Fortinet Secures the Intelligent Enterprise Running SAP

SAP is among the world’s largest software companies, with some 92% of the Forbes Global 2000 using at least some of their enterprise application solutions. Most of these companies will deploy SAP S/4HANA in the cloud—either public or private. In fact, by 2027 some SAP customers will need to migrate to SAP S/4HANA as they have announced the end-of-life of older versions of their integrated application solutions (SAP Business Suite). Fortinet’s Dynamic Cloud Security offerings provide organizations the key security elements they require to help secure their SAP S/4HANA cloud deployments during this transition.

Securing SAP Environments With Fortinet’s Dynamic Cloud Security

Properly securing any enterprise application solution, such as Enterprise Resource Planning (ERP), is increasingly important for organizations. SAP Enterprise application solutions are a suite of integrated tools used to collect, store, manage, and interpret data from many business activities. For management teams, ERP is the key to understanding and managing their business. But for cybercriminals, ERP systems are an attractive target because ERP systems share data across every facet of the organization. 

Fortinet has been working with leading ERP vendors of enterprise application solutions to provide carefully engineered and well-tested architectures for securing such systems, both in and out of the cloud. For example, Fortinet has recently published Oracle validated security architectures for Oracle solutions. Fortinet’s Dynamic Cloud Security portfolio is designed to help SAP customers secure their workloads across environments. 

“Zuellig Pharma uses Fortinet’s Dynamic Cloud Security offerings to protect our SAP deployments across public and private cloud infrastructures,” shared Daniel Laverick, Head of SAP & IT Solutions at Zuellig Pharma. “Fortinet offers the broadest set of security offerings for securing workloads both on-premises and on any cloud. With Fortinet, we’ve gained unified visibility and control without hindering our ability to deliver seamless user experience to our customers worldwide.” 

Securely Transitioning to SAP S/4HANA

A few years ago, SAP announced end-of-support for older SAP solutions by 2025, including:

  • ERP 6.0
  • Customer Relationship Management 7.0
  • Supply Chain Management 7.0
  • Supplier Relationship Management 7.0 applications
  • Business Suite powered by SAP HANA

S/4HANA was specifically designed to run in a virtualized environment like the cloud. But not all clouds are the same. As a result, there are actually different versions of the software designed for public and private cloud deployments. In many cases, customers will opt for a hybrid model, where the majority of SAP systems run in the cloud while some dedicated production systems remain on-premises. This can add complexity in terms of security across these deployments. Fortunately, Fortinet solutions support both public and private clouds, ensuring security for hybrid, multi-cloud, and on-premises environments.

“Fortinet’s Dynamic Cloud Security portfolio—including FortiWeb and FortiCWP—enables our customers to confidently secure their SAP data and applications,” shared Thomas Grimm, CEO at AddOn AG – Germany. “Through Fortinet, SAP workloads are protected consistently across the application, network, and platform stack, addressing the expanded attack surface with a consistent offering.”

Christian Steden, Managing Director at Evonet said, “As a Fortinet partner, Evonet provides our customers Fortinet’s broad range of advanced security technologies to protect their SAP deployments. Fortinet’s offerings natively integrate with SAP, enabling automated, centralized management and visibility that reduces management overhead for our customers.”

Addressing the ERP Threat Landscape with Fortinet’s Dynamic Cloud Security

ERP systems can be a target for bad actors as they provide access to a vast range of business information systems, including financial data, production systems, development, employee data, and more. Some of these attacks could be aimed at well-known SAP apps such as Fiori—S/4HANA’s web interface, the new user experience (UX) for SAP software and applications. It provides access to a set of applications that are used in regular business functions, like work approvals, financial apps, calculation apps, and various self-service apps. For organizations looking to enhance the security for their SAP deployments, Fortinet’s Dynamic Cloud security offerings provide visibility and control across cloud infrastructures, ensuring secure connectivity from the data center to the cloud. 

Consider the following to enhance the security for SAP deployments:

  1. A web-application firewall (WAF) to block web attacks, such as code injection, cross-site scripting, or SQL injection. Because these attacks may be based on zero-day threats, the WAF should utilize machine learning to differentiate between normal and abnormal traffic and should utilize sandboxing and AI-driven threat feeds to detect new attack types. The WAF should also secure API interfaces using API calls. 
  2. Cloud-based network firewalls to secure network traffic—including internal segmentation to reduce the extent of trust domains. In a zero-trust environment, all traffic should be encrypted, however, doing so may introduce performance issues—so firewall performance will be a key attribute.
  3. An IPS (Intrusion Prevention System) to block attacks targeting system vulnerabilities.
  4. Data Loss Prevention tools to block sensitive or confidential information leakage.
  5. Cloud-native workload protection and/or CASB to monitor security policies, configuration, usage patterns, and compliance with security policies.

In addition to the above, endpoint protection, network access controls, central management, and centralized analytics should all be part of the security infrastructure if not already. In fact, the pillars of cybersecurity need to be brought into play—Security-Driven Networking for segmentation and securing data, Zero Trust Access (including endpoint security) to protect against identity theft-driven attacks, cloud security to secure data in the cloud and to identify misconfiguration and risk factors, and robust AI-Driven Security Operations to ensure timely threat feeds and remediation. Of course, all these should be woven into a broad, integrated, and automated cybersecurity platform, like the Fortinet Security Fabric, supported by a shared analytics and management plane.

Fortinet Can Help

Fortinet Dynamic Cloud Security Solutions can provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Fortinet recently published a white paper on securing SAP deployments detailing the tools and architecture approach for different scenarios. Learn more about how to enhance the security for your SAP S/4HANA deployment by downloading the paper.

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Read these customer case studies to see how Hillsborough Community College and WeLab implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud. 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

Fortinet Announces New Secure SD-WAN Appliance for Large & Complex WAN Deployments

FortiGate 200F Delivers Faster ROI Benefits and High Security Compute Ratings, Expands F-series Product Portfolio Powered by Purpose-built SD-WAN ASIC

“Change is the only constant in life.” – Heraclitus, Greek philosopher 

If anything, 2020 has been a year of change. Over the last 9 months, I have had an opportunity to interact with hundreds of customers – and “change” was the common thread connecting them all. Every organization irrespective of their business vertical or segment is undergoing a transformational change whether it’s an evolving business model, having to adapt to a largely remote workforce, or newer IT initiatives with WAN Edge at the center. At Fortinet, change is not resisted, we embrace change to solve the unmet and unarticulated needs of our customers. 

Expanding the Fortinet Secure SD-WAN F-series Product Portfolio 

Fortinet’s SD-WAN journey began years ago, led with a security-driven networking approach that enabled us to deliver the industry’s first Secure SD-WAN solution. We have continued to innovate since then, delivering the industry’s first purpose-built processor designed to accelerate SD-WAN functionality without compromising on security performance, and offering a fully self-healing SD-WAN solution combined with centralized orchestration to meet the diverse needs of global customers. We’ve had tremendous success with our FortiGate F-series product portfolio, which is powered by a purpose-built SD-WAN processor. Over the years, we have continued to expand the F-series portfolio to meet changing customer requirements and deployment needs at every edge with multiple variants from built-in LTE, wireless, POE and most recently built-in bypass to deliver reliable connectivity during planned or unplanned outages. 

The FortiGate 200F – The Newest Addition to the FortiGate F-series Portfolio 

Today, we are excited to launch the FortiGate 200F, powered by Fortinet’s purpose-built SD-WAN processor in a 1RU form factor with 10GE-interface support to expand the fast-growing FortiGate F-series product portfolio. The FortiGate 200F series continues to leverage our successful security-driven networking approach to deliver a simple, scalable, and flexible Secure SD-WAN solution that customers can deploy across the home, branch, campus and multi-cloud to achieve faster ROI benefits. The FortiGate 200F is ideal for large complex SD-WAN deployments to meet high performance and scalability requirements for mid-size to large enterprises deploying at the campus or enterprise branch level. 

If you are wondering if the FortiGate 200F meets the high-performance needs for your large global WAN deployment, the answer is most likely “yes!” FortiGate 200F delivers high Security Compute Ratings, a benchmark that compares the performance of Fortinet’s purpose-built ASIC-based product portfolio to other SD-WAN and NGFW vendors in that same price range that utilize generic CPUs for networking and security capabilities. The FortiGate 200F powered by a purpose-built SD-WAN processor enables the following Security Compute Ratings:

We believe that this new product addition will help further accelerate our Secure SD-WAN momentum and help our customers achieve digital transformation at all edges.

Learn more about the FortiGate 200F and all Fortinet Secure SD-WAN appliances.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

Fortinet Maintains Position as a Challenger in the 2020 Gartner Magic Quadrant for Web Application Firewalls

Fortinet has announced that it has maintained its position as a Challenger in Gartner 2020 Magic Quadrant for Web Application Firewalls.

Organizations continue to rely on internet-facing web applications and APIs to achieve their digital innovation goals, and as a result, web application and API protection continues to grow in importance for businesses worldwide. Web applications support a wide range of critical line-of-business functions, including ecommerce, payroll, inventory management, learning management systems, and more. 

FortiWeb, Fortinet’s Web Application Firewall solution, was created to protect these business-critical web applications and APIs from cyber attacks targeting both known and unknown vulnerabilities, while also ensuring business continuity and productivity. FortiWeb leverages advanced machine learning (ML) techniques to customize protection of each application, saving organizations staff hours by cutting out the need for the time-consuming manual tuning required by other solutions. FortiWeb ML identifies anomalous behavior and determines whether it is malicious or benign, enabling security staff to rapidly address malicious activity. 

Customers can select the FortiWeb option that best fits their use case given its flexible deployment options. This includes hardware appliances, virtual machines, and containers that can be deployed in the data center, cloud environments, or the cloud native Security-as-a-Service (SaaS) solution FortiWeb Cloud, our WAF as a Service offering.

As customers increasingly deploy applications in multiple environments that include both private data centers and public clouds and continue to push application changes at an ever increasing pace, they face the challenge of implementing consistent application security across these diverse environments. To help those teams keep pace, our WAF-as-a-Service offering, FortiWeb Cloud, leverages public cloud infrastructure to deliver the same application and API protection as our physical and virtual appliances, but without the requirement to maintain and manage infrastructure. In fact, Fortinet uses this very service to protect our own website as well as for protecting critical departmental line-of-business web applications. 

Fortinet continues to invest in the innovative WAF capabilities that our customers require as they continue their digital transformation journeys, including these key enhancements from 2020: 

  • Deep learning capabilities that continuously model users’ behaviors to detect anomalies and block threats without creating the false positives that drive administrative overhead
  • Expanded options for deploying FortiWeb Cloud on AWS, Azure and Google Cloud

As a result of this continued innovation, Fortinet delivers FortiWeb customers with advanced threat protection for web applications while ensuring business continuity and productivity. Read the full Gartner 2020 Magic Quadrant for Web Application Firewalls report to learn more about our placement in the Challengers quadrant.

Learn how Fortinet’s Dynamic Cloud Security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Gartner, Magic Quadrant for Web Application Firewalls, 19 October 2020, Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

Leveraging Security to Capture the 5G Business Market

Unlike previous mobile generations, 5G is touted as a game changer for both mobile network operators (MNOs) and enterprises in many verticals. 

For MNOs, 5G has the potential to deliver a whole new scope of enterprise-facing, value added services, generating new revenue streams and driving growth.

For medium to large enterprises in different industries and verticals, harnessing 5G technology and capabilities will further help to increase efficiency, automation, safety, sustainability and overall innovation.

This is the promise of 5G and it raises some important question: if 5G is to play such a central and critical role, what is the role of security in 5G’s adoption and penetration in the business market? Does 5G have an acceptable set of built in security capabilities in order to safeguard itself, and the business customers it serves from harm’s way? Or is an additional layer of security is required in order to capture the 5G business market?

At Fortinet, we strongly believe that although 5G delivers inherent security capabilities, these by themselves should not and cannot be considered as the only line of defense against 5G infrastructure and services misuse, cyber threats and risks. An additional layer of security visibility and control is required.

In order to get a larger view from MNOs and the overall 5G ecosystem partners, Fortinet commissioned TelecomTV, in association with ETSI and HardenStance, to perform a survey to better understand their view on the target business market for 5G and the role of 5G security in the industry’s ability to capture the 5G business market. The survey, concluded in May 2020, highlights the following:

  • Use cases tailored to unique vertical industries are key to the success of 5G in the business market.
  • Security plays a central role in 5G’s success with almost 90% of respondents stated that an operator’s security capabilities are either critical or very important. 
  • Implementing 3GPP 5G security features is a key baseline requirement but additional security is required as enterprise 5G use cases will require more security capabilities. 
  • Mobile operators should offer a comprehensive, full-stack, end-to-end security with 5G enterprise use cases.

The survey demonstrates the central role security has to play in an MNO’s ability to successfully deliver 5G to the business market. To be able to deliver, MNOs and the overall 5G ecosystem must ensure that security capabilities that complement 3GPP’s 5G security recommendations are put in place to provide threat visibility, control and mitigation against a growing set of sophisticated cybersecurity risks, such as:

  • Control and user plane security
  • IoT/OT misuse, signaling storm and bots
  • API exposure attacks in the SBA core and the multi-access edge compute (MEC) sites
  • Application-level security for the overall ecosystem and industry use cases’ applications
  • Security and NAT services for packet data networks connectivity    
  • Security for non-public mobile networks, also known as 5G private mobile networks

Fortinet is ideally positioned to provide an end to end security for the 5G ecosystem and use cases in the business market segment. Fortinet’s leading position in providing security for both small to very large enterprises and MNOs provides us with a unique understanding as to the security needs in industry use cases and the ability to deliver the solutions and know how to fulfill them.

FortiGate and FortiWeb provide a common security platform for both MNOs and businesses considering/using 5G in multiple industries and use cases. It enables the MNO to secure its 5G infrastructure and ensure service availability and continuity to its enterprise customers. It also provides the opportunity to deliver revenue-generating managed security services on top of 5G for enterprise use case consumption. And the same platforms can be implemented or co-managed by the enterprise customers when required – in securing 5G private mobile networks for example.

Read more about the Fortinet-commissioned study by TelecomTV about Leveraging Security to Capture the 5G Business Market.

Download the whitepaper to explore considerations and requirements for Securing 5G Private Mobile Networks.

Learn more from this survey in the infographic.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to
[email protected] for more information or visit
You can visit our Shop Online

Fortinet Ranks Highest in Two Key Use Cases in 2020 Gartner Critical Capabilities for WAN Edge Infrastructure Report

Digital innovation and increasing cloud application bandwidth demands have led network infrastructure and operations leaders to turn to SD-WAN as a de-facto solution for their WAN transformation and roadmap efforts. In a crowded SD-WAN market of over 80 vendors, it’s more critical than ever for organizations to be able to identify the right solution that best fits their specific use cases. The Gartner September 2020 Critical Capabilities for WAN Edge Infrastructure report offers essential research that we believe helps organizations to differentiate between vendors based on their deployment, operational flexibility, and application performance requirements. 

The Gartner Magic Quadrant and Critical Capabilities Reports

Gartner’s well-known annual Magic Quadrant reports recognizes vendors in a variety of key technical markets based on key factors, like their ability to execute and the completeness of their vision. However, there are additional Gartner reports that may provide further insight for those organizations looking to select and deploy a solution that best suits their specific use case. Gartner’s “Critical Capabilities” reports use proprietary methodologies to score organizations in critical subcategories within each Magic Quadrant area based on more granular criteria. These reports extend the value of the more general Magic Quadrant recognitions by providing deeper insight into providers’ product and service offerings for key market segments.

Fortinet Scores Highest in “Security-Sensitive WAN” (4.26/5) and” Small Footprint Retail WAN” (4.14/5) Use Cases and Scored Third Highest in the “Large Global WAN” (4.09/5) Use Case in Gartner 2020 Critical Capabilities for WAN Edge Infrastructure Report

This September, Fortinet was identified as a Leader in the Gartner 2020 Magic Quadrant for WAN Edge Infrastructure. But just as importantly, Fortinet also received the highest scores in two use cases in the Gartner September 2020 “Critical Capabilities for WAN Edge Infrastructure” report. In that analysis, Fortinet’s SD-WAN solution scored highest in the “Security-Sensitive WAN” (4.26/5) and “Small Footprint Retail WAN” (4.14/5) use cases and scored the third highest for the “Large Global WAN” (4.09/5) use case.

These three use cases are characterized by key requirements, as outlined below:

Security-Sensitive WAN: A security-sensitive WAN typical in some mid- to large-scale organizations from 25 sites and higher that are focused on securing branch offices as the main priority where network and security procurements are increasingly converging.

Small Footprint Retail WAN: This category is a representative of small site/mass deployment needs that are common in such retail markets as convenience stores, quick service restaurants, gas stations, specialty retail, bank ATMs and independent insurance agents.

Large Global WAN: This category looks at the needs of larger multinational organizations with a global WAN requirement for more than 200 sites, and that spans at least two continents.

We believe that, with our Security-Driven Networking approach and custom-built ASICs, Fortinet delivers a scalable, flexible Secure SD-WAN solution that customers can deploy across the home, branch, campus and multi-cloud.

According to Gartner, “SD-WAN product differentiation is primarily based on feature breadth and/or depth, specifically on security, application performance optimization, and cloud features.” In addition, they cite that “simplified and unified security is a main driver for customers as they determine the best architectural approach for the integration of networking and security.” As an industry leader in both security and SD-WAN, we believe Fortinet offers the most comprehensive SD-WAN solution available, enabling customers to achieve best user experience at reduced cost and complexity, while delivering on our strong vision of providing a flexible and secure solution anywhere. 

Recent Recognitions for Fortinet Secure SD-WAN 

We are absolutely thrilled to be positioned as a Leader in the 2020 Gartner WAN Edge Magic Quadrant, to be named as a 2020 Gartner Peer Insights Customers Choice for WAN Edge Infrastructure, and to be recognized in the 2020 Gartner Critical Capabilities for WAN Edge Infrastructure report!

Read the full 2020 Gartner Critical Capabilities for WAN Edge Infrastructure report.

Learn more about Fortinet Secure SD-WAN.

Gartner Critical Capabilities for WAN Edge Infrastructure, Jonathan Forest, Andrew Lerner, Naresh Singh, 30, September 2020.

Gartner, Gartner Peer Insights ‘Voice of the Customer’: WAN Edge Infrastructure, PEERS, Published 13 April 2020

Gartner, Magic Quadrant for WAN Edge InfrastructurePublished 23, September 2020, Jonathan Forest, Andrew Lerner, Naresh Singh

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advice technology users to select only those vendors with the highest ratings or other designations. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to its research including any warranties of merchantability or fitness for a particular purpose.

Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

Fortinet Awarded CyberSecurity Breakthrough 2020 “Professional Certification Program of the Year”

Fortinet is proud to announce that, for the second year running, the Network Security Expert (NSE) Training Institute’s Certification Program has been named the winner of the “Professional Certification Program of the Year” award in the fourth annual CyberSecurity Breakthrough Awards program. This award comes from CyberSecurity Breakthrough, a leading independent market intelligence organization that honors excellence and recognizes innovation, hard work, and success in a range of information security categories, including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, and Email Security, among others. 

“For the second year in a row, we are thrilled to recognize Fortinet for winning our ‘Professional Certification Program of the Year’ award,” said James Johnson, managing director, CyberSecurity Breakthrough. “Fortinet’s training and certification program stands out as it continues to innovate and expand, including the introduction of free cybersecurity training courses earlier this year. Creating and maintaining a vigilant cybersecurity mindset is key for all organizations and their employees – and cybersecurity awareness is a vital component for everyone.”

Fortinet NSE Certification Program’s Growing Momentum

The Fortinet Network Security Expert (NSE) Certification Program is an eight-level certification program that has issued more than half a million certifications to date. The first set of levels (1-3) assess a user’s knowledge of the threat landscape and can be helpful for anyone who wants to become more cyber aware. Moving up, NSE levels 4-6 are courses designed for a technical audience. These focus on one’s ability to install, configure, and troubleshoot comprehensive, integrated network security controls in live environments. Lastly, levels 7-8 hone in on the expertise needed to fully leverage Fortinet solutions. To become NSE 8 certified, an elite distinction, candidates must have related industry experience and should have completed the appropriate Professional, Analyst, Specialist, and Architect designation training. To date, there are 381 individuals worldwide who have earned their NSE 8 certification. 

Additionally, earlier this year, Fortinet opened its entire catalog of self-paced NSE training courses to the public for free for anyone looking to learn new cybersecurity skills or upskill helping to close the skills gap. The free training includes access to pre-recorded labs and advanced training. More recently, Fortinet extended its free training offerings and introduced the Information Security Awareness and Training service available for organizations to implement as part of their employee cybersecurity training program. The new service includes training to ensure all employees can identify and avoid threats, awareness components to keep security top-of-mind and an administrative dashboard to track training completion. 

Closing the Skills Gap through the NSE Training Institute 

For the second year in a row, the Fortinet NSE Training Institute’s Certification Program has been recognized by CyberSecurity Breakthrough for its role in helping technical professionals not only validate their existing knowledge but also expand on their understanding of various concepts related to network security. Fortinet is committed to closing the skills gap through initiatives like the NSE Training Institute as we recognize the need for security professionals and non-technical employees alike to be cyber aware of the latest threats and solutions to keep their organizations safe.  

Find out more about Fortinet’s NSE Training Institute programs, including the Certification ProgramSecurity Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

Ensuring Continuous Security Integration for DevSecOps

As more application teams adopt Continuous Integration/Continuous Delivery (CI/CD) workflows to enable application development, it’s increasingly important that organizations have integrated and automated security in place to protect these workflows. Since most modern applications are based on a micro-service architecture, DevOps teams have leveraged containers and container orchestration platforms, such as Kubernetes, to build and deploy their applications. As a result, container security must be a critical component of any solution that tries to protect CI/CD workflows. Below are considerations for DevOps teams to ensure their container strategy isn’t compromising security. 

How DevSecOps Teams can Achieve Security for the Entire Applications Lifecycle 

Security should not be limited to only one part of a DevOps workflow. Instead, it needs to be injected into every stage of a CI/CD workflow pipeline—from the time that a developer checks in code to a code repository, until the time that the application is deployed to a runtime environment. At a high-level, a CI/CD pipeline is comprised of three stages: build, deploy, and run. It is paramount to secure each stage of the pipeline to prevent breaches in the overall lifecycle of an application. Here are things to keep top of mind during each stage of the CI/CD workflow pipeline:  

Build images securely – images often consist of source codes and third-party libraries. Before building an image, it is critical to parse packages and libraries to generate a detailed report of all vulnerabilities (CVEs) as well as the libraries/packages in which vulnerabilities are discovered. Additionally, certain libraries should be excluded if they can cause security risks. And a vulnerability report may be able to help detect the presence of credentials and/or secrets in an image.

Plug seamlessly into the CI/CD workflow – most application teams leverage build tools such as Jenkins to automate their build process. In order to add security to a build pipeline, security solutions need to be integrated into common build frameworks. Such integration allows application teams to learn fast and fail/pass builds based on their organization’s requirements. For example, if an organization has a security requirement that does not allow deployment of an application with critical vulnerabilities, a policy needs to be set to fail builds when a critical vulnerability is found in an image.

Run compliance checks against CIS benchmarks – as container orchestration platforms such as Kubernetes gain popularity, running static checks to detect potential vulnerabilities in those environments has become extremely important. The Center for Internet Security (CIS) has released recommendations for Kubernetes best security practices. It is a set of recommendations for configuring Kubernetes to support a strong security posture, such as disabling anonymous requests to the API server and running containers only as a non-root user.

Continuous runtime security – while preventing breaches in an application by shifting security to the earlier stages of a CI/CD pipeline is a key aspect of any comprehensive CI/CD security solution, securing running microservices is equally important. The Fortinet-Calico Enterprise integration, discussed later in this blog, addresses Kubernetes network security challenges for both North-South and East-West traffic.

Fortinet and Calico Extend Enterprise Security to Kubernetes 

Successful integration of container services within the enterprise depends heavily on access to external resources, such as databases, cloud services, third-party application programming interfaces (APIs), and other applications. It’s why Kubernetes is the most widely adopted container orchestration system.

All this egress activity must also be controlled for security and compliance reasons. Therefore, to enable successful application rollouts in production environments, companies must be able to extend their existing enterprise security architecture into the Kubernetes environment. Fortinet and Tigera have jointly developed a suite of Calico solutions leveraging the Fortinet Security Fabric. These solutions deliver both north-south and east-west visibility and protection, as well as compliance enablement for Kubernetes clusters.

The Calico Kubernetes Controller for FortiGate – enables FortiGate Next-Generation Firewalls (NGFWs) to control egress from Kubernetes pods to applications. As shown in Figure 2, the controller does this by automatically populating Kubernetes workload source IPs in FortiGate address group objects. FortiGate can then enforce the access rules. This means that developers who add new containers to a Kubernetes pod can use business-level tags (such as department name or role) to identify them, and then rely on the controller to handle the underlying access rule configurations.

The Calico Kubernetes Controller for FortiManager – enables Kubernetes cluster management from the FortiManager centralized management platform. This controller translates FortiManager policies into granular Kubernetes network policies and then pushes them out to individual clusters across all Kubernetes environments. Additionally, similar to the FortiGate integration, address groups in FortiManager can be updated with new pod/worker node IP address information, which can then be pushed to the FortiGate devices. 

Calico FortiSIEM plug-in event correlation and risk management solution – addresses compliance implications due to a lack of visibility. Like any on-premises or cloud-based networked services, Kubernetes production containers must fulfill both organizational and regulatory security requirements. If compliance teams can’t trace the history of incidents across the entire infrastructure, they can’t adequately satisfy cluster audits. The FortiSIEM plugin delivers the telemetry (metadata) that Calico Enterprise creates—including DNS logs, flow logs, and audit logs—into the Fortinet security information and event management (SIEM) environment. This helps security operations (SecOps) teams leverage FortiSIEM to better design and automate their workflows for incident response.

Leveraging Automated Security For CI/CD Pipelines 

While there are multiple ways to achieve a secure application lifecycle, automating and integrating a comprehensive security solution with DevOps workflows provides the most effective approach for discovering, reporting on, and remediating security vulnerabilities. Specifically, to secure microservices-based applications running in a Kubernetes environment, a defense in-depth architecture like the one outlined in this blog is recommended. 

By leveraging the Fortinet Security Fabric, the Fortinet-Tigera joint solution enables organizations to extend enterprise security to Kubernetes clusters so they can maintain their overall security posture. As a result, organizations are further able to achieve full visibility and control across their dynamic multi-cloud environments without compromising security. 

Learn more about how Fortinet’s multi-cloud solutions provide visibility and control across cloud infrastructures to secure applications and connectivity.

Read how Fortinet and Tigera are working together to protect organization’s Kubernetes in the enterprise.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

Building a Cyber-Aware Workforce Requires Training and Ongoing Awareness

One of the most critical strategies for addressing the risks associated with a large remote workforce is to ensure that remote workers have the skills needed to identify and thwart threats. In March of this year, Fortinet launched a free training campaign to help close the cybersecurity skills gap for those individuals looking to educate themselves on potential threats and security technology. As part of this campaign, Fortinet opened up its entire library of self-paced training. This content is designed to educate teleworkers, many of whom were working from home for the first time, as well as provide opportunities for IT and security professionals to upskill or reskill for career development or advancement.

Our world is a hacker’s playground with more people than ever working remotely, opening the door to insider threats wider than ever. A Ponemon Institute Report found that from 2018 to 2020 the number of insider threats increased 47%, making these threats a top concern for CISOs and executives. In addition to having a security architecture that protects organizations from insider threats, CISOs also recognize the importance of ensuring they have a cyber-aware workforce that can detect threats. To help organizations address this, Fortinet has unveiled a new Information Security Awareness and Training service as part of the NSE Training Institute’s latest offering. 

Information Security Awareness and Training Service

As the challenges of cybercriminals targeting remote workers continues to expand, Fortinet released another free offer for organizations designed to further enhance the ability of their workforce to be cyber aware. This new Information Security Awareness and Training service will help companies better educate their workforce on how to identify and protect themselves and their organizations against all types of cybersecurity threats and to help keep security top of mind.

This new service, researched and developed by Fortinet’s NSE Training Institute—a world-class team of cybersecurity experts, is in full alignment with two key sets of NIST guidelines: NIST 800-50 , which outlines requirements for Building an Information Technology Security Awareness and Training Program, and NIST 800-16, which discusses  Information Technology Security Training Requirements.

Training and Awareness

This powerful turnkey service from Fortinet is made up of three components, each of which include both training and awareness elements. These components, outlined below, work together to ensure employees are trained to always be on the lookout for possible attacks, to know how to deal with them when they arise, and to always keep security top of mind.

Awareness Assets:

The awareness component of this training program will help organizations get an effective training program up and running smoothly within a matter of days. To start, essential elements, such as email templates, are available for Information Security teams to customize. These templates are designed to help easily launch the information security initiative. 

Additional elements include security awareness posters, monthly best-practice videos, printable tip sheets, checklists, and screen savers. These and similar elements are all ready for download to help support a comprehensive security training initiative. Such components are essential as part of an ongoing awareness program to ensure your workforce does not lose focus and make the easy mistake of falling into a hacker’s trap.

Critical Training:

The service’s training component consists of five self-paced mandatory modules that are focused on key threats and attack vectors along with best practices. These videos provide valuable information on securing digital and physical information, and all participants are quizzed to test knowledge retention. Three optional videos targeted at various roles within an organization are also included in the package to expand knowledge of the importance of information security.

Administrator Dashboard:

The administrator dashboard provides the organization with a clear overview on how they are executing on their information security awareness and training initiative. It allows the program administrator to keep track of which employees have and have not completed the required courses, ensuring compliancy with company policies. Other details like enrollment dates, progress, quiz scores, and completed modules, as well as completed times and dates are also included.

Find out more information about the Fortinet Information Security Awareness and Training service.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

Fortinet Named a Leader in Gartner 2020 Magic Quadrant for WAN Edge Infrastructure

We’re a Magic Quadrant Leader! In Gartner’s recently published 2020 Magic Quadrant for WAN Edge Infrastructure, Fortinet has now been positioned in the Leader’s quadrant. We believe our commitment to continuous innovation helped Fortinet Secure SD-WAN place higher in ability to execute and further in completeness of vision. 

Our SD-WAN journey began years ago, led with a security-driven networking approach that enabled us to deliver the industry’s first Secure SD-WAN solution. We have continued to innovate since then, delivering the world’s first purpose-built processor designed to accelerate SD-WAN functionality and security, while achieving a fully self-healing SD-WAN solution combined with centralized orchestration to meet the diverse needs of customers worldwide. Going forward we are excited to address additional emerging customer use-cases in the SD-WAN market with cloud-delivered SASE innovations to provide the most flexible secure access solution in the market.

The rapid adoption of cloud services and the current shift to remote workforce has accelerated the need for digital transformation. This has led customers worldwide to recognize the value of SD-WAN as they work to build a more robust WAN Infrastructure. While cost reduction, both in terms of operational overhead and capital expenditures, continues to influence the decision-making process, customers are also highly focused on application performance. Delivering business-critical services and cloud resources in real-time ensures the best possible user experience. When combined with the assurance of secure access from anywhere ­– whether from home or branch offices, or across multi-cloud environments – Fortinet Secure SD-WAN delivers a complete solution worthy of being designated as an industry leader.

Evolving cloud applications poses a significant challenge to steering decisions made by SD-WAN solutions, which can have adverse effects on application performance. By combining the industry’s best performance with advanced remediation techniques, such as dynamic traffic steering, forward error correction, and packet duplication, Fortinet Secure SD-WAN can automatically repair complex WAN issues that can undermine network performance. Combined with Fortinet’s AI/ML-powered application learning, customers can establish advanced visibility and control at every edge to improve performance, expand business agility, and achieve higher levels of productivity to deliver and maintain a better application experience and drive growth and revenue further and faster.

Fortinet also provides one of the widest arrays of Secure SD-WAN solutions, allowing us to achieve an extensive presence across all market segments, from small retail to complex global WAN infrastructures. Part of our advantage is that by converging advanced networking and security into a unified Secure SD-WAN solution, customers are able to eliminate point products at the WAN edge to reduce cost and achieve consolidation, and for industry’s best TCO. Simplification through centralized SD-WAN orchestration also enables organizations to expedite deployment, thereby reducing complexity and associated staff hours spent on management and troubleshooting complex network issues. And its actionable analytics and reports empower IT staff to fine-tune business and security policy at scale, as well as ensure ease of change management because it enables networking and security staff to work as a unified team.

But SD-WAN is about much more than just secure connectivity for branch offices. With applications and workloads moving to cloud-delivered models, businesses need reliable and secure access at the cloud edge as well. Fortinet’s differentiated vision also enables customers to future-proof their digital transformation investments by extending SD-WAN to multi-cloud, providing flexible secure access for their remote workforce anytime and anywhere. In addition, close proximity to applications can also optimize SaaS connectivity and cloud compute. And innovations in Fortinet’s cloud orchestrator help organizations extend end-to-end visibility and control to all edges, whether devices are on or off-premises.

For 20 years, Fortinet – a recognized industry expert – has not only focused on security solutions. We also design and deliver a portfolio of advanced network and access devices that span the entire networking stack. These years of experience in building and delivering advanced routing functionalities are what led to our evolution as the industry’s first Secure SD-WAN vendor, providing robust connectivity and routing functionality combined with a full suite of advanced security. 

Innovations in both security and networking, focused vision on flexible secure access from and to anywhere, and continuous industry recognition from a range of third-party organizations, has fueled our expansion across all business verticals, and we believe this has led to our placement as a Leader in Gartner’s 2020 Magic Quadrant for WAN Edge Infrastructure. We believe our proven track record of providing business agility across all verticals and industries just got much stronger. And it doesn’t stop there. We have several upcoming announcements that will ensure that our Secure SD-WAN solution can address the broadest set of customer deployments – because being a leader never means standing in one place. 

Gartner Magic Quadrant for WAN Edge Infrastructure, Jonathan Forest, Mike Toussaint, Mark Fabbi, September 2020

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Download the full Gartner Magic Quadrant for WAN Edge Infrastructure report here.

Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online

School District Secures Distance Learning for 18,000+ Students With FortiEDR

Customer Perspectives

As school districts across the United States booted up for distance learning, endpoint security became a top priority. Many educational organizations found themselves a target of cybercriminals exploiting the recent pandemic through social engineering attacks—especially now that students and staff have access to the district’s network from their own devices, in their own homes. 

Even prior to the COVID-19 pandemic, the number of easily exploited endpoint devices connected to networks was growing rapidly. This increased even moreso with the shift to remote work and learning. This issue is exacerbated by the growing sophistication of cyber threats and the pandemic-related attacks launched by cybercriminals leveraging fear, uncertainty and doubt (FUD) in social engineering attacks.

One U.S. school district found itself procuring 20,000 more laptops to enable its 18,000 students and 2,200 staff members to learn and work from home. With growing concerns around ransomware and phishing—particularly spearphishing—and an incumbent solution that was not meeting their expectations, the school district began looking for a new vendor. An ideal solution would provide remote web filtering, endpoint protection, detection, response and remote remediation. 

As an existing Fortinet customer, this district already had a number of solutions across the Fortinet Security Fabric in place, including FortiGate Next-Generation Firewalls (NGFWs), FortiAnalyzer, FortiManager, FortiSandbox, FortiAuthenticator, and FortiClient. Because of this, the district had already seen how Fortinet’s broad, integrated, and automated product portfolio enabled increased visibility, centralized management, and seamless protection across the entire digital attack surface—including remote locations. Both their knowledge of the extensive Fortinet portfolio and the existing trusted partnership between the two led the school district to begin a proof of concept (PoC) of Fortinet’s Endpoint Detection and Response solution, FortiEDR.

FortiEDR delivers real-time, automated threat protection, detection, and response for endpoints—both pre- and post-infection. The key capabilities of FortiEDR include discovery and risk mitigation, next-generation antivirus (NGAV), behavior-based detection, real-time blocking, automated incident response, forensic investigation, threat hunting, and virtual patching capabilities. FortiEDR delivers all of this in a form factor with a lightweight footprint that is easy to deploy, even on devices with limited system resources. And as part of the Security Fabric, FortiEDR could seamlessly integrate with the existing solutions the school district had in place, ensuring centralized management and complete visibility and control across their digital attack surface.

After seeing a variety of ransomware samples being tested and automatically dealt with in real-time during the PoC, this school district determined that FortiEDR met, and even exceeded each of their expectations and was exactly what they were looking for to secure remote access and improve endpoint security among students and staff. 

By adopting FortiEDR, this school district saw the following benefits: 

  • Secure remote access and remote web filtering: FortiEDR enables students and staff alike to gain access to the school district’s resources without compromising the security of the network by ensuring consistent remote web filtering. 
  • Enhanced endpoint visibility and resilience: FortiEDR not only gives the school district complete visibility over all endpoint devices connected to the network and ensures that each of those devices are resilient against potential threats. 
  • Improved threat protection: With growing concern around ransomware and targeted spearphishing emails, this school district was relieved to adopt an endpoint security solution that would mitigate those risks and protect students and staff as they work remotely. 

With FortiEDR, this school district was well-equipped to secure endpoints during distance learning and well into the future.  

Learn more about how FortiEDR has the unique ability to defuse and disarm a threat in real-time, pre- and post-infection.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit
You can visit our Shop Online