A True Converged Platform Starts with a Powerful Network Firewall
In This Article
The following article was written by John Maddison from our partner, Fortinet.
Ironically, this is one of the reasons why so many security products fail to interoperate with the network. Most security developers only have a basic grasp of modern networking, which is why legacy security solutions struggle to adequately protect today's dynamic networks.
This fundamental lack of expertise is also why so many security vendors have been quick to declare that the network--and by extension, the firewall--is dead. They have wrongly assumed that because so many applications and services have been moved to the cloud that the network as we know it is a dinosaur. Nothing could be further from the truth.
The fact is, the network has never been more important, even in cloud-centric environments. Today, everything is network-centric. The network serves as a center post holding everything together, including distributed data centers, multi-cloud environments, new edges, dispersed IoT solutions, and distributed business-critical applications. Hybrid networks span the entire digital business environment, from campuses to branch offices and from the cloud to at-home workers. Even in highly specialized cloud-centric environments, the network enables cloud on-ramp, interconnects disparate systems, and enables connectivity between multi-cloud environments. It allows applications and workflows to move seamlessly across every edge so critical information can be accessed by any user or device from any location.
But in these new hybrid network environments, security cannot function as a standalone solution. Instead, security must be seamlessly converged with the underlying network, enabling protections to dynamically adapt to a constantly shifting network. And as a result, the management of modern networking and security can also be converged. By centralizing policies for NOC and SOC, changes can be orchestrated and advanced tools like AIOps can span the network. In this way, convergence becomes a powerful enabler of digital acceleration.
In this environment, rather than being dead, the network firewall becomes the foundation of a converged security and networking platform. Building critical network functions such as SD-WAN, LAN edge controllers, ZTNA, and support for 5G directly into a converged networking and security platform enables a security-first approach to networking that ensures that every change is secured by default. A converged platform is the only way to effectively combine network modernization with dynamic security that can seamlessly span every part of the network and adapt in real time to any changes the business requires.
The clear advantages of convergence are why many security vendors now promote their point solutions as a converged platform. But as with most marketing-driven claims, the truth is often far from reality. Rather than addressing the broad network evolution that is impacting all edges--from the campus and distributed data centers to private and multi-cloud environments to branch offices and remote workers--many vendors are instead focused on the idea of convergence from a niche use-case. And because their efforts are limited to only one piece of the network, their solutions end up creating (rather than addressing) complexity--which enables (rather than prevents) cyber incidents.
One of the most significant contributors to this disconnect is that security vendors have generally failed to innovate on networking capabilities. That should come as no surprise. The network isn't an area of expertise for most security vendors. And because they don't understand the importance of today's hybrid networks, they make absurd claims like the network is dead. So, it's no surprise when their security solutions fail to address the actual networking needs of their customers.
The other challenge is that few of their touted platforms have actually been converged. While a vendor may own several trendy technologies, usually through acquisition, and even wrap them together inside a management console to make it seem like they work together, the truth is that their solutions really only operate side by side. And as a result, the organizations that invest in them end up compromising on the benefits of true interoperability.
The reason for this comes down to complexity. As any engineer can tell you, weaving together the mature codes of solutions developed in isolation, and only brought together through acquisition, is nearly impossible. Even the most skilled development team working with disparate components will never be able to achieve the interoperability that today's hybrid networks require. True convergence requires solutions that have been built organically using the same foundational codebase.
FortiGate is not just the most deployed network firewall in the world, representing over one-third of all firewall shipments globally. It's also one of the top SD-WAN solutions on the market. It's a powerful LAN Edge controller. It's also a 5G controller. And it's the only solution that enables universal ZTNA enforcement on-premises and in the cloud, which is crucial for supporting today's hybrid workforce. Most importantly, FortiGate is the foundation of the industry's only true converged networking and security platform.
How is that possible? It starts with over 20 years of prioritizing organic innovation with security-driven networking in mind. FortiGate is intentionally powered by:
Every function provided by FortiGate is built using a common operating system. As a result, its robust security solutions, including its LAN and WLAN controllers, SD-WAN, ZTNA, 5G controller, and other solutions are actually the exact same product. This enables a level of convergence, correlation, interoperability, and automation between every function that no other vendor is able to provide. It also ensures convergence between all its various form factors, including FortiGate appliances, virtual machines, container solutions, SASE, and cloud deployments.
In today's digital world, performance is king. Security tools have traditionally struggled to provide adequate performance without a significant price tag attached. And even then, certain specialized functions, like inspecting encrypted traffic (which now represents about 98% of all web traffic) have been the Achilles' heel of security appliances.
Fortinet foresaw this need to provide exceptional performance for both security and networking functions over a decade ago. That is when we delivered the industry's first--and only--customized security and networking processors. Unlike the off-the-shelf processors used by every other security vendor, these custom ASICs work like GPUs to offload critical security functions. As a result, they deliver an average of 15x more performance for the same price point of competitive solutions.
And the same engineering codebase that enables these physical security processors (SPUs) also enables the delivery of virtual chips (vSPUs) that provide similar acceleration in private and public cloud deployments. The result is unmatched performance and the industry's highest security compute ratings.
Integrated FortiGuard Security Services
The other value of a converged platform is the ability to coordinate advanced services across on-premises and in-the-cloud deployments to detect and prevent threats at scale. Solutions designed to work together also increase visibility. They enable things like edge threat collection and correlation, coordinated threat response, cross-network automation, and AI-based analysis that spans the distributed network rather than being limited to some small segment.