Fortinet Goes Gigabit
Despite an abundance of ultra-high-speed firewall and VPN (virtual private network) appliances flooding the market today, security startup Fortinet Inc.
isn’t afraid to launch another multi-gigabit product offering next week.
The company, which launched its Fortigate network protection gateway (NPG) family in May (see Guarding the Gigabits), is preparing to go head-to-head with a long line of more established multi-gigabit security vendors when it introduces its new Fortigate 3000 box next Tuesday. Among the companies already offering the firewall and VPN performance levels that Fortinet is touting with its new box are such huge players as Cisco Systems Inc. (Nasdaq: CSCO), NetScreen Technologies Inc. (Nasdaq: NSCN), and WatchGuard Technologies Inc. (Nasdaq: WGRD), according to the latest Optical Oracle report, Light Reading’s paid research service (see Optical Oracle: Firewalls of the Future).
At a time when more and more complex security threats are driving a growing demand for more integrated security solutions, Fortinet is looking for an edge. This edge comes in the form of hardware-based antivirus protection and content inspection, features that run directly on its own ASIC (application specific integrated circuit). The company claims to be the only vendor to have received antivirus certification for an ASIC-based product (see Fortinet Hires Antivirus Guru).
The Fortinet boxes also offer VPN, intrusion detection, and traffic shaping functions, but the ASIC approach allows it to delve deep down into the packets coming into their networks and create security policies based on content, not just packets or applications, say company officials.
"Over the past several years, the Internet protocol got so rich and diverse, that it means that what’s inside the protocol has become more dangerous,” says Fortinet president and CEO Ken Xie, who was also one of the founders of NetScreen. “This is an issue current firewalls can’t address.”
Such integrated devices are the way of the future, says Infonetics Research Inc. analyst Jeff Wilson. “Standalone appliances are already basically gone,” he says, pointing out that nearly half of all the companies polled for a recent Infonetics study preferred to have firewall, IDS, VPN, virus, vulnerability, and content filtering integrated into one box. “The bulk of the market is products that are integrated."
Wilson says that additional security features, including antivirus, will increasingly be etched into silicon, so as not to slow down network performance.
"Virus scanning products at the LAN/WAN boundary must not impact network performance,” the recent Infonetics study states, “which may mean that vendors will have to investigate how ASICs or network processors can be used for content inspection.”
While some observers question how flexible a hardware-based antivirus product can be, Fortinet insists that only the engines driving the box are ASIC-based. "Of course the virus signatures are not baked into silicon," says the company’s vice president of marketing, Richard Kagan.
Like the company’s other, lower-end models, its new Fortigate 3000 box sits at the edge of the network behind the Internet router and delivers real-time antivirus and content filtering, in addition to firewall, VPN, intrusion detection, and traffic shaping.
The high-end box, which has three Gigabit- and three 10/100-Ethernet ports, offers 3-Gbit/s firewall throughput, 300-Mbit/s IPSec VPN throughput with triple-DES encryption, and 1 Gbit/s with AES encryption, claims the company. It also has multi-zone capabilities, which allow ports to be grouped and dedicated to specific groups or departments, each with unique security and content filtering policies.
The question is whether there is a market for such performance levels for antivirus. According to Infonetics, the market for all gigabit and multi-gigabit security products in 2002 is only about $230 million worldwide. Wilson says he suspects that there isn’t a huge market for such high-end antivirus products yet, but that there certainly will be going forward. Now, he says, “I think they’re trying to push boundaries and make a name for themselves.”
And the company is actually aiming to go higher. It is currently working on a Fortigate 4000 model with 10 ports, which should be available early next year. “This is not the end of our performance push,” Kagan says.
While Fortinet doesn’t yet have any paying customers for its new 3000 box, it claims to have several beta-customers testing it, in addition to about 5,000 customers for its existing products. More than half of its customers are located outside the U.S., the company says.
Xie says the company has received $13 million to date, including $9 million in its last round closed in May. In the first half of next year the company is hoping to pull together a new $20 million to $30 million funding round.
The Fortigate 3000 is available now, at a cost of $19,999.
— Eugénie Larson, Reporter, Light Reading
Editor's Note: Light Reading is not affiliated with Oracle Corporation.