ASICs give a big boost to antivirus

Fortinet Inc. says its hardware-based network protection devices provide better price performance compared with the competition, but one industry analyst says the company faces challenges, despite its security savvy ways.

Fortinet, formed in 2001 and headquartered in Santa Clara, Calif., says its FortiGate Antivirus Firewalls give businesses the protection they need in an increasingly networked world. What with evermore sophisticated and hard-to-detect viruses and worms to deal with, enterprises need high-speed antivirus systems to protect themselves. But software-based antivirus solutions cannot keep up with escalating requirements, said Richard Kagan, Fortinet’s vice-president of marketing.

“It’s all about the content. There’s some kind of malicious code. The only way you figure it out is not by simply looking at packet headers, but by taking bunches of packets, ripping them open, taking a look at the payload…and scanning for threats. That’s a heck of a lot more work than any firewall, VPN or IDS device was ever designed to do.”

Software that dug so deep would impede network performance, Kagan said. Fortinet’s solution: use hardware, not software, to power the antivirus engine. The company’s FortiGate employs Application-specific Integrated Circuits (ASICs) to speeds up the content-scanning process.

“In hardware, we can do it fast enough and at the network edge as to not introduce unacceptable delays in real-time applications like the Web.”

By combining firewall functionality with ASIC-based antivirus, Fortinet’s devices present compelling price-performance figures, Kagan said.

“Our price-performance is anywhere from 10 to 20 times better than competitors’, and our raw throughput is as much as five or six times better….There’s a reduction in the amount paid per megabit per second.”

Fortinet’s low-cost, high-performance solutions could give the company an advantage over competitors like NetScreen Technologies Inc., Check Point Software Technologies Ltd. and Symantec Corp., said John Pescatore, Washington, D.C.-based research director, Internet security with Gartner Inc.

“When you can do that content inspection, you can do a lot more, like stop buffer overflow attacks and other things that today’s firewalls can’t do….Check Point, running on software, can’t go at the speed to do the in-depth inspection that these ASICs can do.”

But Fortinet also faces some challenges, Pescatore said. For example, many network security managers are well-versed in products from incumbent players like Check Point. They might find the FortiGate graphical user interface (GUI) somewhat baffling at first.

As well, “a lot of people want to outsource the management of their firewall,” Pescatore said. “Fortinet, any of these startups, they’re not yet supported by the security management providers. If you get something like [FortiGate], you’re going to run it yourself until they get more penetration and some support players.”

Kagan said Pescatore is off the mark. He pointed out that Fortinet has management partnerships in place with PSINet in Europe and KDDI Corp. in Japan.

Asked if Fortinet has partnerships with North American firms, however, Kagan said there were none that he could disclose.

Regarding FortiGate’s GUI, one user said it’s easy to work with. George Minich, manager, technical services with Markham, Ont.-based Toshiba of Canada Ltd., uses the FortiGate 100 alongside NetScreen’s 204 and 5XT security appliances.

“In terms of configuration, it’s far easier,” Minich said of the FortiGate 100, which provides 95Mbps throughput, a DMZ port and traffic shaping. “The Web interface is much more intuitive. You don’t have to drill down to find what you’re looking for. Everything’s tabbed out for you.”

Minich is fond of Fortinet’s all-in-one mentality. Firewall plus ASIC-powered-antivirus comprise a low-cost solution for Toshiba of Canada, he said.

“Looking at the price point, plus the antivirus, it was a much better buy. We didn’t have to deploy a virus-filter…on top of the firewall.”

Fortinet’s FortiGate line ranges in price from US$700 to over US$30,000, and ranges in throughput from 30Mbps to 4Gbps. For more information, visit