Fortinet Security Fabric enhancements include first steps towards vision of intent-based network security

At their Fortinet Accelerate 2018 event in Las Vegas, Fortinet outlined their strategic vision to deal with the challenges of digital transformation, including rudimentary tagging which will – eventually – let customers set policies for new items on the network using business language.

LAS VEGAS – Today at their Fortinet Accelerate 2018 event here, security vendor Fortinet made multiple announcements aimed at advancing the vendor’s strategy of maintaining leadership in what it refers to as the Third Generation of Network Security. They emphasized progress in adoption of their Security Fabric since its introduction, and the extent to which the announcements at this event drive its longer term vision.

Fortinet Accelerate 2018 is the vendor’s largest event ever. The 3000 people in attendance included 1300 partners from 19 different countries, and, for the first time 250 customers.

“The tagline of our event is Strength in Numbers, and our 2017 numbers were very strong,” said Patrice Perche, Fortinet’s SVP of Worldwide Sales and Support. “In 2017, we had $1.8 billion in billings, which was 19 per cent growth. We are growing 2-3x faster than the market.”

Large deals were also up significantly, reflecting a 22 per cent growth in the enterprise. Deals over $500,000 were up 27 per cent.

“We are now the market leader in terms of units shipped, and are making strong progress getting to number one in terms of revenue,” Perche added.

In terms of the future, what customers are buying is just as important as how much they are spending, and for Fortinet, the future is bound up with their Security Fabric, which they launched in 2016.

“Our Security Fabric consolidates and secures data across networks, including the cloud, and continues to address new challenges,” Perche said. “Customers are looking for new security approaches to support new business models, driven by digital transformation. Security Fabric addresses this with security transformation.”

John Maddison, SVP Products and Solutions, said that digital transformation creates a digital attack surface which is much larger than in the past, and will continue to expand further because of IOT devices people may not even know are connected to the network.

“With borderless networks, you need a different approach to networks, and that is the Fabric,” he said. “You need to build out visibility for a broad attack surface and build the NOC inside it. You need to protect against known threats, and with more emphasis going forward, on machine learning and the integrated detection of unknown threats. This needs to be well integrated into the SOC. You also need continuous automated trust assessment throughout this.”

Perche said the 2017 data on Security Fabric sales showed strong adoption in all segments. Customers were up 42 per cent year over year. Billings were up 32 per cent. Public cloud growth was up 182 per cent.

“We have the right vision to protect the digital enterprise,” Perche said. “2018 is the year of security transformation.”

Ken Xie, who founded Fortinet in 2000, and now serves as CEO and chairman, emphasized to the conference audience that Fortinet can reach higher levels of security than its competitors because it controls the entire production process.

“We are the only company in the space that build our solutions from the ground up at the ASIC chip level, to the hardware, the software OS, and the security,” he said. “It means that we have the best technology.”

Xie said that while Fortinet is now in the third generation of network security with their Fabric Infrastructure, they have been preparing to continue their leadership from the second generation around UTM, for more than ten years.

“The approach needs to be broad, and none of our competitors have invested to the same degree with all the components of the fabric,” Xie said. “The approach needs to be integrated, and the integration leads to automation, the third component of the strategy. Without good integration you cannot automate effectively.”

That interconnected strategy, Xie stressed to the conference attendees, differentiates Fortinet from their competitors.

Xie also said that while he has always gotten a lot of flack from customers over the years because Fortinet was basically an engineering company, and that its technology was not well known, they have moved beyond that as well.

“We are now doing more marketing,” he said. “We aren’t just engineering any more.”

FortiOs is the key announcement Fortinet is making here around the fabric, with new capabilities designed to provide enhanced protection of the expanded digital attack surfaces with new levels of security operations automation and advanced protections.

“FortiOS 6.0 is a major OS release, with over 200 new features,” Xie said.

“Probably the most important of these is integration into components,” Maddison said. Organizations can tag devices, interfaces and objects at the business, entity, and network level. Eventually, they will be able to set global policies for automatic enforcement when new objects are created on the network.

Maddison emphasized, however, that Fortinet is just beginning this particular journey, into internet-based network security, that they are nowhere close to being able to execute its full potential, which will require the ability to translate the intent behind a particular policy.

“I think it’s a long road,” he said. “We announced last year that the first step would be the tagging system.”

Even this will be expanded considerably going forward, Maddison said.

“The problem is initially you have to tag everything manually, so you will do now only at a high level, but in this first phase, you will get some visibility into that ,” he said. “The next step, next year, will be applying global policy. It’s a long road map, but if we can get there in the next three to four years, it will create such huge a savings in operational costs.”

Maddison said that customers can expect to see the capability expand beyond what he described as today’s ‘rudimentary telemetry’.

“You will see continued integration of security technology with our existing products, and will see it expand across the entire fabric going forward, with more integration across the components.”