Eb Protecting Every Edge
Eb Protecting Every Edge
Eb Protecting Every Edge
Every Edge
Table of Contents
Executive Overview 3
New Problems 4
New Solutions 7
Protect 8
Converge 9
Scale 11
Ultimately, organizations end up creating complex workarounds to get disparate solutions to loosely work together.
This is causing the data center infrastructure to become more complex as the number of devices, servers, switches,
routers, firewalls, load balancers, and other interconnected components attempt to provide a seamless flow of
data between various systems and applications. As the number of devices and the volume of data traffic increases,
network complexity also increases, making it more challenging to manage, monitor, and troubleshoot issues.
6
New Solutions
Supporting and securing hybrid architectures requires component. A unified security solution provides
single-lens visibility across the entire distributed coordinated protection to multiple areas of enterprise
network. This includes knowledge of every user IT, including corporate sites, branches, campuses,
and device on the network and the applications and data centers, public and private clouds, and remote
resources they are accessing. Plus, it’s necessary to workers. Because of its native interoperability, an
identify anomalous behavior and malicious activity HMF deployment simplifies operations, ensures
everywhere it occurs. Marshaling all necessary compliance, reduces complexity, and enables broad
security resources to direct a timely, coordinated automation to increase operational efficiency. It
response is also key to stopping threats. To support doesn’t matter if you have all on-premises firewalls, all
today’s expanding networks and their numerous cloud firewalls, or a mix of both. The enhanced value
edges, many businesses have begun adopting lies in centralized and unified management across all
disparate secure access service edge (SASE), firewall deployments.
software-defined wide area network (SD-WAN),
Fortunately, regardless of where security needs to
and zero-trust network access (ZTNA) solutions.
be deployed—whether a campus or data center
This creates complexity while fracturing visibility,
environment, multi-cloud network, branches, or home
compromising user experience, and limiting the ability
offices—use cases are remarkably similar. Addressing
to respond effectively to attacks.
them requires breaking down security into three
What’s needed is a new next-generation firewall primary functions: protect, converge, and scale.
(NGFW) approach that integrates these functions to By understanding these three concepts, you can
provide contextually coordinated security across the implement a security strategy designed to deliver a
network. An HMF solution combines on-premises and seamless user experience and protection aligned with
cloud-native solutions with a unified management business goals.
It also needs to identify any user, device, or application requesting access and automatically assign it to its
appropriate network segment. This requires natively integrated proxy services. When a device makes its initial
access request, the firewall needs to work with endpoint clients (for users and servers) and network access
control (for Internet-of-Things [IoT]/Industrial-Internet-of-Things [IIoT] devices) solutions. It also needs to support
multi-factor authentication to determine the role of a user or device, link it to associated policies, and only grant
access to the application or segment of the network required to do its job.
For applications and workflows that move from one environment to another, an NGFW needs to understand,
implement, and enforce the same policy everywhere. This consistent orchestration and enforcement approach,
built with single-pane-of-glass management, allows security to follow applications, workflows, and other
transactions end to end.
10
Scale
Regardless of where a firewall is deployed, one thing remains true: It needs to be fast. And it will need to be
even faster tomorrow. Today’s data centers generate and process massive amounts of data at transactional
speeds—whether it’s big data for advanced modeling, low latency for high-speed financial transactions, or hyper-
performance for massive multiuser environments.
Speed refers to how quickly a firewall can inspect data and its ability to support automation. An NGFW needs to
effectively protect the network from high-speed attacks with advanced and coordinated security as well as not
be bogged down with time-consuming manual provisioning efforts. Manual operations slow things down, and
configuration errors can be compromised by ransomware and other attacks.
The challenge is that most traditional firewalls are already running at capacity, which means they can’t scale to
match growing business demands. That’s because they were never designed with hyper-performance in mind.
Their biggest problem is they rely on off-the-shelf processors in an age when everything—whether graphics
cards, smartphones, or cloud servers—runs on custom chips. Security is a processor-intensive activity. Scaling to
meet today’s performance demands requires delivering full firewall functionality without sacrificing performance or
overwhelming limited IT and security budgets.
www.fortinet.com
Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.
2170366-0-0-EN