Fortinet Firewall

Fortinet, a global leader in integrated and automated cybersecurity solutions, recently announced an expansion to its FortiCare and FortiGuard security services offerings. Fortinet also announced the FortiGate 3500F Next-Generation Firewall (NGFW). The FortiGate 3500F Next-Generation Firewall is designed to protect organizations with hybrid data centers against the rising and dangerous threats against cyberthreats and cyberattacks, including ransomware attacks.

With this expansion, Fortinet adds FortiTrust, a new security service. FortiTrust security services will offer user-based licensing across all networks, endpoints, and clouds. FortiCare offers advanced support and proactive care for Fortinet products, while with security service offerings of FortiGuard are centered around AI-enabled security capabilities that assess risks and modify protection across the Fortinet platform.

FortiTrust provides security services that follow the user across an organization’s security platform, and this allows organizations to improve the manner in which they manage and secure their platforms. A few additional benefits of the new security service offerings include:

  • User-based licensing of security services — which will allow organizations to operate without needing to track device counts or bandwidth consumption; this will also make it easier for organizations to calculate the total cost and built-in volume discounts  
  • Integrated single license for security services which will deliver desired use cases across Fortinet’s comprehensive and well-established Security Fabric
  • Enhanced implementation of new security services will enable users to make an easier transition across several form factors, ultimately enabling organizations that have hybrid architectural foundations to make the transition from on-premise security to cloud-delivered security
  • Enhanced and improved options that will allow organizations to have a seamless upgrade and migration process between services every time

All services offered by Fortinet are available through partners, which presents an opportunity for channel partners to grow their business and their service offerings to their customers.

”We currently partner with Fortinet, and it is one of a handful of close, meaningful partnerships that we hold in high esteem within our company. The next-generation firewalls that have been purchased from Fortinet are far and above the best firewall solution, we have integrated for our customers. The deep understanding of current security integrations and insights that FortiGates have been able to provide give our security experts the exact details we need to keep environments secure. Beyond their security solution, the product’s performance has enabled our team to easily and swiftly navigate through configurations and logs to resolve issues before they become issues”, said Nick Martin of Mainstreet IT Solutions.

”Beyond the product itself, Fortinet has committed themselves to elevating their security practice and ensuring all partners benefit from their work. From integrating their product line with multiple vendors and a team of security researchers at their disposal, Fortinet has pushed the boundary of securing our customers’ environments. As a partner, we are constantly in tune with what the company is doing from their support team to account managers, so building upon their current security offering through FortiTrust makes a lot of sense and deepens their commitment to cybersecurity”, added Martin.

Fortinet is the only network security vendor to have a large scope and depth of product and company certifications. One of the Fortinet’s certifications is the ISO 9001 certification, which is recognized as the most recognized quality standard in the world. Fortinet’s multi-threat security solutions equip organizations with the tools and resources they need to not only secure their networks but maintain compliance with regulations. 

When asked for his insight on the latest expansions by Fortinet, Alexander Freund of 4it shared:

”I think the interesting part of this article is really the addition of ZTNA capabilities built directly into the firewall.  The new user-based licensing model is about revenue and profit, but does not provide any additional cybersecurity functionality.  However, the pandemic made quite clear some of the weaknesses in VPN technology, and the challenges associated with large-scale deployment and support of VPN use for secured remote access.  Gartner, Forrester, and many other analysts have already predicted that ZTNA (Zero Trust Network Architecture) will ultimately displace VPN as the preferred method of providing secured remote access.”

A ZTNA architecture is built around 5 basic principles:

  • Trust nobody — Prior to granting access to any user or device, both (the user and the device) must prove they are authorized and trustworthy
  • Verify Authentication — Validated identity and authentication of a user and device is at the heart of ZTNA
  • Need to access only – The access permissions of every user start at nothing, and are only granted when necessary.  This is identical to the policy that exists for the handling of classified information in the military.
  • Check the device — Validation of the access device is also required.  Unknown or compromised devices must not be granted access. Segregate access by application — Isolate every application and require authentication and validation checks before access is granted.  This helps to prevent lateral movement between a compromised application and other applications residing in the same environment.

”The move to include ZTNA architecture directly into the firewall and not requiring additional networking components will push this technology further down into Fortinet’s mid-market customer base at a reduced cost and help to accelerate the replacement of VPN in that segment”, added Freund.

Most systems and platforms today use the per-user model, and at times it is not clear what value this model adds as an organization grows. Fortinet ranks at the top in the most security appliances shipped worldwide, with over 500,000 customers trusting Fortinet to protect their businesses. On the other hand, Fortinet is not for everyone and that is understandable, especially if you don’t have much to say in the matter. 

”That model is way out of our normal sell. We sell a lot of smaller models due to SME requirements.  The per-user model is a pain, to be honest. We already have to manage it on an O365 and coupling with Identity and access management is another overhead. SME has a lot of MACS so a bit of a turn-off for us. Hope they don’t do smaller appliances. At the moment it’s a job of matching appliance NGF capacity to the internet connection. This doesn’t make sense”, said Ian Brady of Steadfast Solutions.

Are you currently a Fortinet partner? What are your thoughts on Fortinet unifying security offerings with FortiTrust services?