The sheer amount of data being communicated and processed around the world continues to grow at a staggering rate. The Internet stands as the primary driver of the global data explosion. But newer technologies that ride on the Internet, such as cloud computing, X-as-a-Service offerings, and Internet of Things (IoT), means that more sensitive and business critical information than ever is in motion within and beyond the traditional boundaries of individual enterprise IT infrastructures.
Security Challenges of SSL Encryption
As a result of this dynamic expansion and reach of information, encrypted Secure Sockets Layer (SSL) communications has become the most-used way for enterprises to protect their data from unauthorized exposure. In fact, at this writing, SSL encrypted communications accounts for 60% of data flowing in and among enterprise IT infrastructures. Unfortunately, as the percentage of businesses and government agencies adopting SSL encryption grows, the more adversaries also use it for infiltration and exfiltration—sneaking in malware, and tunneling stolen and confidential data out—of enterprise infrastructures and networks.
The standard remedy to prevent the adversarial abuse of SSL communications is to inspect SSL encrypted packets for exploits, malware, and purloined data. Currently, up 10% of mid- and large-scale enterprises practice some degree of encrypted data packet inspection as a security measure, with this number expected to rise to at least 50% by the early 2020s. While packet inspection has become a mainstream security technology, Next Generation Firewalls and other devices performing this function can a) be overwhelmed by the amount of traffic they need to handle, b) become bottlenecks due to the resource-intensive process of inspecting encrypted traffic that degrades overall infrastructure performance, and c) add yet more complexity and expense to the IT mission.
End-to-End Infrastructure Visibility Beyond Applications
The ever-expanding attack surface also makes it increasingly difficult for organizations to maintain transparent visibility and control across all of their assets. The Internet of Things (IoT), which is difficult to defend and protect, complicates an already difficult undertaking internally—particularly considering the exponential growth rates that are projected for them. At the same time, cloud adoption, coupled with the fact that multi-cloud services are quickly becoming commonplace, further extends the potential attack surface outside of the traditional network perimeter.
As organizations move to address these new security challenges, end-to-end, transparent visibility and control emerges as both a real necessity and a real problem. They must be able to monitor security across all of their assets—both those internal and those external—in real time, while also managing security policies and controls from a single pane of glass. Silo-based security infrastructures that leverage isolated point products or platforms lack the capabilities an integrated, automated security fabric offers.
New FortiGate 300E and 500E – Redefines Next Generation Firewalls
Organizations require a robust and extensible Next Generation Firewall (NGFW) solution designed to address this new security landscape. Fortinet is tackling these challenges head on with the release of the FortiGate 300E and 500E NGFW appliances.
Some of the specific security requirements met by the FortiGate 300E and 500E appliances include:
Fast and Agile
The FortiGate 300E and 500E firewalls are incredibly fast. The secret is Fortinet’s purpose-built CP9 content processor and parallel path processing that significantly outmatch competing products that are based on off-the-shelf components, to deliver best-in-class threat protection and SSL inspection performance. It also includes innovative collaborative learning capabilities, giving it the ability to share information and workloads with other security devices and systems in the same network, while also remaining visible and manageable through a single pane-of-glass for communications and control. This enables organizations to detect and block malevolent content before it can attach itself to vulnerable assets.
Advanced threat protection is critical in stopping zero-day exploits. FortiGuard Labs has repeatedly demonstrated its thought leadership in this critical area, and continues to excel in third-party tests (see below). In addition, with Cloud FortiSandbox seamlessly integrated into the FortiGate 300E and 500 firewalls, organizations have the ability to activate sandboxing to quickly and easily detect unknown threats.
The FortiGate 300E and 500E appliances deliver capabilities that meet new requirements driven by the transformation of branch network traffic and Software-as-a-Service (SaaS) application utilization. Specifically, they include key networking features such as an efficient wide area network (WAN) Path Controller and a dynamic SaaS-based database that enables secure SD-WAN.
Price-performance is an important requirement for nearly every organization today. This means that a solution must deliver maximum threat protection performance, reliability, and manageability at the lowest possible total cost of ownership (TCO). To this end, the FortiGate 500E delivers 10GbE connectivity with 4.7 Gbps threat protection and 6.8 Gbps SSL inspection throughput. Pound for pound, this is the best price-performance capability on the market today.
FortiGate 300E and FortiGate 500E, Part of the Fortinet Security Fabric
Like all of Fortinet’s solutions, the FortiGate 300E and 500E seamlessly integrate into the Fortinet Security Fabric, making it extremely easy for organizations to integrate them into their larger security framework environments. They also share data and balance workloads to maximize seamlessness and timeliness when defending infrastructures from attack. Importantly, this means that user of Fortinet solutions can extend comprehensive, uniform controls across any environment.
Don’t Take Our Word for It
Gartner placed Fortinet in the “Leaders” Quadrant in its 2017 Enterprise Firewall Magic Quadrant report. Read FortiGate Enterprise Network Firewall customer reviews. And Fortinet’s FortiGate is one of the only vendors to receive “Recommended” ratings from NSS Labs NGFW group test for four consecutive years.
What makes the FortiGate 300E and FortiGate 500E firewalls winners? The real measure of their success is in the eyes – and experience – of their customers and end users. To that end, in a future post I will report more from the front lines of customer experience with the FortiGate 500E and FortiGate 300E products. In the meantime, I recommend a visit to the Fortinet NGFW product pages for a full overview of these and other members of the FortiGate product family. You can also download the FortiGate 300E and FortiGate 500E data sheets from these embedded links.