Business & Technology

Benchmarking Performance with the Security Compute Rating

By Nirav Shah | May 27, 2020

The latest advances in computing, such as edge device hyperconnectivity and the hyperscalability achievements of advanced data center architectures are the result of the ongoing and increasing desire to achieve better performance. Speed is the driving force behind the digital transformation of today’s business infrastructures. It enables access to critical data and resources, drives business efficiencies, scales application development, increases productivity, generates revenue, and accelerates ROI. 

Moreover the past few weeks, organizations have remarkably been able to completely invert their networks in just a few days. The majority of their employees can now access networked resources from the outside instead of connecting from the inside – an effective response to a global crisis that would have been impossible just five years ago.

To measure how the security industry is helping to drive innovation at the speed of business there have been significant advancements, and Fortinet is using the Security Compute Rating to benchmark these advancements. More on the advancements and benchmarking in this post to come, but first a bit of backstory. 

Key to these successes – especially critical now as we continue to push the envelope of digital innovation even further and faster – has been the move away from traditional, off-the-shelf computer processors to custom hardware designed to take on very specific tasks. This specialized hardware enables organizations to push performance in the cloud and devices to new levels.

The Security Performance Gap Threatens Digital Innovation and Business Continuity

When it comes to security – a critical component that keeps all of our data flying around cyberspace without being stolen, corrupted, or ransomed –performance limitations has become a serious challenge for organizations. Increasingly, many organizations can no longer rely on security devices to effectively perform their tasks without bottlenecking traffic, reducing user experience, or interfering with business strategies. Inspecting and securing data is an inherently complex and processor-intensive proposition, and vendors have traditionally responded to increased demands by simply soldering more traditional CPUs to their motherboards – and raising their prices. 

That strategy has now met its functional limits. Because of the unreasonable price/performance ratio of most security solutions on the market, organizations have been forced to purchase overpriced security and networking devices that only provide limited performance and scalability headroom. This not only has an impact on digital innovation, forcing many organizations to replace the security devices in their datacenters with things like VLANs and Layer 4 security – and which also meant that when the recent crisis hit those organizations also had to buy expensive VPN upgrades or even purchase new firewalls to support their remote worker initiatives.

The problem is that most of the security community has steadfastly refused to invest in the sorts of specialized development needed to meet today’s demands, let alone the challenges coming around the corner due to the imminent arrival of 5G, or the new demands of smart environments such as cars, buildings, and cities. This lack of specialized, performance-enhancing hardware has meant that organizations have been put in the very uncomfortable position of having to choose between security and performance.

Accelerating Security-Driven Networking with Fortinet Security Processors

Fortinet is one of the few security vendors actually committed to securing and driving forward today’s essential digital innovation efforts. With a deeply rooted passion for innovation since we first opened our doors in 2000, we have continually set industry records for performance and speed. A crown jewel of innovation has been Fortinet’s development of specialized security processors (SPUs). 

The Fortinet Family of SPUs are specially designed security processors that have been engineered to provide unmatched performance at a fraction of the cost of traditional CPUs. This uniquely allows Fortinet solutions to provide accelerated network security and accelerated AI in the cloud – and at a price/performance point no one in the industry can match. 

Fortinet’s Security-Driven Networking solution based NGFW, SD-WAN, SD-Branch, IPS and Segmentation are powered with the following security processors:

  • Content Processor 9 (CP9): This ninth generation of our content processor protects applications while optimizing user experience with the least performance degradation. The CP9 works as a CPU co-processor, taking on resource-intensive security functions such as SSL/TLS decryption – including TLS1.3, IPS, and anti-malware.
  • System-on-a-Chip 4 (SoC4): Fortinet’s SoC4 is a purpose-built security and industry’s only Secure SD-WAN processor that has achieved the highest Security Compute Ratings in the industry in supporting WAN Edge transformation. The SoC4 consolidates network and content processing functions onto a single chip to deliver blazingly fast application identification, steering, and overlay performance.
  • Network Processor 7 (NP7): Fortinet’s NP7 SPU works with FortiOS functions to delivering superior firewall performance for IPV4, IPV6, and multicast traffic – with ultra-low latency as little as three microseconds to support latency sensitive applications and services operating in the most demanding professional environments.

Benchmarked by the Security Compute Rating

To highlight the difference that purpose-built processors can provide, Fortinet developed the Security Compute Rating benchmark that compares the performance of Fortinet’s ASIC-based Next-Generation Firewall appliance to other NGFW and SD-WAN vendors that utilize generic CPUs for networking and security capabilities.

The industry average is computed by calculating the average performance of leading solutions, including listed vendors. Security Compute Rating performance numbers are based on each vendor's datasheets. A "N/A" input reflects that the vendor chooses not to publish certain critical performance specifications, such as SSL inspection. As a result, the calculated industry average may actually be much lower, and the performance gap between Fortinet and that vendor is significantly wide.

Fortinet SPUs outpace other solution in the market with the highest Security Compute Ratings for benchmarks such as:

  • Stateful Firewall throughput
  • IPsec VPN performance
  • Concurrent sessions
  • Sessions per second 
  • Inspection of encrypted data
SoC4 Advantage and NP7 Advantage

Speed, Scalability, and Cost – a Critical Combination

Security-Driven Networking solutions are not only faster and scale further than the competition, they are also much more cost-effective due to the greater affordability of custom chips. As a result, organizations can enjoy far greater headroom for digital innovation with Fortinet TCO savings, or to have the resources to respond to unexpected events. 

In a world where reliable, high-performance security is not only essential but also increasingly difficult to come by, Fortinet is the only vendor able to apply 20 years of unique security hardware innovation to offer its customers a tangible and proven solution to the problem. This ensures that businesses, industries, governments, and other organizations around the world are able to innovate freely and respond immediately to critical events without compromise. 

Learn how to enable digital innovation with massive speed, scale and performance.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.