Fortinet’s Approach on Leading with Secure SD-WAN

The modern threat landscape forces organizations to understand that security can never be an afterthought. We find that Fortinet’s continuous product development of their secure SD-WAN technology, incorporated with their next-generation firewall, provides threat mitigation for direct internet connectivity.

With SD-WAN so closely built alongside their security architecture, management complexity is reduced, and safer deployments then reduce overall costs. This has lead to Fortinet’s secure SD-WAN technology becoming rapidly adopted by customers.

As WAN security remains the top concern for organizations1, Fortinet’s approach to a Security-first model reflects their identification of what the market is needing alongside their next-generation firewalls. With the advent of direct internet access for their SD-WAN deployments, CISOs become closely involved to ensure a proper transition. However, many SD-WAN vendors are not providing the advanced security features that are requirements for modern organizations. This situation has allowed for Fortinet to shine, as by incorporating best-of-breed security, and securing the WAN edge through the usage of their next-generation firewalls, organizations can now enjoy reduced costs from consolidation of vendors and greater security effectiveness overall.

Fortinet’s combination of pure-play SD-WAN into their next-generation security offering, is backed by independent testing2 in delivering excellent quality into a single offering. This includes: Voice/Video QoS, high VPN throughput and the best price/performance ratio in the market.

Built in-house, Fortinet’s SD-WAN solution is a feature in every FortiGate Next-Generation Firewall. This, alongside using their purpose-built security processors and threat intelligence from their own FortiGuard Labs, adds incredible value to organizations looking to defend against the modern threat landscape.

Here are Four ways organizations are leveraging Fortinet’s secure SD-WAN:

  • Direct Internet Access given Enterprise-Grade Security
    With the rise of bandwidth requirements increasing, many organizations from SMB to Enterprise are moving away from MPLS in favor of broadband to reduce OPEX. With this move, however, the attack-surface widens as critical applications are using direct internet access. Combining Fortinet’s next-generation security FortiGate firewalls to protect against this threat landscape, as well as offering a high QoS with Fortinet’s SD-WAN technology, direct internet access is provided a level of security that cannot be met by pure-play SD-WAN vendors.
  • All Encrypted Traffic is Deep-Packet Inspected
    As SaaS continues to be adopted to improve organizational efficiency, encrypted traffic is at an all-time threshold3. Due to this, it has become increasingly common for Hackers to take advantage of this trend by obfuscating malware within encrypted traffic. With a purpose-built SSL DPI processor on-board FortiGate firewalls with secure SD-WAN, deep visibility into encrypted traffic can occur on the WAN edge, providing a layer of protection and management needed to separate the good from the mal.
  • Security extended to SD-Branch
    With the benefits of SD-WAN, organizations look to extend the same to all branches; however, pure-play SD-WAN devices don’t allow for such extensibility. Through usage of FortiGate, FortiAP, and/or FortiSwitch devices, Fortinet enables customers to extend SD-WAN to SD-Branch, which significantly reduces complexity while unifying security, visibility, and management across the organization.
  • Compliance met through Security Rating Services
    Allowing customers to continually monitor deployed postures, compare against their industry peers and assess their effectiveness of security-risk management, Fortinet’s secure SD-WAN also takes advantage of FortiGate’s Security Rating Services, which are an industry-first in providing the ability to ensure compliance of an organization’s SD-WAN

See more Fortinet SD-WAN in action by signing-up for our upcoming Webinar highlighting the benefits of incorporating SD-WAN into your environment.

See more Fortinet SD-WAN in action below:

Transform your Enterprise Branch with Fortinet Secure SD-WAN

So, What Exactly is Machine Learning?

Odds are, you have seen headlines concerning machine learning, and how it will impact all forms of Industry and daily life. Perhaps you’ve even wondered, “What’s the difference between artificial intelligence and machine learning? Maybe you already know…either way, we’d like to spotlight what machine learning is, and how it is reshaping the security architecture of many InfoSec vendors and solutions.

Machine learning is essentially the way artificial intelligence is gained. This is commonly done through an algorithmic process to understand the most efficient path to a desired outcome. For this to occur, there must exist a foundation of logic operators, as well as a means of memorizing and building-upon successful outcomes. What better way to build such a design – a neural network, if you will – then to model such a network based on how the human brain works? Well, that happens to be the current way machine learning begins. By starting with the creation of a neural network (logic operators and a way to store successful outcomes), you can then develop an algorithm that will take a dataset and have the machine (computing device) develop a mechanism to find meaningful patterns, or best routes, or maybe even novel designs out of that data. That is, if you want this type of result.

Currently, most of the InfoSec vendors are deploying machine learning to combat malware, and even variations of malware not previously known. This has led to an “arms race” of sorts to harness this new technology as another tool in the fight to stay a step ahead of bad actors. As machine learning deployed in a specialized arena is considered in its infancy, what will occur when the effectiveness of mitigating malware becomes near perfect through the resulting AI? If you can parallel the real word as an example, one might also consider the possibility of the same effectiveness being realized by bad actors. Soon, we may just see competing AI – built from specialized machine learning – become the norm.

WAN Failover, and How to Ensure as Much Uptime as Possible

With today’s expectation that your Internet should only go down if your power were also to go down, what would your organization do if you had critical business operations and network applications affected until you regained Internet connectivity? If you hadn’t considered this yet, you likely will be should you find yourself in such a state in the future.

Having a reliable secondary WAN is as simple today as signing-up for a new phone. By choosing a preferred cellular provider, and their respective data plans offered, you can then create a WAN Failover Policy in your gateway firewall/router to leverage this new connectivity should the primary link go down. There are two assumptions made here, however:

  1. You currently own a gateway router/firewall that supports WAN Failover (if not, or are unsure, ask one of our Reps to assist in finding the correct model).
  2. After securing a reasonable data plan from your preferred carrier, you then determine if you wish to have an all-in-one device (USB-based “Aircard” Modem) to be inserted into a supporting gateway router/firewall – or, if you wish to have a separate Router/Modem device attached to your gateway router/firewall

By taking the initiative now to purchase an affordable data plan through your carrier, choosing the form-factor of your modem with the new plan (USB-based or separate modem device), you are taking control of a future situation that would otherwise of control over you!

Leave a Reply