Professional Documents
Culture Documents
Hartato
Systems Engineer
R3-06-2021
Leader for Network Firewalls and WAN Edge
Convergence of Security and Networking Using Single Platform
Nov. 2020 Magic Quadrant for Oct. 2020 Magic Quadrant for Nov. 2020 Magic Quadrant for
Network Firewalls WAN Edge Infrastructure Wired & Wireless LAN Access Infrastructure
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner
research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose. © Fortinet Inc. All Rights Reserved. 2
Fortinet is recognized in 6 Gartner Magic Quadrants
Network WAN Edge
Fortinet recognized as a Leader in 2 Firewalls Infrastructure
Magic Quadrants
Campus
Public SaaS
Branch Switch 5G Cloud
Factory
Core Edge
Mobile
2010 2013 2014 2015 2016 2017 2018 2019 2020 2021
• Stuxnet disrupts • Hospital drug • MIRAI • Merck & Co. • Global • Attempted
Iranian nuclear infusion pumps Botnet global production Aluminum poisoning of
program hacked 145,00 shutdown by producer Tampa Water
IoT ransomware shutdown by Supply
• Michigan traffic
devices ($1B loss) ransomware
light hacked
• Maersk Shipping
global shutdown
• ASCO parts
by ransomware
shutdown by
($250M loss)
ransomware
Hosting
Quality Assurance Infections / Drop Botnet Rentals Money Mules Consulting
Crypters / Packers Zones Installs / Spam / Accounts
Scanners Management SEO / DDoS Receivable
Bank
Accounts COMPOUNDED CYBERCRIME
Credentials
& Data
Digital Real
Estate Victims Criminal Sales, Licensing,
Organizations Maintenance Affiliates
Partnerships
CRIMEWARE CREATOR
Firewall
IT Network
Firewall
BLCKNRG.XLSX
OT Network
SCADA/DMS Gateway
SOURCE: Ukrainian Power Grids Cyberattack
Firewall
IT Network
One way
Firewall
BLCKNRG.XLSX
OT Network
Firewall
IT Network
Firewall
BLCKNRG.XLSX
OT Network
• Lack of appropriate
email and network
intrusion detection,
malware detection
• Lack of network
supervision, scans,
and vulnerability
checks
• Lack of visibility and
automated controls to
stop the attack
• Lack of two factor
authentication
Security
Fabric
Adaptive Cloud
Security
Broad
visibility and protection of the entire
digital attack surface to better Zero Trust
Access
manage risk
FORTIOS
Integrated
solution that reduces management
complexity and shares threat
intelligence
Automated Security-Driven
Open
Ecosystem
self-healing networks with AI-driven Networking
FortiGuard Threat
security for fast and efficient Intelligence
operations
LAN Edge WAN Edge DC Edge Cloud Edge Network Platform Applications
FortiToken FortiAuthenticator FortiCamera FortiSwitch FortiExtender FortiProxy FortiISolator FortiDDos FortiSegment AWS Native Azure Native FortiADC FortiGSLB
Telemetry
Network
Web IPS Application Web
Anti-Virus
Sandbox Control Filtering
SECURITY
Email
FABRIC
Endpoint
CERTs PROTECTIONS
AI / Machine Fortinet Anti- Endpoint Indicators of
Learning Distribution Spam Vulnerability Compromise (IoCs)
Enforcement Network
Partnerships
Zero-Day FortiGuard PROACTIVE
Labs RESEARCH
Adversary
Playbooks
Security
Blogs
Threat Intel Threat
Briefs Signals
Virtual
Patches
OSINT Detection and Federated
protection in Machine
milliseconds Learning
CTA feeds
THREAT
INTELLIGENCE
Trusted SERVICES Penetration Phishing Incident
Testing Service Response
Partnerships
⇶ - Additional Parameters supported for the signatures in the GUI (requires FortiOS v6.4 and above)
FortiGuard Industrial Security Service provides broader coverage for Industrial Control System and
Operational Technology protocols through Application Control and IPS Signatures.
For up to date list of supported signatures, please visit fortiguard.com
Application Intrusion
Control Prevention
FortiGuard Industrial Protocol Coverage
Field
Network
Partner-developed integration using Fabric APIs providing broad visibility with end-to-end solutions
Fabric APIs
Community-driven DevOps scripts automating network and security provisioning, configuration, and orchestration
Fabric DevOps
Firewall
Advanced Threat Detection
Intrusion
Prevention Threat Prevention
NGFW
Web Proxy
Antivirus
+ + + + + +
Web-Filter Firewall App Intrusion Antivirus URL Filtering VPN SSL Inspection
Control Prevention
VPN
SSL Inspection
Purpose-built Security Processor delivers best performance
FortiOS SPU AI
Ruggedized Network Switches and Wireless Access Points – FortiSwitch and FortiAP Rugged Series Industry Certifications
FortiSwitch Rugged 112D-POE FortiSwitch Rugged 124D FortiAP Rugged 234F FortiAP Rugged 432F
• IP30, Indoor Use • IP40, Indoor Use • Internal Antennas • External Antennas
• Dual power input • Dual power input • IP67, Indoor/Outdoor Use • IP67, Indoor/Outdoor Use
• DIN-rail or wall-mountable • Rack-mountable • PoE Powered • PoE Powered
• PoE and PoE+ capable • Industry Certified • Ceiling, T-Rail, and Wall- • Ceiling, T-Rail, and Wall-
• Industry Certified mountable mountable *Limited lifetime warranty
• Industry Certified • Industry Certified
• OFF-LINE IDS
FortiGate monitors network segment(s)
and detects known attacks including 0-
day.
FortiGate receives traffic from
OFF-LINE IDS configured port mirroring. No traffic
ONE-ARM SNIFFER flows through it. FortiGate is a network
(PORT MIRRORING) sensor.
FortiGate
• IN-LINE IPS/IDS
Network traffic goes through FortiGate.
Network attacks can be detected (IDS)
IN-LINE IPS/IDS
VIRTUAL PATCHING
and/or blocked (IPS).
In IPS mode, vulnerable devices are
protected. This is virtual patching.
• FortiGate to manage
FortiSwitch/FortiAP
• Policy Enforcement between interfaces
(VLAN, SSIDs, physicals)
• Port level visibility
• Help to implement the best practices
• ISA99/IEC-62443
• NIST
• Defense in Depth
• Zones and Conduits definitions
• Segmentation
• Micro Segmentation
• Host isolation
• Firewall policy to control the L2 communications
• L7 inspection if required
Zones of Control
Real-time control loop
Zones and Conduits
1 Sense
}
Micro Segmentation M-FortiSwitch vLANxxx.process
IED
vLANxxx.control
Access
Act 3 vLANxxx.mgmt vLANs
OT Domain 2 Think
Engineering
WorkStation
WAN
ISP1 Zones of Control
vDOM
Zones and Conduits
Micro Segmentation vLANxxx.function
vLANxxx.function
M-FortiSwitch vLANxxx.function
SD-WAN vLANxxx.function
ISP2 LAN Domain
FortiSandbox
(On Prem)
Jump Hosts
Zones of Control
Zones and Conduits
Micro Segmentation VPN Domain
IPsec
to HQ/PVC
FortiGate Appliance
© Fortinet Inc. All Rights Reserved. 34
FortiGuard IOC Service
• Compromised terminals as
determined by FortiAnalyzer
IOC detection are visible on
FortiView and Topology maps
• Supports drill-in for details
• Actionable
MPLS
Private Cloud
Business Apps
Load balanced across different
lines so bandwidth is optimized
Public Cloud
Internet
MPLS
Private Cloud
Internet
Micro Segmentation
ISP1
SD-WAN
Members
IT Segment
Internet
NGFW
SOC/NOC
ISP2
• Retrieve memory snapshot for File-less malware investigation • Legacy OS – Windows XP, Windows 2003, Windows embedded,
Windows Core
• Patented Code-Tracing technology – attack story drill down
• Virtual machines, and VDI
• Attack surface reduction • Deployment options
• Discovery: vulnerability, applications, rogue devices • Cloud, on-prem, and hybrid
• Virtual patching, USB device control • Supports multitenancy for MSSP/MDR providers
• Application & • ML AV • Behavioral based • Block malicious • Playbook automation • Clean up / Roll back
Reputation actions
• FortiGuard • Detect memory • Cross platform • Eliminate re-
• Discover rogue Threat Intelligence based attacks • Prevent data loss response image/rebuild
devices & IoT
• Sandbox • Threat classification • Zero Dwell time • Forensic data • Minimize business
• Vulnerabilities Integration disruption
• Behavioral-based
• Virtual patching • Desktop firewall threat hunting
• Web filtering • Built-in MITRE tags
Enterprise Wireless
Purdue
(Sensors, Platform)
Wireless Boundary
Levels
IoT Boundary
(Wi-Fi, 5G)
Network / Security
Business & 5 Enterprise Network Corporate
Operations Center
IoT
IT
Enterprise Segment
Business Planning
4 & Logistics
Site
Industrial Wireless
3
Wireless Boundary
Simulation, Engineering, Test
Area Supervisory
OT 2 Control
HMIs, Historians
Level 5 FortiGate
Internet DMZ
Enterprise Web Email
Corporate Environment Servers Servers FortiWeb FortiMail
FSSO
Level 3.5
Operational DC DMZ FortiClient Domain
Management Zone FortiSwitch FortiSIEM FortiSandbox FortiManager FortiAnalyzer EMS Server FortiAuthenticator Controller
Level 3 Zones of
Operational DC Control
Manufacturing Zone Zones and
FortiSwitch Conduits
Micro
FortiGate Historian Application Engineering Engineering
Segmentation
FortiLink Server Zone Server Zone Server Zone WorkStation Zone Physical and
FortiSwitch Operator Virtual
Private VLANs WorkStation Zone Segmentation
Micro Segmentation FortiGate
INTEGRATED
AI-driven breach prevention
Fortinet Answer Adaptive across devices, networks,
Cloud and applications
Security
FORTIO
S
Security-
FortiGuard Driven
Threat Networking
Intelligence