NSE 1 06 Corporate Overview

NSE 1: Corporate Overview
In this lesson, we will give an overview of Fortinet as a company, including its key competitive
advantages against other vendors.
This lesson is part of the NSE 1 course. Together with NSE 2 and NSE 3, completing the NSE 1
exams qualifies you to be a Fortinet Certified Sales Associate.
After completing this lesson, you should be able to discuss how to choose and buy FortiGate,
FortiASIC, FortiGuard and FortiCare solutions. You should also be able to discuss the advantages of
Fortinet as a company, and identify its key characteristics relative to competitors.
Today's infrastructure is constantly changing to meet business demands, whether it be virtualization

of the data center, mobility for end users, orchestration through SDN, NFV, cloud usage, social
networking. In the future we will see Internet of Things (IoT), analytics, increased bandwidth and
Internet 2. These all create a challenge for companies to make sure their end users, their data and
applications are secure.
5
New threats require deep coverage. As new threats have arrived, customers have deployed point
solutions in response. For example, when intrusions and worms came about, IPS systems were
deployed, viruses and malware led to antivirus and antimalware, spam and botnets led to antispam,
malicious sites led to web filtering, malicious apps led to application control. And then more recently,
advanced targeted attacks led to advanced threat protection systems. Security vendors fall into two
major categories. There are infrastructure vendors who provide better performance and networking,
but work at the lower levels of the application stack, OSI Layer 3 and 4. And then the software
vendors will focus on maybe a deeper application inspection, but then fall foul of the performance
parameters needed inside a network. What Fortinet brings is the combination of both. It has very high
speed networking capabilities through ASICs, but also has a deep look inside the content and is able
to compare to its threat intelligence systems, FortiGuard. Fortinet provides the intersection of security
and networking.
Enterprises need a new security strategy. Daily news reports on data breaches prove old standard
approaches are too limited for today’s security challenge. One major issue is too many point
solutions. Too many different security vendors whose products do not communicate with one another
means that the time to detect is very high. You need a seamless security approach across the entire
network, where each of the solutions can talk to each other. Another issue is too much compromise
when deploying. Because some security solutions slow down the network, causing bottlenecks,
sometimes companies do not deploy the full portfolio of security applications. You need a powerful
security solution that provides deep visibility and control while not slowing down the network. Lastly,
there is too much focus on the edge. Enterprises over the last five to ten years have really focused on
the perimeter, the edge, on stopping things from getting in. Because that’s changed now, enterprises
need to look inside as well. They need an intelligent security solution that works beyond the border.
What should the new strategy be? There are three rules.
In a particular situation in the network, there are often many different vendors providing not only the
networking but also the basic security. Vendor A may be providing routing and WAN capability.
There may be a security vendor providing firewall and VPN. There may be an infrastructure vendor
providing switching. There may be a completely different vendor providing a Wi-Fi controller and
access. Not only that, each one of these solutions has their own management console.
Once you go beyond the basic security to provide advanced security, it becomes even more
complex. Maybe you’re providing security against advanced threats, IPS and app control, Wi-Fi
security, web gateways, cloud security, antivirus type scanning… Again, all of these solutions have
their own management consoles, and often do not talk to one another.
The third type of complexity is when multiple firewall vendors are deployed across the network,
leading to a fragmented security policy. Maybe Vendor A is a next-generation firewall (NGFW),
maybe Vendor B is a UTM at a branch, Vendor C is a high-speed data center firewall, Vendor D is in
the core of the network, providing segmentation, Vendor E is a virtual machine inside a data center’s
East-West flow, and there may even be a separate cloud vendor. The issue with using different
vendors for all of these situations is that a single policy that you want to push out must be translated
to each vendor, making it very complex and very slow.
The key is a single enterprise firewall across the entire end-to-end network, providing different
personalities and security capabilities. If the same vendor can be used for branch, for campus, for
core, for data center, for cloud and for carrier, with a range of security capabilities, then the ability to
deploy a policy across there rapidly to defend the network increases dramatically. This is what
Fortinet provides with its FortiGate, FortiOS, and FortiASIC range of capabilities.
The attack surface for today’s companies has increased dramatically. Connections to the cloud (both
infrastructure and software as a service, local connectivity at branch offices, wide area connectivity,
different endpoint devices whether Internet of Things (IoT) or point of sale (PoS), and wireless
connectivity has expanded the attack surface that a company has to deal with, allowing threats more
opportunity to get inside of the company.
Fortinet delivers intelligent security inside, at the edge, and outside the network. These days, the
internal network needs to be segmented: network segmentation using internal segmentation firewalls
both in the corporate network, the core network, campus, the wide area network (WAN), the data
center, including East-West and SDN orchestration, and of course the cloud.
The bandwidth that networks use is ever-increasing. Video, carrier-grade NAT, SSL inspection, deep
packet inspection: these are all critical security controls that need to be applied to the network. But if
you use the wrong platform, this causes severe performance bottlenecks.
Most firewalls today are built on a CPU architecture. That is, all of the policy management, packet
processing and deep inspection has to be done by that CPU or multiple CPUs. This causes a slowing
down of the throughput because that CPU has to perform multiple tasks at different levels. Fortinet’s
architecture consists of a CPU plus content processor (CP) plus network processor (NP). Certain
tasks that use deep packet inspection use the CPU, the network processor, and most importantly the
content processor to accelerate. Certain types of traffic will go through the network processor and
CPU, and other types of traffic will just pass through the packet processor. This optimum path
processing allows throughputs far in excess of a CPU only. The graph on the right, for example,
shows firewall throughput at 30 gigabits per second with NP processing compared to less than 2
gigabits per second with a CPU. The same is true for encrypted traffic like IPsec VPN: 30 gigabits per
second with NP processing drops to 7 gigabits per second if processed by a CPU.
The cybersecurity platform from Fortinet provides coverage from client to access to network to
applications to cloud, synchronized by FortiOS and updated by the security services framework from
FortiGuard. Each one of these areas has a full product portfolio: for endpoint devices, access
devices, network devices, application and data center devices, as well as cloud, which all work
together to provide the best protection.
Here are some quick facts about Fortinet:

• Founded in 2000, 1st shipment 2002, and IPO 2009
• Corporate headquarters in Sunnyvale, California with100+ offices worldwide
• Employees: 3900+
• Customers: 255,000+
• Over 2 million devices shipped
Fortinet is ranked #1 in unit share worldwide in network security. It has market-leading technology:
257 patents, with 228 pending.
There are 3 key technologies as the foundation of the company:

1. Custom ASIC-based scalable architecture (FortiASIC)
2. Industry-leading, validated threat research (FortiGuard)
3. Custom, converged networking and security OS (FortiOS)
From a revenue perspective, Fortinet’s global revenue distribution is:

• EMEA 35%
• APAC 21%
• Americas 44%
This is a balanced revenue growth around the globe.
In terms of FortiGate revenue, shipments by market segment are:

• High-end appliances 38%
• Mid-range appliances 26%
• Entry-level appliances 36%
Meaning that the vast majority of shipments are to enterprise customers.
In terms of network security appliance shipments, according to IDC, in 2014, Fortinet shipped almost
400,000 network security appliances, making that almost twice as many as our nearest competitor,
Cisco, three times as many as Check Point, and almost 10 times as many as Palo Alto Networks and
Juniper. These are not all small systems or entry-level systems. In fact, as Infonetics Research lists
us as the second largest market share vendor in the data center, and we’re catching up to Cisco
rapidly. So not only do we ship the most network security appliances, we also ship the most
advanced and high-performance network security appliances.
Fortinet’s global infrastructure is built to support global enterprises and businesses worldwide.
Fortinet’s corporate headquarters is in Sunnyvale, California, which also houses a development
center. The largest development center is in Burnaby, Canada, but there is also a wireless and Wi-Fi
development center in India, with over 100 offices worldwide providing sales support and technical
support. Fortinet has also built out an expansive FortiGuard Delivery Network (FDN), which provides
updates to customers’ systems on a 24 x 7 basis.
Fortinet aggressively certifies its products in all the major, independent certification organizations.
Fortinet aggressively tests and validates its solutions via truly independent, 3rd party testers like NSS
Labs. We do not engage in “pay for play” test reports like our competitors do (such as Tolly,
Miercom, etc., where the network security vendor pays them to run the test and write a report, and
suspiciously the sponsor’s network security product always looks good). No other network security
vendor achieves such a large set of successful certifications and “recommended” validations.
Some analysts might speak highly of some of our competitors, but when you actually plug the
products in and test them in real-life scenarios, Fortinet shines while the competition often fails. Our
competition often fails to live up to their own datasheet performance and effectiveness claims, while
Fortinet meets or exceeds its claims.
It is a part of Fortinet’s culture and a founding principle of the company to build great products and
certify, validate, and test them rigorously to prove their value.
NSS Labs validates our advantage. NSS Labs tests different deployment modes of gateway firewalls
and web application firewalls. The security value matrix looks at price-performance and security
effectiveness. These three examples for next-generation firewall, next-generation IPS, and breach
detection show that Fortinet solutions fit in the “recommended” quadrant. This means that they are
providing some of the best price-performance, and at the same time the best effectiveness.
FortiGate is a custom ASIC-based, scalable network security platform. FortiGate ranges from entry
level (two-digit model numbers) and mid-range (three-digit model numbers) to high-end (four-digit
models) and virtual appliances. Each one of these different levels and ranges comes with a different
combination of ASIC chips and CPUs to provide the required performance. For example, entry-level
models often applying UTM have system-on-a-chip (SoC) – a combination of CPU with CP and NP
on an energy-efficient single chip. Mid-range uses CPU and a single network processor (NP) and
content processor (CP), whereas higher-end systems use multiple network processors, content
processors, and CPUs.
FortiOS is common across all the appliances and virtual machines. FortiOS is configured for different
personalities depending on where the FortiGate appliance is deployed in the network. The
personalities include unified threat management (UTM), internal segmentation firewall (ISFW), next-
generation firewall (NGFW) and next-generation IPS (NGIPS), data center firewall (DCFW), carrier
class firewall (CCFW), cloud firewall (CFW) and virtual machine firewall (VMFW).
This is the easy, flexible 4-step pricing model for FortiGate.
1. Decide on your form factor and deployment mode: the number of ports, port speed, and throughput
and location.
2. Select support. FortiCare coverage can be 8 hours a day, 5 days per week, or 24 x7. There are
also professional services.
3. Add subscription services from FortiGuard. These can be individual à la carte services, the UTM
bundle, or the new enterprise bundle. Decide on FortiCare support level for each service.
4. Finally, decide on the term for the contract: 1 year, 2 years, 3 years, 4 years, or 5 years.
Fortinet provides a broad range of complementary technologies beyond FortiGate. When you’re
ready to extend and deepen your security to specialized applications and devices, Fortinet’s portfolio
can grow with your security needs.
Fortinet’s global service and support team, FortiCare, offers 8 hour per day, 5 day per week
enhanced support, as well as 24-hour, 7 day per week comprehensive support. Premium service is
available with:
• Assigned TAM
• Enhanced SLA
• Extended software support
• Priority escalation
• Onsite visits
It can be global or regional.
Above that is professional services:

• Architecture and network security design
• Implementation
• Deployment
• Operations
Become a Fortinet network security expert with the Network Security Expert program, NSE.
Validate your security experience, demonstrate value to your customers, and accelerate sales
through technical knowledge. NSE has 8 levels.
NSE 1-3 are for sales associates. NSE 4-8 are for technical staff.
NSE 1 is open to the public and provides a general understanding of network security.
NSE 2 is focused on FortiGate gateway solutions.
NSE 3 is focused on Fortinet’s advanced security solutions.
NSE 4 is for technical understanding and configuration of FortiGate.
NSE 5 is for technical understanding and configuration of FortiManager and FortiAnalyzer.
NSE 6 is for technical training on our advanced technologies.
NSE 7 is to provide troubleshooting.
NSE 8 is the expert level, validated by both a written and practical exam.
To review, in this lesson, we discussed why Fortinet solutions win, and what makes Fortinet unique
as a company.
To prepare for this lesson’s quiz, make sure that you’ve learned the key points listed here.

NSE 1 06 Corporate Overview

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NSE 1 06 Corporate Overview

Uploaded by

Copyright:

Available Formats

NSE 1: Corporate Overview

Today's infrastructure is constantly changing to meet business demands, whether it be virtualization

Here are some quick facts about Fortinet:

There are 3 key technologies as the foundation of the company:

From a revenue perspective, Fortinet’s global revenue distribution is:

In terms of FortiGate revenue, shipments by market segment are:

This is the easy, flexible 4-step pricing model for FortiGate.

Above that is professional services:

You might also like