Fortinet Extends Firewall to Include Detection of End-User Anomalies

    IT security these days is roughly equivalent to running a counter-intelligence service that tries to identify behavioral anomalies that may signal a compromised asset. Of course, in order to be able to do that within the context of IT, an organization needs to be able to first identify what is actual normal behavior for any given end user.

    With that goal in mind, Fortinet today unveiled the Fortigate-5001C, a blade server that identifies anomalies in end-user behavior while also, for example, proactively moving any suspicious attachment into a sandbox environment that prevents any malicious code from actually be executed on an end-user system.

    The Fortigate-5001C blade is designed to plug into the Fortinet 5000, a firewall built on top of custom ASIC processors developed by Fortinet. According to Kevin Flynn, senior marketing manager for Fortinet, the Fortinet 5000 firewall platform uniquely delivers up to 40 Gbps of firewall throughput and up to 17 Gbps of IPSec throughput, making it possible to combine next-generation firewall, virtual private network, application control, intrusion prevention, anti-malware and Web filtering within a single platform.

    By and large, IT organizations are struggling with two core security issues. The bad guys are getting more sophisticated by the moment, necessitating a more nuanced approach to IT security. But the cost of deploying additional levels of security can be cost-prohibitive. Flynn contends that the Fortinet 5000 series provides a platform through which multiple layers of security can be easily managed at performance levels that can keep pace with security attacks that are steadily increasing in volume. The new Fortigate 5001C server blade, says Flynn, adds more visibility into the security equation by allowing IT organizations to more easily spot suspicious behavior that could be indicative of a security breach. That’s critical now, says Flynn, in an age where employees are connecting to the corporate network using any number of devices, some of which may not even be owned by the company.

    Flynn says customers have multiple options when it comes to deploying Fortinet 5001C modules, which can either be deployed on premise or invoked as a service through Fortinet or one of its managed security service partners. The end goal is to essentially create a federated model for managing security that gives customers a maximum amount of flexibility in terms of where specific security functions are deployed.

    As we enter 2013, there’s no doubt that the security battle this year will be even more bruising than what we witnessed in 2012. Barring the deployment of some new model for running applications, IT systems are vulnerable to different types of attacks that more often than not are now being used in combination by not only cyber criminals, but also “hacktivists,” organizations engaged in cyber terrorism and espionage. Given that new reality, it’s not likely that a security architecture that was put in place before 2012 is going to be able to stand up for too much longer against the volume and complexity of the security threats facing organizations today.

    Mike Vizard
    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles