"Security isn't going to be just at the perimeter"
Oct 16, 2006

With security becoming increasingly critical to the network given rapid proliferation of security threats, and the network space becoming increasingly competitive, Ross Sovde, Solutions Network Architect, Fortinet Solutions shares his perspective on Fortinet's strategy globally and in India in a tete-a-tete with Sunil Kumar.

Can you tell me about Fortinet and the USP of its products?
Founded in 2000 by Ken Xie, founder, president and CEO of NetScreen, Fortinet was sold to Juniper for more than $3.5 billion. It is a multi layered security vendor and sells its system and subscription service products through a network of distributors and resellers worldwide.

Our main product is the FortiGate series of Application Specific Integrated Circuit (ASIC)-accelerated antivirus firewalls. They detect and eliminate damaging content-based threats such as viruses, worms, intrusions, and inappropriate Web content from email and web traffic.

A growing percentage of content-based network attacks, such as viruses, worms and Trojans are being introduced into organizations via activities such as Web browsing. This trend has been escalating, as enterprises and service providers turn increasingly to real-time communications like web applications and instant messaging.

We are leaders in the unified security platform arena and the way convergence is happening in other areas, voice and data are getting increasingly converged. We are also the pioneers in convergence of security space.

Security currently being in silos, what Fortinet is attempting to do is convergence of various security mechanisms for the future. There has been an evolution of attacks from single vector based attacks to more blended attacks that necessitates more security at the gateway level.

Unfortunately, conventional stand-alone and desktop-based network protection systems, such as firewalls and host-based anti-virus software lack the dedicated hardware required to perform deep packet analysis, content reassembling and application-level screening necessary to detect these threats without imposing unacceptable delays on real-time network applications. As a result, most organizations are more dangerously exposed to content-based attacks from real-time traffic.

What is your take on competing vendors?
We are the pioneers in multi-layered security space. We also claim to be the leaders in the high-end UTM space. Innovation is something that we follow on a consistent basis. Today we are talking about SSL VPN; tomorrow we will be talking about voice.
In India, we are ahead of the curve because we were early entrants and we now have a considerable customer base here. Another factor, which we found out, was that security was going to be more up the protocol stack that led to a gradual rethink. What we had earlier was an OPSEC alliance or an open platform for secure enterprise connectivity, an open enterprise-wide initiative to enable customers for deploying multi-vendor security solutions. This has changed gradually. We are the only vendors to have ATCA certification. Vendors including NEC, Alcatel, and Siemens are designers developing next-generation ATCA compliant infrastructure platforms. This standard ensures that just about any networking vendor will make an ATCA-compliant platform in the future. A direct result of ATCA compliance will also be felt in large carrier deployments.

If we consider interoperability, we have the PICMG, a governing body that standardizes the whole chassis platform. Cisco has their 6500 series chassis; however people affectionately refer to them as 'power-sucking aliens' because what they have is individual blades that are going into a Cisco chassis. We are better in this respect because of blades with better and multiple functionalities. What ATCA allows you to do is buy a single chassis and then integrate blades from best-of-breed vendors.

What are the learning experiences globally and in India?
In the carrier market, we see mobile operators very actively deploying our solutions. We are also seeing SIC-peering solutions in wireline carriers. These are the two biggest markets for fixed-mobile convergence at the moment. What we are talking about is peering networks and security in mobile platforms that require more security globally and in India.

What have been developments at Fortinet recently?
The FortiGate 3600A released recently is an extension of our 3600 platform significantly increasing CPU processing capability and adding sixth generation ASICs into our platform. What we have is an AMC card and gigabit ports, and increasing Fortinet's next generation Content Processor-6 (CP-6) FortiASIC that increases content inspection performance, delivers improvements of 50% in firewalls and boosting content processing function performance.

The FortiGate-3600A is Fortinet's first system for incorporating its next generation FortiASIC, which over time, will be included in all Fortinet products. Two FortiAccel hardware accelerated Gigabit SFP ports will provide wire speed packet performance for networks that demand high-speed small packet performance firewall applications, such as VoIP. We are planning to collaborate with Microsoft on the IPTV front, and also on SIP based VoIP.