Network Security & Firewalls

Distributed Denial of Service (DDoS) attacks remain a top threat to IT security and have evolved in almost every way to do what they do best: shut down access to your vital online services.

Unlike intrusion and malware attacks, DDoS attackers have learned that they don't need to attack only end-point servers to shut you down. They attack any IP address that routes to your network: unused IPs, Inter-router-link public IPs or Firewall/Proxy/WiFi Gateway public IPs.

Cloud-based CDN and DNS-based cloud mitigation cannot protect you from these attacks. What is the impact to your business if your users cannot reach cloud services because your firewall or demarc router public IP is being DDoSed? Your CDN-based web servers may be up but your business is down!

Sophisticated multi-vector and multi-layer DDoS attacks use direct and reflected packets where the spoofed, randomized source IPs are impossible to ACL. These attacks are increasingly common as Mirai-style code has morphed into many variants and has been commercialized by providers of "stresser" sites. Anyone can call down large attacks for a few dollars.

To combat these attacks, you need a solution that dynamically protects a large attack surface.

Powered by SPU - A Different and Better Approach to DDoS Attack Mitigation

Only Fortinet FortiDDoS appliances use Machine Learning detection methods in dedicated, custom-silicon Security Processing Units (SPUs) to deliver the most advanced and fastest DDoS attack mitigation on the market today, without the performance compromises of multi-CPU or CPU/ASIC hybrid systems. The TP2 and TP3 SPU Traffic Processors inspect 100% of both inbound and outbound Layer 3, 4 and 7 packets, resulting in the fastest and most accurate detection and mitigation, and the lowest latency in the industry.

FortiDDoS uses 100% machine learning, behavior-based methods to identify threats. Instead of requiring predefined signatures to identify attack patterns, FortiDDoS uses its massively-parallel computing architecture to build an adaptive baseline of normal activity from hundreds-of-thousands of parameters and then monitors traffic against that baseline. Should an attack begin, FortiDDoS sees this as abnormal and immediately takes action to mitigate it.

The Power of SPUs - Flexible, Autonomous Defenses

FortiDDoS protects you from known and "zero-day" attacks without creating local or downloading subscription signatures for mitigation. Other vendors try to conserve CPU real-time by inspecting a relatively small number of parameters at a low sample rate, unless and until an explicit signature is created. FortiDDoS' massively parallel SPU Traffic Processors sample 100% of even the smallest packets, for over 230,000 parameters for each Protection Profile. This allows FortiDDoS to operate completely autonomously, finding some attacks on the FIRST packet and all attacks within 2 seconds - broader and faster mitigation than any other vendor or method. There is no need to adjust settings, read pcaps or add regex-style manual signatures or ACLs in the middle of attacks. While attacks are being mitigated, FortiDDoS continues to monitor all other parameters to instantly react to added or changed vectors.

AI/ML Security and Deep Visibility

Distributed Denial of Service (DDoS) attacks remain a top threat to network security and have evolved in almost every way to do what they do best: shut down access to your vital online services.

Unlike intrusion and malware attacks, DDoS attackers have learned that they don't need to attack only end-point servers to shut you down. They attack any IP address that routes to your network: unused IP addresses, ISP link subnets, or Firewall/Proxy/WiFi Gateway public IP addresses.

CDN and DNS-based cloud mitigation cannot protect you from these attacks. What is the impact to your business if your users cannot reach cloud services because your firewall is DDoSed?

Sophisticated multi-vector and multi-layer DDoS attacks use direct and reflected packets where the spoofed, randomized source IP addresses are impossible to ACL. These attacks are increasingly common as Mirai-style code has morphed into many variants and has been commercialized by providers of "stresser" sites. Anyone can create large, anonymous attacks for a few dollars.

DDoS is not an everyday occurrence for security teams and they cannot be expected to understand the thousands of attack variants that target your network.

To combat these attacks, you need a solution that dynamically and automatically protects a large attack surface.

Distributed Denial of Service (DDoS) attacks remain a top threat to IT security and have evolved in almost every way to do what they do best: shut down access to your vital online services.

Unlike intrusion and malware attacks, DDoS attackers have learned that they don't need to attack only end-point servers to shut you down. They attack any IP address that routes to your network: unused IP addresses, Inter-router-link public IP addresses, or Firewall/Proxy/WiFi Gateway public IP addresses.

Cloud-based CDN and DNS-based cloud mitigation cannot protect you from these attacks. What is the impact to your business if your users cannot reach cloud services because your firewall or demarc router public IP is being DDoSed? Your CDN-based web servers may be up but your business is down!

Sophisticated multi-vector and multi-layer DDoS attacks use direct and reflected packets where the spoofed, randomized source IP addresses are impossible to ACL. These attacks are increasingly common as Mirai-style code has morphed into many variants and has been commercialized by providers of "stresser" sites. Anyone can call down large attacks for a few dollars.

To combat these attacks, you need a solution that dynamically protects a large attack surface.

A Different and Better Approach to DDoS Attack Mitigation

FortiDDoS massively parallel machine-learning architecture delivers the most advanced and lowest-latency DDoS attack mitigation on the market today, without the performance compromises normally associated with CPU-based systems. FortiDDoS inspects 100% of both inbound and outbound Layer 3, 4, and 7 packets, to the smallest packet sizes, resulting in the fastest and most accurate detection and mitigation in the industry.

In place of pre-defined or subscription-based signatures to identify attack patterns, FortiDDoS uses autonomous machine learning to build an adaptive baseline of normal activity from hundreds-of-thousands of parameters and then monitors traffic patterns against those baselines. Should an attack begin, FortiDDoS sees the deviation and immediately takes action to mitigate it, often from the first packet.

HIGHLIGHTS | Powerful Parallel Architecture = Flexible, Autonomous Defenses

FortiDDoS protects you from known and "zero-day" attacks without creating local or downloading subscription signatures for mitigation. Other vendors try to conserve CPU real-time by inspecting a relatively small number of parameters at a low sample rate, unless and until an explicit signature is created. FortiDDoS' massively parallel architecture samples 100% of even the smallest packets, for over 230,000 parameters for each Protection Profile. This method allows FortiDDoS to operate completely autonomously, finding some attacks on the FIRST packet and all attacks within two seconds - broader and faster mitigation than any other vendor or method. There is no need to adjust settings, read pcaps, or add regex-style manual signatures or ACLs in the middle of attacks. While attacks are being mitigated, FortiDDoS continues to monitor all other parameters to instantly react to added or changed vectors.

Enterprises require a high-speed, high-capacity firewall to stay ahead of ever-increasing network performance requirements as well as continued evolution of the threat landscape, at data center and campus locations.

Eliminate Security Bottlenecks
With 52 Gbps of firewall throughput and low latency, the FortiGate 1000D represents an excellent entry model for small data centers and delivers a high-performance, high-capacity data center firewall. IPv6 parity, 10 GE ports and dramatic increases in VPN performance enable you to keep pace with your evolving network.

Deeper Visibility
At the same time, superior next generation threat prevention performance allows you to run top-rated intrusion prevention, application control and antimalware capabilities for deeper inspection of content, applications, user and device activity. Rich console views and reports together with a flexible policy engine provide the visibility and control to empower employees yet secure your enterprise.

The FortiGate 1000D series delivers high performance next generation firewall (NGFW) capabilities for large enterprises and service providers. With multiple high-speed interfaces, high-port density, and high-throughput, ideal deployments are at the enterprise edge, hybrid data center core, and across internal segments. Leverage industry-leading IPS, SSL inspection, and advanced threat protection to optimize your network's performance. Fortinet's Security-Driven Networking approach provides tight integration of the network to the new generation of security.

Security

• Identifies thousands of applications inside network traffic for deep inspection and granular policy enforcement
• Protects against malware, exploits, and malicious websites in both encrypted and non-encrypted traffic
• Prevent and detect against known and unknown attacks using continuous threat intelligence from AI-powered FortiGuard Labs security services

• Delivers industry's best threat protection performance and ultra-low latency using purpose-built security processor (SPU) technology
• Provides industry-leading performance and protection for SSL encrypted traffic

• Independently tested and validated for best-in-class security effectiveness and performance
• Received unparalleled third-party certifications from NSS Labs

• Delivers advanced networking capabilities that seamlessly integrate with advanced layer 7 security and virtual domains (VDOMs) to offer extensive deployment flexibility, multi-tenancy and effective utilization of resources
• Delivers high-density, flexible combination of various high-speed interfaces to enable best TCO for customers for data center and WAN deployments

• Includes a management console that is effective, simple to use, and provides comprehensive network automation and visibility
• Provides Zero Touch Integration with Fortinet's Security Fabric's Single Pane of Glass Management
• Predefined compliance checklist analyzes the deployment and highlights best practices to improve overall security posture

• Enables Fortinet and Fabric-ready partners' products to provide broader visibility, integrated end-to-end detection, threat intelligence sharing, and automated remediation