Fortinet strengthens operating system

A number of network security equipment makers are shifting from an appliance-based approach to a platform strategy, giving them ability to add capabilities to the operating system instead of making extra hardware.

Fortinet Inc. is one is one of those companies that has built a single operating system platform for its FortiGate unified threat management (UTM) portfolio, which has models for small businesses to carriers.

On Tuesday, the company announced FortiOS 4.0, which not only adds some common security capabilities such as application control, SSL inspection and data leakage prevention, but also adds WAN optimization.

They go along with existing firewall , antivirus, antispam and intrusion detection capabilities.

“We’re taking four almost distinct markets and pulling them into a consolidated security solution that does hardware-accelerated security and network services,” Anthony James, Fortinet’s vice-president of products, said of the four main new additions.

The wide area network optimization and caching capability is being added because typically customers install Fortigate UTM devices at the edge of a network, he said. “Since we’re already doing application inspection and looking a data for malicious content, it’s easy to add remote caching, data compression and header optimization.”

The bi-directional WAN optimization will increase network performance, reduce data transmitted across the WAN and reduce bandwidth and server resource requirements and networking costs, the company said.

It’s not an unexpected that a UTM manufacturer would expand its platform in non-security areas, said Andrew Hanson, a Boston-based IDC research analyst specializing in network and endpoint security.

Organizations have long complained about application congestion. And in tough economic times, he added, “people are looking to extend the life of their hardware. Improvements in software and hardware are a good way of doing that.”

The other security-related upgrades will also be appreciated, he said, as governments increase regulation and compliance requirements.

FortiOS’ new application control gives network or security managers the ability to create policies that put fine control over applications. For example, James said, should it be necessary to leave port 80 open, BitTorrent, specific games or instant messaging applications could be blocked. Multiple applications can be defined with different actions and logging options.

The SSL inspection proxies encrypted traffic, allow the FortiOS defence capabilities to inspect the decrypted data and e-mail for threats.

Finally, the data leakage prevention capability uses a sensor to trigger policies on the detection of a range of text or numerical content. Rules can be created using Regular Expression or ASCII on a series of menus.

By moving into WAN optimization, Fortinet is pushing against companies specializing in the technology such as Blue Coat Systems. It already faces UTM competitors such as Check Point Software and security vendors like Cisco Systems and Juniper Networks.

That may not be a problem for Fortinet or others with the same strategy, said Hanson. Among small-to-medium sized companies, UTM has beat out routers. In his words, organizations are choosing appliances with strong security and networking features over “adequate security built on top of a networking appliance.” IDC sees enterprises adopting the same strategy. But because they have more needs than SMBs, they’ll want more capabilities, like WAN optimization.