Fortinet Introduces new Terabit Firewall ApplianceFebruary 16, 2017Categories: News. Tags: Firewall, fortigate, Fortinet, Ken Xie, Security, and terabit firewall.
Fortinet, the global provider in high-performance cyber security solutions, announced new solutions that expand Fortinet’s top-tier enterprise firewalls for enterprise, data center, and service provider customers. The FortiGate 3980E is the world’s first security appliance to achieve Terabit firewall (Tbps) performance and the FortiGate 7060E delivers market-leading 100 Gigabit per second (Gbps) of next-generation firewall throughput in a chassis form-factor.
Both enterprise firewalls leverage Fortinet’s advanced Security Processing Units (SPU) to deliver unprecedented performance, effortless scale, and superior Security Fabric defenses so large enterprises don’t have to compromise between security features or network speed disruption.
FortiGate 3980E Enterprise Firewall
Fortinet’s 3000 series of enterprises firewalls are engineered to deliver the highest terabit firewall performance in a compact appliance form-factor. Fortinet is expanding this enterprise offering with the launch of the FortiGate 3980E enterprise firewall.
• The FortiGate 3980E enterprise terabit firewall is the world’s first terabit per second network security appliance – delivering 1.12 Tbps firewall performance in addition to 470 Gbps secured VPN throughput
• The FortiGate 3980E performance is validated by Ixia’s BreakingPoint and latest CloudStorm 100GE Application and Security Test Load Module.
• This performance enables the FortiGate 3980E to function as a data center firewall, to secure inter connectivity between data centers, or as an internal data center segmentation firewall.
• Ideally suited for enterprises that need very high network throughput and deep inspection delivered in a compact form factor that reduces the footprint and operating costs.
• Features 32 discrete SPUs to accelerate security and networking processes while reducing heat and energy consumption.
• The FortiGate 3980E also hosts two GE RJ45, sixteen 1/10 GE SFP/SFP+, and ten 100 Gigabit QSFP28 ports for maximum density and flexibility.
FortiGate 7060E Enterprise Firewall
Fortinet’s new 7060E represents the most advanced enterprise terabit firewall solution on the planet and is ideal for large enterprise, data center, and service provider deployments that cannot afford to compromise on throughput, scale, and advanced security capabilities.
• The FortiGate 7060E enterprise terabit firewall is a streamlined, modular, chassis-based firewall with unprecedented threat protection throughput and flexibility to suit specific deployment and usage requirements with up to four Security Processing blades for blistering NGFW and SSL performance and up to two I/O modules for maximum interface density and network bandwidth.
• The FortiGate 7060E was also subjected to Ixia’s BreakingPoint and new CloudStorm 100GE Application and Security testing – claiming the title of the World’s Fastest NGFW with 100 Gbps of demonstrated NGFW performance, and individually delivering 160 Gbps application control, and 120 Gbps intrusion prevention throughput.
• The FortiGate 7060E offers superior networking flexibility with up to eight 100 GE (Gigabit Ethernet) ports, sixteen 40 GE ports, or sixty-four 10 GE ports.
• The modularity and flexibility of the 7060E, combined with high NGFW throughput enables flexible deployment options that span from the network edge to the data center core, including advanced internal segmentation firewall configurations.
• The FortiGate 7060E enterprise firewall is available in simplified packages with centralized pricing and licensing tied to the chassis instead of individual blades to reduce complexity and deliver enhanced price to performance.
Ken Xie, founder, chairman of the board and chief executive officer at Fortinet says,
“Cloud computing, IoT, and a hyper-connected digital economy have been straining enterprise IT resources and rapidly increasing the performance demands required from today’s security solutions. Enterprises cannot afford to sacrifice their network performance or their security features in this highly competitive and constantly evolving landscape. Fortinet is continually innovating to deliver the highest performing and most secure solutions on the market, enabling our customers to fully leverage their technology infrastructures with the confidence that their users and data are secure.”
Securing the data on your network security may not seem very important to you until you lose your data or the privacy of your data content.
Currently, attackers continued to breach networks with highly targeted spear-phishing attacks. Attackers Are Streamlining and Upgrading Their Techniques, While Companies Struggle to Fight Old Tactics. Attackers also perfected watering hole attacks, making each attack more selective by infecting legitimate websites, monitoring site visitors and targeting only the companies they wanted to attack. This makes it far more difficult for administrators and security teams to keep up to date on the latest attacks and protection measures, so a robust and agile Web Application Firewall or WAF isn’t a luxury – it’s a requirement!
Many organizations started extending their business by using cloud-hosted or web-based applications. Web-based applications currently become popular because it’s simple, user doesn’t need to install anything, users with any device(mobile device, desktop, and future device that don’t exist yet) can access and able to use it immediately. There is no waiting for the version of the app to be released and you need only have one person/team maintaining a single code base. Single-source means that there is a single version of the code base that all users across all platforms access and use. As these web- based applications become more popular, attacks become increasingly sophisticated and frequent, threatening enterprise data.
Here’s a some considerations when selecting Web Application Firewall or WAF:
1. Network Architecture and Application Infrastructure
Web Application Firewall or WAF are designed to watch and respond to HTTP/S traffic. They are most often deployed as appliances in the line of traffic between the requester and the application server, inspecting requests and responses before forwarding them. Inline deployments tend to be most effective in actively blocking malicious traffic based on policies and rules that must be applied judiciously to avoid dropping legitimate traffic. There are three types of inline deployments: Reverse Proxy, Router mode and Bridge Mode.
A Web Application Firewall or WAF can also be deployed “outline” which allows the Web Application Firewall or WAF to observe traffic from a monitoring port. This non-intrusive “passive” deployment option is ideal for testing the Web Application Firewall or WAF without impacting traffic, yet still enabling the Web Application Firewall or WAF to block malicious requests.
2. Performance, High Availability, and Reliability
Web Application Firewall or WAF play an essential role in maximizing throughput and ensuring the high availability of the application(s) they protect. Web Application Firewall or WAF capabilities should include features that address these factors directly:
3. PCI DSS Compliance
The best Web Application Firewall or WAF can identify, isolate, and block sophisticated attacks without impacting legitimate application transactions. In addition, some Web Application Firewall or WAF offer PCI reporting, which determines if compliance regulations are being met, and if they are not, details the steps required to become compliant.
4. Data Classification of Protected Applications
Web Application Firewall or WAF solution needs to be able to understand the application and the data that it is protecting. If that data is encrypted, Web Application Firewall or WAF must be able to decrypt the information and then classify the data within the apps in order to provide additional protection. A strong Web Application Firewall or WAF can terminate SSL traffic, expose what is inside it, and make security decisions based on the encrypted data.
5. Visibility and Reporting
Reports provide visibility into attack and traffic trends, long-term data aggregation for forensics, acceleration of incident response, and identification of unanticipated threats before exposure occurs. Many Web Application Firewall or WAF also integrate with database security products to give administrators a real-time view into the operation of their websites, and provide reports on web-based attempts to gain access to sensitive data, subvert the database, or execute DoS attacks against the database.
6. Automatic Attack Detection
A strong Web Application Firewall or WAF extends bot-defense capabilities to deliver always-on protection—preventing automated layer 7 DDoS attacks, web scraping, and brute force attacks from ever materializing. This proactive approach to detection identifies more evasive bot sequences that may escape traditional detection methods, and identifies unauthorized, automated attacks upon the first attempt to access an application.
7. Device ID and Fingerprinting
Browser fingerprinting captures browser attributes in order to identify a client. This is a great way to identify or re-identify a visiting user, user agent, or device. This persistent identification of a client is important in that it allows tracking across sites. Attributes can be very revealing, enabling you to draw inferences about visitors, track users across origins, and share information, all to identify repeat offenders.
Fingerprinting-based identification is not always reliable and may not work with all device or browser types. Check with your Web Application Firewall or WAF vendor for a list of supported devices/browsers, specific features supported, a list of attributes collected, and what information is reported (e.g., the number of cookies deleted, unique data found).
8. SSL Offload
SSL processing can put a strain on application resources. Offloading SSL computation to other network resources allows applications to dedicate important CPU resources to other processing tasks, which can improve performance. Web Application Firewall or WAF that support SSL offloading maximize the utilization of the applications they protect, eliminate the need to buy additional hardware, and increase the value of the Web Application Firewall or WAF itself. Make sure that the Web Application Firewall or WAF you’re considering can offload that processing work to keep everything running smoothly.
9. Anti-Fraud Capabilities
More advanced Web Application Firewall or WAF solutions integrate with web fraud detection services to simplify deployment, streamline reporting, and strengthen the overall application security posture by thwarting requests from validated fraudsters. These integrated services should enable organizations to rapidly respond to threats at the network and application level.
Web Application Firewall or WAF should efficiently and accurately correlate application attacks—including web scraping, and DDoS, brute force attempts—with client-side attacks targeting end users. Moreover, a good Web Application Firewall or WAF should allow you to easily understand the full scope of the fraud threat across the network, application, and user
10. Scalability and Performance
Organizations need to ensure application availability, even when under attack. The best Web Application Firewall or WAF can help you dynamically boost performance with application optimization and acceleration technologies like fast caching, compression, SSL offloading, and TCP optimization. An enterprise-grade Web Application Firewall or WAF, with robust appliances and through centralized management, can easily scale to handle large volumes of traffic. In addition, cloud-based Web Application Firewall or WAF can be deployed on demand to achieve seamless and limitless scalability, resulting in better performance, faster response times, and cost efficiencies.
A powerful Web Application Firewall or WAF solution enables organizations to protect against OWASP top 10 threats, application vulnerabilities, and zero-day attacks. With strong Layer 7 DDoS defenses, detection and mitigation techniques, virtual patching, and granular attack visibility thwart even the most sophisticated threats before they reach your servers. A good Web Application Firewall or WAF also enables compliance with key regulatory standards like HIPAA and PCI DSS.