The Firewall Evolution: Fortinet CEO Says Security Vendor Prepping For The Fourth Generation Of Firewall Market
The firewall market has changed drastically over the past 10 years, and now it's ready for the next evolution.
Fortinet CEO Ken Xie said he has watched the market evolve from when he started NetScreen in 1996, pairing together software and hardware for an ASIC-based network firewall and VPN appliance, to the end of 2000 when he launched an anti-virus firewall to focus on content and application security as part of a company that ultimately would become Fortinet.
Fortinet itself has evolved alongside the market, moving beyond the firewall two years ago to secure the entire infrastructure instead of just looking inside the network connections. Xie called that transition the "third generation" of network security, comparing it to getting TSA pre-checked for a flight instead of just needing a ticket and a security X-ray scan.
Now, Xie said the firewall market is preparing for the fourth generation, one that has technology companies across the enterprise infrastructure building in security from the beginning and leveraging automation to improve security capabilities and management.
"We're hoping that we can build a foundation for the next generation of the internet and networking based on content and applications," Xie said. "In order to protect the data today, just to look on the network side is no longer enough. It has to be more broad than that," he said.
To get there, firewall manufacturers have to evolve around five key areas, Xie said: detection, prevention, integration, performance and lower cost. Xie said few firewall vendors to date have checked the boxes in all those areas.
With that vision in mind, Xie said Fortinet has been repositioning its business over the past two years. The culmination of that transformation was the launch a year ago of the company's Security Fabric strategy, which looks to provide a security framework for the company's broad set of offerings.
"Today is not only about network security anymore," Xie said. "It's from the network, to Wi-Fi access, to the application, to email, web applications, and to the cloud. … Network is still a major piece, but the other pieces need to be working together as well."
Fortinet has grown significantly during the past two years, with more than 300,000 customers, 3 million FortiGate devices deployed globally, and sales up 20 percent year over year in the most recent quarter to $340.6 million. Earnings also were up for the most recent quarter, from $2.1 million in 2016 to $10.7 million in the first quarter this year.
According to research firm IDC, Fortinet is now the fastest-growing security appliance company at 21.2 percent growth in first-quarter 2017 and 30 percent growth in number of units shipped year over year. Cisco Systems, for its part, had 15 percent year-over-year growth, while Check Point Software Technologies had 11 percent year-over-year growth. Fortinet also had the largest market share by units, with 27.4 percent of the market, compared with Cisco at 14.4 percent and Check Point at 10.6 percent. Fortinet also was named a "Leader" this week by Gartner in its 2017 Magic Quadrant for Unified Threat Management.
John Maddison, senior vice president of products and solutions at Sunnyvale, Calif.-based Fortinet, said customers are demanding more functionality from their security vendors. Fortinet's Security Fabric strategy involves bringing together its broad set of disparate security offerings into a single platform, which shares intelligence and allows for more comprehensive automation capabilities. Customers want to consolidate the number of vendors they work with, he said, adding he is hearing a "plea for help" from customers to reduce complexity and increase automation to deal with a rising skills shortage.
Todd Weber, vice president of partner research and strategy at Denver-based Optiv Security, said taking a platform approach, like with Fortinet's Security Fabric, allows customers to choose both best-of-breed or a full platform of products. Customers also are increasingly looking for added automation and orchestration capabilities, he said.
"As a partner, we love to tell stories. This allows you to tell a story and a narrative. That's why we believe in Fortinet as a partner. You can tell a narrative to how this solves pain and how it will drive outcome-based objectives, as opposed to feature-based objectives," Weber said.
Eric Kohl, vice president of advanced solutions, networking and security at Irvine, Calif.-based distributor Ingram Micro, said a platform security approach like the Security Fabric helps partners deliver a solution to address the security talent shortage and is easier to manage. Integration with other third-party vendors is also key, according to Kohl, as it allows partners to deliver a full security solution set. Ingram Micro has more than 1,000 resellers working with Fortinet and is seeing double-digit growth with the vendor.
"I think Fortinet has done a good job of expanding their own technology through the years, but I get excited positioning multivendor solutions. It's right in our wheelhouse. When you have the opportunity with the Security Fabric to be able to go deliver multivendor solutions with joint go-to-market strategies that are already battle-tested and ready to use together, that's one of the values that we can bring with our security practice … to provide the best security ultimately to protect the end client," Kohl said.
Fortinet isn't the only security vendor moving to offer an integrated security platform in recent years. It joins companies such as Symantec, McAfee, Palo Alto Networks, FireEye, Sophos, Check Point Software Technologies, and more, all of which also are vying to build a full security platform. Maddison said Fortinet's Security Fabric sets itself apart with high performance – starting all the way down to the chip level – and deep integration between a full set of security products.
"Customers are looking for a more holistic view of their security architecture going forward," he said, and are looking to do that by consolidating their security solutions, a vast departure from the "panic" buying of years past. "Enterprises are moving much faster and they just require more dynamic adaptive security architectures to fulfill their needs going forward," he said.
With that transformation also comes a transformation of the security partner, Maddison said. Partners also are consolidating the number of vendors they work with, as well as ramping up the number of security services they offer, according to Maddison. This approach allows them to have "more depth" with customers around their line card, with the "ultimate goal" of more security automation capabilities, he said.
"You need to make it simpler for customers," Fortinet's Maddison said. "The Security Fabric is the foundation of that."
Joe Sykora, vice president of Americas channels and enhanced technologies at Fortinet, said the platform-based approach presents a significant opportunity for partners. It is a "huge opportunity for any size partner," including DMRs, systems integrators, MSSPs and traditional resellers, he said. Fortinet works to constantly evolve its partner program to make sure it is meeting those partner needs and attracting the right type of security partner in all categories, according to Sykora.
"We have given our partners something everyone can sell," he said.
"The Security Fabric really ties all of this together. Everything we've done since the beginning of the company is working toward this point. Now we are here," he said.