When it comes to security, there is definitely a need for speed. Each additional layer of security that gets deployed starts to act as a drag on overall application performance. For that reason, many IT organizations are actually reluctant to turn on every security service at their disposal.
Looking to change this, Fortinet this week introduced two new next-generation firewalls (NGFWs) built around proprietary ASIC processors. Tamir Hardof, vice president of product marketing for Fortinet, says the FortiGate 300D and 500D provide the ability to deploy a variety of security services, including VPN control, generic routing encapsulation (GRE) acceleration, anomaly-based intrusion prevention and traffic shaping and priority queuing, at wire speeds of eight and 16 Gigabits-per-second.
Hardof says NGFWs are supplanting traditional firewalls in part because low-cost ASIC processors allow IT organizations to deploy a much broader range of security services that can be consolidated on a single platform.
The degree to which that consolidation will continue is a matter of fierce debate. Providers of commodity processors argue that it’s only a matter of time before generic platforms based on multicore processors eliminate the need for ASIC processors in general and all forms of network and security appliances in particular. In the meantime, Hardof says Fortinet is leveraging low-cost ASICs to consolidate a larger number of security services that eliminate the need for dedicated intrusion prevention systems (IPS).
The need to delineate between NGFWs and traditional firewalls is debatable at this juncture. But the one thing that is clear is that as attacks become increasingly more sophisticated, an increased need for a broad range of security services is warranted. The challenge is figuring out a way to deploy them so that it doesn’t seem like the fix is worse than the actual IT security problem.