For most organizations and their workforces, hybrid work is business as usual. Every company by now has fallen in line with this new routine. But organizations’ journey to becoming 100% secure, cloud-based entities is nowhere near the finishing line. Remote work may have become a default overnight, but to this day, a majority of organizations struggle to adjust to this new reality because of the security risks it has unleashed.
Fortinet presented FortiSASE at last week’s Networking Field Day event in California. Rami Rammaha, Director of Products and Solutions, SD-WAN, gave an introduction of Fortinet’s Secure SD-WAN, and FortiSASE, and Alex Samonte made it visual with a demo in the following session. Fortinet SASE is a unified solution that converges SD-WAN connectivity with cloud-delivered security service edge (SSE) to protect against evolving cyberthreats and provide secure access to remote workers.
It’s Time to Rethink Our Security Stance
With remote work becoming commonplace, attacks have become inevitable. Enterprise technology leaders are making it a priority to proactively secure the network using a combination of strategies, amid growing cyber incidents. Secure Access Secure Edge (SASE), Zero Trust Network Access (ZTNA), mesh security, are some of the top approaches organizations are adopting to reduce vulnerabilities and bolster their security postures.
But the big question that’s in everybody’s mind is, does deploying all these technologies make them bulletproof? In the era of remote work, the borders that typically separate an organization and its people from the rest of the ecosystem have blurred. So just fencing the network is no longer adequate to prevent a breach. Identity-based security plays a big role in the hybrid era, but the component that comes before that, which enables implementation of security models like zero-trust, is SD-WAN.
Fortinet Secure SD-WAN
As noted above, SD-WAN is the foundation upon which models like ZTNA and SASE sit. At the presentation, Rammaha talked briefly about the SD-WAN journey, from being a point solution designed to support user experience, to the platform it has proliferated into. Today, it is the convergence point of networking and security, that minimizes latency and jitters on one hand, and supports secure access for remote workers on the other. But we’ll see SD-WAN play a much bigger part in remote access security in the future.
“Today it (SD-WAN) is transforming and securing the network. Moving forward, we’re looking at SD-WAN being a critical component to SASE architecture, and enforcing ZTNA policy,” said Rammaha.
Rammaha pointed out that Fortinet Secure SD-WAN is backed up by four key components – SD-WAN that is the industry’s only ASIC-powered SD-WAN to use in-house ASICs, a built-in next-gen firewall (NGFW), advanced routing and a ZTNA application gateway. Powered by the common FortiOS, Fortinet Secure SD-WAN has a single fabric management center – the FortiManager – that enables centralized management of configs, policies and changes, and zero-touch provisioning.
Universal ZTNA
ZTNA is the go-to model for most organizations supporting hybrid work models. It’s an access control method that requires identification and authentication of every user and every device, and provides role-based access to applications.
Zero Trust Network Access (ZTNA) is where Fortinet shines. In his presentation, Rammaha explained that Fortinet offers remote users secure access to applications with two models- Universal ZTNA and Secure Private Access.
Every FortiGate NGFW has Universal ZTNA built into it. It is enabled by default in devices that have FortiOS v7.0 or higher. The work of Universal ZTNA is to authenticate every device and user, and perform a security posture check before access.
Rammaha explained that Universal ZTNA has a software agent, a policy engine, and the ZTNA Application Gateway which enforces the policies. Users accessing the applications from remote locations, branch offices and campus have to go through the ZTNA Application Gateway no matter where the application is. The gateway allows or denies access to resources based on identity. Access is allowed only through SSL encrypted connections.
Fortinet SASE Solution
FortiSASE is a single-vendor solution that combines the cloud-delivered connectivity of Secure SD-WAN with Fortinet’s SSE, bringing to remote employees secure access to the internet, and to private and SaaS applications. Using the capabilities of Firewall-as-a-Service (FWaaS), Secure Web Gateway (SWG), Universal ZTNA and next-gen CASB, it secures these accesses and offers the best of networking and security.
FortiSASE has a simple cloud-based management that enables centralized control of users and applications. FortiGuard AI-powered security services are enabled across devices, users, applications and traffic, to provide consistent protection from the newest strains of threats.
Wrapping Up
Fortinet’s approach provides a resilient model to monitor and access resources in an increasingly complex and distributed digital world. It packages together the best of Fortinet’s networking and security offerings, to provide multiple lines of defense and an optimal security posture, with a surprisingly simple cloud-based management. It’s a comprehensive package that ensures both the highest level of security, and superior user experience.
To catch a live demo of the Fortinet SASE solution, and for other deep-dive presentations, be sure to check out Fortinet’s presentations from their appearance at the recent Networking Field Day event.