Business & Technology
The entire world has been undergoing one of the most massive network reconfigurations in the history of computing. Networks have been literally turned inside out as millions of internal users, almost overnight, became part of the new network edge. One outcome of this sudden stress test of our BCDR (business continuity and disaster recovery plans) is that that too many organizations suddenly learned that their traditional firewalls could not scale to support this explosion of edges. This has forced many organizations to upgrade devices or even install completely separate appliances to meet the demands of a new remote workforce.
The problem is that most security vendors have failed to fund the innovation necessary to meet the high performance and high scalability requirements of today’s networks – which means that (for years) they have been unable to deliver the solutions their customers need at a price point they can afford. As a result, organizations have been forced to buy “good enough” solutions that struggled to support standard digital innovation. And unfortunately, those ‘good enough’ security solutions were suddenly not good enough as organizations scrambled to rapidly scale remote workers and inspect encrypted traffic.
This should not have been a surprise, as we have been headed toward this situation for a while. Digital innovation puts increasing pressure on the security infrastructure, and security manufacturers keep putting off addressing the problem. It’s as if those vendors have been driving down a completely different road from the one that their customers are traveling. Security innovation needs to solve the big problem everyone is facing – the need to protect today’s expansive, dynamic, and high-performance networks.
Today’s companies use complex, hybrid networks, and multi-cloud environments to process unprecedented volumes of data. They need security tools capable of enabling hyperscalability and hyperconnectivity and delivering an optimal user experience to their workers and customers. But most legacy security has failed to keep up. So to meet new business demands – where the bar is continuously being raised in terms of performance, scalability, and time to market – more and more of these organizations have had to turn off or dial down their corporate security.
In stark contrast, Fortinet’s commitment to innovation – with more security patents than our next several competitors combined – has enabled us to continue delivering a level of security performance, functionality, and interoperability unmatched in the industry – even as the current situation has completely transformed most networks and users.
It starts with the Fortinet Security Fabric platform, designed to deliver the following critical security differentiators in a single, integrated package.
The core idea behind Security-Driven Networking is that security and networking must be two sides of the same coin. That way, whenever the networking infrastructure evolves or expands, security not only automatically adapts as an integrated part of that environment, but can also leverage Fortinet's SPUs to ensure accelerated performance across all network edges.
Internal segmentation is a perfect example of the necessity for Security-Driven Networking. It combines internal network infrastructures with the Security Fabric platform to dynamically protect networks inside the perimeter from active threats through dynamic and intelligent segmentation. This not only enables organizations to see and separate all of the devices on their network but also dynamically create horizontal segmentation to support and secure applications and automated workflows that need to travel across the extended network.
Fortinet pioneered Secure SD-WAN, which is an excellent example of Security-Driven Networking. In SD-WAN environments, security is woven together with connectivity functions such as application steering, bandwidth management, and dynamic failover to ensure that when connections adjust to maintain quality of experience, security is an integrated part of that process. This integrated approach can then be extended to the SD-Branch by securing access points, switches, and even 5G connectivity.
Advanced security designed to protect the internal network, as well as the perimeter, requires a level of performance that other security vendors can't provide. The truth is, software-based security offerings running on off-the-shelf CPUs will never be able to meet today's advanced network performance requirements. It would be like trying to run a processor-intensive video game on a system without a GPU. Even a gaming system built using the fastest CPUs won't be able to keep up.
We have spent years developing custom Security Processing Units (SPUs), such as our latest NP7 Network Processor, to enable organizations to deploy true, enterprise-class security in even their most demanding environments. The NP7 can inspect encrypted traffic about twenty times faster than devices that rely on off-the-shelf CPUs – and it delivers comparable performance acceleration across all critical security functions, including firewall, threat protection, connections per second, concurrent connections, and IPSec VPN. And our advanced Content Processors are designed to support the processor-intensive convergence of security and networking required by Security-Driven Networking – which is fundamental to protecting the next generation of highly dynamic networks.
These SPUs not only provide customers with the fastest security and SD-WAN platforms in the industry and enable unprecedented levels of integration between security and networking environments, but they also lay the foundation for the successful securing of the next generation of advanced networks. This includes collaborative smart environments and ultra-fast, hyperconnected edge networks powered by 5G and beyond.
Rather than operating an open network where data access is driven by inherent trust, organizations need to start with the assumption that any device can, and may already have been compromised. As a result, every device and user that connects to the network, whether through edge access points or physical connections to the internal network, needs to be authenticated, inventoried, assessed, and then allocated the minimum amount of access privilege possible to still do its job. And more, security needs to be in place inside the network to monitor and enforce those policies by responding to policy violations and abnormal behavior at internal network speeds.
In today’s hyper-mobile world, users can work and connect from anywhere and anytime. Equally important, then, is deep visibility of users and devices, both on- and off-network. And to then leverage that visibility to make informed policy-driven decisions to minimize risks to the organization such as limiting access based on posture, or placing certain devices in a specific (VLAN) segment of the network.
As organizations leverage multiple cloud environments, such as private cloud, public cloud, and SaaS, to build and deploy business applications, the importance of consistently securing this heterogeneous environment increases. Furthermore, by leveraging public IaaS and SaaS infrastructures, the attack surface has increased beyond the usual network and application attacks to other types of malicious behavior targeting the misuse and misconfiguration of the cloud infrastructure.
Compounding the challenges associated with the use of a heterogeneous technology stack, and the complexity of implementing best-practice security across the network, applications, and cloud platform vectors, organizations are also challenged by the lack of skilled professionals.
Fortinet’s dynamic cloud security addresses the intersection of these challenges by enabling organizations to confidently deploy any application on any cloud while implementing the same security tools in every cloud environment for consistent policy enforcement and unified threat response. With the broadest set of security solutions natively integrated into the most cloud environments, with all offering streamlined management and automation capabilities across these environments, organizations can unleash digital innovation initiatives for each cloud, or across multiple clouds, without compromising security.
Even as the network paradigm has undergone a metamorphosis, the threat landscape has continued to accelerate – quickly taking advantage of an exponentially expanded (and in many cases, hastily implemented) digital attack surface. Most security vendors are just as far behind on platform integration – let alone developing and integrating AI technologies across that platform – as they are with the development of accelerated and hyperscale security. Coupled with the chronic shortfall of cybersecurity professionals, this lack of innovation can be devastating.
Fortinet’s advances in AI-powered security – for advanced threat prevention, detection, and response – are ideally suited to meet the challenges of today’s security operations, whether deployed in our cutting-edge threat research labs or throughout our customers’ security operations. It underpins our ability to automatically analyze more than 100 billion security events from all around the world every day, which is then used to quickly generate global threat intelligence pushed out across our threat prevention portfolio. At the same time, it is also now being built directly into the solutions deployed by our customers to prevent and detect attacks specific to their organizations. And it is even utilized in many of our SOC platforms that automatically enrich, alert, and orchestrate a coordinated response across incidents anywhere across the digital attack surface.
None of this can happen in isolation, which is another of the dangerous gaps created by today’s security vendors. All of Fortinet’s security solutions – and we have the broadest portfolio of solutions in the industry – have been engineered to work together as a single, integrated system, which is something no other vendor can claim.
In addition, Fortinet’s security platform leverages open standards and APIs to ensure deep and seamless integration with third-party solutions. Fortinet's Fabric-Ready partner program, and affiliated vendors who leverage our open API environments, constitutes one of the most extensive security partnership programs in the industry.
And we couple this with extensive alliances with industry organizations such as the Cyber Threat Alliance (CTA). We maintain a permanent seat on the World Economic Forum’s Centre for Cybersecurity – where we are actively engaged in addressing the global cybersecurity skills gap. We deliver skills training through partnerships with over 200 academies, educational institutions, and non-profits located in over 60 countries. And we have active working partnerships with organizations such as Interpol and NATO to protect individuals, businesses, and governments.
The recent introduction of additional free cybersecurity courses further builds on Fortinet’s existing efforts to address the cyber skills gap through training and education. Fortinet established the Network Security Expert (NSE) Institute in 2015, comprised of the Fortinet Network Security Academy (FNSA) program, the Authorized Training Center program, the Fortinet Veterans (FortiVet) program and the NSE training and certification program which to date has issued more than 350,000 Network Security Expert certifications.
The biggest challenge that the digital world faces is that the majority of the security industry is already years behind, and this is just the start. And as networking functions begin to converge even further, creating the next generation of smart environments – including cars, buildings, cities, and critical infrastructures – the lack of security tools capable of inspecting and protecting these hyperfast, hyperconnected, and hyperscalable environments stands to severely impact our digital economy – and our way of life.
Organizations can't wait for security vendors to catch up so they can protect and defend the “networks of tomorrow.” Networks are being left exposed right now because the traditional security solutions they have in place are just not up to the task. Fortinet is the first security manufacturer to step up to the plate to meet the demands of these networks, and we urge other security vendors to join us in delivering the next generation of security performance and scalability necessary for securing the global digital economy.
Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.
Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.