Opportunities with SDN

Software-Defined Networks: Opportunities for resellers

The advent of virtualisation, the cloud and data marts means that more network traffic is going to more places faster than ever before. And all of these data, traffic and applications have to be protected. These functions take place over the public cloud (the internet), private clouds (VPNs), internally (LAN) and on individual devices (PCs, laptops and smartphones). In short, they are platform-agnostic. And to protect these functions at every level, physical or virtual, Fortinet has consolidated their Next-Generation Firewall solutions into a unified SDN Security Framework.

This is a huge opportunity for savvy resellers. As your clients move their application services into a mixed virtual / physical / cloud-based model, the more they need to embed security protection into every layer of their network, regardless of physical location. However, this has proven to be problematic as the technology has been moving faster than the security vendors. One of the key enablers that has allowed discrete operations to run across multiple platforms is known as software-defined networking (SDN).

What Fortinet has done is build a set of security-centric open and proprietary application programming interfaces (APIs) between their Next Generation Firewall security services and SDN offerings from major networking vendors. These vendors include Microsoft with their Azure solution, integration with Cisco’s application-centric infrastructure (ACI), VMware’s vSphere and Software-Defined Data Center (SDDC) and HP with their VAN (Virtual Application Networks) SDN Controllers. This means that your datacentre and enterprise customers can now add Fortinet’s award-winning security at more levels of their network.

Enabling cybersecurity innovation throughout the network architecture

The new Fortinet SDN Security framework exemplifies the company’s innovations across all principal layers of the network architecture:

  • Data Plane – the encapsulation of security engines from fixed hardware boxes into logical instances that can be more scalably distributed and embedded deep into virtualised switching fabric and abstracted network flows.
  • Control Plane – the orchestration and automation of security policy with provisioning of elastic workloads to eliminate security and compliance gaps in highly agile, dynamic environments.
  • Management Plane – a ‘single pane-of-glass’ for security policy and events across physical and virtual appliances, private and public clouds and throughout converged infrastructure to ensure a consistent and compliant security posture.

Fortinet Solution Overview

Fortinet has been delivering solutions for both physical and virtual networks for several years, and is investing aggressively in a comprehensive strategy for Software-Defined Security. Fortinet leverages a scale-up and scale-out data center approach combining the benefits of both high-performance hardware and virtual appliances with common FortiOS consolidated security platform and FortiGuard threat research and content services:

FortiGate hardware appliances – Scale-up hardware with proprietary ASIC architecture to keep up with increasing core network speeds up to the largest provider and hyperscale networks. Virtual domain technology allows firewall capacities of up to 1.2Tbps to be flexibly managed and delegated as virtual services to up to 3000 tenant VDOM’s per device.

FortiGate-VM virtual appliances – Scale-out virtual appliances that provide firewall, IPS and consolidated network security that support all leading hypervisors as well as major public cloud platforms.

Fortinet’s Software-Defined Security solution unifies the FortiGate platform together with a broad portfolio of products, technologies and services into a cohesive solution for securing

SDN and SDDC environments, including:

  • FortiGate SDN integration – Out-of-the-box solutions with leading SDN platforms, such as FortiGate-VMX for VMware and integration with Cisco’s Application-Centric Infrastructure (ACI).
  • FortiManager and FortiAnalyzer management solutions – Centralised policy for physical, virtual and cloud environments, that can be deployed on-premise or in the cloud.
  • FortiCloud and FortiPrivateCloud – SaaS-based central management solutions for enterprises and service providers.
  • Fortinet Developer Network (FNDN) – Extensible FortiManager API’s provide programmable interfaces for custom orchestration and automation with SDN controllers and other infrastructure, with staffed development support via an online resource portal.

Fortinet’s Programmable Network Partnership Ecosystem – Dozens of technology partners are working with Fortinet’s Software-Defined Security platform to integrate SDN controllers, orchestration platforms, programmable switches, and centralised policy and analytics solutions.

Additional Fortinet networking and security solutions are available as both physical and virtual appliances. These include FortiWeb-VM web security, FortiMail mail security, FortiSandbox-VM advanced threat detection and FortiADC-VM application delivery controllers.

Wireless LANs: The weakest link

Wireless LANs are critical. Yet according to a global survey from Fortinet, nearly half of all IT decision makers believe wireless networks are the most vulnerable element of their infrastructure. Clearly, for today’s networks, unsecured Wi-Fi is the weakest link in the cyber-security system.

In Australia, 39 per cent of respondents said that loss of data was the biggest risk relating to unsecured wireless environments, yet as many as 38 per cent don’t use authentication for networks. A quarter overlook firewalls and over 40 per cent don’t even consider anti-virus.

This means that your clients understand the risks but don’t have a clear idea of what to do. They should be looking to you for advice and a way forward.

Get your priorities straight
Fortinet vice president Australia and New Zealand, Jon McGettigan, said the survey findings indicated that despite the growth in mobility strategies, wireless security has simply not been a priority. “As advanced persistent attacks target multiple entry points and the Cloud becomes more prevalent, it’s not an oversight organisations should risk any longer,” he said.

“As IT managers strive to balance the need for strong network security with ubiquitous connectivity, wireless must be considered as part of a holistic security strategy to ensure broad and consistent protection for users and devices over wired and wireless access.”

Wake up call for resellers
This Fortinet survey is a wake-up call for Fortient Partners. Insufficient wireless security was Graphic a concern for almost all the CIOs polled. According to the survey data, 92 per cent of CIOs said shortfalls in this area were concerning, not surprising given the important role wireless technology plays in business processes. 49 per cent ranked wireless networks as most exposed from a security standpoint. Only 29 per cent thought that they were challenged by exposure at the core network.

What’s the risk?
In Australia, 39 per cent of IT decision makers consider loss of sensitive corporate and customer data the biggest risk of operating an unsecured wireless environment. However, only 38 per cent of those polled do not have the most basic wireless security measure of authentication in place. A significant 25 per cent overlook firewall and 42 per cent do not consider anti-virus security functions when it comes to wireless strategies.

Of the IT decision makers surveyed in Australia, 77 per cent were concerned their existing wireless security is not sufficient. The survey results showed that CIOs were equally concerned, with 77 per cent also expressing their concern over the issue.

Some controls in place
Some respondents had systems in place such as IPS (deployed by 37 per cent), application control (43 per cent) and URL filtering (24 per cent). The majority of respondents said that when considering the future direction of their wireless security strategies, they would maintain focus on the most common security features. These were identified as firewall and authentication. Demand for more security is emerging with 23 per cent prioritising complementary technologies such as IPS, anti-virus, application control and URL filtering to guard against malicious actors.

Don’t ‘hope’ - act now!
So there you have it. The majority of ANZ businesses know they need help, are moving along with WLAN deployments in spite of their concerns and are hoping for the best. Hope is not a valid strategy. Fortinet’s Secure Wi-Fi solutions are. Talk to Exclusive Network’s Fortinet team today to see how you can move your clients from ‘hoping’ they stay safe to securing their wireless networks.