For customers of security provider Fortinet Inc., its annual Accelerate user event this week in Orlando, Florida, is an important event because it typically includes new products as well as updates to existing products — and the 2023 version of Accelerate held true to that expectation.
Fortinet has a very broad product set and it can be hard to connect the dots between them. The driving force behind the product innovation is the rise of something called “secure networking,” which is the long-awaited coming together of security and networking.
During his keynote, Chief Executive Ken Xie (pictured) showed some data from Gartner revealing that today, secure networks comprise about 40% of the overall networking market, while the other 60% is made up of traditional networks. Gartner forecasts that by 2030, secure networks will be bigger than the current siloed networks.
There are numerous drivers for this shift in networking, including cloud computing, edge, hybrid work, the convergence of information technology and operational technology, and mobility. Although this list of technology initiatives may seem unrelated, they do have one point of commonality and that is they are network-centric.
Securing the cloud is difficult because the enterprise doesn’t own the cloud. Mobility is a challenge to secure since the user often owns the endpoint. Many OT devices have no ability to run agents. The only way to secure a modernized business is to push the security into the network.
Although Fortinet is best known as a security vendor, the reality is, it has had good network products for years but had struggled to gain traction. This coming together of networking and security has given Fortinet a kickstart in secure networking and it has seen its software-defined wide-area network and Wi-Fi businesses explode. In fact, five years ago Fortinet was an insignificant WAN vendor, but today it’s in the leader quadrant for SD-WAN.
All of the products announced at Accelerate 2023 fuel the journey to secure networks. These include:
- FortiOS 7.4: At Accelerate, Fortinet typically announces the next release of its FortiOS operating system. The newest release, FortiOS, supports the vision of secure networks as it enables tight integration between the companies SASE and SD-WAN offerings. FortiOS 7.4 also includes improved automation capabilities for its Security Fabric and better visibility. The company has always made great products, but having one OS across all its products has made managing performance and policy much simpler. Another new capability in 7.4 is real-time response and automation capabilities for the fabric to speed up threat identification and remediation. Security has always been highly fragmented but more and more, chief information security officers are telling me they want to consolidate down from dozens of security products from dozens of vendors to two or three platforms. The ability to look at a single data set – from user device to WAN to the cloud – enables more accurate threat identification as opposed to correlating information across silos.
- Hybrid mesh firewall: No one is coming to the office, so the firewall is dead, right? Given Fortinet’s strong numbers, that’s obviously not true. However, firewalls are changing and coming in other form factors. Anything that touches an insecure network needs to be firewalled but no one can afford to put FortiGate into places like user’s homes. Over the last few years, the company has built a number of alternative form factor FortiGates, including an OT firewall, containerized one, cloud-native and distributed firewall to name a few. They all run FortiOS and can be managed from a centralized console so changes can be made once and propagated across the mesh quickly. On a related note, Fortinet announced the new FortiGate 7080F series of firewalls for data center and cloud. It also rolled out a points-based consumption program called FortiFlex for a utilization-based pricing model.
- Updates to universal zero trust network access or ZTNA: Fortinet’s flexible zero-trust application access control product has been updated to include user-based risk scoring as part of its continuous checks for ongoing application access. This brings a level of contextual awareness to security that I believe is the future of this industry. Activities by users that are out of the norm is a good indicator that a breach may have occurred. For example, if a shift worker logs in after-hours, that is something that warrants further investigation and Fortinet can deny access until the security team has time to understand whether this was a legitimate activity or not.
- Single-vendor secure access service edge or SASE for remote users and branch offices: Fortinet has integrated FortiSASE with its network security management product, FortiManager. This provides IT administrators with unified policy management and better visibility of both on-premises and remote users.
- Wireless local area network/local area network for branch offices and campus locations: FortiAP is a family of secure WLAN access points or APs, which have been integrated with FortiSASE. The combination enables secure micro-branches, where an AP is deployed to send traffic to a FortiSASE solution and ensure that all devices at the site are secure.
The vision of bringing security and networking together is something the industry has been working toward for over two decades. Despite the logic in doing this, security and network teams have largely lived in silos. Though not ideal, companies could manage around the inefficiencies as applications and data were deployed in their own silos so security teams could manage protection as an overlay.
Digital businesses are highly connected and apps have moved to a distributed model. The only way to protect a company effectively is to move security control into the network. Fortinet is best known as a security vendor but has a network business that’s bigger than most industry watchers realize, and the current secular trends should work as a favorable tailwind.