Fortinet Fortifies Network Fabric

Secure Dc

By: Michael Vizard

Fortinet this week advanced an effort to converge networking and cybersecurity functions with the introduction of a series of high-performance next-gen firewalls based on proprietary ASICs that are managed as an extension of the company’s network fabric.

Fortinet is betting that the need to process and inspect data packets that are increasing in volume at higher rates of speed will reliance on proprietary ASICs capable of implementing a broad range of cybersecurity controls in near real-time.

The goal is to make it much simpler to segment networks without having to introduce additional layers of complexity using, for example, a network virtualization overlay, says Jonathan Nguyen-Duy, vice president of strategic programs at Fortinet.

In fact, the single biggest reason network segmentation and other cybersecurity controls are not implemented is they are simply too complex to deploy and manage, says Nguyen-Duy.

“We all know what should be done,” says Nguyen-Duy. “It’s just too complicated.”

The Fortinet strategy seeks to address that issue by extending the intent-based networking capabilities enabled by its network fabric into the realm of cybersecurity. The companies contends that this approach will end up being less expensive by eliminating the need for many dedicated cybersecurity appliances over time. The strategy is also designed to make it much easier to tie cybersecurity closer to business outcomes based on the actual risk faced by an organization.

Given the chronic shortage of cybersecurity professionals it’s all but inevitable that networking professionals and other members of the IT organization will be taking more responsibility for implementing cybersecurity controls. Cybersecurity teams will still define cybersecurity policies, but the implementation of the controls will increasingly be left to IT operations teams. To make it easier to meld the management of networking and cybersecurity networking vendors such as Fortinet have been rushing to extend their network fabrics in a way that creates a single interface through which switches and firewalls can be managed.

It’s still relatively early days in terms of achieving that convergence. Not only are the platforms capable to achieving that goal just starting to be deployed, many organizations still need to navigate complex cultural differences between networking and cybersecurity professionals that have been allowed to fester in some cases for decades. 

As cybersecurity becomes more of a business imperative, it’s all but inevitable many cybersecurity functions will soon be subsumed into a larger network fabric, says Nguyen-Duy. Less clear is to what degree that shift will drive a wave of consolidation across a cybersecurity sector that already consists of over 5,000 vendors.

One of the fundamental flaws of cybersecurity todays is it takes too long to first discover a potential threat and then escalate it up the cybersecurity process to determine whether it should be blocked. By then chances are massive amounts of damage has already been inflicted. The challenge and opportunity facing organizations today is how to implement cybersecurity controls that can be implemented within seconds of an attack being detected.

The degree to which cybersecurity is fundamentally broken is, of course, a matter of intense debate. The one thing, however, that just about everyone can agree on is what passes for cybersecurity today is not working nearly as well as it should.