TL; DR: Organizations operating in today’s increasingly connected world require a comprehensive online security solution to safeguard them from emerging threats. And, since 2000, Fortinet has delivered. The California-based digital security company specializes in firewalls, intrusion prevention, and more to protect the networks, endpoints, applications, and datacenters that keep modern businesses operational. As a result, more than 320,000 of the world’s largest enterprises and government organizations have turned to Fortinet to address critical security challenges and shield their data and bottom lines from attacks. We recently sat down with Fortinet’s Director of Product Marketing Mark Byers, who told us how FortiWeb — an integral component of the Fortinet Security Fabric suite — sits on the front lines, guarding businesses against threats to their mission-critical web applications.
Horror stories of sophisticated digital attacks abound in today’s headlines. SQL injection, DDoS, cross-site scripting, and cookie poisoning are just a few of the dangers businesses and consumers face in the modern online threat landscape. And nowhere are these hazards more worrisome than in the healthcare industry, where protecting patient data is paramount.
As a result, one leading healthcare organization decided to be proactive to protect the more than 200,000 individuals and families that trust it with their information. As most large, enterprise-level entities, this organization had numerous assets to protect, including, two datacenters, an array of mission-critical cloud-based apps, and more than 2,000 endpoints.
The organization needed a robust digital security solution to safeguard every aspect of its IT infrastructure and found it with Fortinet.
In the past, IT departments employed web application firewalls to comply with Payment Card Industry Data Security Standards (PCI DSS), but many businesses, including this large healthcare organization, began to realize their web applications presented prime entry points into their networks and, therefore, to sensitive customer and proprietary data. As a result, Fortinet developed a layered approach to digital security with Fortinet Security Fabric. It’s a suite of solutions built to safeguard every aspect of a business’s infrastructure. And one of its star components, FortiWeb, sits on the front lines as high-performance web application security to mitigate threats before they can enter the network.
In the healthcare organization’s case, FortiWeb worked in tandem with the other components of Fortinet Security Fabric to thwart a 19-hour long distributed attack on its digital assets.
“Under Fortinet Security Fabric, all of our security solutions talk and play nicely together,” said the organization’s Senior Security Architect. “I can have six different solutions, but if they don’t integrate effectively it just doesn’t work. The Fortinet Security Fabric acts like a single organism.”
And it’s cases like this that have a growing number of enterprises turning to solutions, such as FortiWeb’s web application firewalls, to protect against devastating security breaches.
“Organizations see application firewalls as a means to protect them and not just be compliant,” said Mark Byers, Fortinet’s Director of Product Marketing.
As a result of evolving threats, organizations once primarily concerned with compliance are now worried about becoming the next victim of a data breach.
FortiWeb: Keeping Businesses Secure in a Changing Landscape
As a web security company, Fortinet is responsible for staying abreast of the latest digital threats. Since the company’s launch in 2000, the cloud has increasingly become the go-to solution for businesses to scale cheaply, securely, and efficiently.
Using cloud VPS, numerous virtual machines can be run using a single physical server, which saves money and hassle for both the business and its VPS provider.
“We are seeing a movement of customers from traditional datacenters to cloud-based options,” Mark said. “Seeing this trend, we wanted to make sure that we’re part of it as the marketplace evolves.”
As a result, the cloud version of FortiWeb was released in November 2017.
Meanwhile, the adoption of web application firewalls has expanded beyond companies looking for simple PCI compliance and more broadly into the enterprise sector, where more advanced safety measures are needed.
“Today, we’re seeing most of our new sales coming from enterprise customers who have to protect their applications,” Mark said. “They realize web applications are a significant threat vector to organizations. Verizon’s latest data breach report indicates that web application vulnerabilities are to blame for 40% of all data breaches.”
In recent years, data breaches of big-name companies, such as Equifax, have many on edge.
However, a solution like FortiWeb can allay those concerns. The tool allows users to manage and orchestrate multiple gateway devices simultaneously, correlate threat data, and respond to any detected hazards.
FortiWeb distinguishes itself from the pack by leveraging real-time threat intelligence from FortiGuard Labs, which houses a vast data repository on the latest online risks. In addition to being able to protect against common threats, FortiWeb can also leverage IP reputation services and obtain regular updates from the FortiGuard global threat service.
Fine-Tuning Threat Protection With Research and Feedback
To bring the best security solutions to clients, Fortinet must constantly fine-tune its products to keep up with today’s trends and concerns. Not only does Fortinet rely on its own internal resources, but those of integrated cloud products, as well.
As a result, Fortinet Security Fabric is constantly evolving and, along with FortiWeb, includes an array of components that enable companies to reduce IT complexity and increase visibility and security.
“As trends continue to evolve, we’re always talking to our customers through our customer research and feedback councils, along with information directly from our sales team,” Mark said. “We’re really trying to keep ahead of where the industry is going and then rapidly evolving our solutions to meet the ever-changing threat landscape.”
Cutting-Edge, End-to-End Security Tech for a Range of Use Cases
Fortinet offers an impressive range of products and services, including VM appliances, endpoint security, and DDoS protection. Using either a VM or hardware appliance, for example, FortiWeb is able to create up to 64 separate administrative domains from a single machine.
This capability enables Managed Security Service Providers (MSSPs) to offer these administrative domains to their customers.
“A hosting provider could actually rent out one of those domains to their customer, just as if they had their own separate device,” Mark said.
The remainder of Fortinet’s product matrix consists of a broad range of firewalls, cloud protection services, and hardware, such as wireless access points and switches, for increased network security. The company’s products, including intrusion detection, sandboxing, and SIEM (security information and event management), rapidly detect threats and make compliance management simple.
Additionally, Fortinet offers subscription-based security services that deliver application control, antivirus, web filtering, and IP reputation security, among numerous other solutions. With such a comprehensive suite of products and services, it’s no wonder Fortinet is a prominent leader in the web security space.
The Mission: To Adapt and Innovate in the Face of Emerging Dangers
Because technology is ever-evolving, Fortinet’s mission to keep organizations secure is a never-ending project. Since its founding in 2000, Fortinet has developed programs like its Network Security Expert Program and Network Security Academy to help drive web security skills training and education on a global scale. In 2013, Fortinet founded the Cyber Threat Alliance alongside Palo Alto Networks, McAfee, Symantec, and other security industry organizations to enable the sharing of threat intelligence within the industry.
More recently, the 2017 launch of Fortinet Federal is a significant milestone for the company considering its focus on online security for government agencies, with former NSA director Mike McConnell serving on the board.
Fortinet is also focusing efforts on enhancing security to address the expanding use of enterprise IoT devices and operational technologies used in critical infrastructure organizations.
Looking forward, Fortinet has its hands full with multiple growth opportunities. In contrast to the fear elicited by online crime, Fortinet aims to give clients peace of mind. And, with robust security solutions, such as FortiWeb, the company is primed to continue to do so well into the future.