There’s no shortage of security applications, but few deal with one of the biggest holes in the network: Web-based applications.
Traditional firewalls usually protect the lower levels of a network infrastructure, leaving Layer 7 applications needing personal or credit card information relatively open. Other dangers come from custom Web applications that are open to other kinds of attack. That’s given rise to specialty Web application firewalls from a number of unified threat management equipment makers including F5 Networks Inc., Barracuda Networks, Imperva Inc. and Fortinet Inc.
Fortinet’s latest Web firewall, the ForitWeb 3000C, takes the company to a bigger market than the traditional small and mid-sized companies it usually appeals to.
The 3000C, a combination Web application and XML firewall, can handle up to 1 Gigabit per second HTTP throughput or 40,000 transactions a second, said Idan Soen, a Fortinet product specialist.
As a result, he said, Fortinet believes to 3000C is good enough for enterprises and Internet service providers.
That may well be, says Paula Musich, senior enterprise security analyst for Current Analysis, a Sterling, Va., research firm. However, she added in an interview that the 3000C’s performance won’t be enough for the biggest companies and service providers. “But," said, "I think there’s a niche for the performance range Fortinet is addressing.”
Enterprises might appreciate FortiWeb’s ability to automatically adapt to user patterns, she said. “Web application firewalls take a significant amount of expertise to develop policies,” she said, so an auto-learn function could help reduce the workload of security administrators
According to Soen, the biggest driver of the Web application firewall market comes from the credit card industry, which several years ago set the tough PCI standard for organizations wanting to use their services. Either organizations have to perform vulnerability code reviews or install a Web application firewall, the industry has said, to avoid facing sanctions.
Like all of the FortiWeb series, 2U-sized 3000C not only secures Web applications and services, it includes load balancing and application acceleration capabilities. The US$39,995 appliance also comes with the CP-7 fail-open/fail-close module. Two 1 TB hard drives are built-in for storage.
It can also be deployed in a reverse proxy mode, offline and a Layer 2 transparent inspection mode, and includes a Web vulnerability scanner.
Fortinet also announced a replacement for the FortiWeb 1000B. The 1U-sized 1000C has increased the number of transactions it can handle to 27,000 a second from 22,000. The US$19,995 unit also now includes the CP-7 module. It’s aimed at mid-sized companies or branch offices.
In addition, Fortinet has upgraded its software-only virtual appliance, the ForiWeb 4.0, to handle VMware ESC and ESXi 3.5/4.0 platforms.