www.fortinet.com 1

NEXT GENERATION FIREWALL SOLUTION

Fortinet’s NGFW solution

delivers industry-leading

security effectiveness

plus extensive application

and user controls on the

industry’s fastest platform

to deliver better security,

more control and the

fastest performing NGFW

available today.

Improve Your Network Security with a Next Generation Firewall Get Better Protection and More Control on the Industry’s Fastest Next Generation Firewall Platform

Stolen data fuels a highly profitable cybercrime economy and organizations are constantly under attack. The risk of data breach drives the need to add more security and the need to increase visibility into and control over network traffic, especially at the network perimeter or between network segments within an organization.

Traditional firewalls and standalone point security products can help but they can also add complexity, latency, and cost. You can improve your network security, get more control and simplify your infrastructure by adopting a Next Generation Firewall (NGFW) solution instead. The beauty of a good NGFW is in the breadth and depth of security and control capabilities it delivers in a single, consolidated platform. However, the critical requirement for a great NGFW is performance – you need your NGFW to deliver excellent security and control at throughput speeds that will keep up with the pace of your business.

Trends Driving Next Generation Firewall Adoptionnn Data breaches occur every day and organizations are increasingly under attack. You need better security. There were nearly 80,000 reported security incidents with 2,122 confirmed data breaches in 2014. 700 million records were lost, representing about $400M of financial loss to organizations. (Verizon 2015 Data Breach Investigations Report)

SOLUTION BRIEF

nn Recommended by NSS Labs for security effectiveness and the industry’s best performance value

nn Deeper visibility and control over more types of applications, users, and devices

nn Highly accurate and flexible IPS, Web filtering, and more; secured by FortiGuard Labs.

nn VB100 and AV Comparatives Top Rated recognized security effectiveness

nn High-speed platform boosted by purpose-built FortiASICs delivers 5x NGFW performance

nn Easy-to-use and highly scalable management and reporting delivers unmatched visibility and control

SOLUTION BRIEF: NEXT GENERATION FIREWALL

2

nn Network bandwidth requirements are doubling every 18 months due to rapid growth of connected devices, big data, virtualization, cloud storage and SaaS applications. Network throughput is critical. You need security that keeps up with the pace of your business.

nn IT executives consider network security a critical priority but they also want to reduce the complexity associated with supporting multiple disparate security products. 76% of IT executives identify NGFWs a critical or high priority IT initiative and the most often cited primary benefit of NGFW is consolidation followed by added security against advanced threats and data breach. (IDG Research 2015)

Key Next Generation Firewall Requirementsnn Highly Effective Security – Your NGFW should include highly effective security backed by extensive threat intelligence to reduce your risk of data breach. A fully featured NGFW includes security features such as integrated IPS, Web filtering, IP reputation, antivirus and advanced threat protection to break the kill chain of attacks.

nn Visibility & Control Over Network Traffic – The more you know, the more you can control; this is key to a good NGFW. An NGFW should use deep inspection into network traffic to identify applications, users, devices, and threats enabling it to deliver better protection through context aware policy controls. Your NGFW solution should also come with single pane of glass management and reporting to keep you informed and help you to make strategic security decisions.

nn Performance and Reliability – Next generation capabilities are only useful if your platform performance can keep up. To support your business continuity and bandwidth requirements your NGFW platform should deliver highly reliable core firewall capabilities as well as the full range of next generation options at high throughput speeds. Next generation capabilities are only useful if your platform performance can keep up.

The Fortinet NGFW SolutionFortinet’s Next Generation Firewall solution delivers industry-leading security effectiveness and a greater range of control and visibility by leveraging security services and intelligence from FortiGuard Labs. The solution runs on the FortiGate platform, delivering 5x the NGFW throughput performance compared to other comparable solutions in the market today.

Fortinet’s NGFW, NGIPS, and Breach Detection System (Sandbox) solutions are Recommended by NSS Labs for superior security effectiveness and performance.

The FortiGate platform, secured by FortiGuard Labs, offers a wide range of NGFW integrated capabilities including:

nn Application Control

nn User ID & authentication

nn Device/OS ID

nn IPS

nn Web filtering

nn Anti-malware

nn IP reputation

nn Advanced threat protection

nn IPSEC/SSL VPN

nn SSL inspection

nn Firewall

nn Networking (LAN, WAN, Wi-Fi)

nn Management & reporting

Active Directory or LDAP

FortiAuthenticatorUser Identity Management

FortiSandboxAdvanced Threat Protection

FortiManagerCentralized Management

FortiAnalyzerLogging, Analytics, Reporting

SOLUTION BRIEF: NEXT GENERATION FIREWALL

3

Better SecuritySecurity solutions should stop attacks from damaging your organization and the more threats blocked, the better. Fortinet security consistently blockins more threats than other security solutions in industry tests from expert sources such as NSS Labs, Virus Bulletin, and AV Comparatives.

Fortinet threat intelligence and security services are provided by FortiGuard Labs, Fortinet’s dedicated global threat research team. FortiGuard Labs leverages real-time intelligence on the threat landscape to deliver security services with industry-leading levels of security effectiveness. Threat researchers around the globe keep close watch on the threat landscape 24x365 enabling the FortiGuard Labs team to deliver updates to entire Fortinet security ecosystem with some of the fastest response times in the industry.

receives VB100 and AV Comparatives Advanced+ ratings, catching more threats than most of the very large and iconic AV providers in the market today.

More ControlThe Fortinet NGFW delivers a highly intuitive view of applications, users, devices, threats and cloud service usage. It leverages deep inspection to give you a better sense of what is happening on your network. With this strategic view, you can easily create and manage granular security policies designed to optimize your security and your allocation of network resources.

nn Identify thousands of different applications with Application Control to set up effective application aware policy enforcement. The FortiGate can inspect SSL encrypted and evasive traffic as well as traffic running on the latest protocols. These capabilities combined with other available security features can catch advanced attacks that hide within applications or within encrypted sessions.

nn Set granular policies for different types of users with User Identity capabilities integrated in the FortiGate through integration with AD/LDAP, RADIUS, Exchange and other sources. This integrated NGFW capability is easily expanded to many more sources for user identity through the addition of FortiAuthenticator for large, diverse networks.

NSS Labs, an independent industry analysis firm, tested leading NGFWs for security

effectiveness and performance value i 2014. Here’s a map of what they discovered.

Click to See an Interactive Map of Threats Being Monitored by FortiGuard Labs

Live Right Now

Intrusion Prevention (IPS) is a core integrated NGFW capability and Fortinet IPS consistently demonstrates leading effectiveness in tests from NSS Labs; most recently the Fortinet solution blocked over 99% of exploits in NSS Labs 2015 NGIPS industry tests. A FortiGate NGFW will easily integrate with the highly effective Fortinet Advanced Threat Protection framework with FortiSandbox to catch advanced persistent threats. FortiSandbox blocked 99% of attacks in the 2014 Breach Detection Systems industry tests from NSS Labs.

More and more enterprises are implementing network-based anti-malware but most network security vendors only offer limited anti-malware capabilities. Fortinet offers fully featured, deep inspection anti-malware protection developed in-house by FortiGuard Labs. Fortinet’s anti-malware engine consistently

SOLUTION BRIEF: NEXT GENERATION FIREWALL

nn Get a better understanding of how cloud applications are being used through deep inspection that delivers information on who is using these services and what they are doing such as logins, what files are being transferred or what videos are being watched. This unique level of information, combined with integrated IPS offers a key advantage for detecting sophisticated attacks.

nn A FortiGate NGFW uniquely identifies the type and OS of devices being used on the network without requiring agents or additional products so you get the ability to set stronger security policies for riskier types of devices – an increasingly useful capability considering the growing diversity of networked devices today.

Industry’s Fastest PlatformFortinet delivers the fastest performing NGFW solution in the market. A FortiGate typically delivers 5x the NGFW performance when compared to similar solutions from other providers.

Purpose built FortiASIC processors drive performance at the heart of the FortiGate platform to deliver industry-leading, high-speed processing. This level of performance is necessary to deliver on the promise of a NGFW. Deep next generation inspection and the consolidation of multiple security functions onto a single appliance require a high-performance platform to keep up with the speed of business.

Some security appliances rely solely on a multi-purpose CPU-based architecture and this general purpose CPU can become a throughput bottleneck. Even with expensive, multiple-core, general-purpose processors, network security devices cannot deliver the high performance and low latency needed for today’s networks. The only way for a network security platform to deliver high-speed performance is via purpose-built ASICs to accelerate specific packet processing and content scanning functions. FortiGate technology utilizes Optimum Path Processing (OPP) to optimize the different resources available in packet flow for maximum throughput performance.

As a result, FortiGate’s integrated architecture provides extremely high throughput and exceptionally low latency, while still delivering industry-leading security effectiveness and consolidating functions.

Single Pane of Glass ManagementIt is easy to administer and adjust your security posture as needed with single pane of glass visibility and highly scalable management options. On your FortiGate or via the centralized, massively scalable FortiManager you can control device configurations, security policies, firmware installations and content security updates. For large environments, especially those with compliance requirements, you can stay constantly up-to-date on what’s happening in your network and with your security posture through logging, reporting, in-depth visibility and event management from FortiAnalyzer.

SummaryOrganizations face an increasing risk of data breach in an environment rapidly demanding more connectivity and bandwidth. Adding more security is necessary but adding more latency and complexity is not acceptable. Using a highly effective, high-speed Next Generation Firewall is quickly becoming the standard approach for enterprise security.

Fortinet’s FortiGate NGFW solution delivers better security, more control and 5x faster performance compared to other NGFW options – easily meeting all the requirements of an organization for more protection, reduced complexity, and high-speed throughput.

For more information on Fortinet’s Next Generation Firewall solution, please visit: http://www.fortinet.com/solutions/next-gen-firewall.html

Copyright © 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE120 rue Albert Caquot06560, Sophia Antipolis, FranceTel: +33.4.8987.0510

APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730

LATIN AMERICA SALES OFFICEPaseo de la Reforma 412 piso 16Col. JuarezC.P. 06600 México D.F.Tel: 011-52-(55) 5524-8428

Gartner predicts that85% of Enterprise firewalls will be NGFWby the end of 2018

May 22, 2015