10 Most Significant Announcements From Fortinet's Accelerate 18 Conference

More Vendors, More Problems

Businesses increasingly find themselves grappling with a digital attack surface that's both less visible and less controllable, according to John Maddison, Fortinet's senior vice president of products and solutions.

Some companies have attempted to address this by adding a new security vendor for each portion of the digital attack surface, Maddison said. But this just creates complexity, Maddison said, since each security vendor has a different console, form factor and associated orchestration system, meaning the components can't talk with one another.

Instead of attempting to create an end-to-end security platform with different orchestration systems, Maddison urges customers to rely on a single security vendor for an orchestrated end-to-end system, and then connect into different orchestrators available on the network.

Here's a look at ten of the most significant updates to Fortinet's security portfolio highlighted Tuesday during the company's Accelerate 18 global partner and user conference in Las Vegas.

10. Fortinet Unleashes Third Generation Of Network Security Operating System

Fortinet packed more than 200 new features and capabilities into FortiOS 6.0, which is the third generation of the company's security fabric. FortiOS is the world's most widely deployed network security operating system, according to Maddison.

From a network security perspective, Maddison said FortiGate 6.0 consolidates several use cases including IPS, SD-WAN, Secure Web Gateways, and VPN.

Multi-cloud security, meanwhile, is one of the fastest-growing areas of the Fortinet security portfolio, Maddison said, encompassing everything from virtual FortiGate and public and private cloud capabilities to FortiCASB and SaaS.

FortiOS 6.0 additionally offers centralized management across the entire portfolio from a management analytics and SIEM perspective, Maddison said.

9. Breadth, Integration And Automation Take Center Stage

Fortinet has put all of its security products and services into one integrated, peer-to-peer mesh fabric that covers that entire attack surface from endpoint, email and phishing to web, WiFi and cloud, Maddison said. The company has additionally built out a rich ecosystem of API partners to help protect the digital attack surface.

The integration has made advanced threat protection systems like sandboxing instantly accessible across the entire security fabric, according to Maddison. As a result, Maddison said businesses that find something in their email or endpoint that isn't being detected by protected signatures can instantly call upon these sandboxing capabilities.

But the most important thing for customers going forward, Maddison said, will be the ability to automate workflows, security audits and vulnerability scans into the Security Operations Center (SOC) across the entire fabric.

8. Automated Threat Assessments Have Become More Vital Than Ever

CISOs looking at security frameworks these days expect the network operations center can see the entirety of the broad attack surface, Maddison said, as well as protection against known threats through intrusion prevention, signature-based systems, anti-virus software, and application controls.

Once known protections have been applied, Maddison said the security framework must then detect unknown, targeted, or zero-day attacks on any part of an organization's security network. And once something is found, the security framework should move quickly by leveraging automated response systems and workflows into the organization's SOC.

Finally, Maddison said organizations must ensure they have an automated trust assessment that's continuously operating in the background across the entire security network. The trust assessment must be both continuous and automated since the attack surface is constantly changing as devices come on and off the network and applications and workflows get spun off or spun down, Maddison said.

7. Topology View Provides Visibility Across Entire Security Architecture

Firewall and network security must integrate into the rest of the security infrastructure and be capable of talking with the sandboxing, CASB, WAF, and email systems, Maddison said.

Fortinet's fabric instantly builds out this topology and communication mechanism as soon as the right levels of fabric software have been installed across it. The company is demoing the topology view in its central management system during Accelerate 18.

"You can see all of your security elements. You know how they're connected. You know where they're connected," Maddison said. "You know which endpoint is talking to which application. You can see which APIs are in action. It gives you total visibility across your entire security architecture."

6. Securing SD-WAN Had Been A Tall Order

The SD-WAN marketplace started roughly three years ago when some pure-play vendors developed application-specific networking technology, Maddison said.

"The SD-WAN marketplace is pretty hot right now," Maddison said. "It's exploding. You've got a lot of SD-WAN vendors making a lot of noise."

But they struggled mightily with providing additional security as organizations opened up that WAN broadband to connect to the internet. Security vendors, meanwhile, were lagging behind in their SD-WAN features and capabilities, according to Maddison.

As a result, Maddison said many businesses today are attempting to marry SD-WAN and security together by maintaining relationships with two separate vendors. But that's a very cumbersome and costly proposition, according to Maddison.

5. Fortinet's SD-WAN Security Prioritizes Applications, Not Packets

Fortinet has been working very hard on best-of-breed SD-WAN features over the past two years, and Maddison said FortiOS 6.0 delivers the final pieces of the puzzle.

The company's SD-WAN toolset looks at applications more than packets and leverages path-aware intelligence to ensure customers are getting the right service to their most important applications, Maddison said. For instance, Maddison said voice needs to have low latency, so Fortinet ensures that multi-broadband support is in place.

Fortinet has additionally rolled out the ability to identify cloud SaaS apps from a database rather than having to look through the whole packet sequence since the later often takes too long, Maddison said. Clients that have purchased a FortiGate get all of this technology for free as part of the OS, according to Maddison.

4. Visibility Into Both Public And Private Clouds Becomes A Reality

Another important part of FortiOS 6.0 is an expansion of the cloud connectors to include visibility into multiple clouds, Maddison said.

Connections are available from a private cloud perspective with Cisco ACI, VMware NSX and Nokia Nuage, from a public cloud perspective with AWS, Microsoft Azure, Google Cloud and IBM, and with SaaS clouds such as Salesforce.com, Office 365, AWS and Box, according to Maddison. And from a fabric perspective, Maddison said that's all extended across a single management console.

FortiCASB, meanwhile, has been integrated into the network logs of network security to provide visibility and APIs into the cloud, Maddison said. For instance, Maddison said a user on a campus site can provide logs using the next-gen firewall, while a user connecting through their cell phone at the airport would be using an API.

And Fortinet has now brought those two logs together to provide users with visibility regardless of whether they're on the network or off the network, Maddison said.

3. Threat Detection Evolves From Signatures To Machine Learning

A decade ago, Maddison said that a lot of the signatures were 1:1, meaning that one signature was needed to identify a single bad file. Fortinet introduced one-to-many roughly six years ago, Maddison said, whereby the company would produce a single signature that could detect 100 different malicious files.

In the past five years, Maddison said technology has bubbled to the surface that can emulate the endpoint. As a result, he said behavioral analysis could be conducted on signature-less files through emulation of the endpoint to determine whether it's good or bad.

Going forward, Maddison said Fortinet plans to use machine learning for this process. Machine learning takes millions of both malicious files as well as clean files and creates a behavioral system around them.

2. Leveraging Machine Learning To Sort The Bad From The Good

The newly-released FortiGuard AI uses indicators across millions of different files both malicious and clean, Maddison said, and runs the files through a big data system to come up with an answer for which files are which. For instance, the company could run a file-based input through two billion nodes of malicious account characteristics and three billion clean characteristics and see what's detected, he said.

"You're running billions of computations against a sample set that's millions and millions and being updated every day," Maddison said. "And we're getting really, really impressive results."

Fortinet has already rolled out FortiGuard AI on its back-end systems, Maddison said, and will start to roll it out on front-end systems like sandboxing going forward.

"It's very promising technology for detecting zero-day or unknown threats," Maddison said.

1. Tagging Is The First Step Toward Intent-Based Network Security

Fortinet ultimately wants users to be able to apply business logic to their security network, Maddison said, and then automatically have the solution systems configured to obey that logic.

The company introduced tagging in its FortiOS 6.0 release, enabling objects, interfaces, firewalls and devices to be marked using a color-coded system, Maddison said. From there, Maddison said Fortinet would like users to be able to apply a broad policy such as unsecured mobile devices never have access to intellectual property.

Once that business security statement is put in place, Maddison said the system would take over and convert it into different policies for different parts of the, ensuring that unsecured mobile devices can't access intellectual property regardless of the particulars of the device or where the intellectual property is residing. Fortinet isn't there yet, but Maddison said tagging is the start of that process.

"We'll continue to roll out this intent-based network security as we go forward to make security more business-aware and obviously more operationally efficient," Maddison said.