Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
This guide is for Internal use only by Fortinet and its channel
partner sales teams.
2
CONTENTS
INTRODUCTION 4
OUR SOLUTIONS 5
ENTERPRISE FIREWALL 6
SECURITY OPERATIONS 30
CLOUD SECURITY 37
APPLICATION SECURITY 45
SECURE ACCESS 53
SERVICES 61
SALES TOOLS 62
3
INTRODUCTION
On top of a perpetually shapeshifting threat landscape, your A unified, end-to-end security strategy (which can adapt to
enterprise customers are also dealing with rapid changes evolving network demands) allows organizations to address the
within their own infrastructures. To successfully compete full spectrum of challenges they currently face. The Fortinet
today, organizations must become more agile and embrace Security Fabric provides an intelligent architectural approach
greater mobility and connectivity. Networks have rapidly that enables enterprises to weave all of their discrete security
evolved so that applications, data, and services can flow solutions into an integrated whole. Our Security Fabric is built
faster across an increasingly diverse landscape of users, around three key attributes:
domains, and devices.
§§Broad: It covers the entire attack surface. Security can be
As a natural extension of these functional advances, applied to the network, endpoints, access, applications, and
networks that previously had well-defined borders have cloud.
become increasingly borderless. While IoT devices and
§§Powerful: It uses optimized software, often accelerated
cloud-based applications offer operational advantages, they
further by purpose-built processors, to reduce the burden
also greatly expand a company’s attack surface—beyond
on infrastructure, delivering comprehensive security without
the reach and efficacy of the previous generation’s siloed
affecting performance.
security products. This may account for the fact that 42%
of security leaders have reported that their organizations §§Automated: It enables a fast and coordinated response to
experienced a security breach within the last two years.1 threats. All elements can rapidly exchange threat intelligence
and coordinate actions.
By contrast, siloed security solutions—with separate
management interfaces and no meaningful way to gather or
share threat information with other devices on the network—are
only marginally useful in protecting today’s borderless enterprises
across all attack vectors. They cannot offer the broad reach, high
performance, or synchronized responses that a security fabric
inherently provides.
4
OUR SOLUTIONS
The Fortinet Security Fabric presents a compelling
approach that connects multiple solutions to form a
unified security framework. Wherever security solutions are
Advanced Threat deployed across the enterprise infrastructure, they must
NOC/SOC
Intelligence operate at the speed of business so that protection doesn’t
limit productivity.
Many Fortinet solutions are based on the fastest, purpose-
built security processors (SPUs) in the industry to
Client Cloud reduce the burden on infrastructure, allowing organizations
to establish comprehensive security without affecting
performance. They also include software optimization
and cloud platform integration as we did with the SPUs
Network for superior performance —up to 10 times faster than
equivalent solutions from other vendors— in Infrastructure-
Access Application as-a-Service (IaaS) and Platform-as-a-Service (PaaS)
environments.
We are also firmly committed to independent, third-
party testing to demonstrate what organizations should
expect when selecting Fortinet security products. This
includes participation in a broad set of real-world security
Partner API effectiveness tests at places like NSS Labs, Virus Bulletin,
ICSA Labs, and AV-Comparatives.
5
ENTERPRISE FIREWALL
Cyber criminals continue to launch automated
and sophisticated attacks against organizations,
threatening the foundation of digital transformation
and efficient business operations. The risk of data MARKET DYNAMICS AND DRIVERS
breaches is driving enterprises to add more security Rapidly Increasing Adoption of NGFW
and visibility at the network perimeter to improve their Gartner reported that less than 50% of enterprise Internet
overall security posture. However, many enterprises connections today are secured using NGFWs.2 But with the
currently use point security products, which do not increasing need for better security and visibility, this adoption will
communicate with each other, lack consistent threat rise to at least 90% of the installed base by year-end 2019.
intelligence, and are complex to manage.
Both Prevention and Detection of Threats Are Critical
The Fortinet Enterprise Firewall solution is powered Most enterprises are looking for prevention against known ex-
ploits, malware, and malicious websites as well as to eliminate
by FortiGate Next Generation Firewalls (NGFWs) to
point products. At the same time, detecting unknown threats
provide high performance, consolidated security, using sandbox technology is also becoming an increasingly im-
and granular visibility to protect against known and portant part of NGFW offerings. Gartner considers sandboxing
unknown advanced cyber attacks. FortiGate firewalls as one of the core features of NGFW products.3
are purpose-built on security processers and deliver
the industry’s best performance for advanced Need for Encrypted Traffic Inspection Is Increasing
security services and ultralow latency. Encrypted traffic is projected to account for ~50% of total en-
terprise traffic.4 Most enterprises don’t decrypt encrypted traffic
Based on these capabilities, Fortinet Enterprise due to performance and operational challenges. But with the
rise of malware hidden in encrypted traffic, it will be very import-
Firewalls enable efficient operations with the best
ant for NGFWs to do SSL inspection without causing any per-
possible security posture, without compromising formance challenges. In 2017, Gartner Enterprise Firewall Magic
on performance. Comprehensive and continuously Quadrant predicted that ~50% of deployments will enable SSL
updated threat intelligence reduces the need for point inspection by 2020.
products and provides better visibility and control.
2. Gartner Enterprise Firewall MQ 2016
3. Gartner Enterprise Firewall MQ 2017
6 4. Fortinet Threat Landscape Report Q1 2017
RELEVANT DEPLOYMENTS
FortiGate Enterprise Firewalls offer the flexibility to be §§High-speed interfaces support future-proof connectivity with
deployed in the data center, at the network edge, or in the core. a compact size that enables greener data-center designs
Relevant use cases include:
§§Highly effective IPS engine targets evasion techniques,
Next Generation Firewall (NGFW) reputation awareness, extensive application control
§§Security gateway to the Internet for enterprises
capabilities, and user/device identification
FortiGate NGFWs are purpose- The FortiGuard team develops FortiOS controls all the security
built on security processors effective countermeasures to and networking capabilities
to deliver the industry’s best protect more than 310,000 through a single, intuitive
threat protection performance Fortinet customers around the operating system. It improves
and to defend against the most world. It provides up-to-the- protection and visibility while
advanced known and unknown minute threat intelligence updates reducing operating expenses
cyber attacks. FortiGate for services such as IPS, AV, Web and saving time by consolidating
consistently holds the No. 1 Filtering, Botnet, Sandboxing, hundreds of features. FortiOS
market share in unit shipments and many more. Customers enables the Fortinet Security
worldwide, as per IDC’s quarterly can purchase individual service Fabric vision for enhanced
security appliance tracker. subscriptions or bundles such protection from IoT to cloud.
as Enterprise, UTM, and Threat
Protection.
8
OTHER PRODUCTS
FortiManager
Centralized Management
and Unified Policy
FortiAnalyzer
Single Pane of Glass with
Centralized Logging and
Reporting
9
ENTERPRISE FIREWALL
10
COMPETITIVE COMPARISON
Security processor-powered
for industry’s best price/
performance
a
a= Provides
= Not available
THIRD-PARTY VALIDATION
Fortinet Named a Leader in the 2017 Gartner Magic FortiGate Receives “Recommended” Rating from NSS
Quadrant for Enterprise Firewalls Labs for NGFW
In the 2017 Gartner Magic Quadrant for Enterprise Firewalls, FortiGate received a fourth-consecutive “Recommended” rating
Fortinet made a significant move into the Leaders category, from NSS Labs in their 2017 NGFW Comparative Report and
up from the Challenger quadrant in 2016. Fortinet’s FortiGate Security Value Map. Fortinet put its FortiGate 3200D and 600D
firewalls are central to the Fortinet Security Fabric—engineered enterprise firewalls to the test against competing solutions, with both
to unify and automate multilayered responses to threats in appliances receiving outstanding security effectiveness scores—
addition to delivering superior NGFW capabilities. blocking 99.71% of exploits in continuous live testing and stopping
99.47% of all attacks in the NSS exploit library. The FortiGate
3200D also leads in real-world traffic performance testing, while the
FortiGate 600D delivered the greatest value per protected Mbps of
traffic among all vendors in the Security Value Map.
Sophos 90%
WatchGuard
Check Point
80%
Fortinet 3200D
Averag Fortinet 600D
e
70%
60%
Security Effectiveness
50%
Average
40%
Palo Alto Networks
Juniper Networks
30%
SonicWall
Barracuda Networks
NOTE
Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017
At the completion of testing, NSS notified the vendors whose 20%
products failed to properly handle evasions. The following
vendors developed fixes, which NSS has subsequently
verified address the identified issues:
• Barracuda Networks
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire • Check Point Software Technologies
• Palo Alto Networks
10%
document. The Gartner document is available upon request from Fortinet
• SonicWall
For more information please see the individual product
Test Reports, or contact NSS Labs.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s $120 $100 $80 $60 $40 $20 $0
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with TCO per Protected Mbps
respect to this research, including any warranties of merchantability or fitness for a particular purpose.
12
QUALIFYING QUESTIONS
c Are you looking at replacing legacy firewalls for better threat protection?
c Have you had any problems with breaches or cyber security incidents?
c Is your NGFW protecting your internal networks from malware and botnets that may be inside
your network?
c Are your current solutions having issues with performance, especially when you turn on
content-processing features?
c Do you have too many point products and are looking to reduce complexity?
13
ENTERPRISE
BRANCH—
SECURE SD-WAN
Fortinet’s Secure SD-WAN solution provides next-generation
Distributed enterprise branches transitioning to
security and networking capabilities to improve WAN efficiency,
a digital business model are having a significant without compromising on security. Unlike traditional WAN
impact on network topologies. The adoption of architectures, new software-defined WANs are able to
cloud services and an increasingly mobile work- dynamically distribute traffic across multiple locations while
force accessing applications in the cloud are automatically responding to changing application policies. They
accelerating advancements in wide area network allow customers to enable direct Internet access for Software-
(WAN) technologies. Traditional WANs have been as-a-Service (SaaS) applications to improve productivity and
replace expensive MPLS with cost-effective solutions.
considered expensive, complex, and limited in ca-
pabilities. With many organizations now evaluating
more efficient WAN options, it is becoming critical Our Secure SD-WAN solution is powered by FortiGate
to deploy new security strategies designed for the Enterprise Firewalls to provide high performance and top-rated
distributed enterprise. security against rising cyber attacks due to direct Internet
access.
14
MARKET DYNAMICS AND DRIVERS
Increasing Adoption of Cloud Applications
the median number of cloud
As per Fortinet’s Q1 2017 Threat Landscape Report, the median number of cloud
applications
62
applications used per organization was 62—roughly one-third of all applications
detected. Many of these organizations are struggling with latency issues and significant
used per
drops in data visibility. Distributed enterprises want to avoid back-hauling traffic from
organization was
(Fortinet Threat
data centers and start using direct Internet access for cloud applications. Landscape Report 2017)
16
OTHER PRODUCTS
FortiHypervisor
Hybrid virtual appliance to run
Fortinet and partner virtual network
functions
FortiManager
Centralized management and
unified policy
FortiDeploy
Zero-touch deployment for
FortiGate
17
ENTERPRISE BRANCH—SECURE SD-WAN
18
COMPETITIVE COMPARISON
Cisco
CAPABILITY Fortinet Check Point Palo Alto Networks
Meraki / ISR
a= Provides
= Not available
THIRD-PARTY VALIDATION
Fortinet Named a Leader in the 2017 Gartner Magic Leading Market Share in Distributed Enterprise
Quadrant for Enterprise Firewalls
As per IDC’s security tracker, FortiGate Enterprise Firewalls
(30 to 200 series) have the No. 1 unit and revenue market
In the 2017 Gartner Magic Quadrant for Enterprise Firewalls,
share worldwide.
Fortinet made a significant move into the Leaders category,
up from the Challenger quadrant in 2016. One of the core
requirements they call out is the scale of the product to support
extended environments such as branch, campus, data center,
and cloud.
Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire
document. The Gartner document is available upon request from Fortinet
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for a particular purpose.
20
QUALIFYING QUESTIONS
c Are you rapidly adopting cloud applications but suffering from latency issues?
c Do you have too many point products and are looking to reduce complexity?
c Have you had any problems with breaches or cyber security incidents?
c Are you having performance issues with the current solutions you have in place,
especially when turning on content-processing features?
21
ADVANCED THREAT
PROTECTION
While ransomware grew exponentially in 2016
and on into 2017 with high-profile exploits like With this in mind, it’s not surprising that a recent survey of
WannaCry, we continue to see these attacks chief information security officers (CISOs) found that the
evolve. Petya (or NotPetya depending on rapidly evolving nature of cyber threats represented the most
your perspective) combines ransomware-like challenging factor in securing their organizations. This was
closely followed by the challenge of securing cloud workloads,
system disruption with blastware destruction.
IoT devices, and a complex IT environment in general. The
At the same time, a steady stream of new combination of defending a dynamic and dispersed attack
spearphishing and other more traditional attacks surface and increasingly sophisticated cyber criminals means
continue to emerge. that business leaders must constantly look for new and better
approaches for protecting their networks, data, and people.
22
MARKET DYNAMICS AND DRIVERS
The Average Organization Is Already Compromised Email Delivered 66% of Installed Malware
Last year, Fortinet conducted nearly 3,000 cyber threat According to the 2017 Verizon Data Breach Investigations Report,
assessments in which we closely monitored each organization’s two-thirds of all malware that was successfully installed on
traffic with our latest threat intelligence for a period of two systems was initially delivered via email. Furthermore, email and
weeks. In doing so, we found that the average organization was the web together deliver 99% of the malware seeking entry to
compromised by more than four active pieces of malware or bots. organizations.
More Than 1 in 3 Active Bots Were Part of a Malware Leading to Breaches Is Seen for Less Than 60
Ransomware Campaign Seconds
Much of the compromised activity was related to ransomware. The 2016 Verizon Data Beach Investigations Report indicated
Not only did ransomware routinely fill the top-five malware list that the malware that actually leads to breaches is seen for 58
each quarter in 2016, in Q4 it was associated with 36% of all seconds or less.
active botnets detected.
23
ADVANCED THREAT PROTECTION
ATP PRODUCTS
24
OTHER PRODUCTS
FortiSIEM
Security Information and
Event Management
Fabric-Ready Partners
FortiClient Integrated via API with
ENDPOINT FortiSandbox
PROTECTION
PLATFORM (EPP)
FortiClient leverages the
independently top-rated
global intelligence of
FortiGuard Labs and
local intelligence of
FortiSandbox to protect
organizations from
known and previously
unknown threats while
on or off the corporate
network.
25
ADVANCED THREAT PROTECTION
The Only Solution to Fully Cover Network, Application, Available in All Form Factors
and Endpoint Attack Vectors
While some vendors offer components as only physical
Only Fortinet provides components to fully cover the primary appliances and others offer components as only a cloud
attack vectors of network, applications (email and web), and service, Fortinet offers every advanced threat protection
endpoint. We do so by automatically sharing both global and component in both form factors for the most flexible
local intelligence among components that are powerful enough solution in the market. Of note, both the Fortinet FortiGate
to deploy anywhere throughout the organization. Fortinet is the with FortiSandbox Cloud and FortiSandbox Appliance with
only vendor that offers NSS Labs Recommended components FortiClient are NSS Recommended for Breach Detection.
for next-generation and data-center firewall, web application
firewall, advanced endpoint protection, and breach detection/
sandboxing.
Open Architecture to Include Non-Fortinet
Components
We are firmly committed to enabling organizations to deploy
the Fortinet Security Fabric and Advanced Threat Protection
inclusive of both Fortinet and non-Fortinet components. Defined
APIs enable organizations to integrate existing network and
endpoint components with FortiSandbox to send objects
for analysis, receive ratings, and consume dynamic threat
intelligence. Our formal Fabric-Ready program can certify an
organization’s specific interactions that use these APIs.
26
ATP COMPETITIVE COMPARISON
Palo Alto
Fortinet FireEye Cisco Check Point Trend Micro
Networks
Independently
Top-rated
Sandbox
a a a a
Integrated Solution
Ent FW a a a a a
SEG a a a a
WAF a
EPP a a a a
Form Factors
Physical a a a a a a
Virtual a a
SaaS a a a a a
Open APIs a
a= Provides
= Not available
THIRD-PARTY VALIDATION
NSS Labs 2016 BDS Recommendation ICSA Advanced Threat Defense Certification—2016/2017
Both the FortiSandbox Appliance (with FortiClient) and Throughout 2016 and into 2017, Fortinet Advanced Threat
FortiSandbox Cloud with FortiGate demonstrated 99% Protection (including FortiGate, FortiMail, FortiClient, and
effectiveness. Of note, the cloud offering demonstrated the FortiSandbox) continuously earned ICSA Advanced Threat
fastest time to detect at less than five minutes and the appliance Defense Standard (Network) and Email certification.
showed the highest throughput, supporting 10 Gbps of traffic.
28
QUALIFYING QUESTIONS
c How many potential security incidents are you investigating each quarter?
c How many of these incidents started with an email? How many were downloaded from the web? How many were
downloaded while an employee was on the corporate network vs. off it?
c Have you had (or heard of peers experiencing) any incidents of ransomware? If so, what measures do you have in place to
reduce your organization's risk?
c Have you experienced (or heard of peers who have experienced) a compromised website or web application?
c What data, intellectual property, or communications are subject to privacy, security, or other regulatory frameworks? What
information is most critical to the success of your business (and closely held)?
§§NSE 3: FortiMail
§§NSE 3: FortiClient
§§NSE 3: FortiSandbox
29
SECURITY
OPERATIONS
Organizations typically have both a network
operations center (NOC) and a security operations Fortinet’s Security Operations solution covers both IT and
center (SOC), but they are typically not correlated security risk management across the entire enterprise, including
or integrated. This leaves early indicators of preexisting and future infrastructure. While Fortinet security
threats unseen. products are already unified into our Security Fabric with a
single OS and shared intelligence, our Security Operations
solution includes information from network elements beyond
the Fortinet family and breaks down the barrier between NOC
and SOC to provide a comprehensive and adaptive view of the
entire network for quickly identifying and responding to threats.
It also helps manage compliance, application availability, and
reducing the complexity of security operations.
30
MARKET DYNAMICS AND DRIVERS
Isolated Point Solutions Can Leave Breaches Shortage of Skilled Cyber Security Staff
Undetected Additionally, organizations face a growing need for experienced
Industry-leading organizations worldwide and from all business cyber security personnel but with a dwindling global supply of
verticals suffered network breaches in 2016, with a 40% those resources. Recent reports count over one million unfilled
increase year over year. This is due in part to the wide array openings worldwide. Many organizations are either looking to
of point solutions deployed (averaging ~30 different vendor outsource NOC and SOC needs or looking for better solutions
solutions) in NOCs and SOCs that essentially generate an that can keep pace with an ever-evolving threat landscape.
overload of uncorrelated and unprioritized information, leaving
many indicators of threats unseen until it is too late. Detection
of breaches is still taking hundreds of days, with additional days
spent isolating and remediating their causes.
40% of Breaches
increase year Over one million
over year unfilled Cyber Security
(Identity Theft Resource Center 2016) openings worldwide
(ISACA 2016)
31
SECURITY OPERATIONS
32
OTHER PRODUCTS
FNDN
Fortinet Worldwide Developer
Community
33
SECURITY OPERATIONS
Comprehensive and Holistic Approach to Managing Unified Visibility from IoT to the Cloud
Risk Fortinet’s Security Operations solution reduces the complexity
Fortinet’s Security Operations solution brings together the best inherent in organizations with many security point solutions
of security hardware and software for a seamless approach to that need to be monitored by SOC personnel, using a single
security operations. It combines the capabilities of FortiManager, interface to the Fortinet Security Fabric through FortiAnalyzer.
FortiAnalyzer, and FortiSIEM, along with FortiGuard Threat FortiSIEM provides the additional context with a unified view of
Intelligence and IOC Services to deliver: the non-Fortinet devices, for a holistic view of the organization’s
threat landscape from IoT to the cloud.
§§Adaptive awareness of the threat landscape
34
COMPETITIVE COMPARISON
Fortinet Palo Alto Check Point Cisco splunk Log Rhythm IBM
SIEM Solution a a a a
Enterprise FW a Partrial a a
Cross Security
Platform a
Real-time Correlation
of NOC/SOC
Analytics
a
Device and
Configuration Self-
Discovery
a
Dynamic Watch Lists
& Threat Intelligence a a a a
Audit trail of User
Activity a
Role Based Access
Controls a
a= Provides
= Not available
QUALIFYING QUESTIONS
c Have you experienced a breach in the past year? If so, what was the impact and how was it felt?
c How many security vendor solutions are you currently using to manage against breaches?
c How much time does your security staff invest in manually correlating alerts and log related data?
c Are you able to provide your Executives and Board with a clear picture of malicious activity and risk to critical data,
applications and assets currently on and connecting to your networks?
c Do you have the ability to identify and prioritize high severity issues across physical and virtual networks, on-premise and
cloud deployments, as well conventional through to IoT devices?
c Do your network and security operations centers share a common view such that they are able to detect and respond to
issues efficiently and effectively?
c Are you able to proactively discover and manage devices and applications as they connect to your network?
36
CLOUD SECURITY
Organizations are rapidly embracing cloud
computing, including migrating server workloads
to public clouds such as Amazon Web Services or
Microsoft Azure, or adopting SaaS applications. At the same time, most enterprises continue to invest in
virtualization and software-defined infrastructure to transform
data centers into private clouds. The long-term direction is
toward a persistent hybrid cloud (and in many cases multicloud)
environment, spanning across disparate private and public
clouds.
37
CLOUD SECURITY
Rapid Market Growth in the Cloud Space Increased Traffic Flow Within Networks
The market for cloud security is expected to grow rapidly As on-premises environments evolve into private clouds,
with the adoption of cloud computing infrastructures. Forbes network traffic will increasingly shift from traditional north-south
estimates that $141B will be spent annually on public cloud flows to east-west. Studies have shown that 75% of data-
services by 2019, while IDC Research projects that more than center traffic in modern virtualized environments is already
half of enterprise workloads will be running in public clouds east-west rather than north-south. Properly inspecting all east-
within a few years. Gartner Research estimates that security west traffic to ensure proper segmentation of workloads would
and management solutions for IaaS and SaaS will expand to easily quadruple today’s $3B market for north-south data-center
security. Gartner predicts that 10% of enterprise firewall revenue
$11B in this timeframe.7
will be delivered as virtual firewalls by 2019.
10%
will be spent
141B annually on
public cloud
services by 2019 of enterprise firewall revenue will be
(Forbes 2017)
delivered as virtual firewall by 2019
(Gartner 2017)
38
CLOUD SECURITY PRODUCTS
39
CLOUD SECURITY
OTHER PRODUCTS
FortiCASB
service provides critical visibility
of users and data in cloud-
based applications.
40
HOW FORTINET’S CLOUD SECURITY SOLUTIONS ARE UNIQUE
Only Fortinet’s Cloud Security solutions can extend visibility and Automated Scaling of Protection for Elastic Cloud
control across an organization’s entire private, public, and hybrid Workloads
cloud environment with Fortinet Security Fabric integration.
With many organizations adopting cloud computing to scale
web or other applications elastically, Fortinet ensures user
Consistent Security Posture Across Private and and data privacy at cloud scale without slowing down the
Public Clouds business. Firewall inspection can be orchestrated into dynamic
Fortinet enables secure and compliant policies, as well as fabric applications and software-defined network flows, while
visibility, to be applied consistently across physical, virtual, inspection capacity can be automatically scaled up with cloud
and cloud infrastructure. Secure site-to-site VPN connectivity applications. Automated provisioning can apply appropriate
between on-premises and public clouds ensures secure security policies to new and existing workloads.
application and data migration across the hybrid cloud, while
also minimizing leakage of confidential data.
41
CLOUD SECURITY
COMPETITIVE COMPARISON
a= Provides
= Not available
42
42 This sales guide is for Internal Use Only.
THIRD-PARTY VALIDATION
FortiGate virtual appliances are part of the same product family Integration and orchestration of FortiGate with leading private
whose hardware has received numerous third-party validations or public cloud platforms has been certified or recognized
or recognition, including NSS Labs “Recommended” and Gartner by key partners, including validations for VMware Ready for
Magic Quadrant for Enterprise Firewall as a Leader. Networking and Security, VMware Ready for NFV, Cisco ACI,
AWS Marketplace, Azure Marketplace, and Azure Security
Center.
Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire
document. The Gartner document is available upon request from Fortinet
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for a particular purpose.
43
CLOUD SECURITY
QUALIFYING QUESTIONS
c Has your organization been leveraging virtualization, SDN, or other technologies as part of data-center consolidation or
transformation projects?
c How are you ensuring visibility into increased east-west or inter-VM traffic?
c How would your risk be concentrated were a security breach to occur in heavily consolidated virtual environments?
c How are you ensuring that your apps and data migrated to the cloud have the exact same security posture as if running in
your internal data center?
c Are you migrating applications and data between on-premises data centers/clouds and the public cloud?
c Do you have confidentiality or compliance requirements to ensure data doesn’t leak from on-premises to public clouds,
and how are you monitoring and protecting against data leakage?
c How do you ensure that only authorized users or employees are accessing data in SaaS environments like Office 365 or
Salesforce.com?
c How are you ensuring data privacy and compliance with respect to data stored in SaaS applications like Office 365 or
Salesforce.com?
44
APPLICATION
SECURITY
Web-based applications that are exposed to the
Internet are an easy target for hackers. The largest
Web-based attacks are a significant issue—as are scale and
point of entry for data breaches in the past few reliability for secure web applications. Customers hosting a secure
years has been application vulnerabilities that application for thousands or even millions of users need to ensure
hackers exploit. In addition, DDoS attacks have that the application infrastructure can meet the demand and
evolved from blunt-force instruments designed respond quickly.
to overwhelm network resources to sophisticated
surgical strikes that target application layer Fortinet’s Application Security solutions include web application
services in a data center. firewalls, DDoS attack mitigation appliances, and application
delivery controllers to protect applications from vulnerabilities
and Layer 7 DDoS attacks, while providing the tools needed to
seamlessly scale secure applications to millions of users. For more
specialized needs, we also offer web caching and advanced WAN
link load balancers to further ensure applications, data, and WAN
connections are secure and available.
45
APPLICATION SECURITY
30%
Although not widely reported, encrypted web application traffic is
growing at a very fast pace. Sandvine’s 2016 Encrypted Traffic Report
showed that 30% of all Internet traffic was encrypted. In the following
year, that volume was projected to grow to 50%. Most organizations of Internet traffic
are racing to encrypt their sensitive data, even though it is straining was encrypted
their existing application delivery infrastructure. (Sandvine 2016)
46
APPLICATION SECURITY PRODUCTS
47
APPLICATION SECURITY
OTHER PRODUCTS
FortiCache
Web Content Caching
FortiWAN
WAN Optimization
48
HOW FORTINET’S APPLICATION SECURITY SOLUTIONS ARE UNIQUE
49
APPLICATION SECURITY
COMPETITIVE COMPARISON
a= Provides
= Not available
50
50 This sales guide is for Internal Use Only.
THIRD-PARTY VALIDATION
FortiWeb received a “Recommended” rating from NSS Labs in Fortinet continues as a Challenger in the 2017 Gartner
their 2017 Web Application Firewall Comparative Report and Magic Quadrant for Web Application Firewalls for the second
Security Value Map. The FortiWeb 3000E was pitted against consecutive year. We believe that integration with the Fortinet
five competitors and placed very well overall against the Security Fabric along with continued technology advances
competition—passing all tests, tying for first place in Security make FortiWeb an easy choice for security leaders when
Effectiveness, and receiving an “Above Average” rating for looking at a web application firewall to protect their web-
overall value for 2017. facing applications.
51
APPLICATION SECURITY
QUALIFYING QUESTIONS
c How do you protect your mission-critical, web-based applications from attacks today?
c Do you regularly conduct code security reviews and if so, how often?
c Do you need to meet PCI DSS compliance standards? What were the results of your last PCI DSS audit?
c Are you concerned about data breaches of sensitive customer or proprietary information through your web-based
applications?
c Are your secure web applications outgrowing your current server load balancer?
c Do you need applications to span multiple data centers for disaster recovery of applications?
c Do you find that your current service-based DDoS mitigation solution is expensive with unpredictable costs?
52
SECURE ACCESS
For many, the primary focus for securing the
network focuses on external threats coming from
the Internet. However, with a mobile workforce,
Our FortiSwitch product line offers a wide variety of switching
BYOD policies, and widespread use of thumb
capabilities—from top-of-rack (ToR) aggregation applications,
drives, threats from internal attack vectors are
to distributed enterprises, down to small businesses. Utilizing
increasing. Therefore, securing internal access is proprietary FortiLink technology, these switching products extend
becoming increasingly important. Fortinet offers the Fortinet Security Fabric down to the Ethernet ports, delivering a
a full range of both wired and wireless solutions highly integrated yet easy-to-manage wired solution.
with exactly this focus.
53
SECURE ACCESS
54
SECURE ACCESS PRODUCTS
55
SECURE ACCESS
OTHER PRODUCTS
FortiAuthenticator
FortiToken
FortiClient
FortiExtender
FortiPresence
56
HOW FORTINET’S SECURE ACCESS SOLUTIONS ARE UNIQUE
Balancing Access, Performance, and Protection Supporting Comprehensive Security Across the
Without Compromise Infrastructure
Today’s enterprises demand fast, transparent access to critical Above all, Fortinet’s Secure Access solution perfectly
applications and data—from anywhere and from a range of complements enterprise architectures, extending Fortinet’s
devices over which administrators no longer have full control. Security Fabric from the core to the edge and uniting the various
solution components to deliver combined benefits greater than
Fortinet’s Secure Access solution provides a tightly integrated
the sum of their parts.
infrastructure—access, networking, and security—capable of
meeting these demands without compromising performance or
security.
As security threats increase in number, risk, and sophistication,
Fortinet customers can rest assured that data protection
obligations to their customers, business partners, and
shareholders can be honored, and that maximum business
continuity will be maintained.
57 57
SECURE ACCESS
COMPETITIVE COMPARISON
Enterprise WLAN a a a a a
UTM in Access Point a
Enterprise Switching a a a a a
UTM a a
Gartner MQ WLAN/LAN a a a a a
a= Provides
= Not available
58
58 This sales guide is for Internal Use Only.
THIRD-PARTY VALIDATION
“Magic Quadrant for the Wired and Wireless LAN Access Infrastructure,” Tim Zimmerman, Christian Canales, Bill Menezes,
Danilo Ciscato, August 2016
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the
entire document. The Gartner document is available upon request from Fortinet.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology
users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied,
with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
59
SECURE ACCESS
QUALIFYING QUESTIONS
c Do you have minimal staff and need a solution that’s easy to deploy and manage?
§§NSE 2: FortiCloud
60
SERVICES
FortiGuard FortiCare
FortiGuard researchers continuously scour the Security can be complex; creating the best security environment
cyber landscape to discover emerging threats requires expertise. Fortinet is immersed in security every day of the
year and our professionals know our products in detail. We can
and develop effective countermeasures to protect
augment the defensive capabilities of any IT organization with a range
organizations around the world. They are the of offerings, tailoring our services to the size of the organization and
reason that FortiGuard is credited with over 250 the desired level of assistance and monitoring. We can help you ensure
zero-day discoveries—a record unmatched by that your customer’s security posture is appropriate to today’s evolving
threat environment.
any other security vendor.
FortiCare services are available on all Fortinet products and include four
types of offerings:
Our unique combination of in-house research
across 10 different security disciplines, §§Product Support Services include device assistance with
technical issues as well as firmware updates, and (if necessary)
intelligence exchanged with leading industry
product replacement. Device monitoring and reporting is also
sources, and machine learning are why Fortinet available. Assistance can be provided by phone, email, or chat.
security solutions routinely demonstrate such high
§§Advanced Support Services provide support on an account basis
scores during real-world security effectiveness and include configuration advice and performance review, as well
tests at places like NSS Labs, Virus Bulletin, ICSA as training and certification programs. There are both Enterprise
Labs, and AV-Comparatives. and Service Provider options.
§§Professional Services offer certified experts for onsite training,
design, configuration, implementation, and validation for security
and infrastructure products. These engagements are custom
created and require a statement of work (SOW) to properly scope
the activity.
§§Premium RMA Services include enhanced warranty returns for
faster replacement turnaround, as well as secure disposal options
for high-security customers.
61
SALES TOOLS
SALES TOOLS
We offer a number of tests and other tools to help your Test Your Metal (Malware Scan Effectiveness)
potential customers evaluate their current security Attackers get past security measures by hiding malware deep within
posture, as well as demos for an assortment of compressed files. Unfortunately, most network security solutions are
Fortinet products. regularly fooled by this technique because they can’t analyze a file
compressed with any format other than ZIP. There are a number of
Cyber Threat Assessment Program legitimate compression formats commonly used and easily opened by
Our Cyber Threat Assessment Program (CTAP) is a framework typical end-users on most operating systems other than ZIP (e.g., TAR,
designed to offer your prospective customers quick, easy, and GZ, 7Z, CAB).
valuable insight into their preexisting security posture. It helps
Test Your Metal offers a simple test to see if your network security will
you build credibility, establish yourself as a trusted advisor, and
catch malware hiding in compressed files.
create a strong business case to choose Fortinet solutions to
mitigate threats. Website: http://metal.fortiguard.com
With a conversion rate of 85%, CTAP is a proven way to
Network Testing
turn a greenfield opportunity into a long-term customer while
Help your customers get the most out of their network devices and
demonstrating the value of FortiGate, FortiOS, FortiGuard, and
diagnose potential issues with comprehensive performance testing.
FortiSandbox in your prospect’s own network environment.
FortiTester offers a suite of powerful, yet easy-to-use tests that simulate
Website: https://ctap.fortinet.com a variety of typical traffic conditions. It allows you to set performance
standards and run audits to make sure your network continues to meet
Product Demo Center
them. It also stores past tests for easy comparison.
Let your prospects see for themselves how our solutions can
help solve their security challenges. Our Product Demo Center Website: http://docs.fortinet.com/fortitester/
includes a wide range of Fortinet products, helping customers
explore key features and capabilities as well as experience our Training
intuitive user interfaces. Network Security Expert (NSE) training is an eight-level certification
program designed for technical professionals interested in independent
Website: http://www.fortidemo.com validation of their network security skills and experience. NSE training is
available via the Fortinet Partner Portal.
Website: https://www.fortinet.com/support-and-training.html
62
PARTNER SUPPORT
FUSE Community
https://fusecommunity.fortinet.com
63
This Partner Sales Guide is designed to educate and enable Fortinet channel partners on our leading network security solutions.
This is not appropriate as a customer-facing document.
Copyright © 2017 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other
Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners.