Fortinet tightens integration of enterprise security, networking controls

Fortinet has made available a new release of its core FortiOS software that includes features the vendor says will help enterprises more tightly meld security and networking controls.

FortiOS 7.2, has 300 new features including AI support to help stop network threats more quickly, sandboxing to help fight ransomware threats, and improved SD-WAN, branch, and edge orchestration.

FortiOS is the vendor’s operating system for the FortiGate family of hardware and virtual components. FortiOS implements Fortinet Security Fabric and includes network security such as firewalling, access control, and authentication in addition to SD-WAN, switching, and wireless services. 

“What we are addressing with FortiOS 7.2 is the convergence of networking and security as customers are running very fast get their digital networks running,” said  John Maddison, Fortinet executive vice president of products and CMO. “This digital convergence creates a lot of new network edges—the LAN edge, edge cloud, and now a  5G edge. Networking and security can no longer be treated as separate strategies and that’s the main problem we are addressing for customers.”

On the security front, Fortinet is introducing AI and ML-based FortiGuard security services that are based on telemetry information gleaned from  its network, application. and security systems across the globe. 

One new service, Inline Sandbox, goes beyond the traditional detection sandbox capability where admins had to painstakingly look for malicious traffic to put into the sandbox. It uses the gathered intelligence to let customers, in real-time to stop both known and unknown malware, with minimal impact on operations, Maddison said. “The idea is that organizations can spot and stop and prevent problems as quickly as possible.”

Another new service, Advanced Device Protection, lets the Fortinet OS automatically discover and segment OT and IoT devices based on their unique network features.  The service also  maintains asset inventory and uses pattern matching to enforce appropriate policies and automate remediation if needed, Maddison said.

“We’re seeing a lot of activity around attacks on operational technology companies so this new service lets OT organizations get  outbreak information and more quickly stop it from causing problems,” he said.

This service is offered on Fortinet NGFW and through integration with FortiNAC network access control software that can orchestrate automatic responses to networking issues. Fortinet NGFW also gets a cloud access security broker (CASB) to bring inline zero trust network access traffic inspection to the service.

A new SOC-as-a-Service can offload tier one security analysis, such as monitoring event logs or suspicious traffic, to Fortinet analysts to lessen the burden on security admins, Maddison said.

On the networking upgrades, Fortinet has added enhanced analytics support to its SD-WAN service that can measure the performance of connected voice and video applications. FortiOS 7.2 also adds automated deployment and orchestration features to make setting up, securing and managing branch networks simpler.

New onboarding features support discovery of devices to enable the implementation of least-privileged access at the LAN edge, Maddison said.

In its November “MarketScape: Worldwide SD-WAN Infrastructure 2021 Vendor Assessment,”  IDC wrote that Fortinet is known for having a strongly integrated network and security portfolio. Fortinet’s Secure SD-WAN consolidates SD-WAN, NGFW, advanced routing, and [Zero Trust network access] proxy functions in its FortiGate appliance. Fortinet also offers LAN and WLAN products and has s built a channel-partner strategy that includes strong relationships with communications service providers, as well as managed SPs and VARs. 

On the challenges side, Fortinet is primarily a security vendor and may need to work harder with customers that are looking to work with a vendor with a stronger heritage in routing and networking, IDC stated.

While Fortinet offers integration with third-party security tools, its primary security solutions are offered by Fortinet itself; this may be a limitation to customers that want to use Fortinet for SD-WAN but integrate it with third-party security tools.