In late July I had the opportunity to attend the Fortinet 2019 PartnerSync event in Bali. This was a 3-day event hosted by Fortinet for its partners where Fortinet deliver the latest network & cybersecurity trends & insights from top industry experts. Over the 3 days there were presentations, live demonstrations by Fortinet engineers and social networking with like-minded people from sales, technical, management and consulting backgrounds. There was a lot of information to absorb – lots of PowerPoint presentation, statistics, recommendation and many key-takeaways. This blog is just a summary of some key takeaways relating to general industry trends, new Fortinet capabilities and topical security focal points.
Who is Fortinet?
Fortinet was founded in 2000 by brothers Ken and Michael Xie. The company’s first product was FortiGate, a firewall, later adding wireless access points, sandboxing, and messaging security. By 2004, Fortinet had raised over $90 million in funding. The company went public in November 2009, raising $156 million through an initial public offering. In 2016, Fortinet released its Security Fabric architecture that included integration and automation with other network security devices and third-party vendors. The product was later adapted to include multi-cloud, IoT, and SD-WAN capabilities(1). Today, Fortinet;
- Is number 1 in FW/NGFW appliance unit shipments at +25% market share, compared to(2);
- Cisco at ~13%
- Checkpoint at ~9%
- Palto Alto Networks at ~ 4%
- Figures from IDC
- Has 13.1% market share by revenue, compared to (2)
- Cisco – 12.9%,
- Checkpoint – 12.3%,
- PAN – 17.2%,
- Other – 44.5% –
- Figures from IDC tracker Q4 2018
- Recommended in 9 out of 9 NSS Labs tests and the ONLY recommended vendor for SD-WAN to have a security rating(3).
Market Shifts
Overall, what do the statistics, market trends and spending patterns say?
- SD-WAN is big and will get bigger
- SD-WAN market forecast to be US$1.9B by end of 2019, Compound annual growth rate (CAGR) 2018 to 2022 of 66.5%(4)
- The security market is driven by legislation in most countries(5)
- If there is no law, the value is “hard to see”
- A shift towards Digital Trust & Transformation is emerging in developed countries
- The demand for cloud is impacting hardware purchases, for now(5)
- There is a demand to move on and off clouds – so ‘on prem’ will not disappear
- Understand the type of cloud being used and align the correct offering to it
- Many larger projects are NOT security projects(5)
- The driver for a project is unlikely to be security yet the project solution will likely have security considerations
- Security market revenue in 2022 projected to be worth UD$32.2B(5)
- 5YR CAGR – compound annual growth rate: 10.2%
- Emerging services:
- Secure SD-WAN
- Managed detection & response
- IaaS monitoring
- SaaS monitoring through CASB
- Threat intelligence platforms
- Cloud concerns driving security (NZ) (4)
- Mobile user devices
- Public cloud – Infrastructure-as-a-service (IaaS)
- 10+ year-old legacy systems
- Public cloud software-as-a-service (SaaS)
- Public cloud Platform-as-a-service (PaaS)
- Corporate & Consumer Internet-of-Things (IoT)
Public Cloud Growth
The development and consumption of public cloud is massive, with large market players such as Microsoft, Amazon and Google there is a wealth of competition, capability and with that considerations for security, access requirements and budget shift that organisations are confronted by. In 2019 public cloud spend was measured at US$210B, this is projected to increase to US$370B in 2022 (6).
Public cloud security challenge (6)
- 70% of businesses say security is a challenge in the cloud
- 84% say traditional security solutions don’t work in cloud environments
Budget support (6)
- Nearly half of organisations expect cloud security budgets to go up with a median 22% budget increase
Who is responsible for what in the public cloud. This is a question that carries assumptions, expectations and risk for both providers, customers and integrators. In short, the public cloud is a shared responsibility;
Customer security responsibility (6)
- Data & content
- Applications, Platform & User Management
- OS, Firewall & Network settings & configuration
- Encryption & Network traffic protection
Public Cloud infrastructure services (6)
- Storage
- Network
- Compute
Integrator
- Inform the customer
- Provide recommendations
- Consult on solutions
- Lead with industry best practice
Gartner predict that through to 2022, at least 95% of cloud security failures will be the customers fault! (6)
Moving to the cloud is not something organisations decides overnight. It is usually a process that is supported by research, discussion with other cloud users and solution trials. Drivers for migration to the cloud can be one or many including; cost reduction, risk mitigation, support for growth, standardisation.
One underlying topic that every organisation should consider is the security challenges brought about by cloud consumption. These differ hugely to the traditional approach of procuring a broadband service, installing a firewall and putting antivirus on the end user’s computer. Challenges for cloud security (6);
- Visibility – how secure is the cloud service that is being used for line-of-business applications & services?
- Compliance – is the cloud infrastructure compliant with laws in country? How can this be reported on & monitored?
- Automation – What happens if there is a fault in the cloud, do my services stop? How does redundancy work?
- Consistency – Theres lots of portals and websites to login to, where do I start?
For organisation considering or already consuming cloud services, market research shows(6);
- 44% say visibility into infrastructure security is an issue
- 42% say setting consistent security policies is a challenge
- 42% say compliance is challenging
- 39% say they can’t keep up with pace of change in applications
- 37% say a lack of integration with on-prem security technologies
- 35% say they can’t identify misconfiguration quickly
- 33% say there is complex on-premises to cloud security rule matching
Fortinet help to reduce cloud security complexity with a range of virtual appliances supported across multiple public cloud platforms, all managed by a common and clean web interface.
Secure SD-WAN & SD-Branch
The global SD-WAN market is projected to grow at over 40% compound annual growth rate (CAGR) to reach UD$4.5billion by 2022 (7)
The APAC Market is forecast to grow at CAGR 64.9% (2017-2023) (8)
The ICT industry is seeing organisations going through a digital transformation (DX), resulting in the adoption of technologies—such as Software-as-a-Service (SaaS) applications and IP-based tools for voice and video—to increase productivity, improve communications, reduce some costs and allow for business growth. Cloud-based tools and services place a great deal of demand on legacy WAN infrastructures, especially considering user expectations for very high-quality performance whilst the business tried to manage connectivity costs.
Therefore many organizations with distributed locations that are in the midst of DX initiatives are seeking to replace their outdated WAN infrastructures. Organisations need;
- inter-branch networking with significant simplification,
- improved cost advantage, and
- better support for cloud adoption.
Software-defined WAN (SD-WAN) technology effectively solves the aforementioned problems of bandwidth costs, allowing organizations to move beyond traditional WAN to include consumer & business broadband connections and even wireless 4G/LTE and 5G connections. An SD-WAN routes network traffic between the cloud, headquarters, or other branches by enabling direct access to cloud applications and services—which makes it a very popular technology choice for digital transformation.
However, SD-WAN cannot succeed without security considerations & enforcement. SD-WAN has its own shortcomings—especially when it comes to security with direct internet access;
- Complexity. SD-WAN architectures can be difficult to troubleshoot and hard to manage across all of the locations. This complexity and risk of misconfiguration often creates defensive gaps for threats to exploit.
- Security. Without the centralized protection provided by backhauling traffic through the data center, moving to direct internet broadband links exposes organizations to new risks. Effective SD-WAN implementation requires additional security within the organisational infrastructure to secure those connections and inspect high volumes of traffic—all without inhibiting network performance.
- Encrypted traffic inspection. Most SD-WAN solutions lack the ability to inspect secure sockets layer (SSL)/transport layer security (TLS) encrypted traffic, which comprises 72% of network traffic today. Specifically, as cyber criminals are hiding malware to infiltrate networks and using it to exfiltrate data, organizations either put themselves at risk or must purchase additional appliances to inspect encrypted traffic at the edge of the network.
Fortinet FortiGate Secure SD-WAN and FortiOS 6.2 includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering. Fortinet received second consecutive NSS Labs “Recommended” rating in the SD-WAN Group Test. Fortinet Secure SD-WAN delivered lowest Total Cost of Ownership (TCO) per Mbps among all eight vendors.
In conclusion
Lucidity are well positioned to design and deploy secure networks, regardless of whether your business workloads are on-premise, hosted or in the public cloud. We can design secure multi-branch networks and deliver tangible insights and reports into what is happening on the network. Our network security consultants can advise best practice when designing your secure network for the future, and can provide guidance regardless of where you may be on your cloud journey.
Contact Lucidity today if you would like to find out more upgrading and securing your business network.
References;
(1) https://en.wikipedia.org/wiki/Fortinet
(2) Opening Address Keynotes – John McGettigan, Fortinet Sr. Regional Director
(3) www.fortinet.com
(4) Source: Worldwide Network Security Market Shares, 2018: SD-WAN Fuels UTM Sales. IDC Doc#US44778519
(5) From ‘Cloud SD-WAN IT/OT Security Markets – Simon Piff, VP Security research IDC Asia Pacific
(6) From ‘Unlocking Success Through the cloud – Sean Hong, Fortinet Regional Director, Strategic Alliance Cloud
(7) “SD-WAN Infrastructure Market Poised to Reach $4.5 Billion in 2022,” IDC, August 7, 2018.
(8) Source: Market Outlook: Software-Defined Wide-Area Network (SD-WAN) 2018 – 2023, Worldwide, Quadrant Knowledge Solutions