INTERCONNECTS
Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises and Cloud-based Service Providers
Fortinet has announced two new appliances for its FortiWeb family of web application firewalls – the FortiWeb-1000C, designed for mid-to-large enterprises, and FortiWeb-3000C, the flagship system for high-end enterprises, application service and cloud-based service providers.
The FortiWeb-1000C and 3000C appliances are integrated web application and XML firewalls that protect against attacks targeted at web applications and web services infrastructure. Because they provide detailed visibility into an organisation’s threat landscape, the FortiWeb application firewalls eliminate the need to manage separate web and threat management tools and consoles. Not only does this streamline security efforts and reduce infrastructure complexity, it drastically reduces the time required to protect regulated data and achieve regulatory compliance.
Each appliance is equipped with the new FortiWeb 4.0 MR1 firmware that is designed to provide maximum protection for web applications containing sensitive data subject to Payment Card Industry (PCI) guidelines. The new web application firewalls also blunt potentially crippling attacks such as SQL injection and cross-site scripting, and help prevent security breaches from exposing highly sensitive data loss, such as credit card numbers and personally identifiable information.
With the addition of the FortiWeb-1000C and FortiWeb-3000C, Fortinet now offers four web application firewall appliances to provide retail and payment, financial services and healthcare customers with a full range of deployment options. In the case of retail and payment customers, the new FortiWeb products greatly minimise the complexity of complying with PCI Data Security Standard (DSS) section 6.5 and 6.6, as well as the rampant problems of identity theft and financial fraud. The FortiWeb-1000C and FortiWeb-3000C also provide robust patient data protection as part of HIPAA compliance for healthcare organisations.
“The need to protect web applications that contain sensitive credit, financial or personal information from increasingly sophisticated attacks and data loss has never been greater,” said Paula Musich, senior analyst, Current Analysis. “The simple fact of the matter is that organisations are deploying web applications and regulated Internet-facing data more broadly than ever. For hackers and cyber-criminals, that’s like painting a giant bulls-eye on those applications, which gather credit card data and personally identifiable information with minimal protection in place. That’s why putting in place sophisticated web protection and threat management solutions with powerful policy enforcement capabilities should be a standard practice for any organisation doing business on the web.”
To preserve optimal web application performance, the FortiWeb application firewalls leverage an intelligent, application-aware load-balancing engine to distribute traffic and route content across multiple web servers. This load balancing increases application performance, improves resource utilisation and application stability while reducing service response times.
What’s New in FortiWeb Application Firewalls
The release of FortiWeb 4.0 MR1 provides a series of major enhancements to the new FortiWeb-1000C and FortiWeb-3000C application firewalls, including:
• Policy wizard and pre-defined policies – allows for one click deployments and eases the process of rules creation greatly
• Advanced alert tool -- makes it easy to sift through hundreds of alerts, identify repetitive attackers using various aggregation fields and quickly understand the nature of attacks.
• Enhanced Protocol Constraints – enforces policies that ensure any access to the web application is done in accordance with the HTTP RFC standard.
• Extended signatures and DLP -- allows customers to create their own granular signatures and data loss prevention patterns from a FortiWeb graphical user interface for any type of event, in addition to the pre-defined application signatures and data loss prevention rules.
“Customer demand for more powerful web application infrastructure security is soaring due to a combination of evolving attacks, security breaches, regulatory compliance and web defacement incidents,” said Michael Xie, founder, CTO and vice president of engineering at Fortinet. “At the same time, more content is being delivered via the web, and both cloud providers and large enterprises need robust security solutions that can protect web application infrastructures without affecting application performance. The addition of the FortiWeb-1000C and FortiWeb-3000C appliances to the FortiWeb product family directly addresses this demand. These new platforms can play a pivotal role in helping preserve the security and uninterrupted operation of our customers’ web application infrastructures.”
Availability
The FortiWeb-1000C and FortiWeb-3000C are available now.