps analysts quickly determine the actions needed to boost an enterprise’s security posture
  • A zero-configuration agent that is easy and fast to deploy; the solution can scale up to support over 10,000 agents without performance loss
  • Out-of-the-box support for GDPR, ISO 27001, HIPAA and PCI DSS, with “ready-to-go” policies

Dr. Jamie Graves, chief executive officer and founder, ZoneFox said “We’re pleased to join the Fortinet team and bring together our shared vision of alleviating CISO concerns about insider threats. Integrating our solution with the Fortinet Security Fabric will allow us to extend our reach to a broad spectrum of Fortinet and third-party solutions to solve customers’ most difficult challenges in network security.”
https://www.zonefox.com/

Wednesday, June 6, 2018

Fortinet acquires Bradford Network for endpoint visibility

Fortinet has acquired Bradford Networks for an undisclosed sum.

Bradford, which was founded in 2000 and is based in Boston, provides a Network Sentry solution that continuously assesses the risk of every user and endpoint, and automatically contains compromised devices that act as backdoors for cyber criminals.  The platform integrates with leading endpoint security, firewall and threat detection solutions to enhance the fidelity of security events with contextual awareness.

Fortinet said the acquisition enhances its own Security Fabric by converging access control and IoT security solutions to provide large enterprise with broader visibility and security for their complex networks including:

  • Complete, continuous, agentless visibility of endpoints, users, trusted and untrusted devices and applications accessing the network including IoT and headless devices.
  • Enhanced IoT security through device micro-segmentation, dynamic classification of headless devices by type, profile, as well as automatic policy assignment to enable granular isolation of unsecure devices, all using a simple web user interface.
  • Accurate event triage and threat containment in seconds through automated workflow integrations that prevent lateral movement.
  • Easy, cost-effective deployment due to highly scalable architecture that eliminates deployment at every location of a multi-site installation.


“We are excited to join with Fortinet, the leader in network security to deliver exceptional visibility and security at scale to large enterprise organizations. Bradford Networks’ technology is already integrated with Fortinet’s Security Fabric including FortiGate, FortiSIEM, FortiSwitch and FortiAP products to minimize the risk and impact of cyber threats in even the toughest security environments such as critical infrastructure - power, oil and gas and manufacturing,” stated Rob Scott, chief executive officer, Bradford Networks.

Thursday, December 7, 2017

Fortinet presents Secure SD-WAN at #MEF17



Fortinet has just released an SD-WAN solution that provides tight integration of security from Layer 3 to Layer 7.  This makes connectivity to the cloud much more secure, says Sony Kogin, Director of Service Provider Marketing, Fortinet.

See video:  https://youtu.be/3ytpBXHB6u4


Defining Security as a Service - #MEF17



How do you provide services across secure Service Provider boundaries? Fortinet is working with other MEF members to define Security-as-a-Service, explains Richard Orgias, Director of Segment and Audience Marketing, Fortinet.

See video: https://youtu.be/wHwpqRUy2fc


Saturday, October 29, 2016

Fortinet Extends Presence in Azure Government Cloud

Fortinet and Microsoft announced an extension of their partnership to protect the cloud environments of their joint government customers.

Specifically, Fortinet’s Security Fabric solutions for the cloud have been released on the Azure Government Cloud platform to provide comprehensive security, threat intelligence, and the visibility to detect, isolate, and respond to threats in real time for workloads running in the Government Cloud.

This includes virtual security products, such as Fortinet’s enterprise firewall (FortiGate), web application firewall (FortiWeb), mail security (FortiMail), as well as its integrated security management (FortiManager) and analytics (FortiAnalyzer) solutions are now available. Fortinet is also a go-to-market partner with Microsoft’s Azure Security Center.

https://blog.fortinet.com/

Fortinet Posts Q3 Sales of $316.6 million, up 22%, but Missing Target

Fortinet reported Q3 revenue of 316.6 million, an increase of 22% compared to $260.1 million in the same quarter of 2015. GAAP net income was $6.3 million for the third quarter of 2016, compared to GAAP net income of $8.2 million for the same quarter of 2015. GAAP diluted net income per share was $0.04 for the third quarter of 2016. GAAP diluted net income per share was $0.05 in the third quarter of 2015.

"While our third quarter results were impacted by a moderated spending environment, extended sales cycles and sales execution challenges, we continued to outgrow the market, as well as add 9,000 new customers," stated Ken Xie, founder, chairman and chief executive officer. "Fortinet remains in a position to benefit from key secular trends such as security vendor consolidation and next generation cloud architectures. We have a strong technology advantage and visionary roadmap in place to help us continue to grow our market position, address our large opportunity, and make progress towards achieving our long term margin targets."

Total billings were $347.5 million for the third quarter of 2016, an increase of 16% compared to $299.6 million in the same quarter of 2015.
Deferred Revenue: Total deferred revenue was $934.8 million as of September 30, 2016, an increase of 32% compared to $706.9 million in the same quarter of 2015. Total deferred revenue increased by $30.8 million compared to $904.0 million as of June 30, 2016.

http://investor.fortinet.com/releasedetail.cfm?ReleaseID=996021

Thursday, June 9, 2016

Fortinet to Acquire AccelOps for Security Monitoring

Fortinet agreed to acquire AccelOps, a start-up based in Santa Clara, California, that specializes in network security monitoring and analytics solutions. Financial terms were not disclosed.

AccelOps’s virtual appliance software monitors security, performance and compliance in local and virtualized infrastructures, resulting in a unified view of the environment. The software discovers, analyzes and automates IT issues across multi-tenant or single networks, spanning servers, devices, storage, networks, security, applications and users.

Fortinet said the acquisition extends Fortinet’s recently announced Security Fabric strategy by enhancing network security visibility, security data analytics and threat intelligence across multi-vendor solutions. AccelOps solutions will become FortiSIEM and become part of the Fortinet Security Fabric, providing customers with greater visibility across both Fortinet and multi-vendor security solutions.

“Fortinet and AccelOps share a common vision of providing holistic, actionable security intelligence across the entire IT infrastructure. Our mission has always been to help our customers make security and compliance management as effortless and effective as possible. The synergies between AccelOps’s solutions and Fortinet’s Security Fabric vision and thought leadership will ensure that our customers are protected with the most scalable and proven global threat intelligence, security and performance analytics and compliance and control across all types of network environments with multiple security and networking vendor products,” stated Partha Bhattacharya, founder and chief technology officer, AccelOps.

http://www.fortinet.com
http://www.accelops.com/

Blueprint: Endpoint Visibility in the IoT



A Five-Step Action Plan for Securing the Network in the Age of IoT by Tom Kelly, CEO, AccelOps A report from BI Intelligence projects that Internet of Things (IoT) deployments will create $421 billion in economic value for cities worldwide in 2019. Cities will enjoy benefits such as improved traffic flow, a reduction in air pollution and better public safety. This is just one example of the advancements the IoT will bring to all sectors. However,...


Blueprint: Three Predictions for Network Monitoring in 2016



by Tom Kelly, CEO, AccelOps Why do armies set up look-outs all around their camps? Why do people read their horoscopes and shake magic eight-balls? Simple: they want to see what’s coming. In business, it’s incredibly helpful to be able to accurately forecast needs and set strategy. In the network security and performance arena of the business, it’s table stakes. While there’s no crystal ball that can tell us everything, one thing is certain:...


AccelOps Builds Threat Intelligence into its Actionable Security Platform


AccelOps, a start-up based in Santa Clara, California, introduced threat intelligence capabilities for its integrated IT and operational visibility platform. The existing AccelOps virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures on a single screen. It automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources,...

Sunday, December 13, 2015

Blueprint: Predictions for 2016 and the Evolving Threat Landscape

by Derek Manky, Global Security Strategist, Fortinet

From the “just when you thought things couldn’t get worse” department…

2015 was not an easy year for cybersecurity, whether you worked for one of the countless organizations that got hacked, had to pay a ransom to decrypt files on your hard drive, or spent your days trying to stay ahead of increasingly sophisticated hackers and well-funded nation states. Unfortunately, 2016 looks to have more of the same in store, as well as new and emerging threats that will challenge both security vendors and the organizations and consumers they work to protect.

That IoT Thing

The Internet of Things (IoT) encompasses far more than just fitness trackers and fancy watches. To date, we’ve seen plenty of vulnerabilities in devices that range from surveillance cameras to industrial control systems to connected vehicles, but haven’t observed much in the way of actual attacks that exploit these vulnerabilities. One exception is Point of Sale (PoS) systems, malware for which now ranks in Japan’s top 10 list of malware in the wild and is a key platform for credit card theft.

However, in 2016, we expect connected devices to become strategic beachheads for attackers to “land and expand”, whether propagating malware among devices or, more likely, using the increasing number of IoT devices to gain entry to the corporate networks they access.  Because these corporate networks are already hardened against attack, new, less secure attack surfaces will be attractive targets for cybercriminals.

In many cases, this will require more sophisticated malware with ever smaller footprints, but we’ve already seen proofs of concept for malware that can persist and propagate on connected devices with miniscule amounts of available memory.  The notion of “headless worms on headless devices” is more than a catchy tag line. If we look back on the damage the Morris Worm was able to do back in 1989 with an attack surface of just 60,000 Unix servers (10% of which it was able to infect), imagine an attack surface of the 20 billion connected devices Gartner is predicting will be online by 2020.

Jailbreaking the Cloud

You’ve heard of jailbreaking your iPhone. Basically you install custom software to unlock all sorts of capabilities that are normally hidden from users. With this extra power comes a host of security risks, not to mention some dire warnings from Apple. This year, though, we expect to see malware begin “jailbreaking the cloud.”

What does that mean, exactly? Consider the Venom vulnerability that made headlines this year: attackers were able to exploit old floppy disk drivers to break out of the hypervisor on a virtualized system and gain access to the host operating system. Malware can (and will) be designed to crack the hypervisor on virtualized systems, making lateral movement to other guest operating systems and tenants much easier.

Because so many public and private clouds rely on virtualization to provide multitenancy, scalability, and agile infrastructure, this can have far-reaching impacts, both in corporate data centers and for cloud providers.

Additionally, many mobile applications, delivered both through public and corporate app stores, access cloud-based and virtualized systems. These systems may drive the user experience, provide data input and output on the back end, or capture data for a wide range of purposes. Compromised apps, then, as well as specific mobile malware, will become less of an annoyance or privacy concern and more of a vector for attackers seeking vulnerabilities in public and private clouds.

New Malware? Yes, Indeed

Vendors have gotten very good at detecting and blocking a range of malware. Standard client anti-virus applications can pick up known viruses and other malicious applications quickly, while cloud-based services and gateway antimalware provide extra layers of protection. The best are performing deep packet inspection to pick out not just known signatures but also suspicious behaviors, traffic associated with command and control servers, and other “indicators of compromise.”

Many companies are also adding sandboxing technologies to their networks that can observe the behavior of unknown or suspicious files in controlled environments before those files are allowed on a network. At the same time, malware authors are building in obfuscation and evasion technologies to make detection more difficult.

So-called “blastware,” for example, like the Rombertik virus that gained media attention this year, can render a vulnerable host computer unusable. This is really only a problem if Rombertik detects that it is being analyzed or altered and many of the headlines about the software were overly sensational, but the concept is important. Malware is getting smarter about the environment in which it is running.

We’ll see this play out more frequently in 2016 in “ghostware” and “2-faced malware”. Ghostware, as its name suggests, is designed to penetrate a system, steal particular types of data, and then leave without a trace, erasing itself and any indicators of compromise that security systems might detect. Without these indicators of compromise, organizations might not even know they had lost data, much less be able to conduct a forensic analysis to determine the extent or nature of the breach.

Two-faced malware detects when it is being examined in a sandbox and behaves like a benign file. When it clears the sandbox, it then completes whatever malicious action it was designed to execute. There are, appropriately, two major challenges associated with 2-faced malware:

  1. It’s very hard to detect, even with sophisticated sandboxing technology and
  2. Sandboxes generally feed threat intelligence back into a larger ecosystem and could result in a particular piece of 2-faced malware being automatically cleared by the system, enabling other instances to pass through security mechanisms unfettered.

Evolution, Not Revolution

2016, then, will be a year of evolving threats. Much of this we’ve seen before, if in less sophisticated forms. The arms race between the bad guys developing smarter and more effective malware and vendors creating more intelligent security products will continue and IoT will move from proof of concept vulnerabilities to a viable attack surface. As threats evolve, though, organizations will need to be increasingly mindful about their deployments, adoptions, and the devices and services on which they rely to conduct business.

About the Author

Derek Manky formulates security strategy with more than a decade of advanced threat research, his ultimate goal to make a positive impact towards the global war on cyber crime. Manky has presented research and strategy world-wide at premier security conferences. As a cyber security expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cyber security. He is involved with several threat response and intelligence initiatives, including FIRST (first.org) and is on the board of the Cyber Threat Alliance (CTA) where he works to shape the future of actionable threat intelligence. Manky’s areas of expertise include FortiGuard, Threat Intelligence, advanced threat research, global war on cyber crime, Cyber Threat Alliance, zero-day vulnerabilities, mitigation advice and threat forecasts.

About Fortinet

Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the globe. The company's fast, secure and global cyber security solutions provide broad, high-performance protection against dynamic security threats while simplifying the IT infrastructure. They are strengthened by the industry's highest level of threat research, intelligence and analytics. Unlike pure-play network security providers, Fortinet can solve organizations' most important security challenges, whether in networked, application, wireless or mobile environments -- be it virtualized/cloud or physical. Nearly 250,000 customers worldwide, including some of the largest and most complex organizations, trust Fortinet to protect their brands. Learn more at http://www.fortinet.com, the Fortinet Blog or FortiGuard Labs.

Tuesday, September 29, 2015

XO Launches Managed Security Service over AWS Direct Connect

XO Communications (XO), in collaboration with BAE Systems and Fortinet, announced a Managed Security Bundle for businesses using the Amazon Web Services (AWS) Direct Connect service.

The new AWS Direct Connect-enabled managed security bundle enables XO customers to procure high-speed connectivity to the AWS Cloud with firewall technology and managed security from a single provider.


XO integrates firewall technology from Fortinet and highly-respected managed security services from BAE Systems into the XO MPLS network for customers accessing AWS Direct Connect that sign up for the managed security bundle.

“Our new managed security bundle for AWS Direct Connect is an integral element of our network-enabled cloud strategy helping businesses to effectively and efficiently leverage both public and private cloud services to maximize their business productivity,” said Jake Heinz, senior vice president of marketing and product at XO Communications.  “In today’s environment where data security is a top priority, businesses can effortlessly leverage services designed for a higher level of security for their AWS Cloud data accessed through the XO network.”

XO expanded its AWS Direct Connect capabilities in 2014 and currently offers secure network connectivity for enterprises at speeds ranging from 50 Mbps to 10 Gbps.

http://www.xo.com/baesystems-fortinet/

Tuesday, September 8, 2015

Fortinet Outlines Software-Defined Network Security Framework

Fortinet introduced its new Software-Defined Network Security (SDNS) framework for providing advanced threat protection in the modern, agile data center.

Fortinet said its goal is to provide actionable steps in delivering a comprehensive approach to securing the data center, while providing the most extensible platform for infrastructure integration with technology partners including HP, Ixia, PLUMgrid, Pluribus Networks, Extreme Networks and NTT.

Highlights of Fortinet's SDN Security framework:


  • Data Plane - the encapsulation of security engines from fixed hardware boxes into logical instances that can be more scalably distributed and embedded deep into virtualized switching fabric and abstracted network flows.
  • Control Plane - the orchestration and automation of security policy with provisioning of elastic workloads to eliminate security and compliance gaps in highly agile, dynamic environments.
  • Management Plane - a 'single pane-of-glass' for security policy and events across physical and virtual appliances, private and public clouds, and throughout converged infrastructure to ensure a consistent and compliant security posture.

"There is likely no single SDN platform that all enterprise and service provider customers are going to standardize on," said John Maddison, vice president of marketing for Fortinet. "Hence the reason we are developing an eco-system to support different SDN platforms through proprietary and open Application Programming Interfaces (API's). The key is providing scalable security modules that can be called on-demand, at the orchestration level."

Fortinet noted that it is working closely with a large number of partners to tightly integrate security within their key infrastructure platforms. These platforms include SDN controllers, orchestration frameworks, hypervisors, cloud management, security management and analytics. Fortinet is currently working with more than two-dozen technology providers to ensure protection from cyber threats through Fortinet's advanced SDN Security.

http://www.fortinet.com