At its Accelerate 2019 conference, Fortinet expanded its campaign to unify network and security operations with the release of an update to the operating system on its switches. The update adds more than 300 capabilities to the Fortinet switching fabric.
In addition, Fortinet unveiled what is describes as the first ASIC-based system on a chip designed specifically for software-defined wide are networks (SD-WAN) and a 1/10G FortiGate 100F Appliance to provide a firewall that shares a common management plane with the SD-WAN.
Fortinet also announced support of TLS 1.3 encryption to secure internet traffic, a deception-based tool dubbed Forticeptor and integration with threat intelligence feeds that generate alerts using machine learning algorithms trained by FortiGuard Labs.
Other new capabilities launched by Fortinet include support for Kubernetes for the Fortinet next-generation firewall (NGFW) via FortiOS 6.2 Fabric Connectors, the ability to deploy Fortinet NGFWs using virtual machines on a public cloud and integration between FortiMail and O365 Exchange at the application programming interface (API) level to make it possible to apply FortiGuard threat intelligence to emails.
According to Fortinet, the 300 additions to the security fabric include integrations with more than 70 vendor partners as part of an effort to create a cybersecurity ecosystem. John Maddison, executive vice president of products and solutions at Fortinet, said more than 50 of those partnerships are at the API level.
He noted all these advances are enabled by an update to FortiOS that takes advantage of the processing power of a custom ASIC to integrate security and networking functions without compromising performance. While there has been a lot of interest in trying to lower the cost of networking equipment by relying on commercial processors from Broadcom or Intel, Maddison said it’s becoming increasingly apparent there is an acute need for ASICs that provide processors specifically designed to optimize security and network processing. However, that approach doesn’t preclude make using of Intel or other commodity processors to handle some functions alongside Fortinet ASICs when it makes more economic sense, he said, adding that will be especially important as artificial intelligence becomes increasingly baked into cybersecurity and network management.
Fortinet is clearly responding to a trend that is seeing network administrators being pressed into taking more responsibility for network cybersecurity. Complicating that shift, however, is the fact that the network perimeter as organizations once understood it is disappearing. Network administers are now being asked to secure attack surfaces by enforcing policies and discovering malware all the way from the network edge to the cloud, said Maddison. Rather than trying to accomplish that goal relying on what amounts to separate cybersecurity overall, Fortinet is making a case for melding security and networking into a common fabric based on a common operating system.
It may be a while before organizations decide to commit to that level of networking equipment upgrades to achieve that goal. But the shortage of cybersecurity expertise coupled with the cost of managing a cybersecurity technologies separately soon may force the issue.