About Fortinet

FortiGate Next-Generation Firewall

Cybercriminals continue to launch automated and sophisticated attacks against organizations, threatening the foundation of cloud and digital transformation critical to efficient business operations.

Our award-winning FortiGate next-generation firewalls (NGFWs) provide high performance, multilayered validated security and granular visibility for end-to-end protection across the entire enterprise network. Our purpose-built security processors (SPUs) deliver scalable performance and ultra-low latency for advanced security capabilities. Our security services from FortiGuard Labs provide continuous threat intelligence updates and automated mitigation to keep organizations protected from advanced cyberattacks.

FortiGate NGFWs reduce complexity and lower the total cost of ownership along with supporting scalable deployments at the network edge, data center, internal segments, and distributed branches.

FortiGates are the core of the Fortinet Security Fabric, defending against known and unknown attacks to provide network security across the entire attack surface.

FortiGate Next-Generation Firewall includes:

• Multilayered security approach for comprehensive protection against advanced threats and prevention of any single point introducing vulnerability in the network.
• Innovative security processor (SPU) technology for high performance application layer security services (NGFW, SSL inspection, and threat protection).
• Industry's fastest SSL inspection engine to help protect against malware hiding in encrypted traffic.
• Independent third-party validation to demonstrate superior effectiveness and best price performance.
• Single pane of glass management to simplify deployment and enable consistent security policies with granular control and visibility across the network.

Data Center Intrusion Prevention System (DCIPS)

Intrusion Prevention System (IPS) technology protects your network from cybercriminal attacks by actively seeking and blocking external threats before they can reach potentially vulnerable network devices such as key servers in the data center. Today, sophisticated and high-volume attacks are challenges that every organization must prepare for. These attacks are evolving, infiltrating networks via ever-increasing vectors. The result is an urgent need for network protection while maintaining the ability to efficiently deliver the high-performance services and applications your users demand.

Fortinet IPS functionality empowered by FortiOS is an industry-proven network security solution that scales to 120 Gbps and beyond of in-line protection. Powered by purpose-built hardware and Fortinet Security Processing Units (SPUs), DCIPS is able to achieve low TCO while meeting the highest performance requirements. IPS is easy to set up, yet offers feature-rich capabilities, with contextual visibility and coverage. It's kept up to date by threat intelligence research teams that work 24 hours a day worldwide, to detect and deter the latest known threats, as well as zero-day attacks.

As an extension of the Fortinet Security Fabric, Fortinet DCIPS meets all the DCIPS requirements by combining a high-speed, highly effective IPS engine with evasion techniques, reputation awareness, extensive application control capabilities, user and device identification, and a performance-optimized platform. DCIPS solutions set a higher standard for security, control, and performance.

Fortinet DCIPS includes:

• Industry’s fastest zero-day protection provided by FortiGuard Labs.
• Optional advanced techniques such as sandboxing to broaden detection and expose evasive threats
• High precision and accuracy provided by IPS filters.
• Highly flexible deployment options using IPS Sensors.
• Lower TCO and higher performance IPS achieved by purpose-built SPUs.
• Single-pane-of-glass management for unmatched visibility and control.

Endpoint Security

Securing your endpoints against today’s threats on a myriad of devices can be quite a challenge for a number of reasons. Managing separate endpoint features is complex and time consuming. Disparate security products don’t share intelligence, resulting in slow threat response. And, lack of IT expertise to effectively administer endpoint security can let threats into your network. FortiClient delivers easy-to-manage, automated, fully customizable endpoint security for a broad set of devices, removing those challenges.

FortiClient integrates with the Fortinet Security Fabric to provide real-time actionable visibility to stop threats across various vectors including at the endpoint. FortiClient includes:

• Unified endpoint features including compliance, protection, and secure access into a single, modular lightweight client.
• End-to-end threat visibility and control by natively integrating endpoint into the security architecture.
• Automated advanced threat protection and detection, powered by FortiGuard along with FortiSandbox integration.
• Integrated patch management and vulnerability shielding to harden all endpoints.
• Simplified management and policy enforcement with Enterprise Management Server (EMS) and FortiGate, respectively.

DDoS

Distributed Denial of Service (DDoS) attacks are ever-evolving and use a variety of technologies. To successfully combat these attacks, you need a dynamic, multi-layered security solution. FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.

FortiDDoS includes:

• 100% security processor (SPU)-based layer 3, 4, and 7 DDoS protection application-aware traffic management.
• Behavior-based DDoS protection to eliminate need for signature files.
• FortiLink port-level network access option, centrally manageable from any FortiGate.
• Minimal false-positive detections through continuous threat evaluation.
• Ability to monitor hundreds of thousands of parameters simultaneously.
• Defense against every DDoS attack: bulk volumetric, layer 7 application, and SSL/HTTPS
• Attack protection for DNS services via specialized tools

Identity Access Management

Establishing identity through secure authentication is important for implementing an effective security policy. Many of today’s most damaging security breaches have been due to users being provided with inappropriate levels of access, or worse—compromised static passwords.

Identity Access Management is an underlying component of the Fortinet Security Fabric, establishing identity at its entry point. FortiAuthenticator User Identity Management, together with FortiToken, delivers cost-effective, scalable, and secure access control to your entire network infrastructure.

Identity Access Management includes:

• Intuitive, centralized authentication and authorization services that establish identity in the implementation of security policy.
• Single-sign-on (SSO) for both web/cloud and network resources.
• Two-factor strong authentication and management.
• Guest, BYOD, and certificate management.
• Simple deployment and licensing.

Virtualized Next-Generation Firewall

Organizations embracing private and public clouds need network security that complements traditional physical appliance form factors to gain visibility and maintain consistent security policy as workloads, users, and data migrate to more agile, elastic, and virtualized infrastructure.

FortiGate next-generation firewall virtual appliances provide proven security while realizing the flexibility and benefits of VM-based packaging: unmatched ROI, rapid provisioning, east-west traffic visibility, unlimited scalability, and consolidation. The virtualized form factor can be tightly orchestrated with hypervisors, cloud management, and SDN controllers through purpose-built integration or with FortiGate Connectors.

To provide consistently top-rated security, greater visibility, and unmatched performance, FortiGate virtual appliances give you the unique combination of the most advanced threat intelligence from FortiGuard Labs with a common FortiOS Operating System, simplifying management across physical, virtual, and cloud deployments.

The Fortinet Security Fabric extends fabric visibility down to east-west traffic at the VM workload level with virtualized next-generation firewalls.

FortiGate virtualized next-generation firewalls include:

• Top-rated protection with FortiGuard security services as tested by NSS Labs, Virus Bulletin, and AV-Comparatives.
• East-west traffic visibility with granular control of applications, devices, and users.
• Simplified security with easy-to-manage, single platform across physical, virtual, and cloud.
• Actionable reports to enforce policies, understand targeted attacks, and meet compliance.
• Support for all major hypervisor, cloud, and SDN platforms.
• Flexible licensing and provisioning to support on-demand consumption (via service providers).

Secure Wi-Fi

Large campuses, distributed enterprises, and small businesses all have diverse WLAN architecture needs but also a common requirement for security. That's why Fortinet provides a full suite of WLAN products designed to address the unique requirements of every organization.

Fortinet offers both on-premises and cloud management solutions as well as the most extensive suite of access points available, even APs with integrated firewall capabilities.

Fortinet’s Wi-Fi services extend the Fortinet Security Fabric to the very edge of the network. Fortinet Secure Wi-Fi includes:

• Single-pane-of-glass management for wireless, wired, and security policies.
• Zero-touch deployment - no requirement for onsite tech support.
• Simplicity of the cloud with integrated UTM service in AP (FortiAP S-Series).
• Industry-leading customer analytics and engagement tools for retailers.

Application Delivery Controller

With bandwidth demand growing faster than budgets and cyber-attacks constantly on the rise, it can be challenging to securely and efficiently deliver applications at the speed your users expect. Fortinet Application Delivery Controller (ADC) appliances optimize the availability, user experience, and scalability of enterprise application delivery. They enable fast, secure, and intelligent acceleration and distribution of even the most demanding enterprise applications. FortiADCs includes:

• Security processor (SPU)-accelerated SSL offloading.
• Application-aware traffic management.
• 24x7 application availability through automatic failover, global server load balancing, and link load balancing to optimize WAN connectivity.
• Web application firewall.
• Bandwidth prioritization with Quality of Service (QoS).
• Custom scripting.

Secure Switching

Legacy Ethernet LANs face many challenges. These include exponential growth in the number of network-enabled devices and applications, innovation in wireless LANs requiring more backhaul throughput, and legacy LAN design that has forced complex “bolt-on” security implementations. FortiSwitch Data Center and Secure Access Switches offer a broad portfolio of secure, simple, and scalable Ethernet solutions for applications that range from desktop to data center. Our Secure Access and Data Center Switches can be managed standalone or integrate directly into the Fortinet Security Fabric via the FortiLink protocol. FortiLink is a key supporting technology of the FortiSwitch, which enables its ports to become logical extensions of our FortiGate security appliance.

This allows the FortiGate to auto-discover a connected FortiSwitch for provisioning, including attachment of policy to ports or VLANs. With an integrated access layer, the FortiGate provides consolidated visibility and reporting with physical and logical topology views of the Security Fabric through FortiView. Lastly, FortiLink enables stacking of up to 256 switches per FortiGate, depending on the model. All of these features are included and have no licensing fee.

With an integrated access layer, the FortiGate provides consolidated visibility and reporting with physical and logical topology views of the Security Fabric through FortiView.

Secure switching includes:

• Security features to protect vulnerable infrastructure with no slowdown.
• Data separation compliance with network segmentation.
• FortiLink port-level network access option, centrally manageable from any FortiGate.
• Ability to enable voice, data, and wireless traffic across a single network.
• High scalability with 1/10 GE or 40 GE port density

Management

Your organization depends on a wide array of security devices to keep the network and critical assets safe. Maintaining current device policies and the health of those devices is crucial to your organization’s abilities to manage risk, but can be complex and time consuming. Fortinet simplifies this management, across the entire breadth of the threat landscape, with intuitive, centralized, and single-pane-of-glass management solutions. With graphical user interfaces that are similar to many NOC and SOC tools, users can easily view and control the deployment of security policies, content security updates, firmware revisions, and individual configurations for thousands of FortiOS-enabled devices through FortiAnalyzer, FortiManager, and FortiCloud. And with FortiSIEM, you can monitor the performance metrics, device health, current firmware versions, and current configurations for all your non-Fortinet devices. Fortinet is your single source to streamline your device policy and health management needs.

FortiManager, FortiAnalyzer, FortiSIEM, and FortiCloud enable management and analytics for the Fortinet Security Fabric.

Fortinet Management and Analytic Solutions include:

• Simplified device policy and health management.
• Comprehensive performance and availability monitoring.
• Rapid detection of device health changes.
• Analytics that provide deep insights.
• Centralized control over all your network elements.
• Ability to control your network using any browser-enabled device, whenever you want, wherever you are.

FortiGuard Security Subscriptions

New cyber threats emerge every moment of every day. The highly commercialized cybercriminal ecosystem constantly changes its attacks and techniques. Whether it’s a ransomware family, phishing campaign, or infrastructural vulnerability—organizations must constantly be prepared to defend against something new at all times. That’s where the threat research and intelligence of FortiGuard Labs is critical. Extensive knowledge of the threat landscape, combined with the ability to respond quickly at multiple levels, is the foundation for providing effective security. Spanning 10 distinct security disciplines, hundreds of researchers at FortiGuard Labs scour the cyber landscape and proactively seek out new avenues of attack every day to discover (and ideally preempt) emerging threats. The FortiGuard team develops effective countermeasures to protect more than 320,000 Fortinet customers around the world. These countermeasures include up-to-the-minute threat intelligence, delivered as a subscription service for Fortinet security products. Security Subscriptions include:

• Up-to-the minute threat intelligence in real time to stop the latest threats.
• Insight into threats anywhere in the world through a global network of more than three million sensors.
• Fast and comprehensive intelligence via automated and advanced analytics (such as machine learning) being applied to cross-discipline information.
• High fidelity with mature and rigorous back-end processes.
• Prevention of exploitation of new avenues of attack with proactive threat research.
• Top-rated effectiveness achieved through the commitment to independent, real-world testing.

Sandbox

With the increasing volume and sophistication of cyber-attacks, it takes only one threat to slip through security for a data breach to occur. CISOs have adopted sandboxing as an essential component of their security strategies to help combat previously unknown threats.

While attack surfaces are becoming more dynamic due to the rise of IoT and cloud-based services, a continuing shortage of cyber security talent is driving organizations to integrate sandboxing with greater controls and a high degree of automation.

Fortinet’s sandbox achieves this by integrating with Fortinet and non-Fortinet security products via the Fortinet Security Fabric to automate the disruption of zero-day threats. FortiSandbox includes:

• Critical protection against advanced and emerging threats.
• Broad integration with Fortinet and third-party security solutions to help protect an organization's dynamic attack surface.
• Automated sharing of threat intelligence in real time to disrupt attacks early in the cycle without human intervention.
• Flexible form factors to help support various industry requirements.

Web Application Firewall

Unprotected web applications are the easiest point of entry for hackers and vulnerable to a number of attack types. Our multi-layered and correlated approach protects your web apps from the OWASP Top 10 and more. Our Web Application Security Service from FortiGuard Labs uses information based on the latest application vulnerabilities, bots, suspicious URL and data patterns, and specialized heuristic detection engines to keep your applications safe from:

• Sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, and cookie poisoning.
• Malicious sources
• DoS attacks

It also includes layer 7 load balancing and accelerated SSL offloading for more efficient application delivery.

FortiWeb is a core component of the Fortinet Security Fabric that defends the application attack surface from attacks that target application exploits.

FortiWeb includes:

• Vulnerability scanning and patching.
• Integration with FortiGate and FortiSandbox for ATP detection.
• IP reputation, attack signatures, and antivirus powered by FortiGuard.
• Behavioral attack detection.
• Attack insights and history.
• Advanced false positive and negative detection avoidance.

Email Security

A secure email gateway (SEG) is designed to block ransomware, phishing, and other cyber threats seeking entry via incoming email, while ensuring that outgoing messages don’t improperly leak sensitive data. These are critical capabilities given that (according to Verizon’s 2017 Data Breach Investigations Report) two-thirds of malware was installed via email attachments. Email was also the most common entry point for ransomware, costing organizations an estimated $850 million last year. SEGs also help ensure compliance with a wide range of data privacy regulations and corporate mandates to protect intellectual property.

While traditionally deployed as software on-premises and more recently as an easier-to-manage physical appliance, one of the fastest-growing preferences is to select a SEG as a cloud service. This could be a SaaS offering managed by an expert security vendor or as a public cloud service that offers cloud scalability with the policy control of a virtual appliance.

Implementing a top-rated secure email gateway that includes integrated data protection features is a critical requirement to securing your organization and its information.

The Fortinet Security Fabric relies on FortiMail to keep threats from entering the network via email, one of the top threat vectors.

FortiMail includes:

• Consistently demonstrated 99%+ antispam effectiveness to save employee time.
• Top-rated anti-malware protection (including sandboxing) to stop ransomware, phishing, and other email attacks.
• Robust data loss prevention (DLP) features, including predefined dictionaries, identifiers, and digital fingerprinting to simplify compliance with privacy regulations.
• Identity-based encryption to securely deliver messages containing sensitive data.
• Integrated email archiving to meet legal and regulatory retention requirements as well as e-discovery.

Cloud Access Security Broker

Organizations are increasingly turning to SaaS applications for the agility and savings, but find that they don't have the visibility and control they require.

FortiCASB is a cloud-native Cloud Access Security Broker (CASB) subscription service that is designed to provide visibility, compliance, data security, and threat protection for cloud-based services being used by an organization. With support for major SaaS service providers, FortiCASB provides insights into users, behaviors, and data stored in the cloud with comprehensive reporting tools. It also includes advanced controls to extend security policies from within the network perimeter to SaaS applications.

FortiCASB includes:

• Easy integration: direct API access to SaaS services.
• Real-time visibility: user behavior and activity monitoring.
• Actionable reports: cloud usage and risk analytics.
• Guest, BYOD, and certificate management.
• Compliance: pre-defined policies and audit reports for compliance.
• Fast deployment: subscription-based service/no hardware to install