Accelerating and Securing the Cloud On-Ramp - The Fortinet Security Fabric Branch
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Accelerating and Securing
the Cloud On-Ramp
The Fortinet Security Fabric
IaaS
The FortiGate 100F series
SaaS
FortiGate VM FortiCASB
AN
SD-W
FortiMail FortiWeb
Cloud Cloud
Branch
Campus
Data
Center
The FortiGate 600E series
The new FortiGate 2200E series
Q3 2019
Overview
Founded: Nov. 2000
Fortinet’s mission is to deliver the most innovative, highest-performing network
First Product Release: May 2002 security fabric to secure and simplify your IT infrastructure. We are a leading global
provider of network security appliances for carriers, data centers, enterprises,
Fortinet IPO: Nov. 2009
and distributed offices.
NASDAQ: FTNT ~$1.8B
Headquarters: Sunnyvale, California
Employees: 6,293
CAGR 52%
FY 2018 Revenue: $1.80B
FY 2018 Billings: $2.15B
Q2 2019 Revenue: $522M
Q2 2019 Billings: $622M $2M
Q2 2019 EPS (GAAP): $0.42 2002 2018
REVENUE
Q2 2019 EPS (Non-GAAP): $0.58
Market Cap (June 28, 2019): $13.1B Share Price Performance*
$1.98B Cash+Investments and no debt
1-year 3-year 5-year Since IPO**
Units Shipped to Date: 4.9M+ FTNT Rank 1st 1st 1st 1st
Customers: 415,000+ FTNT 23% 143% 206% 1,129%
CHKP 18% 45% 72% 248%
Global Patents (as of June 30, 2019)
PANW -1% 66% 143% 385%
Issued: 628
* Share price performance through 06/30/2019, Source: FactSet
Pending: 157
** FTNT IPO on 11.18.09 at $6.25 (split adjusted); PANW IPO on 7.20.12 at $42. CHKP performance from FTNT IPO date.
Q2 2019 Financial Spotlight:
24% Y/Y billings growth on a trailing 12-month basis for Global 2000 customers (excludes service providers and MSSPs)
APAC
High-End Appliances
Mid-Range Appliances* 18%
33%
APAC 46% Large enterprises & telcos/
20% Enterprises service providers
Revenue FortiGate EMEA
Employee
by Region
Americas
43%
Billings 26% Cost
Q2 2019
by Segment by Region
Q2 2019 Q2 2019
EMEA
37% Americas
Entry-Level Appliances*
21% 56%
* FortiGate 100 series revenue now classified as Mid-range SMBs, branch offices, and retail
Operating Margin - Trailing Four Quarter Average
Fortinet Has 25.0%
Steadily Improved 20.4%
23.4%
Operating Margins 20.0%
17.9% 18.3%
Source: Company data.
15.3%
14.3%
15.0%
13.0% 13.2% 13.2%
10.0%
1Q15
2Q15
3Q15
4Q15
1Q16
2Q16
3Q16
4Q16
1Q17
2Q17
3Q17
4Q17
1Q18
2Q18
3Q18
4Q18
1Q19
2Q19
2
#1 Most Deployed Network Security Solution
Based on annual Firewall, UTM, and VPN unit shipments (IDC)
30%
25%
20%
15%
Cisco
10%
Check Point
5%
Palo Alto Networks
0%
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Source: IDC Worldwide Security Appliance Tracker, March 2019 (based on annual unit shipments of Firewall, UTM and VPN appliances)
#1 Security Innovator
Competitor data based on patents issued as listed by the U.S. Patent and Trademark Office
598
FireEye 182
SonicWall 180
Palo Alto Networks 175 598 U.S. Patents
30 Int’l Patents
Sophos 81
Check Point 75 628 Global Patents
100
200
300
400
500
600
as of June 30, 2019
Fortinet Is the Only Company to Excel
at All Key Stages of Network Security
Detection Prevention & Remediation Integration Performance & Value
100s of Companies < 50
#1 Broadest Security Protection—from IoT to the Cloud
Enables Fortinet to pursue growth in several key markets
Cloud Security
$9B
Infrastructure Security
$59B
IoT & OT security
$19B
Management
Network
SIEM
Email
Security
Sandboxing
$18B
Endpoint WAF
Information
Switch
Wi-Fi
Security
Source: Fortinet reclassification of data from recent
analyst research. 2022 opportunity shown.
Network Security Evolution
First-generation network security (stateful firewalls) focused on securing the connection. Led by Fortinet, a second generation of
network security, next-generation firewalls and UTMs, expanded inspection to the application and content. The emergence of
cloud, IoT, and mobile is driving the need for a third generation of network security to protect the rapidly expanding attack surface.
1ST GENERATION 2ND GENERATION 3RD GENERATION
NGFW
FIREWALL UTM FABRIC
Connectivity Content Infrastructure
1990 2000 2010 2020 2030
4
The Fortinet
Security Fabric
Third-Generation Network Security
Fortinet is once again leading the way with its Security Fabric, the first open architectural approach to security
that dynamically adapts to and secures the evolving IT infrastructure.
Network
Operations
Broad
Visibility of the entire
digital attack surface
Fabric Fabric
APIs Connectors
Integrated Endpoint/Device Multi-Cloud
AI-driven breach prevention Protection
Network
Security
across all devices, networks, Security
and applications
Secure Application
Automated
Access Security
Operations, orchestration
and response
Security
Operations
Our Growing Fabric-Ready Partner Ecosystem
Fabric Connector
Fabric API
R
5
Network Security
Fortinet’s high-performance FortiGate firewalls—powered by our purpose-built OS, security processors,
Network
Security
and threat intelligence from FortiGuard Labs—provide consolidated, advanced security and deep visibility
that protects the network from known and unknown threats.
Chassis-based 5000 & 7000 Series
Form Factor Expandable, modular chassis
Interfaces 10, 40, and 100 GE
FW(TP) Throughput More than 1 Tbps (Up to 189 Gbps)
Special Features Carrier class, NEBS, fully redundant
High-end Appliance 1000 – 3000 & 6000 Series FortiGate 5144C FortiGate 7060E
Form Factor 2RU – 5RU appliance
Interfaces 10, 25, 40, and 100 GE
FW(TP) Throughput 52 Gbps – 1 Tbps (4 Gbps – 100 Gbps)
Special Features Ultra-low latency, ultra high-speed SSL inspection
FortiGate 2200E FortiGate 6500F
Mid-range Appliance 100 – 900 Series
Form Factor 1RU – 2RU appliance
Interfaces 1 and 10 GE
FW(TP) Throughput 7 Gbps – 36 Gbps (1 Gbps – 7 Gbps)
Special Features High-speed SSL inspection FortiGate 400E FortiGate 600E
Entry-level Appliance 30–90 Series
Form Factor Desktop
Interfaces High-density 1 GE
FW(TP) Throughput 1 – 4 Gbps (150 Mbps – 250 Mbps)
Special Features Wi-Fi, PoE, ruggedized
FortiGate 80E FortiWiFi 60E
Virtual/Cloud Firewall
Private Cloud Public Cloud
Use Cases & All major hypervisors AWS, Azure, Google, Oracle,
Integrations VMware NSX, Cisco ACI, OpenStack, Nuage, Azure Stack IBM, Alibaba
Throughput Hardware dependent Cloud dependent
Licensing Perpetual, subscription, metered BYOL or on-demand
Virtual Machine
New Product Spotlight—FortiGate 1100E
The new FortiGate 1100E provides secure, high-speed connections to
multiple clouds, full visibility in encrypted flows, and threat protection for
segmented business critical applications and servers in hybrid data centers.
Feature / Performance FortiGate 1100E* Best of breed, seamlessly integrated NGFW
¡¡
Stateful FW 80 Gbps Security and advanced routing
IPSec VPN 48 Gbps NP6 Flexible, high-speed interfaces accelerate the
¡¡
on-ramp to multiple clouds
SSL Inspection 10 Gbps
Industry’s best price/performance for Threat
¡¡
Threat Protection 7.1 Gbps Protection, SSL Inspection, and Crypto VPN
Interfaces 1G, 10G, 25G, 40G CP9
Adapts to any segmentation technique and
¡¡
provides high-performance IPS
6 * Results of preliminary Fortinet internal testing. Final numbers subject to change.
The FortiOS Advantage
FortiOS is the foundation of the Fortinet Security Fabric, consolidating many technologies and use cases into a simplified, single policy
and management framework. FortiOS provides customers with superior protection, deeper visibility and control, reduced complexity, and
greater operational efficiency across their entire attack surface.
-
SPU The Security Processor Advantage
Fortinet Security Processors radically increase the performance, scalability, and value of Fortinet solutions while greatly shrinking space and
power requirements, compared to CPU-based solutions. Use of SSL Inspection is increasingly critical but comes with a large performance
hit on most firewall solutions. Our latest Content Processor (CPU9) delivers both high performance Threat Protection and SSL Inspection
with minimal performance degradation relative to comparable competitive products.
Performance Impact of SSL Inspection Fortinet SPU-based
Fortinet ‘Vendor B’ Palo Alto Networks Check Point Versa Networks Parallel Path Processing
0
-8%
-10 CPU Flexible Policy
-20
% Performance Degradation
-30
Accelerates
-40 Network Traffic
-49 %
-50
-60 Accelerates
-75% Content Inspection
-70
-78%
-80
-89%
-90
Fortinet System-on-a-Chip
-100
Optimized for
Source: NSS Labs Next Generation Firewall Comparative Report, July 17, 2019
Entry-level Form
Factors
The FortiGuard Threat Intelligence Advantage
Our FortiGuard Labs threat research team develops the threat intelligence that informs all of our solutions. FortiGuard Labs leverages
leading-edge machine learning and AI technologies to provide consistently top-rated protection* and actionable threat intelligence that
protect and inform our customers worldwide. FortiGuard Labs partners with law enforcement agencies, governments, alliances, and other
vendors, taking a leadership role to ensure the industry is collaborating and effectively responding to emerging security risks worldwide.
r
lle
ed
ro
e ist
nt
ice
VP -W rvic Ass
Co
e
l**
rv
ar
d
d
lay
Se
ou
ro
y
lou
*** alw
Se ud-
rit
nt
ter
Cl
ice er
ing
rC
cu
ing lo
on M
Co
rv v
er
r
g
se O
or C
ge
Se
ze
at
cti ed
rin
ice v
ion
nit AN
N AN
am
rv on
yR
na
aly
ote nc
al
te
at
Se ortiC
Mo D-W
Ma
tri
sp
Fil
rit
An
Pr dva
c
Individual Subscription Services
SB
us
cu
ti-
SD
pli
rti
rti
b
A
S
IPS
F
Ind
We
CA
An
Se
Ap
Fo
Fo
360 Protection Bundle x x x x x x x x x x x x x
Enterprise Protection bundle x x x x x x x x
Unified Protection (UTM) bundle x x x x x
Threat Protection bundle x x x
A la carte services x x x x x x x x x x x
FortiGuard subscription services Other operational services
* Per many independent third-party tests. See pages 10-11. ** Application Control comes standard with every FortiCare support contract.
*** Includes AV, Antibotnet, Mobile Security, Cloud Sandbox, Content Disarm and Reconstruction, and Virus Outbreak Protection. 7
Other Fabric Solutions
Fabric Multi-Cloud Application Security
APIs Security Security Operations
Fabric Endpoint Secure Network
Connectors Security Access Operations
A large, growing, and open ecosystem
¡¡
of partner integrations
FortiGate
Fabric-Ready partners span a broad
¡¡ Virtual Firewall FortiClient FortiWeb FortiADC FortiAP FortiAnalyzer FortiManager
range of technologies
Fabric Connectors provide deep
¡¡
integration into customers’ multi-vendor FortiMail FortiDDoS FortiSwitch FortiSIEM
FortiCASB FortiNAC
ecosystems
DevOps scripts automate security
¡¡
provisioning & configuration.
FortiToken FortiSandbox
Solution Spotlight: Secure SD-WAN
Best-of-breed SD-WAN and integrated NGFW capabilities for true WAN
Edge transformation.
Products
IaaS FortiGate Next-Generation Firewall
¡¡
FortiManager
¡¡
Branch
Key Features
Intelligent Multi-Path Control
¡¡
SaaS
Apps WAN Path Remediation
¡¡
Cloud Optimization for SaaS and
¡¡
IaaS applications
Single-pane-of-glass management
¡¡
with Zero-Touch Provisioning
Transport Independence
¡¡
(4G, LTE, Broadband, MPLS…)
SD-WAN FortiGate 61E Data Center
Benefits
High application experience
¡¡
Reduced WAN costs by 40% or more
¡¡
Lower TCO, 8X better than competitive offerings
¡¡
Reduced complexity and simplified operations
¡¡
Secure Internet access at branch sites
¡¡
8
FortiCare
Our FortiCare customer support team provides global technical SERVICES & SUPPORT SPOTLIGHT
support for all Fortinet products. With support staff in the
Americas, Europe, Middle East, and Asia, FortiCare offers 360 Protection is a new support and service package that
services to meet the needs of enterprises of all sizes. delivers advanced support, real-time network management,
and a full suite of security and operational services.
Professional
Services
FortiCare FortiGuard Operational
Security • 24x7 FortiCare • Enterprise • Cloud analytics/management
Audit
24x7 Services
- Advanced Support Bundle level
Engineering level
• SD-WAN related services
• FortiConverter
Become a Fortinet Commitment to Closing the
Network Security Expert! Cybersecurity Skills Gap
The Fortinet Network Security Expert (NSE) Program is an 8-level The Fortinet Network Security Academy program provides
training and assessment program designed for customers, partners, industry-recognized Fortinet training and certification
and employees, with over 230,000 security certifications to date. opportunities to students around the world.
230,000+
Launched in 2016, this innovative, rapidly growing program has
already been adopted by 172 academies in 63 countries.
¡¡ Preparation for a career in network security
CERTIFICATIONS ¡¡ Theoretical lecture and hands-on laboratory practice
¡¡ Fortinet certification
Step Level Objective
NSE 1
172
Develop a foundational understanding of the
ever-increasing threat landscape and of general
Security Associate
network security concepts.
BUSINESS
NSE 2 Discover the types of security products that have
been developed to address the threat landscape
ACADEMIES
Security Associate
discussed in NSE 1. • ACADEMIC INSTITUTIONS
• NONPROFIT AGENCIES
NSE 3 Sales Training for Fortinet Employees and Channel • VETERANS PROGRAMS
Security Associate Partners only
NSE 4 Develop the knowledge to manage the day-to-
day configuration, monitoring, and operation of
Professional
FortiGate devices to support corporate network
63
security policies.
NSE 5 Develop a detailed understanding of how to
implement network security management and
Analyst
TECHNICAL
analytics.
NSE 6 Develop an understanding of the Fabric products
COUNTRIES
Specialist
that augment FortiGate to provide deeper and
more comprehensive network security. TODAY
NSE 7 Develop the knowledge to integrate Fortinet
products to deploy and administer network
Architect
security solutions.
Learn more about both programs at
NSE 8 Demonstrate the ability to design, configure,
install, and troubleshoot a comprehensive network www.fortinet.com/support-and-training.html
Expert
security solution in a live environment. Figures as of July 19, 2019
9
Independently Tested and Validated Protection
Recommended IN 9 out of 9 NSS LABS Tests
Next-Generation Firewall Test (2019) FortiGate 500E
¡¡“Recommended”
6th year in a row
¡¡ 99% Exploit Block Rate
¡¡ 100% Live Exploit Block Rate
¡¡ Best SSL Performance with least
degradation
¡¡ Very low Total Cost of Ownership
($2 per Protected Mbps)
NGFW FortiGate 500E
SD-WAN Test (2019) FortiGate 61E
¡¡Second consecutive SD-WAN
“Recommended” rating
¡¡ Lowest Total Cost of Ownership, 8X
better than competitive offerings
¡¡ Deployment in under 6 minutes with
Zero-Touch Provisioning
¡¡ Reliable Quality of Experience for Video
and VOIP
¡¡ Best user experience in HA deployments
¡¡ In-built NGFW security
SD-WAN FortiGate 61E
10Unparalleled Third-Party Certification
¡ RECOMMENDED / CERTIFIED NEUTRAL ¡ CAUTION O UNDISCLOSED Certifications
Check Juniper
CERTIFICATION FORTINET Point
Cisco Palo Alto
SRX
FireEye
1 NSS Next-Gen Firewall ¡ ¡ O ¡ O X
2 NSS DC Security Gateway ¡ ¡ ¡ ¡ ¡ ¡ X
3 NSS Next-Gen IPS ¡ ¡ X
¡ ¡ ¡ X
4 NSS DC IPS ¡ ¡ X
¡ X X X
5 NSS Breach Detection ¡ X
¡ X X
¡
6 NSS Breach Prevention ¡ ¡ ¡ ¡ ¡ X
7 NSS WAF ¡ X X X X X
8 NSS Advanced Endpoint ¡ ¡ ¡ O X X
9 NSS SD-WAN ¡ X X X X X
ICSA ATD—Sandbox ¡ X X X
¡ X
ICSA ATD—Email ¡ X X X X X
ICSA Network Firewall ¡ ¡ X
¡ X X
ICSA Network IPS ¡ X X X X
¡
ICSA Anti-malware
Network ¡ X X X X X
ICSA WAF ¡ X X X X X
Virus Bulletin 100 ¡ X X X X
¡
Virus Bulletin Spam ¡ X X X X X
Virus Bulletin Web ¡ X X X X X
Common Criteria ¡ ¡ ¡ ¡ ¡ ¡
FIPS ¡ ¡ ¡ ¡ ¡ ¡
UNH USGv6/IPv6 ¡ ¡ ¡ ¡ ¡ X
The Only NSS Labs Recommended Edge to Endpoint ATP Solution
Fortinet has participated in the following real-world
group tests, open to the industry, and conducted by
NSS Labs. In doing so, Fortinet stands out as the
only vendor to provide an ATP solution that is NSS Web Application
Firewall
Labs Recommended from the data center to the NGFW
Advanced
edge to the endpoint in the latest group tests. NGIPS
Endpoint
DCSG
Protection
¡¡ NGFW & NGIPS DCIPS
¡¡ DC Security Gateway & DCIPS
¡¡ Web Application Firewall
¡¡ Endpoint Protection
¡¡ Breach Detection and Prevention Breach Detection
Breach Prevention
11Featured Customer Stories
Sonic Drive-In Windstream Enterprise
Largest chain of drive-in restaurants, part of 5th largest restaurant A leading provider of advanced network communications and
company in America technology solutions, including SD-WAN, Managed Network Security
Scope: Secure company’s digital presence revolution – delivering and UCaaS solutions
dynamic marketing content & real-time information to each Scope: Optimize and transform network and voice to meet the
customer in 3600+ restaurants in 45 states evolving demands of the cloud
Key Requirements: Internal segmentation, remote management, Key Requirements: Industry-leading security including UTM
secure wireless access, integrated solution set, agile support for features on SD-WAN devices and centralized management
IoT devices and future technologies capabilities to enhance the WE Connect Portal digital experience,
Solution: FortiGate, FortiADC, FortiAnalyzer, FortiAP, flexible connectivity and the Cloud Core network
FortiAuthenticator, FortiClient, FortiMail, FortiManager, FortiSandbox, Solution: FortiGate 30E, 50E, 60E, 200E and 500E,
FortiSwitch, FortiToken, FortiWifi, FortiGuard Services FortiManager, FortiAnalyzer
Customer benefits realized: Customer benefits realized:
¡¡ Reliable secure infrastructure with excellent uptime ¡¡ Optimized application performance and prioritized mission critical
applications
¡¡ Consolidated core and edge firewalls in single platform ¡¡ Improved reliability to virtually eliminate downtime
¡¡ Increased visibility and control to manage the network
¡¡ Easy deployment and remote management minimizes need for onsite
¡¡ Lowered TCO via cost-effective access-agnostic connections
support ¡¡ Increased workforce productivity
“We were attracted to Fortinet’s vision and the roadmap of where they were “Business customers are increasingly looking for security that is native to
going. The flexibility of the product set was uniquely positioned to meet their WAN. The FortiGate SD-WAN technology is particularly attractive to
our current and future, anticipated needs. Fortinet, as a company and with the Enterprise and Mid-Market due to its security pedigree. It complements
the solutions they provide, has uniquely positioned Sonic to meet current Windstream Enterprise’s service portfolio and enhances our overall
business needs while supporting and enabling our future endeavors.” differentiated value proposition.”
— Courtney Radke, — Cardi Prinzi, Chief Marketing Officer
Sr. Retail Network Strategist at Windstream Enterprise and Wholesale
Superunie Alaska Airlines
Wholesale Grocery Purchasing Cooperative with 30% country 5th Largest Airline in United States
market share in the Netherlands Scope: Secure connectivity and data protection (including PCI
Scope: SD-WAN and network infrastructure across 1,000 data) for over 44 million passengers, 23,000 employees and 1200
branches and 10 data centers flights daily
Key Requirements: Application-aware WAN path control, high- Key Requirements: Protect the e-commerce edge, data center
performance SLA, zero-touch provisioning, IoT security and network, provide secure SD-WAN capabilities
Solution: FortiGate, FortiSwitch, FortiAP, FortiManager, FortiGuard Solution: FortiGate, FortiAnalyzer, FortiAuithenticator, FortiClient,
Services, FortiSandbox FortiExtender, FortiManager, FortiSwitch, FortiWIfi, FortiGuard Services
Customer benefits realized: Customer benefits realized:
¡¡ Guarantee that business-critical applications are highly ¡¡ Ability to secure from the e-commerce edge to the data center
available with best SLAs ¡¡ Simplified configuration, management, authentication and reporting
¡¡ Reduced complexity by consolidating SD-WAN and security
¡¡ Ease of deployment and rollout to distributed locations
¡¡ Secure IoT devices on port level, due to deep technical
“We were already pleased with the performance of Fortinet’s
integration between FortiGate and FortiSwitch
Next-Generation Firewalls in our data center and the protection
“We chose Fortinet’s cutting edge secure SD-WAN technology they provide for employee access and authentication. We recently
to allow us to centrally manage our networking and security chose to leverage Fortinet’s Secure SD-WAN capability because it
solutions, while also providing SSL inspection for a seamless WAN
provides superior security features in one simple offering. Fortinet
transformation. We like the simplicity of extending Fortinet’s SD-
WAN solution to include LAN at each of our stores and the ability to helps us reduce complexity and gives us the single-pane-of-glass
manage all WAN and LAN devices through a single-pane-of-glass.” visibility across all our locations.”
— Arjen van Dam, Manager, IT — Brian Talbert, Director, Network and
Connectivity Solutions
For more customer stories, go to www.fortinet.com/customers.html
Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be
registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab
tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any
binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding
written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants,
representations, and guarantees pursuant hereto, whether express or implied. Certain offerings mentioned herein may not be generally available, and Fortinet reserves the right to change, modify, transfer or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable. Revision: Q3 / 2019 v1 07.29.19You can also read
