Cisco Subnet An independent Cisco community View more

A conversation with Fortinet CEO Ken Xie

Taking Security and the future

1. So why don't you tell us where you think the markets are at with security and EPS to start and then, do you still see growth? You can also include your other products.

Ken Xie

This is an exciting time to be in security and network management, as the market is approaching a major inflection point. Factors such as BYOD, shadow IT and the consumerization of technology is forcing businesses to re-architect how they manage users, enforce policy and secure data. Because of these changes, coupled with the fact that hackers, cybercriminals and online threats are more pernicious than ever, we see unprecedented growth and opportunity as these dynamics converge.

The endpoint security market today is in an interesting transition period. Historically, endpoint protection primarily revolved around the use of signatures to detect and thwart attacks. Many endpoint vendors are discovering that a signature-only model is no longer a good enough deterrent from today's rapidly evolving threats. While I'm not suggesting that the signature is dead (our FortiGuard Labs researchers are issuing 250,000 new signatures a day) additional technology is now needed in order to detect and mitigate the increasing number of malware variants out there. Technologies we're deploying and seeing others implement as well include sandboxing (both local to the device and in the cloud) and IP reputation. For example, with our FortiClient, we can evaluate in incoming file, if there's no signature, but the file looks suspicious, we can run it through a light on-device sandbox, if we still can't determine the nature of the file, we'll send it to our cloud service, which opens the file in a protected setting. If it is safe, it goes through. If it's bad, we stop it.

2. Who do you see as your biggest firewall competitor and why?

Cisco presents our biggest challenge in the firewall market for the fact that they have such a large percentage of market share. Displacement of an entrenched incumbent is always a challenge. But, this is also one of our best opportunities due to the fact that when compared side by side to Cisco, our solutions perform significantly better in terms of security efficacy and system performance.

3. Who do you see as your biggest EPS competitor?

As for the endpoint market, vendors such as McAfee and Symantec hold tremendous brand equity due to their consumer products. This of course translates to brand awareness in the enterprise, too. But, as we see the market, endpoint alone will not solve issues like BYOD; it has limitations. Therefore, we believe that a superior approach is to have endpoint integrated with network security solutions (e.g. next-generation firewalls) to best meet the needs of enterprise organizations. 

4. Will we one day see EPS move into new markets or products?

Possibly. Pure-play endpoint vendors will have to reinvent their solutions to meet the changing market needs. For endpoint to grow, it will have to be relevant in mobile, social, big data and cloud, as those are the areas of opportunity.

5. Where do you see your products expanding to next, or options you will add to the current product?

Fortinet already provides a wide array of solutions that extend beyond perimeter network security. For example, we offer advanced wired and wireless access solutions, application delivery controllers, authentication, analysis and management solutions, as well as advanced and specialized threat protection solutions, such as DDoS, DNS, WAF and database security. Our view is that if the network is involved, then we are there to protect it. Based on that, future developments will revolve around ensuring data, networks and applications are protected.

The distributed enterprise is also a segment that is showing some interesting changes. Smaller branch locations are consolidating their internal IT stack in order to reduce costs, enable secure wireless and simplify management. New network security appliances today can not only manage a branch's perimeter network security with the full UTM feature set enabled, but they're able to also secure their IP Phones, POS devices, surveillance cameras and more. If it has an IP connection, it can now be managed through a single device that can be controlled internally or remotely from a corporate headquarters. From a headquarters, compliance reports can run and updated security policies can be pushed to all branch locations at the same time within minutes. In terms of expanding the UTM feature set for distributed enterprises, we're seeing some interesting technology around mobile analytics. There are a couple of companies doing this now and selling standalone products, but it's not a stretch to imagine that technology one day being incorporated into a store's network security appliance.

6. I know many customers would like to hear where your products compete with other vendors like Cisco, Juniper, HP.

Probably the best competitive comparisons are not based on what I say, but instead on what independent third-party testers say. For example, NSS Labs recently awarded us their highly coveted "recommended" rating for three product categories: IPS, Firewall and Next-Generation Firewall. Neither Cisco, Juniper nor HP has all three of these recommendations. Prior to that, BreakingPoint/IXIA benchmarked our FortiGate-5140B and afterwards declared us the fastest firewall they've ever tested. It's hard to argue numbers, which is why we defer to independent labs to verify our leading performance, security and total cost of ownership.

7. Do you see consolidation in the marketplace or more companies starting up in this space?

We see both consolidation and innovation occurring in the security market. As evidenced by SonicWall, Sophos and others who have gone private, consolidation is a last resort for vendors who need a larger ecosystem of products or technologies to leverage in order to remain competitive. Conversely, there are innovators, too, who have demonstrated that specific security features can be improved. Over time, many of these new features will be consolidated into mainstream products. Fortinet invests heavily in R&D. This enables us to hold an ideal situation of driving innovation, balanced by having the breadth and depth of solutions to lead the market.

8. What new verticals, segments do you see your products moving into within the next few years?

As businesses re-architect how they protect their networks, users, applications and data, we see growth opportunities at the enterprise perimeter and data center, as well as in larger verticals, such as retail, healthcare, financial services and education.

9. Let's talk about the cloud, what are you doing in the cloud now?

The cloud presents a variety of new opportunities for Fortinet, ranging from how we leverage our own cloud-based technologies to make networks more secure, to actually developing the solutions that help secure the cloud infrastructure. Our FortiGate virtual appliances mitigate blind spots by implementing security controls within a virtual infrastructure. They also enable the ability to rapidly provision security infrastructure whenever and wherever it is needed. Our virtual appliances feature the same security and networking services found in our hardware-based FortiGate appliances and the two platforms can be combined and centrally managed for a high performance cloud security solution that goes from the perimeter to the core.

We are also using the cloud for security management and log retention. Our FortiCloud is a hosted security service for our FortiGate platform. The service offers centralized reporting, traffic analysis, configuration and log retention without the need for additional hardware and software. It also provides a central Web-based management console to manage individual or aggregated FortiGate devices. All communication between FortiGate appliances and the cloud is encrypted and the monitoring of all FortiGate appliances can be done in real time.

10. What do you think of SDN and where your company fits in that new buzzword?

We're committed to the open SDN Standard.

11. Let's talk green, many companies talk about it but they really don't do it. Can you tell us where you are going in the green space and how customer can save money with your products?

Green technology was a hot subject in the mid-2000's, but over the last few years, it has faded into the limelight. None the less, being green is important to Fortinet, so we take great measures to ensure our products and processes have the lightest imprint and impact on the environment as much as possible. Unified Threat Management (UTM) is inherently green, as these types of solutions are built to include multiple security features and functionality into a single device. In many network environments, it's common to find a firewall, a VPN concentrator, an intrusion prevention system, a gateway antivirus system and a Web filtering system deployed in daisy-chain fashion. That's five devices each providing a single-function security service. Using a very conservative estimation of 300 watts per device, the power consumption for this security infrastructure totals 1500 watts. By replacing these standalone systems with a consolidated network security system, a single 300-watt system can provide the same functions with only 20% of the recurring power cost. This power reduction also reduces cooling costs in two ways.

First, every watt of power consumed by IT equipment requires about 0.8 watts of cooling energy. Second, the smaller physical footprint makes it easier to direct cool air or apply various forms of per-rack liquid cooling, for more efficient heat transfer. Overall, lower power consumption means a smaller carbon footprint. There's also the energy reduction across the entire lifecycle: more efficient manufacturing and less hardware to recycle at end of life. Even the reduction in cabling needed makes a contribution, as PVC cable cladding has a large environmental footprint both in its manufacture and in its recycling.

In terms of saving our customers' money, we do this through per device licensing plans, instead of per user licensing, which is favored by many of our competitors. In today's BYOD environment, many employees are now using two to three different devices in the office, such as a company issued notebooks, personal smartphones and tablets, and those costs can add up under a per user licensing model.  

12. Right now we are at 40gbps, moving to 100gbps and beyond. Where do you see Fortinet moving to and how fast?

You are absolutely right... the market has an insatiable need for speed. Knowing this, we invest heavily in developing custom content processors, network processors, system-on-a-chip processors and related specialized hardware to ensure that our solutions are the fastest and capable for even the most demanding network environments. We work very closely with our service provider customers to ensure they have the fastest network security performance available. As mentioned earlier, our FortiGate-5140B was recently benchmarked by BreakingPoint/IXIA and they found our chassis was capable of 500 Gbps+ of actual application traffic.

13. Do you spend a lot of time looking at what other companies are doing in your space?

Not particularly. Our focus and time is spent better on looking at what our customers want and addressing our customer needs. Our customers drive our business, not our competitors. Because of this, we spend considerably more time developing solutions that exceed our customer demands and worry less about what our competitors do.

14. What is the one question when meeting with potential customers that you get the most and why?

Customer questions really do vary depending on their needs, but if I had to chose a consistent theme, it would be to demonstrate how fast and secure our solutions are, as many have been let down by other vendor performance claims.

15. Where do you see your business in Asia and EMEA going?

Threats are global in nature and the need to protect corporate assets is the same everywhere. For this reason, we see growth in APAC and EMEA equally strong. If you look at our Q4 2011 and compare it with Q4 2012, APAC sales grew 17 percent and EMEA sales grew 22 percent. I will add that Latin America has been underserved by the market, and we see substantive growth there, as well.

16. Have you ever been to Interop Las Vegas? Are you a man on the floor like myself or just fly in to meet large customers?

I've attended many Interop events in multiple capacities. I do like to walk the floor to see what's new, and of course, Interop is a great location to meet customers, talk to analysts and press.

17. What is the biggest misconception about Fortinet that people believe or hear?

The biggest misconception is that Fortinet is an SMB security vendor. Far from the truth, we are headquartered in the U.S., and we service a broad range of enterprise, Fortune 500 customers, global service providers, government agencies, and of course, small to midsized organizations. In 2012, SMBs/distributed enterprises accounted for 32 percent of our sales, mid-level enterprise accounted for 33 percent of our sales and enterprise-level products accounted for  35 percent of our sales.

18. It has been a while since we have seen some head to head testing against your competitors, when will we see more?

1 2 Page 1
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.