Fortinet Expands Existing Distributed Denial of Service (DDoS) Product Family with New Appliances for Mid-to Large-Sized Enterprises and MSPs
Fortinet® (NASDAQ: FTNT) − a world leader in high-performance network security – today expands its Distributed Denial of Service (DDoS) product family with four new appliances for data center managers and system architects at mid- to large-sized enterprises and managed service providers (MSPs). The new FortiDDoS-400B, FortiDDoS-800B, FortiDDoS-1000B and FortiDDoS-2000B appliances are designed to detect and help protect against today’s most damaging and sophisticated DDoS attacks and feature an innovative 100 percent behavior-based DDoS attack mitigation engine. Combined with a new, single-path custom ASIC that both detects and mitigates DDoS attacks, FortiDDoS is able to detect more types of attacks and performs up to 10X faster than other competing DDoS mitigation appliances.
Innovative Attack and Mitigation Engine
The new behavior-based attack mitigation engine enables FortiDDoS to identify and mitigate current and future threats based on patterns and intent rather than content. Because these appliances don’t require signatures, they are able to better protect against zero-day attacks by dynamically monitoring trends versus waiting for a signature file to be updated. A very short blocking period achieved using high-performance ASICs allows the appliance to continuously reevaluate attacks. This reduces the impact of false positives if traffic patterns return to normal. Competing appliances take much longer to detect attacks and block for much longer periods of time leading to higher false positive.
“We’ve dramatically improved the way we identify DDoS attack types since we released our first appliances in 2012. The adaptive, behavior-based attack monitoring introduced in today’s models automatically identifies any type of DDoS attack, including zero-days, and almost immediately takes action to mitigate it,” said John Maddison, vice president of marketing for Fortinet. “What’s more, we’re able to offer this class-leading performance at less than half the cost of our closest competitors.”
The FortiASIC Advantage
Fortinet is the only company to use a 100 percent custom ASIC approach to its DDoS products, which eliminates the overhead with CPU or CPU/ASIC hybrid systems. The second-generation FortiASIC-TP2 traffic processor provides both detection and mitigation of DDoS attacks in a single processor that handles all layer 3, 4 and 7 traffic types. Competitors use different combinations of processors where some traffic is assigned to an ASIC, some to the CPU or on some models, everything goes to the CPU itself, which leads to bottlenecks and reduced overall system performance.
“Despite the best efforts by ISPs to defend against DDoS threats, residual and application layer attacks are still able to bring down services in an Internet data center,” said Hemant Jain, vice president of engineering for Fortinet. “Fortinet now provides DDoS attack mitigation with up to 24 Gbps of full duplex throughput in the data center to ensure that critical services are always available.”
FortiDDoS builds a baseline of normal application activity and then monitors traffic against it. Should an attack begin, FortiDDoS would see this as an anomaly and then immediately take action to mitigate it. Users are protected from known attacks and from unknown zero-day attacks, as FortiDDoS does not need to wait for a signature file to be updated.
FortiDDoS also handles attack mitigation differently than other hardware DDoS attack mitigation appliances. FortiDDoS uses a surgical bi-directional approach by monitoring normal inbound and outbound traffic and then using a reputation scoring system, rates IP addresses that are “good” and others that are participating in the attack. The good traffic is allowed to proceed, but the offending IP addresses are temporarily blocked. If they’re determined to be a real threat after repeated reevaluation, they are blocked for a much longer period of time.
- The FortiDDoS-400B features 4 Gbps full-duplex throughput, 16 1 Gbps RJ-45 copper and SFP ports for LAN and WAN connectivity with support for up to 1 million simultaneous connections.
- The FortiDDoS-800B features 8 Gbps full-duplex throughput, 16 1 Gbps RJ-45 copper and SFP ports for LAN and WAN connectivity with support for up to 2 million simultaneous connections.
- The FortiDDoS-1000B features 12 Gbps full-duplex throughput, 16 10 Gbps SPF+ slots for LAN and WAN connectivity with support for up to 3 million simultaneous connections.
- The FortiDDoS-2000B features 24 Gbps full-duplex throughput, 16 10 Gbps SPF+ slots and 4 10 Gbps SFP+ bypass ports for LAN and WAN connectivity with support for up to 6 million simultaneous connections.
The FortiDDoS-400B, FortiDDoS-800B, FortiDDoS-1000B and FortiDDoS-2000B are available now.
Fortinet (NASDAQ: FTNT) helps protect networks, users and data from continually evolving threats. As a global leader in high-performance network security, we enable businesses and governments to consolidate and integrate stand-alone technologies without suffering performance penalties. Unlike costly, inflexible and low-performance alternatives, Fortinet solutions empower customers to embrace new technologies and business opportunities while protecting essential systems and content. Learn more at www.fortinet.com.
Copyright © 2014 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties, and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release contains forward-looking statements that involve uncertainties and assumptions, including statements regarding product releases and functionality. Changes of circumstances, product release delays, changes in product plans and other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.