Fortinet is embarking on a mission for some of its firewalls and other products and those of third-party vendors to work together to boost security across core networks, remote devices and the cloud.
Called Fortinet Security Fabric, the architecture relies on direct communications inherent among certain of its own products (such as the FortiGate next-generation firewall, FortiWeb Web application firewall, FortiMail email security and FortiSandbox advanced threat protection system) as well as with those of other vendors via APIs.
Each third-party device can participate in sharing information depending on the capabilities of its API, says John Maddison, Fortinet’s senior vice president of products and solutions.
The company is announcing an alliance with CarbonBlack to improve protection against advanced persistent threats. If CarbonBlack’s endpoint protection catches suspicious software, it can share it with FortiSandbox, for example, Maddison says. There, the suspect software can be run in isolation to determine whether it is malicious and to figure out a way to remediate any harm it might do.
Customers are testing the CarbonBlack integration and it should be generally available within a month.
Fortinet already has engaged other third-party vendors’ APIs in six categories: cloud, virtual systems, SDN orchestration, SIEM and management. The actual sharing capabilities depend on the APIs available with each third-party product, he says. But each is considered part of Fortinet Security Fabric.
NEW FORTIGATE FIREWALLS
Fortinet is introducing a new series of FortiGate next-generation firewalls powered in part by a new ASIC that offloads certain security functions from the machine’s general CPU.
The ASIC, called CP9, will boost performance of next-generation firewall features on the devices vs. FortiGates powered by the previous CP8.
The new Fortigate 6040E supports 320Gbps of traditional firewall throughput and 80Gbps throughput with next-generation firewall features turned on, which includes IPS and application control. This compares to 320Gbos of traditional firewall and just 25Gbps of next-generation firewall for the previous big FortiGate 3810, Maddison says.
The new processor should also boost performance of SSL traffic, he says, but the company doesn’t have metrics on that yet.
Fortinet is also announcing two new FortiGate 2000E series enterprise firewalls that incorporate the CP9 chip. FortiGate 2000E and 2500E have increased performance for their VPN capabilities, deep content inspection and advanced application controls.
The company plans to incorporate the CP9 chip in new devices that will become available over the next several quarters, he says.