While the release has over 300 new features, the ones involving newer technologies like ZTNA, SASE and 5G are most likely to turn heads.

Today, cybersecurity vendor Fortinet is announcing the 7.0 version of their flagship FortiOS operating system. The new release has over 300 new features, with the ones involving expansion into Zero Trust Network Access [ZTNA] and Secure Access Service Edge [SASE] likely being the most significant – even though they aren’t likely to make many customers immediately abandon their VPNs or ditch their networks for the cloud.

“This release expands our already strong platform into ZTNA and SASE, and also upgrades capabilities across SD-WAN, hyperscaling, firewall, service capabilities, and integrated NAC management,” said John Maddison, Fortinet’s CMO and EVP of Products.

“The key here is that the OS isn’t just an appliance or service offering,” Maddison noted. “It sits at all the edges and provides converged network and security. You cant overlay security around all these edges. You need a converged solution. And while the platform may start as a simple firewall, it generally evolves well beyond that. Now we have added ZTNA and SASE to that, which significantly improves partner opportunities.”

Maddison acknowledged that ZTNA, which was still more of an aspirational technology only a year ago, is being overhyped in the industry – but that it is still very important nonetheless.

“Everybody latches onto these acronyms from Gartner,” he commented. “ZTNA isn’t even named correctly. It’s really Zero Trust Application Access. You take a VPN and get access to the application with it. People also over-rotate about the impact of these things. Even with ZTNA, most customers still have VPNs in place –  and will until their last legacy application is gone. Our ZTNA strategy is important because it provides a definite migration path from VPNs to ZTNA. We like  migration, not dead end things. A key issue in adoption is that most customers have different vendors for their different network components. And to get ZTNA to work across vendors is absolutely impossible. But for now, ZTNA is the first step in evolving from existing technologies.”

For now, what does ZTNA bring to the table? With FortiOS 7.0, customers will be able to deploy firewall-based ZTNA capabilities out of the box. ZTNA also improves security by reducing the attack surface, since it verifies the user and device for every application session and hides business-critical applications from the internet. It also simplifies management by using the same access policy no matter where users are, whether on- or off-network.

Maddison said that the introduction of the cloud-based SASE consumption model is also important, although customers need to avoid some of the hype which makes it out to be a magic bullet that will make traditional networks obsolete.

“Despite SASE, the network is still super important and defines the digital experience,” he stated. “You don’t get rid of your network and put everything in the cloud.”

Interest in SASE, like interest in ZTNA, grew significantly during 2020 because of the movement to Work From Home and Work From Anywhere use cases.

“Work From Home increased interest because more network edges formed, making SASE more important,” Maddison noted. “Right now, Work From Home is definitely generating the biggest demand. As we go forward however, customers will want consistent security no matter where they are, even if they don’t have enough processing power to run it everywhere. So we see this expanding from client to thin client to SD-WAN to data centre – to give more choice to customers in how they consume security.”

FortiOS 7.0 also introduces self-healing SD-WAN capabilities to their SD-WAN solution, through adaptive WAN remediations to make the application experience more resilient. Maddison noted that while self-healing WAN has already made its way to the market, it’s still quite rare.

“It’s really just starting,” he said. “The goal of the self-healing network is to have it understand what’s not working and fix it itself. To do that though, you need to know all the pieces, which includes things like WiFi and endpoints. That’s something we can provide, because we are just as  comfortable working in networking, switching and WIFI as we are with SIEMs or Web Application Firewalls or network security. You need to know all the pieces.”

Maddison said that this release’s extension of network connectivity and security beyond the WAN Edge with innovations in 5G and LTE that improve wireless network performance also leverages this facility with both cybersecurity and wireless networks.

“It’s a differentiator for us,” he said. “Our competitors in 5G are totally different from those in endpoint, and none of our cybersecurity competitors have these capabilities.”

The release also improves operational efficiency for both NOC and SOC teams with FortiManager/FortiAnalyzer integrations with the latest release of FortiSOAR as a container. It also now provides central management for hybrid clouds with auto-scaling for practical usage of resources, dynamic load-balancing, and application user experience visibility. The web protection offering has also been enhanced with video filtering – which Fortinet is a first for the industry, and is a major asset for Work From Home environments

FortiOS 7.0 will be available at the end of Q1 2021.