Business & Technology

Achieving Business Goals with Intent-based Segmentation

By Muhammad Abid and Alex Samonte | February 06, 2019

If you are a CIO who wants to create a security framework that helps improve your security posture, mitigates risks, and achieves compliance you might think you can build an effective security architecture by deploying a robust perimeter firewall. But the perimeter has become less effective due to mobile computing and workloads migrating to multiple clouds on the WAN side. And on the LAN side, rogue APs, BYOD, and Shadow IT each add another micro-perimeter that you must also now defend.

As a result, the fortified perimeter has become the sum of all of the micro-perimeters tied to the growing number of devices consuming networked services across all locations. In this new scenario, a single weak micro-perimeter can disrupt your overall security equation in the favor of hackers, who can then exploit that weakness to breach your network and create havoc.

Most networks, despite all of their digital connectedness, still remain flat and are built around an “Implicit Trust” philosophy. Because of this, once the perimeter has been breached an attacker can gain access to the entire network and channel their C&C via the non-security-aware flat network of switches and routers. This allows full freedom of lateral network movement for intruders to find and compromise assets because there are no mechanisms in place to provide visibility, and few effective solutions in place to manage access.

To address this challenge, network, security, and infrastructure teams are forced to remain on continuous high-alert to protect their digital assets, as well as adopting a combination of various network segmentation (e.g. micro, macro) techniques to fight back. But even this is not enough. This approach requires constantly building and refining a growing architecture in hopes of addressing increasingly sophisticated cyber-attacks and to comply with new regulations. 

To more effectively meet these needs, Fortinet has a diverse portfolio of products that will help you implement a true Intent-based Segmenation solution.

With Intent-based Segmentation in place, organizations can intelligently segment network and infrastructure assets irrespective of their location (on-premise and across multiple clouds) in accordance with the business intent such as reducing risk, addressing compliance, and more. Dynamic and granular access control is then established by continuously monitoring the trust-level of users and devices and adapting the security policy accordingly. High-performance advanced security is implemented to protect critical IT assets and ensure quick detection and prevention of threats using comprehensive analytics and integrated automation.

Achieving business intent enables CIOs to fulfill their fiduciary duty to digitally transform and tear down walls that inhibit business growth while protecting all critical digital data, network resources, and infrastructure. Intent-based Segmentation also allows a CIO to build a security framework that helps improve security posture, mitigate risks, and achieve compliance. This, in turn, allows organizations to cost-effectively create various operating domains, achieve full visibility, and implement consistent security policy for operational efficiency.

To help organizations meet those goals, Fortinet today announced, a new series of high-performance FortiGate Next-Generation Firewalls (NGFWs), comprised of the FortiGate 3600E, FortiGate 3400E, FortiGate 600E, and FortiGate 400E Series that enable organizations to implement Intent-based Segmentation deep into their security architecture.

  • Intent-based Segmentation allows organizations to achieve granular access control, continuous trust assessment, end-to-end visibility, and automated threat protection.
  • In addition to delivering Intent-based Segmentation, FortiGate 3600E offers 30Gbps of threat protection and 34Gbps of SSL inspection performance, while the FortiGate 3400E offers 23Gbps threat protection and 30Gbps SSL inspection performance.
  • Likewise, the FortiGate 600E provides Intent-based Segmentation combined with 7Gbps of threat protection and 8Gbps of SSL inspection performance. And the FortiGate 400E offers 5Gbps of threat protection and 4.8Gbps of SSL inspection performance.

The SSL inspection performance of each of these solutions is the industry’s highest for their class. In addition, FortiGate has a longstanding history of earning NSS Labs Recommended ratings in the Next-Generation Firewalls group tests, with their high SSL inspection performance with minimal performance degradation cited as one of the reasons.

If you would like to discover the business benefits of deploying Intent-based Segmentation that includes improving security posture, reducing risks, achieving compliance, and more, read here.

Read more about the Fortinet Security Fabric and how Fortinet is delivering solutions for the Third Generation of Network Security