The shift to digital has introduced several new technologies into businesses. Internet of Things (IoT), mobility, cloud and the like allow companies to become highly agile and move with speed.
However, the increased agility businesses are realizing has come with a price, which is that the complexity of IT has never been higher. There are many implications to increased complexity, but the biggest is that securing the business has become more difficult.
Securing organizations used to be straight forward: Put up a big, expensive firewall at the sole ingress/egress point, and all was good. Today there are dozens or even hundreds of entry points created from an increase in the use of cloud services, mobile workers and consumer devices. Security must now be applied at the perimeter, but also in the data center, campus, cloud, branch offices and anywhere else the business might have assets or people.
The need for better security has caused every security vendor to position it as having an end-to-end solution, with many using the term “platform” to describe themselves. One of the challenges with security platforms is that they started with a specific security element, such as a next-generation firewall, and then bolted on other security tools on an as-needed basis. So, think of a platform as being a collection of security tools that can be procured from a single vendor. This certainly has some value, but it also has some gaps.
Gaps in security platforms
The most notable challenge with a platform is the lack of scale. The world is becoming increasingly dynamic and distributed, and security technology needs to scale dynamically. A platform would scale by either replacing the existing products with newer, higher performing ones or by adding more devices. Either method is too slow for a digital world.
Also, because platforms are built by putting several technologies together under a single umbrella, they may have some blinds spots, as some features may only be available in some locations.
The “bolt together” strategy also limits the amount of real-time visibility because the products in the portfolio likely have different dashboards and methods for collecting data. One could aggregate the information manually and try and normalize the data, but that requires a fair amount of upfront work and is hardly real time. Lastly, third-party integration is tough with platforms because each product in the umbrella has its own APIs and interfaces.
Fortinet solves the security platform challenge
One vendor that has solved the platform challenge is Fortinet with its Security Fabric. With a fabric, all services are made available to all points in the environment.
The best example of an industry that has taken advantage of fabrics is storage area networks (SANs). With a storage network, all services must be available to all points at wire speed or it will fail. In essence, the storage fabric is so fast and so tightly knit that the servers think the storage is directly connected. This is the only way distributed storage will work, so the industry had to solve that problem.
Similarly, Fortinet has put together a way to deliver the required security features to any point, from the endpoint to the cloud, in real time. Two main factors have enabled the company to achieve this. First, Fortinet has built most of its products itself, from the ground with the idea of the fabric in mind. It has made a few acquisitions but quickly integrated them at an operating system level to ensure they meet the requirements of the fabric.
Second, and this is what gives Fortinet its performance differentiation, the company builds its own ASICs. I know the world has gone nuts over doing everything in software, but I’ve stated over and over that not everything is best done in software. Some functions are best done in hardware and some in silicon. Fortinet’s ASIC provides robust security to be applied to speeds into the terabytes.
Also, at scale, ASICs cost much less than general-purpose processors. The best price performance products are ones where the strengths of software, hardware and silicon are leveraged.
The security fabric will result in much faster breach detection and isolation. Because all of the products work off the same code base and silicon, it’s easy for Fortinet to understand the real-time network topology, as well as the interaction between the physical and virtual elements. Given the dynamic nature of IT, this is a critical component of being able to automate security. There’s an expression that states “you can’t secure what you can’t see,” and the Fortinet Security Fabric sees everything, enabling it to secure the end-to-end environment.
One more key differentiator for fabric is the ease of integration to third-party vendors. The fact is no single security vendor can do everything. Fortinet’s fabric is open, and the company has put together a large ecosystem of technology partners that includes Centrify, Qualys, Tufin, Brocade, PulseSecure and Verisign—to name a few.
Vendors love to throw around terms such as platform and fabric, so it’s critical that security buyers do their homework and ensure the solution actually delivers the best threat protection from the cloud to the hand while providing a real-time view of the environment.