partner sales guide enterprise · ngfw and advanced threat protection 6 branch office firewall and...
TRANSCRIPT
Enterprise Partner Sales G
uide
2
IN TO
DA
Y’S
EVER-C
HA
NG
ING
THR
EAT LA
ND
SC
AP
E
your enterprise customers need the best in netw
ork security
to defend their infrastructure and mission-critical applications.
Only Fortinet offers a com
plete end-to-end solution that delivers
high-performance netw
ork security to protect users, the network
and the data center.
In this sales guide, we’ll introduce you to the Fortinet
Cybersecurity Platform
and briefly review each of the m
ain solution
areas for enterprise customers. In each section w
e’ll review the
key drivers, review the product highlights of the solution area, and
provide you with inform
ation on how to sell and position each
solution set.
Your customers depend on you for their IT security needs.
You can depend on Fortinet to deliver the highest-performance
and proven network security to m
eet their challenges.
2
3
INTR
OD
UC
TION
– END
-TO-EN
D C
YB
ERS
ECU
RITY
PLA
TFOR
M
4
NG
FW A
ND
AD
VAN
CED
THR
EAT P
RO
TECTIO
N
6
BR
AN
CH
OFFIC
E FIREW
ALL A
ND
SEC
UR
E WIR
ELESS
AC
CES
S
14
HIG
H-P
ERFO
RM
AN
CE FIR
EWA
LL SO
LUTIO
NS
FOR
DA
TA C
ENTER
S A
ND
INTER
NA
L NETW
OR
KS
22
AP
PLIC
ATIO
N S
ECU
RITY
AN
D D
ELIVERY
30
SEC
UR
ITY M
AN
AG
EMEN
T 38
SD
N A
ND
CLO
UD
SO
LUTIO
NS
46
FOR
TIGU
AR
D
53
PA
RTN
ER R
ESO
UR
CES
54
Contents
3
4 IntroductionTH
E FO
RTIN
ET C
YB
ER
SE
CU
RITY
PLATFO
RM
provides end-to-end protection for users, netw
orks, data centers and the cloud.
At the core of the platform
is our FortiGate product line.
Its AS
IC-based O
ptimum
Path P
rocessing and flexible N
etwork S
ecurity Operating S
ystem (FortiO
S) enable
multiple deploym
ent modes from
a single device. FortiGates
can be configured to be a Next G
eneration Firewall (N
GFW
) at the edge of a netw
ork, a high-speed Data C
enter Firewall
(DC
FW) for high-volum
e environments, or an Internal
Netw
ork Firewall (IN
FW) to protect key assets from
threats that m
ay evade perimeter defenses. FortiG
ates can also be used as U
nified Threat Managem
ent devices to protect branch office locations for highly distributed netw
orks or can be deployed as virtual m
achines for SD
N and
cloud environments.
FortiGate hardw
are appliances start with our entry-
level FortiGate 30 to 90 S
eries for UTM
. Our m
id-range FortiG
ate 100 to 800 Series are perfect for m
idrange N
GFW
applications. Finally, our high-end FortiGate 1000
to 5000 Series can be used for higher-volum
e NG
FW,
DC
FW or IN
FW deploym
ents. We also offer num
erous VM
options that support today’s leading hypervisors and cloud platform
s including VMw
are, VMX, H
yper-V, AW
S and
Microsoft A
zure.
Fortinet’s advanced threat research team, FortiG
uard Labs, delivers up-to-date and coordinated threat intelligence to Fortinet devices w
orldwide. S
ecurity applications supported include Intrusion P
revention, Application C
ontrol, Web Filtering,
Antivirus, A
dvanced Threat Protection (S
andboxing), IP B
otnet P
rotection, Anti-spam
and Vulnerability Managem
ent.
Our A
dvanced Threat Protection Fram
ework allow
s threat sharing, analysis and m
itigation across Endpoints, Email, the
Web and the N
etwork. This platform
can also be extended to provide secure w
ireless access.
Fortinet’s data center solutions are designed to protect applications from
the latest threats and provide acceleration technologies that m
ake them responsive and reliable.
Managem
ent and Analytics deliver the tools that m
anage the Fortinet platform
through a single-pane-of-glass to simplify
deployments, update security settings across the netw
ork, and get detailed reporting on threats, users, usage and other critical elem
ents of an IT network infrastructure.
4
5
US
ER
SN
ET
WO
RK
DA
TA
CE
NT
ER
TH
RE
AT
INT
EL
LIG
EN
CE
GL
OB
AL
MA
NA
GE
ME
NT
FortiGuard
FortiManager
FortiAnalyzer
FortiAP
FortiSand
box
FortiGate
Platform
FortiWeb
FortiMail
FortiAD
C
FortiClient
FortiGate VM
SP
EE
D. S
CA
LE. S
EC
UR
ITY.
5
6 NG
FW and A
dvanced Threat P
rotectionN
ext Generation Firew
alls (NG
FWs) provide m
ore visibility and control over the applications, users and threats on the netw
ork.
NG
FWs are increasingly integrated w
ith “sand-boxes” to perform
even deeper analysis to detect sophisticated m
alware before a breach.
Ideally, Sandboxes also integrate w
ith endpoint, em
ail and other security solutions for a coordinated approach to advanced threats.
The intensifying threat landscape is driving organizations to add additional security to their netw
ork edge, including IPS
, application control, W
eb filtering, AV, sandboxing and more.
Next G
eneration Firewalls (N
GFW
s) offer a way to im
prove security, control, and visibility to the netw
ork edge by combining
many of these capabilities into a in a single consolidated
platform. The m
ost advanced NG
FWs also integrate w
ith other products deployed at different locations.
Fortinet’s NG
FWs deliver highly effective IP
S, W
eb filtering, antivirus, and IP
reputation security with extensive application,
user and device ID controls – all on the industry-leading, high-
performance FortiG
ate platform.
They also integrate directly with FortiS
andbox, an NS
S Labs
Recom
mend
ed Sandbox.
Both FortiG
ate and FortiSandbox also w
ork together with
Fortinet’s FortiMail S
ecure Email G
ateway, FortiC
lient endpoint protection and FortiG
uard Labs for a more effective approach to
breaking the kill chain of advanced attacks.
6
7
MA
RK
ET D
YN
AM
ICS
AN
D D
RIVE
RS
More A
dvanced Attacks C
reate Greater R
isk for D
ata Breaches*
There were nearly 80,000 security incidents w
ith 2,122 confirm
ed data breaches reported in 2014. 700 million
records were lost, representing about $400M
in financial losses to organizations.
In 2014, around 170 million m
alware events occurred w
here 70-90%
of malw
are was unique to individual organizations.
The average loss for a breach of 1,000 records is between
$52K & $87K
and the average loss for a breach of 1 million
records is between $892K
and $1.77M.
Custom
ers Want B
etter Security in C
onsolidated H
igh Perform
ance Solutions
77% of IT executives consider protection from
advanced persistent threats a critical or high-priority IT initiative.**
Integrated and consolidated solutions reduce the complexity,
workload and cost required to support increased netw
ork perimeter
security – 76% of IT executives identify next generation firew
alls a critical or high-priority IT initiative.**
Custom
ers want integrated solutions able to support new
security capabilities w
hile still delivering high throughput rates at a great value.
Large Market O
pportunity
90% of new
enterprise edge firewall purchases w
ill be NG
FWs
by the end of 2018 according to Gartner.
85% of new
deals for sandboxing functionality will be packaged
with netw
ork firewall and content security platform
s.
Overall, by 2017, m
ore than $1B w
ill be spent every year on specialty threat protection solutions.**
*Verizon Breach R
eport 2015** ID
G R
esearch 2015
2212confirm
ed data breaches
and 700 million records lost in 2014
of IT executives consider advanced
threat protection a critical or high priority
77%
NG
FWs w
ill represent 90%
of new
enterprise firew
all purchases by end of 2018
8
FortiGate
NEXT G
ENER
ATIO
N FIR
EWA
LLS
Protect and control netw
ork access and traffic with
NS
S Labs R
ecommend
ed Next G
eneration Firewalls
Industry-leading performance (average 5x faster) w
ith unique application/user/device ID
, IPS
, Web filtering
and more w
ith FortiOS
Leverage additional, highly effective security from
FortiGuard Labs (VB
100, AV Com
paratives, N
SS
Labs, ICS
A)
EN
TER
PR
ISE
ED
GE
, NG
FW A
ND
ATP P
RO
DU
CTSFortiS
andboxA
DVA
NC
ED TH
REA
T PR
OTEC
TION
Detect and prevent advanced attacks that m
ay bypass traditional defenses
Top-rated (NS
S Labs), real-w
orld threat detection - 99%
effectiveness for breach detection
Integrate with FortiG
ate NG
FW, FortiM
ail, and FortiC
lient for comprehensive advanced
threat protection
NG
FW A
ND
AD
VAN
CED
THR
EAT P
RO
TECTIO
N
9
OTH
ER
PR
OD
UC
TS
Top VBS
pam+ rated
FortiMail S
ecure Email
Gatew
ays
Strong/Tw
o-factor A
uthentication from
FortiAuthenticator
Top AV Com
paratives A
dvanced+ Endpoint P
rotection with FortiC
lient
FortiGuard Threat Labs
delivering security intelligence
Active D
irectory or LDA
P
FortiAuthenticator
User Identity M
anagement
FortiManager
Centralized M
anagement
FortiAnalyzer
Logging, Analytics, R
eporting
10 HO
W FO
RTIN
ET’S
NE
XT G
EN
ER
ATION
FIRE
WA
LLS A
ND
A
DVA
NC
ED
THR
EAT P
RO
TEC
TION
SO
LUTIO
NS
AR
E U
NIQ
UE
Top-rated NG
FW P
latform, D
elivering the H
ighest Perform
ance and Value
Experience better security with integrated IP
S, W
eb filtering, antivirus and IP
reputation from FortiG
uard Labs – highly rated by N
SS
Labs, VB100, and AV C
omparatives for
security effectiveness.
Get m
ore control and visibility over network traffic w
ith extensive application ID
, deep cloud application inspection, extensive U
ser ID, device/O
S ID
and more.
Fortinet’s solution is the industry’s highest performing N
SS
Labs R
ecommend
ed NG
FW platform
, based on a custom
FortiAS
ICs using the Fortinet O
ptimum
Path P
rocessing architecture.
Top-rated Integrated Sandbox
The NS
S Labs R
ecommend
ed FortiSandbox offers 99%
breach detection effectiveness offering a com
prehensive ecosystem
that integrates FortiGate, FortiM
ail, and FortiC
lient solutions.
With deploym
ent flexibility to fit any customer environm
ent, FortiS
andbox is available in physical and virtual appliance options, or as a cloud service.
Com
plete One-Vendor S
olution to Advanced Threats
FortiMail delivers a highly effective secure m
ail gateway w
ith 34 consecutive VB
Spam
Platinum
awards, 37 VB
100 awards, and
AV Com
paratives Advanced+ for anti-phishing.
FortiAuthenticator provides extensive user identity m
anagement
for two-factor authentication and w
ireless guest managem
ent.
FortiClient brings top-rated endpoint protection w
ith high marks
from Virus B
ulletin, AV Com
paratives, and a Recom
mend
ed rating from
NS
S Labs.
NG
FW A
ND
AD
VAN
CED
THR
EAT P
RO
TECTIO
N
11
Only C
isco offers close to the breadth of third-party validated integrated com
ponents; still lacks the Endpoint P
rotection.
Palo A
lto Netw
orks has neither the breadth nor the validation of products.
CO
MP
ETITIVE
CO
MPA
RIS
ON
Fortinet also offers the industry best performance and value,
in addition to effectiveness and integration.
11
FortinetP
alo Alto
Check P
ointC
isco
Application C
ontrol(signatures)
~3500~1900
~4,500 based on 2009 acquisition of 3rd party
app db~2,400
IPS
Effectiveness
Very effective,high throughput
Very effective,low
throughputVery effective,
low throughput
Poor effectiveness,low
throughput
Anti-m
alware
Full AV, VB100 & AV
Com
paratives A
dvanced+Lim
itedFull AV, VB
100Lim
ited
User ID
& A
uthenticationExcellent
Good
Okay
Weak
Device/O
S ID
ExtensiveW
indows O
S only
Deep cloud app inspection
a
Integrated ATP/sandbox
aN
SS
LabsRecom
mend
eda
aa
NS
S Labs
Recom
mended
NS
S Labs Test results
NG
FW Recom
mend
edN
GIP
S Recom
mend
edN
GFW
Caution
NG
IPS
Neutral
Not tested
Not tested
NG
FW R
ecomm
endedN
GIP
S R
ecomm
ended
Firewall perform
anceVery high
10x higher on avgLow
Med
Low
IPS
/NG
FW P
erformance
Very high5x-10x higher on avg
LowLow
Low
Total Cost of O
wnership
$$$$$$$$
$$$$$$$$$
12 NS
S Labs N
GFW
Test 2014 – Recom
mended
Industry’s best value
High-quality N
GFW
security effectiveness
Exceptional NG
FW perform
ance
Passed 100%
stability and reliability testing
Other Third-P
arty Validation
NS
S Labs R
ecommend
ed Breach D
etection System
2014
NS
S Labs R
ecommend
ed NG
IPS
2015
NS
S Labs R
ecommend
ed Endpoint Protection 2015
Virus Bulletin VB
100, VBS
pam+
AV Com
paratives Advanced+ ratings
NG
FW A
ND
AD
VAN
CED
THR
EAT P
RO
TECTIO
N
THIR
D-PA
RTY
VALID
ATION
13
NG
FW TR
IGG
ER
S TO
LOO
K FO
R:
c
Firewall refresh: A
re you looking at refreshing your firewalls soon?
c
Security services renew
als: Do you have a W
eb filtering or IPS
service renewal com
ing up?
c
Recent breaches: A
re you concerned about recent data breaches in the news?
c
Perform
ance: Is your current firewall able to keep up w
ith the speed of your network?
c
NG
FW: A
re you looking to upgrade from a traditional firew
all to a Next G
eneration Firewall?
ATP TR
IGG
ER
S TO
LOO
K FO
R:
c
Advanced A
ttacks: Are you concerned about advanced attacks? W
ould you like to add more protection?
c
Risk M
itigation: How
are you mitigating your exposure to possible consequences of a data breach?
c
Recent B
reaches: Have you experienced a data breach? A
re you sure? What m
echanisms do you have in place
to make sure?
c
Sandboxing: A
re you planning to add sandboxing to your existing environment?
c
NG
FW: A
re you looking at deploying an NG
FW solution to replace your current firew
all?
QU
ALIFY
ING
QU
ES
TION
S
14 Branch O
ffice Firewall
with W
irelessU
nified Threat Managem
ent consolidates multiple
point products into a single easy to manage
network security appliance.
Integrated firewall, IP
S, app control, W
eb filtering, antivirus and m
ore protects the branch office or retail store from
latest security threats.
Optional w
ireless LAN
Access P
oints (AP
) and w
ired switches enable secure B
YO
D and
guest access.
Improve W
AN
uptime and business continuity
with 4G
LTE Wireless W
AN
connectivity.
With the num
ber of threats accelerating, securing branch offices and retail locations is now
more im
portant than ever. Data
breaches, information leaks, and infected system
s are costing organizations billions of dollars each year.
Fortinet’s branch office firewall and w
ireless LAN
solutions include U
nified Threat Managem
ent appliances, controller m
anaged Wi-Fi access points, m
anaged switches as w
ell as 4G
LTE Wireless W
AN
extenders.
Fortinet’s FortiGate U
TM appliance is the cornerstone of the
solution, enabling you to consolidate multiple netw
ork security functions such as firew
all, IPS
, app control, Web filtering, and
antivirus into a single appliance. The FortiGate U
TM provides
unmatched protection from
the latest security threats, while
reducing network m
anagement costs. W
ith the UTM
platform
in-place, it’s easy to enable new technology capabilities into
a branch or retail location, like BYO
D and guest w
ireless LAN
access, w
hile still maintaining strict P
CI com
pliance.
14
15
MA
RK
ET D
YN
AM
ICS
AN
D D
RIVE
RS
(Fortinet 2013)
1-in-2G
en Y em
ployees w
ould contravene BY
OD
policy
the average cost per record of large data breaches
(P
onemon 2014)
$201
74% of com
panies adopting B
YO
D(Tech P
ro Research 2014)
Branch N
etworks A
re A Target
Branch netw
orks have historically lacked security capabilities often found at corporate headquarters, prim
arily due to cost and complexity.
This security gap and inconsistent security policy has left branch networks vulnerable.
Data breaches are increasingly originating from
comprom
ised machines and
systems w
ithin branches, rather than from an Internet-based attack.
Branch Technology N
eeds Are Increasing
Netw
ork managers are being asked to enable W
i-Fi and BYO
D at branch locations–
technologies that have traditionally been confined to corporate headquarters only.
Retail locations need guest W
i-Fi, wireless, P
OS
, smart digital signage and other
technologies to remain com
petitive.
New
technologies must be balanced against keeping sensitive corporate and
customer data secure from
data breaches.
Large Market O
pportunity
IDC
predicts that the total UTM
market size w
ill be around $5.3 billion by 2017.
The Enterprise Wireless LA
N m
arket is expected to reach $7.09 billion by 2018 according to G
artner.
Sw
itching is already a mature $21+ billion m
arket.
4G LTE is rapidly gaining popularity as a cost-effective redundant W
AN
link for branch locations.
16 BR
AN
CH
OFFIC
E FIR
EW
ALL W
ITH W
IRE
LES
S P
RO
DU
CTS
FortiGate
UN
IFIED TH
REA
T M
AN
AG
EMEN
T
Consolidates firew
all, IPS
, application control, W
eb filtering, antivirus, and m
ore into a single appliance.
Manages w
ireless APs, switches
and 4G LTE w
ireless WAN
extenders directly from
the FortiGate adm
in console.
Sim
plifies configuration and troubleshooting via single-pane-of-glass m
anagement.
Ensures continuous protection from
the latest threats with
dynamic updates from
FortiGuard
Labs.
FortiAP
SEC
UR
E WIR
ELESS
LAN
A
CC
ESS
PO
INTS
Sim
plifies wireless LA
N
managem
ent with FortiG
ate console integration.
Offers broad range of A
P form
factors including indoor, outdoor and rem
ote models.
Supports high-perform
ance G
igabit Wi-Fi w
ith 802.11ac m
odels.
Sim
plifies AP
installation with
Pow
er over Ethernet (PoE)
support.
FortiSw
itchS
ECU
RE A
CC
ESS
S
WITC
HES
Offers broad range of sw
itches w
ith 8 to 48 Ethernet ports and 1G
bE and 10GbE interfaces.
Pow
ers Wi-Fi A
Ps, VoIP
phones and IP
cameras w
ith P
oE models.
Sim
plifies switching
managem
ent with FortiG
ate console integration.
Sim
plifies PC
I compliance by
enabling easier retail network
segmentation.
BR
AN
CH
OFFIC
E FIREW
ALL W
ITH W
IRELES
S
17
OTH
ER
PR
OD
UC
TS
Integrated Wi-Fi in the
UTM
appliance with
FortiWiFi
4G LTE w
ireless WA
N backup link
to improve branch office uptim
e w
ith FortiExtender
18 HO
W FO
RTIN
ET’S
BR
AN
CH
OFFIC
E FIR
EW
ALL
AN
D W
IRE
LES
S S
OLU
TION
IS U
NIQ
UE
Consolidated N
etwork S
ecurity and Access
Other com
petitors need multiple point solutions to achieve
a similar level of security protection.
Fortinet consolidates point solutions into a single, easy-to-m
anage platform.
FortiGate has the highest num
ber of built-in switch ports
(including PoE) on the m
arket, delivering a true branch-in-a-box solution.
Security at the C
ore of Everything W
e Do
Fortinet ensures the branch network is protected from
threats. W
hether users connect via the wired LA
N, w
ireless LAN
or VPN
, they are subject to the sam
e centralized security policy.
FortiGate U
TM is secured by FortiG
uard, providing up-to-date protection against the latest threats. S
ervices include IPS
, app control, W
eb filtering, AV signatures and more.
FortiGate also integrates w
ith other Fortinet security products like FortiC
lient and FortiSandbox for advanced threat protection.
Com
plete One-Vendor S
olution
No other vendor enables the m
anagement of W
i-Fi AP
s, wired
switches and 4G
LTE extenders directly from the U
TM appliance
managem
ent console.
FortiManager and FortiA
nalyzer provide scalable, centralized m
anagement and analysis of m
any Fortinet branch office devices, from
1 to 10,000 locations.
Our single vendor solution also sim
plifies licensing as well as
support and service renewals.
BR
AN
CH
OFFIC
E FIREW
ALL W
ITH W
IRELES
S
19
No other vendor has the com
plete network security
and access portfolio required to deliver a complete
branch office solution.
Only Fortinet enables m
anagement of sw
itches, AP
s and 4G
LTE W
ireless WA
N extenders from
the UTM
appliance.
Fortinet has the best price/performance of any vendor
in the UTM
market.
CO
MP
ETITIVE
CO
MPA
RIS
ON
FortinetC
heck Point
Cisco
Sophos
WatchG
uardD
ell
UTM
aa
aa
aa
Integrated Wi-Fi
aa
aa
aa
External W
i-Fi AP
aa
aa
aE
xternal Sw
itcha
aa
External 4G
LTEa
TCO
$$$$$$$
$$$$$$$$$
$$$$$$$$
19
20 THIR
D-PA
RTY
VALID
ATION
G
artner UTM
Magic Q
uadrant
BR
AN
CH
OFFIC
E FIREW
ALL W
ITH W
IRELES
S
Leader in Gartner U
TM M
agic Quadrant
Fortinet has been positioned as a Leader in the G
artner UTM
M
agic Quadrant for the past six years.
According to G
artner, “The Leaders quadrant contains vendors at the forefront of m
aking and selling UTM
products.”
Gartner cites these Fortinet strengths:
Largest market share, grow
ing faster than the market
average, and has the largest base of certified channel partners for U
TM technology.
Fortinet continues to set the cadence in the UTM
market,
driving its competitors to react.
FortiGate integrates file sandboxing capabilities, backed up
by the large FortiGuard Labs threat research team
.
Fortinet provides a very aggressive price/performance
proposition.
21
QU
ALIFY
ING
QU
ES
TION
S
cD
o you currently operate multiple security and netw
ork access products in your branches? Is this difficult to m
anage?
cD
o you need to enable BY
OD
in your branch locations?
cD
o you need to support wireless technology, like w
ireless Point-of-S
ale or inventory scanners?
cD
o you need to meet P
CI D
SS
compliance standards?
cA
re you concerned about the risk of data breaches?
cA
re you concerned about the security of your wireless LA
N?
cW
ould you benefit from having a low
-cost 4G LTE
connection in your branch or retail location for im
proved business continuity?
22 High-P
erformance
Firewall S
olutions for D
ata Centers and
Internal Netw
orksO
rganizations are complem
enting edge N
ext Generation Firew
alls with deeper security
at the data center core and internal network.
Data C
enter Firewalls (D
CFW
) segment assets
and services at the core data center network in
consolidated environments.
Internal Netw
ork Firewalls (IN
FW) provide
visibility and protection deep in the internal netw
ork to complem
ent edge protection.
Next G
eneration IPS
provides intrusion prevention w
ith advanced controls while
enabling independence and flexibility from
the edge firewall.
Data centers and internal netw
orks are evolving rapidly with
technologies such as virtualization, cloud computing and
software-defined infrastructure that increase agility, elasticity and
collaboration. These flatter, open networks provide bandw
idth and scalability, but at the risk of greater exposure of critical data and assets. O
nce inside the network, advanced threats can
easily roam and spread.
While m
ost publicity has been on high-profile breaches such as at JP
Morgan C
hase, it was recently uncovered that a
single hacker group stole up to $1 billion from over 100 banks
worldw
ide. More troubling than the fact that not just large
businesses are being targeted by global criminal groups, the
advanced threats were typically inside each organization’s
internal network for m
onths on end, to systemically discovering
unique weaknesses and stealing assets w
ithout being detected.
Fortinet’s high-end FortiGate solutions provide m
ulti-Gigabit
performance and features deployed versatilely as a D
CFW
, IN
FW, or N
ext Generation IP
S to provide m
ore visibility and control in core and internal netw
orks.
22
23
Data C
enters are Rapidly E
volving
70% of sm
all and midsized enterprises have adopted
virtualization for server or data center consolidation.
Flatter L2 network topologies—
which are ideal for virtualization,
big data, and cloud— are also w
ide open for threats to spread once inside the perim
eter.
Advanced Threats R
equire Greater C
ontrol Inside the N
etwork
High-profile breaches at Target, JP
Morgan C
hase and others show
that hackers are roaming undetected inside netw
orks for m
onths.
A 2013 IT survey found that 57%
felt their organization put too m
uch faith in perimeter security, w
hile more than half believed
advanced threats were already in the netw
ork.
Data C
enters and Internal Netw
orks Need
Higher S
ecurity Perform
ance
Infonetics Research found 51%
of IT professionals expressed a need for 100G
bE ports in next few years.
75% of data center traffic is now
internal east-west traffic,
compared to 17%
north-south through the network edge.
IEE
E ES
TIMATES
that data center and internal core netw
ork bandw
idth is doubling every 18 m
onths in m
ost organizations
in data center security appliance m
arket share according to Infonetics R
esearch
Fortinet is ranked #2
solutions need up to five tim
es the throughput inside the netw
ork compared to
NG
FW at the edge only
DC
FW or IN
FW
MA
RK
ET D
YN
AM
ICS
AN
D D
RIVE
RS
24
FortiGate
1000 SER
IES
Data C
enter Firewall and
Next-G
eneration Security
FOR
TIGATE
HIG
H-E
ND
DATA
CE
NTE
R FIR
EW
ALLS
A
ND
NE
XT-G
EN
ER
ATION
SE
CU
RITY
AP
PLIA
NC
ES
HIG
H-P
ERFO
RM
AN
CE FIR
EWA
LL SO
LUTIO
NS
FOR
DA
TA C
ENTER
S
FortiGate
3000 SER
IES
High P
erformance D
ata Center
Firewall and N
ext-Generation S
ecurity
Ultra-high 1/10 G
E port density enables broad connectivity and visibility closer to assets.
Multi-gigabit throughput (up to 80 G
bps) inspects traffic w
hile keeping up with higher internal netw
ork speeds.
High-speed 40/100 G
E ports provide future-proofing for next-generation netw
ork fabrics.
Multi-gigabit throughput (up to 320 G
bps) inspects traffic w
hile keeping up with higher internal netw
ork speeds.
IPv6 hardw
are acceleration provides IPv4-to-IP
v6 performance parity.
Extensible managem
ent platform enables autom
ation and orchestration with cloud m
anagement and S
DN
controllers.
Features also include compact, pow
er-efficient appliance form factors.
25
OTH
ER
PR
OD
UC
TS
Secure east-w
est inter-VM
traffic with FortiG
ate VM
Enable deployment flexibility w
ith FortiS
witch access layer control
with port-level granularity
Ensure highest levels of uptim
e with FortiB
ridge fail-to-w
ire bypass
Gain additional visibility
without risk to netw
ork availability w
ith FortiTap
Transceivers P
luggable copper and optical modules
(up to 10/40/100GE) provide versatile
connectivity for Fortinet devices
26 HO
W FO
RTIN
ET’S
DC
FW, IN
FW A
ND
N
EX
T GE
NE
RATIO
N IP
S S
OLU
TION
S A
RE
UN
IQU
E
High-P
erformance C
onsolidated Security S
tack
Our custom
FortiAS
IC hardw
are acceleration offloads network
and content processing from C
PU
for higher throughput and low
er power and cost.
Up to 300+ G
bps offers high-throughput capacity in a compact
appliance, without resorting to the com
plexity of a carrier-grade chassis form
factor.
We offer the only com
pact appliances with high-speed 40/100
GE ports.
HIG
H-P
ERFO
RM
AN
CE FIR
EWA
LL SO
LUTIO
NS
FOR
DA
TA C
ENTER
SSecurity and A
vailability
FortiGuard threat content is updated daily by a large,
experienced in-house threat research team.
We have the ability to provide both detection A
ND
protection.
Our solutions offer high-availability and clustering deploym
ent scenarios for m
ission-critical networks.
Outstanding P
rice/Perform
ance and Value
Fortinet solutions deliver 10X Data C
enter Firewall perform
ance per dollar spent.
Custom
ers also get 5X Next G
eneration IPS
per dollar spent.
Gain full Internal N
etwork Firew
all visibility and control on the sam
e budget as competing edge N
GFW
-only solutions.
27
Only Fortinet offers perform
ance and flexibility sufficient to deploy as D
CFW
, INFW
or Next G
eneration IPS
(NG
IPS
).
IBM
Proventia and H
P TippingP
oint are point NG
IPS
solutions, but not firew
alls.
CO
MP
ETITIVE
CO
MPA
RIS
ON
FortinetC
iscoJuniper
Check P
ointP
alo Alto
Netw
orksIB
M
Data C
enter FWa
aa
aInternal N
etwork FW
aN
ext Generation IP
Sa
aa
aa
aS
tateful next genthroughput >10G
bpsa
aa
a
High 1/10G
E port
densitya
aa
40/100GE
port options
a
High availability
aa
aa
aa
TCO
$$$$$$$$
$$$$$$$$$
$$$$$$$$$
Palo A
lto Netw
orks can act as edge NG
FW or N
GIP
S, but
lacks performance for m
ost DC
FW and IN
FW use cases.
Com
parison excludes carrier-grade chassis form factors
(only compact appliances).
27
28 THIR
D-PA
RTY
VALID
ATION
FortiGate 1500D
- NS
S Labs N
G IP
S 2015
FortiGate 1500D
earned a Recom
mend
ed rating with best
security AN
D TC
O
Strong perform
ance with 99.2%
exploit block rate and a throughput of 11,727 M
bps
Passed all tests for evasion techniques and for stability
and reliability
Lowest TC
O at $5 per protected M
bps (3 times low
er than the nearest com
petitor)
AP
PLIC
ATIO
N S
ECU
RITY
AN
D D
ELIVERY
Palo A
lto Netw
orks PA
-5020C
isco FirePO
WE
R 8350
Fortinet FortiGate 1500D
IBM
Security N
etwork P
rotection XG
S 7100
IBM
Security N
etwork P
rotection XG
S 5100
HP
TippingPoint S
7500NX
TC
O p
er P
ro
tecte
d-M
bp
s
$3
0 $
25
$2
0 $
15
$1
0 $
5 $
0
Ave
ra
ge
Median
NSS Labs N
ext Generation Intrusion Prevention System (N
GIPS) Security Value Map™
10
0%
98
%
96
%
94
%
92
%
90
%
88
%
86
%
84
%
82
%
80
%
FortiGate 3810D
– Spirent D
C FW
Validation
FortiGate 3810D
validated to meet m
arketing performance
claims
Delivered 99.4%
of rated UD
P firew
all throughput through 100G
E ports
100 million concurrent sessions and 550,000 connections/sec
exceeded datasheet specs
IPv6 validated hardw
are acceleration provides IPv4-to-IP
v6 perform
ance parity
29
QU
ALIFY
ING
QU
ES
TION
S
cA
re you consolidating multiple server or data center environm
ents (e.g., with virtualization or cloud com
puting)?
cA
re cloud computing or big data initiatives aggregating m
ore users or data in data centers than before?
cA
re your data center speeds increasing due to increased consumption of data and services?
cA
re your employees or users increasingly accessing data and services at all tim
es using mobile or B
YO
D devices?
cD
o you feel you have adequate visibility into advanced threats that may have reached in inside your netw
ork?
cA
re you looking to gain more control of your internal netw
ork to block advanced threats or segregate access in consolidated environm
ents?
cA
re concerns about disrupting existing users or reconfiguring the network lim
iting you from deploying m
ore Internal N
etwork Firew
alls?
cH
ow im
portant do you feel it is to provide protection and not just detect threats in your internal network?
30 Application S
ecurity and D
eliveryW
eb Application Firew
alls shield application vulnerabilities from
exploits.
Application D
elivery Controllers provide scale
and availability for the best user experience.
DD
oS A
ttack Mitigation thw
arts advanced Layer 7 D
DoS
threats to maintain availability.
Web-based applications that are exposed to the Internet
are an easy target for hackers. The largest point of entry for data breaches in the past few
years has been application vulnerabilities that hackers exploit. A
dditionally DD
oS attacks
have evolved from blunt-force instrum
ents designed to overw
helm netw
ork resources to sophisticated surgical strikes that target application layer services in a data center.
Web-based attacks are a significant issue, but so is scale and
reliability. Custom
ers hosting an application for thousands or even m
illions of users need to ensure that the application infrastructure can m
eet the demand and respond quickly.
Fortinet’s Web A
pplication Security and D
elivery solutions include W
eb application firewalls, D
DoS
attack mitigation
appliances, and application delivery controllers to protect applications from
vulnerabilities and Layer 7 DD
oS attacks,
while providing the tools needed to seam
lessly scale applications to m
illions of users. For more specialized needs,
we also offer database security and com
pliance appliances, W
eb caching, and advanced WA
N link load balancers to further
ensure applications, data, and WA
N connections are secure
and available.
30
31
Less than 50 Mbps
80%
of DD
oS A
ttacks
of Breaches
Caused by
Application
Vulnerabilities
38%Encrypted A
pplication Traffic in 2014
3xINC
REA
SE
MA
RK
ET D
YN
AM
ICS
AN
D D
RIVE
RS
Applications an E
asy Target
38% of all data breaches in 2014 w
ere caused by application vulnerabilities according to the 2014 Verizon B
reach Report.
Sophisticated Layer 7 D
DoS
threats continue to grow and in
some cases only take a few
kilobytes of traffic to do as much
damage as a brute force attack of 100 G
bps or higher.
80% of D
DoS
attacks are less than 50 Gbps and m
ost successful ones are less than 1 G
bps that target Layer 7 application services.
Custom
ers Want C
onsolidated Solutions
Many vendors are consolidating application delivery, W
AF, D
DoS
and other services on A
pplication Delivery C
ontrollers.
Point solutions are losing ground to m
anufacturers that provide m
ultiple services.
Large Market O
pportunity
Web application firew
alls are expected to be in over 80% of
organizations by 2018 according to Gartner.
Global increases in secure application traffic since 2013 are
straining older application delivery technologies and driving faster refresh cycles.
Application delivery is a $1.8 billion m
arket with an annual
growth rate of 5.4%
.
DD
oS attacks are putting renew
ed focus on hardware and
service options.
3x
32
FortiWeb
WEB
AP
PLIC
ATIO
N
FIREW
ALLS
Protect custom
and comm
ercial applications w
ith automatic
usage profiling and anomaly
scanning.
Meet P
CI C
ompliance (5.5 and
6.6) with behavior-based attack
detection and mitigation.
Identify Web application security
weaknesses w
ith vulnerability scanning.
Publish w
ebsites with S
ingle S
ign On/A
uthentication.
AP
PLIC
ATION
SE
CU
RITY
AN
D D
ELIVE
RY
PR
OD
UC
TS
FortiAD
CA
PP
LICA
TION
DELIVER
Y
CO
NTR
OLLER
S
Scale applications w
ith Server
Load Balancing.
Improve secure application/server
performance w
ith SS
L Offloading/
Acceleration.
Reduce bandw
idth needs with
HTTP
Com
pression.
Provide disaster recovery that
spans multiple data centers w
ith included G
lobal Server Load
Balancing.
FortiDD
oSD
DO
S A
TTAC
K M
ITIGA
TION
A
PP
LIAN
CES
Detect D
DoS
attacks faster w
ith 100% A
SIC
-based DD
oS
detection and mitigation.
Protect against zero-day threats
with 100%
behavior-based detection.
Get com
plete DD
oS protection
with 100%
traffic inspection.
Delivers the low
est false positive detection rate w
ith Continuous
Attack R
eevaluation.
AP
PLIC
ATIO
N S
ECU
RITY
AN
D D
ELIVERY
33
OTH
ER
PR
OD
UC
TS
Provide database
security and compliance
with FortiD
B
Improve W
eb application response tim
es with
FortiCache
Increase WA
N bandw
idth and resilience w
ith FortiW
AN
Scale applications easily
and dynamically w
ith FortiD
irector
34 HO
W FO
RTIN
ET’S
AP
PLIC
ATION
SE
CU
RITY
A
ND
DE
LIVER
Y S
OLU
TION
IS U
NIQ
UE
End-to-E
nd Application S
ecurity and Delivery
Fortinet offers a complete solution that ensures applications
can meet user traffic dem
ands and near 100% protection from
targeted application attacks.
We provide core application delivery and security features in
AD
Cs and W
AFs.
Our layered approach enables advanced product offerings for
caching, DD
oS protection, database security and WAN
link load balancing.
Built on a Foundation of S
ecurity
Fortinet’s security experience gives us a unique edge in not only providing high-perform
ance application delivery, we also ensure
your applications are protected from the latest threats.
Shared FortiG
uard Threat Intelligence Services include antivirus,
anti-malw
are, IP reputation and application attack signatures.
It also easily integrates into other Fortinet cyber threat solutions like FortiG
ate NG
FW, FortiM
ail and FortiSandbox for advanced
threat protection.
Com
plete One-Vendor S
olution
FortiAD
C, FortiW
eb and FortiDD
oS products are optim
ized to w
ork together with other Fortinet products for m
anagement
and reporting.
All products share a sim
ilar interface to reduce learning curve for support team
s.
Having only one vendor to m
anage simplifies renew
als and accountability.
AP
PLIC
ATIO
N S
ECU
RITY
AN
D D
ELIVERY
35
Only F5 and A
10 have close competitive offerings to Fortinet
for complete A
pplication Security and D
elivery solutions.
Other vendors typically are point solutions.
Lowest overall TC
O com
pared to other vendors or various point solutions.
CO
MP
ETITIVE
CO
MPA
RIS
ON
FortinetF5
A10
Imperva
Arbor N
etworks
Barracuda
WA
Fa
aa
aa
AD
Ca
aa
aH
W D
DoS
aa
aD
B S
ecuritya
aLink Load B
alancing
HW
Caching
aC
loud GS
LB
Total Cost of O
wnership
$$$$$$$$
$$$$$$$$$
$$$$$$$$
35
36 THIR
D-PA
RTY
VALID
ATION
FortiWeb N
SS
Labs WA
F SVM
2014
Test Categories
Security: U
RL P
arameter m
anipulation, form/hidden field
manipulation, cookie/session poisoning, cross-site scripting,
directory traversal, SQ
L injection and padding Oracle attacks
Evasions: packet fragm
entation reassembly, stream
segmentation,
UR
L obfuscation
Perform
ance: stability, reliability and connections per second
AP
PLIC
ATIO
N S
ECU
RITY
AN
D D
ELIVERY
FortiWeb 1000D
Earned a R
ecommend
ed Rating
Offered a strong perform
ance with 99.85%
block rate and 15,865 connections/second.
Passed all tests for evasion techniques and for stability
and reliability.
Delivered a 0.366%
false positive detection rate.
37
QU
ALIFY
ING
QU
ES
TION
S
c
How
do you protect your mission-critical W
eb-based applications from attacks today?
c
Do you regularly conduct code security review
s and if so, how often?
c
Do you need to m
eet PC
I DS
S com
pliance standards? What w
ere the results of your last PC
I DS
S audit?
c
Are you concerned about data breaches of sensitive custom
er or proprietary information through your
Web-based applications?
c
Are your applications outgrow
ing a single server or your current server load balancer?
c
Do you need highly available applications for 99.999%
uptime?
c
Do you need applications to span m
ultiple data centers for disaster recovery of applications?
c
Is your Microsoft E
xchange or ShareP
oint growing near or over 1,000 users?
c
Are secure applications slow
ing down servers and increasing response tim
es?
c
Are D
DoS
attacks one of your top data center threats?
c
Do you find that your current service-based D
DoS
mitigation solution is expensive w
ith unpredictable costs?
38 Security
Managem
ent S
ecurity managem
ent allows adm
inistrators to control policies, firm
ware and content security for
many security devices.
Security analytics gives adm
inistrators the insights they need to enact effective corporate governance.
Cloud-based m
anagement enables m
ass provisioning and reduces upfront costs.
Without the proper security m
anagement controls, netw
orks can becom
e a mishm
ash of misconfigured firew
alls and rogue w
ireless access points allowing m
alicious traffic on the LAN
. O
lder versions of firmw
are or stale content security intelligence can expose corporate netw
orks to the latest threats which can
unwittingly facilitate a security breach. In addition, deploym
ent and initial configuration of security devices are often difficult and costly to m
anage centrally.
Adm
inistrators need centralized managem
ent for as many
devices as possible, but policies, firmw
are and configuration changes should be rolled out in a uniform
ed fashion. As
changes are made, a full audit trail of updates and w
orkflows
need to be tracked. Ideally, an administrator could perform
ad-hoc forensics, visualizations and reporting to continually optim
ize their organizational security. This is what is m
eant by “single pane of glass” m
anagement – holistic operational control
and visibility.
Fortinet’s Security M
anagement and A
nalytics portfolio includes solutions for security policy/device m
anagement, logging/
analytics, migrations and cloud-based provisioning. M
ost im
portantly, these solutions give administrators the tools by
which to deploy, control, visualize and scale their enterprise
networks instantaneously and w
ith minim
al expertise.
38
39
MA
RK
ET D
YN
AM
ICS
AN
D D
RIVE
RS
Security B
reaches are Mounting P
rimarily
Due to O
versights
84% of breached organizations have evidence in security logs.
95% of breaches are caused by firew
all misconfiguration and
are entirely preventable.
Organizations cited the ability to distinguish abnorm
al behavior as their #1 security m
anagement challenge.
Cloud-based A
pplications Require N
ew C
ontrols and V
isibility Features
Up to 35%
of traffic on enterprise networks is used by cloud-
based applications and the mix is increasing year over year.
The ability to decrypt SS
L and perform deep-packet inspection
on cloud applications at high speed is critical.
Application specific inform
ation such as user login, name of
files uploaded/downloaded and videos played are highly useful
for forensics.
Consolidation of Features and C
ost Reduction
is Param
ount
Som
e enterprises are looking at ways to reduce their security
expertise at individual branch offices, thereby controlling operational costs.
Security, w
ireless and switching functions are increasingly
targeted for consolidation – managem
ent of all three areas is preferable.
Many enterprises are m
oving to cloud-based managem
ent m
odels (industry-wide 70%
YoY growth).
of breached organizations have evidence in their security logs
84%of breaches are caused by firew
all misconfiguration
95%Typical enterprise
application usage is
~35%cloud-basedapplications
40
FortiManager
CEN
TRA
LIZED D
EVICE
MA
NA
GEM
ENT
Com
bines analytics, reporting and logging functions.
Supports a high num
ber of m
anaged devices (up to 10,000).
Optim
izes policy pushes for large enterprises/M
SP
s.
Manages the security policy
approvals process with
Workflow
Mode.
SE
CU
RITY
MA
NA
GE
ME
NT
FortiAnalyzer
CEN
TRA
LIZED LO
GG
ING
A
ND
REP
OR
TING
Enables forensics for post-breach discovery and future risk prevention.
Delivers high-perform
ance log rates for large enterprises/M
SS
Ps.
Provides interoperability w
ith third-party devices using S
yslog.
Offers m
ore application, user and W
eb insights with new
report tem
plates.
FortiCloud
CLO
UD
-BA
SED
M
AN
AG
EMEN
T
Provisions w
ireless and security devices at rem
ote sites.
Maintains single-pane-of-glass
managem
ent for overseeing a w
ireless and security infrastructure.
Protects the netw
ork from
advanced threats with granular
access controls and application usage policies.
Provides an O
PEX-based m
odel that’s future-proof and scales on dem
and.
SEC
UR
ITY M
AN
AG
EMEN
T
41
FortiConverter
CO
NFIG
UR
ATIO
N A
ND
M
IGR
ATIO
N TO
OL
Provides a single tool for m
ultiple installations allow
ing for cross vendor installation conversion.
Supports autom
ated configuration conversion.
Significantly reduces the
possibility of human error in the
conversion process.
Identifies and eliminates errors in
existing configurations.
42 HO
W FO
RTIN
ET’S
SE
CU
RITY
MA
NA
GE
ME
NT
SO
LUTIO
N IS
UN
IQU
E
Unm
atched Threat, Application and W
eb Filtering Intelligence
Award-w
inning FortiGuard Labs content security provides best-
of-breed telemetry.
Intelligence from FortiG
uard is featured in FortiView, w
hich allow
s for drill-down forensics and advanced analysis.
Telemetry for application sensors includes traditional A
ND
cloud-based applications, such as D
ropbox and YouTube.
Platform
Flexibility
Managem
ent can control devices based on many varying
platforms, such as hardw
are appliance or virtual & cloud-based deploym
ents like Am
azon AW
S.
The Fortinet Developer N
etwork (FN
DN
) provides extensibility via JS
ON
/XML A
PIs for autom
ation/customization and sam
ple code/docum
entation.
The logging and reporting engine contains a full SQ
L database that allow
s for custom dataset/chart creation.
It also provides interoperability with third-party ecosystem
technology partners and upstream
SIEM
s via Syslog forw
arding.
Perform
ance and Scaling
Deploym
ent expertise in MS
SP
environments allow
s scaling up to 10,000 devices under m
anagement.
Use of various operating m
odes supports logging consumption
of 75,000+ logs/sec per appliance as well as hierarchical
logging.
Security m
anagement products include built-in m
ulti-tenancy w
ith no additional licensing costs.
Other features include cloud-based provisioning and auto-
registration of new devices deployed w
ithin branch offices and external sites.
Com
plete Single-Vendor S
olution
Not lim
ited to security devices, the managem
ent framew
ork extends to w
ireless access points and switches as w
ell.
It supports a complete portfolio of auxiliary security products
including Web A
pplication Firewall, S
andbox and Anti-spam
.
The end result delivers true single-pane-of-glass managem
ent for your enterprise.
SEC
UR
ITY M
AN
AG
EMEN
T
43
Only P
alo Alto and C
heck Point have sim
ilar competitive
offerings to Fortinet for complete S
ecurity Managem
ent and A
nalytics.
From a scaling/perform
ance standpoint, Fortinet supports m
ore managed devices and faster logging rates than m
ost com
petitors.
Lowest overall TC
O w
hen compared w
ith other vendor m
anagement solutions.
CO
MP
ETITIVE
CO
MPA
RIS
ON
FortinetP
alo Alto
Check P
ointS
plunkA
rcSight
Meraki
Security M
anagement
aa
a-
-
Wireless M
anagement
a-
-a
Hierarchical Topology
aa
aa
Max. D
evices10,000
1,000-
-
HW
, VM &
Cloud
aTotal C
ost of Ow
nership$$$
$$$$$$$$$
$$$$$$$$$$
$$$
43
44 SEC
UR
ITY M
AN
AG
EMEN
T
QU
ALIFY
ING
QU
ES
TION
S
cH
ow m
any FortiGates are deployed w
ithin your organization (or plan to be deployed)?
cH
ow do you currently provide security and netw
ork health guidance to executive staff?
cH
ow do you currently control bandw
idth costs related to applications like P2P
or streaming?
cW
hat kind of oversight do you have into potential AP
T breaches across all of your firewalls?
cIs your current m
anagement solution interoperable w
ith a portfolio of products? Or just firew
alls?
cW
hat types of point products do you use your managem
ent system for?
cD
o you currently employ m
anagement consoles to m
anage different device types (firewalls, sandboxes, w
ireless AP
s, etc.)?
cD
oes your current managem
ent system interoperate properly w
ith third-party vendors (your ecosystem partners of choice)?
cH
ow do you perform
forensics once you’ve determined there’s been a breach or abnorm
al event?
cW
hen going through logs, do you have to manually m
ap IP addresses to users, ports to applications, etc.?
cW
hat kinds of recurring costs do you absorb for device managem
ent?
cA
re there costs associated with m
anaging security devices at branch offices or other sites?
45
Cloud O
verview
Leverage the agility of virtualization to streamline
security deployments in the data center and
private cloud.
Get on-dem
and cloud marketplace delivery w
ith the flexibility of m
etered billing and Bring-Y
our-O
wn-License (B
YO
L) economics.
A com
prehensive stack of virtual appliances delivers end-to-end security life cycle m
anagement and orchestration.
Meet and m
aintain physical and cloud related com
pliance mandates in a hybrid IT environm
ent.
Enable cloud-managed security services for
enterprise clouds at-scale.
Virtualization offers agility, cost-effectiveness, and scalability to m
odern data centers. Fortinet virtual appliances feature all of the security and netw
orking services comm
on to traditional hardw
are based appliances on major hypervisors, including
VMw
are ESXi, M
icrosoft Hyper-V, K
VM, and Xen etc.
Securing from
on-premise to m
ulti-tenant public cloud service providers w
ith clear segmentation, Fortinet provides best-of-
breed security appliances for policy consistency, monitoring,
analytics and governance in cloud platforms such as A
mazon
AW
S, M
icrosoft Azure, VM
ware vC
loud Air, and O
penstack.
46 SD
N O
verview
Fortinet SD
N solutions tap into the S
oftware
Defined D
ata Center (S
DD
C) ecosystem
with full
software integration certification for VM
ware N
SX
and Cisco A
pplication Centric Infrastructure (A
CI).
We elim
inate security lags that result from m
anual change updates.
Our control plane and data plane are
automatically provisioned and scaled for
on-demand delivery.
Micro-segm
entation security controls can be exerted based on application w
orkloads and user identities.
Our solution provides visibility for centralized
policy enforcement, consistent logging, and
reporting.
SDD
C is built onto SD
N w
here network and security can keep up
with the agility and efficiency of the m
odern data center. SDN
further virtualizes and abstracts the netw
ork beyond just the hypervisor itself to the core data center fabric, and presents m
ore challenges and opportunities for deploying netw
ork services from security
to L4-L7 application services (e.g., load-balancing). Beyond the
integration of virtual network services into the data plane, S
DN
and private cloud introduce m
ore managem
ent plane integration, particularly around autom
ation and orchestration of network
services. It provisions on-demand overlays on top of existing
networking gears and fabrics.
Fortinet integrates through VMw
are NS
X and Cisco A
CI to
support the network security resource abstraction, pooling,
micro-segm
entation and consumption flow
.
46
47
MA
RK
ET D
YN
AM
ICS
AN
D D
RIVE
RS
Cloud S
ecurity Market D
rivers
of New
Application Vendors
50%w
ill be SaaS
by 2015
50% of
Enterprises
will use C
loud for at Least 1 C
ore Process
of Private
Cloud w
ill be IaaS
90%
§§Manual security change processes fail to keep pace w
ith the rate of w
orkload changes in virtualized environments
§§Significant security-driven perform
ance degradation in virtual environm
ents
According to G
artner, by the end of 2016, more than 10,000
enterprises worldw
ide will have deployed S
DN
, a tenfold increase from
2014. SD
N helps address the above security
challenges:
§§SD
N creates consistency, reliability & repeatability across
entire the network infrastructure
§§SD
N creates m
ulti-tenant, on-demand, topology & device-
independent provisioning
§§SD
N is orchestrated using tem
plates, user service levels & policy for dynam
ic application delivery and rapid change
As such, custom
ers are increasingly looking for security solutions that integrate w
ith SD
N orchestration A
PIs.
According to G
artner, by 2016, all large global enterprises will
use some level of public cloud services
The most com
mon use of cloud services is as part of a hybrid
model of on-prem
ise and external cloud infrastructure.
The customer rem
ains primarily responsible for securing their
information in the cloud, and com
pliance regulations concerning cloud are grow
ing in number and stringency.
Enterprises are increasingly concerned about security and com
pliance across public, private and hybrid IT environments,
and are looking for a single security platform that w
orks across the physical and cloud elem
ents of their networks.
SD
N S
ecurity Market D
rivers
Rapid adoption of virtualization in the data center has
introduced many security challenges, including:
§§Errors in security configuration due to context sharing
§§Lack of visibility into East-West traffic
48 CLO
UD
PR
OD
UC
TS
FortiGate
FortiWeb
SD
N P
RO
DU
CTS
FortiGate VM
XS
ervice Manager
FortiGate VM
andFortiG
ate VMX
FortiAnalyzer
FortiManager
Fortinet Softw
are-Defined S
ecurity D
elivers Agnostic P
latform
Com
patibility
Support for leading S
DN
and Netw
ork Function Virtualization (N
FV) solutions including VM
ware N
SX, C
isco Application
Centric Infrastructure (A
CI), H
P Virtual
Application N
etworks (VA
N) and
OpenS
tack SD
N C
ontrollers.
Scale-O
ut Elasticity for H
ypervisors and C
louds
Augm
ents scale-up hardware w
ith scale-out capacity from
virtual appliances, and provides better visibility and control of virtual netw
ork traffic.
Facilitates scale-out elasticity, autom
ation, and orchestration using containerization w
ithin a VM.
Supports all m
ajor hypervisors as well as
leading public clouds.
CLO
UD
AN
D S
DN
49
Agile P
latform O
rchestration and Autom
ation
Enables the orchestration and automation of security for cloud
and SD
N platform
s, and provides out-of-the-box integration and rich A
PI extensibility.
Security policy is seam
lessly applied in logical and dynamic
environments.
Enables auto-provisioning of security engines and firewall/
security rules with W
eb-scale workloads, or logical firew
all rules that follow
VM w
orkloads across clouds.
On-D
emand S
elf-Service
Fulfill security with a self-service catalog and online
marketplaces.
Take advantage of hourly, monthly m
etered consumption
models that align w
ith an on-demand, utility-based philosophy.
Single P
ane-of-Glass M
anagement
Ensure consistent policy and a consolidated view of events,
logging and analysis across the hybrid cloud.
Centrally m
anage devices at the edge and core of the data center, across m
ultiple data centers and clouds, and across both physical and virtual appliance form
factors.
Com
plete One-Vendor S
olution
Fortinet’s broad cloud/SD
N security portfolio is optim
ized to w
ork together for managem
ent and reporting regardless of platform
.
All Fortinet products share a sim
ilar interface, helping to reduce the learning curve for support team
s.
Having only one vendor to m
anage simplifies renew
als and accountability.
50 CLO
UD
AN
D S
DN
51
Other vendors typically are point solutions.
Lowest overall TC
O com
pared to other vendors or various point solutions.
CO
MP
ETITIVE
CO
MPA
RIS
ON
Public C
loudFortinet
Palo A
ltoC
heck Point
Cisco
Juniper
Firewall/VP
Na
aa
aW
AF
aM
anagement
aU
RL Filtering
aa
aA
nalyticsa
Platform
sFortinet
Palo A
ltoC
heck Point
Cisco
Juniper
Am
azon Web S
ervicesa
a(B
YOL only)
a(no annual sub.)
a(not N
GFW
)
Microsoft A
zurea
Com
ing Soon
aa
Com
ing Soon
OpenS
tacka
aa
aTotal C
ost of Ow
nership$$$
$$$$$$$$$
$$$$$$$$$
51
52 QU
ALIFY
ING
QU
ES
TION
S
c
How
do you handle disaster recovery in your data center?
c
How
do you protect your mission-critical W
eb-based applications from attacks today?
c
Do you regularly conduct code security review
s and if so, how often?
c
Are you regularly guessing your security infrastructure capacity?
c
Do you ever over-purchase or over-provision beyond your data center’s actual needs?
c
Are you concerned about data breaches of sensitive custom
er or proprietary information through your
Web-based applications?
c
Are your applications outgrow
ing a single server or your current server load balancer?
c
Do you need to deploy or adjust your data center configuration at scale in m
inutes?
c
Do you need high availability for netw
ork security in the cloud?
c
Do you need applications to span m
ultiple data centers globally for disaster recovery?
c
Are you in the dark for netw
ork security controls or finding inconsistent firewall rules?
c
Do you think data and netw
ork security are the most challenging functions to public clouds?
c
Do you m
anually configure firewall policy each tim
e a server host is added?
c
Do you need a centralized m
anagement console to handle netw
ork traffic for a mix of security equipm
ent?
c
Would you like netw
ork security to be self-provisioned based on its own application profile?
CLO
UD
AN
D S
DN
53
FortiGuard
Your netw
ork security partner should have a deep understanding and visibility into the dynam
ic threat landscape, and the ability to respond in real-tim
e at multiple levels in your netw
ork.For m
ore than 10 years, Fortinet’s dedicated in-house threat research team
, FortiGuard Labs, has
led the industry while developing and constantly
updating all of Fortinet’s security services.Fortinet’s superior and consistent effectiveness at stopping advanced threats has been independently validated by N
SS
Labs, VirusB
ulletin, AV C
omparatives and other
certification and testing organizations. S
pecific FortiGuard subscription services are
available on the following Fortinet netw
ork security solutions:
Antivirus
Anti-spam
Application C
ontrolD
atabase Security
Web S
ecurity Services
IP R
eputationIntrusion P
reventionW
eb Filtering
Please see the m
atrix below for FortiG
uard Subscription
Services associated w
ith Fortinet’s Netw
ork Security
Product Lines:
FortiGuard S
ervices
App Control
IPSAV
IP Rep. / Anti-bot
Web
FilteringAnti- spam
Vuln.Scan
DBSecurity
Fortinet Solutions
FortiGateaaa
aa
aa
FortiSandboxaa
aa
FortiClienta
aa
a
FortiWeb
aa
FortiCachea
a
FortiMail
aa
FortiADCa
FortiDDoSa
FortiDBa
54
Corporate W
ebsite http://w
ww
.fortinet.com
Fortinet Partner P
ortal https://partners.fortinet.com
/
Partner A
pp D
ownload “FortiLink” from
Apple iTunes
Fortinet Netw
ork Security E
xpert (NS
E)
Learning Center
Available through the Fortinet Partner Portal
Training Information
http://ww
w.fortinet.com
/training/index.html
Product Inform
ation http://w
ww
.fortinet.com/products/index.htm
l
Fortinet Icon Library Available on fortinet.com
, in the Resources Section
54 Partner S
upportW
e have your back…and your front, sides
and corners too.
Fortinet provides a wealth of resources for our
partners, including services such as sales and product training, opportunity identification, and advanced technical support as part of the pre-sales process.
Enterprise customers tend to have specialized
needs with m
any complexities. O
ur global teams
of account managers and sales engineers are at
the ready to assist you with any of the solutions
presented in this guide.
We also have m
any online resources to assist you in the sales process.
55
FortiDB
Database
Protection
FortiAD
CA
pplicationD
eliveryC
ontroller
FortiGate V
MX
SD
N, Virtual
Firewall
FortiGate
Top-of-Rack
FortiAP
Secure A
ccessP
oint
FortiAuthenticator
User Identity
Managem
ent
FortiManager
Centralized
Managem
ent
FortiSandbox
Advanced Threat
Protection
FortiAnalyzer
Logging, Analysis,
Reporting
FortiClient
Endpoint Protection
FortiClient
Endpoint Protection,
VPN
FortiVoice
IP P
BX P
honeS
ystems
FortiWiFi
UTM
FortiExtender
LTE Extension
FortiTokenTw
o FactorA
uthentication
FortiDD
oSD
DoS
Protection
FortiGate
NG
FW
FortiCam
eraIP
VideoS
ecurity
FortiGate
Internal NG
FW
FortiGate
DC
FW
FortiGate
Next G
enIP
S
FortiGate
Cloud
FortiMail
Email S
ecurity
FortiWeb
Web A
pplicationFirew
all
DATA
CE
NTE
R
BR
AN
CH
OFFIC
E
CA
MP
US
Intrusion Prevention
Application C
ontrolW
eb Filtering A
ntivirus IP
Reputation
Web A
pplication Security
Vulnerability Managem
entA
nti-spamD
atabase Security
This Partner Sales G
uide is designed to educate and enable Fortinet channel partners on our leading network security solutions.
This is not appropriate as a customer-facing docum
ent.
v1.0 06.03.15
Copyright ©
2015 Fortinet, Inc. All rights reserved. Fortinet ®, FortiG
ate®, FortiC
are® and FortiG
uard®, and certain other m
arks are registered trademarks of Fortinet, Inc., and other
Fortinet names herein m
ay also be registered and/or comm
on law tradem
arks of Fortinet. All other product or com
pany names m
ay be trademarks of their respective ow
ners.