Fortinet Protects Web Applications with XML Firewall Appliance
Fortinet® - the pioneer and leading provider of unified
threat management (UTM) solutions - today announced the debut of a new web security
appliance that provides application and XML firewalling to protect, balance and
accelerate web applications, databases and the information exchanged between
them. The new FortiWeb-1000B is suitable for protecting enterprise websites,
and is the first in a family of Fortinet web application security appliances.
FortiWeb™ appliances can drastically reduce the
deployment time and complexities associated with securing web-based applications,
and can also aid companies in meeting regulatory mandates such as PCI-DSS
compliance.
Together with Fortinet’s FortiDB™ database security
product, the FortiWeb-1000B forms the basis for a broad protection schema to
support the growing prevalence of cloud computing and other enterprise activities
that need to access confidential and personal data over the Internet or
intranets.
Web applications are essentially a public interface to
databases storing sensitive information, so the need to secure this interface
is as critical as securing the databases themselves. While many web
applications today have built-in security protocols, writing secure web
application code is difficult and often not the priority of the developer. In
addition, there are a number of challenges to securing the code of various web
applications: New vulnerabilities,
patching schedules, code revisions, code access, vulnerability identification
and deployment timelines. The ideal scenario would separate the security of the
web application from the application itself to enforce uniform security
measures regardless of the level of security built into the web application and
provide an umbrella of security protection across a number of web applications.
“With the Internet representing such a preponderance of
business interactions today, the opportunities that cyber criminals have to
target both the communications and the data it carries is almost limitless
without the right precautions in place,” Jon Crotty, IDC. “Web and XML
applications are de-rigueur requirements for any business that wants to have an
online presence -- and that’s just about everyone -- so we fully expect web
application firewall to burgeon as a business, especially with the growth of
SaaS and cloud computing. A product that simplifies and strengthens the implementation
of web applications should find strong reception.”
FortiWeb At-A-Glance:
The FortiWeb-1000B web security appliance is ideal for medium and large enterprises, application service providers, and Software-as-a-Service providers.
Key benefits of the FortiWeb-1000B include the following:
- Web applications secured – The FortiWeb-1000B provides a uniform, umbrella approach to securing multiple web-based applications using web application and XML firewalls, regardless of the native security strength of the web application
- Deployment simplified – Simplifies deployment and management of web applications with a central security appliance;
- Content accelerated – Accelerates web applications through XML/SSL offloading with the FortiASIC CP6
- Resources load balanced – Load balances traffic and routes content across multiple web servers for improved server resource utilization, increased performance and application stability;
- Compliance achieved – Complies with PCI version 1.2 requirements, ensuring that a web-application firewall is in place in front of public-facing web applications to detect and prevent web-based attacks.
The FortiWeb-FortiDB
Combination
FortiWeb and FortiDB appliances operate independently
of one another, but work in conjunction to provide broad data security.
In network topography, the FortiWeb appliance sits
inline in front of web application servers, while the FortiDB is deployed out
of band, automatically monitoring, auditing and scanning databases. Deploying
these devices in tandem provides multiple layers of security to prevent
numerous types of threats originating from multiple vectors. In addition, compliance
with various portions of the PCI-DSS is more easily achieved with the
combination of FortiWeb and FortiDB.
“Following the introduction of our FortiDB database
security appliance family last year, we are further extending our protection to
the web traffic going to and coming from those databases for a more
comprehensive approach toward data protection,” said Michael Xie, CTO and
co-founder, Fortinet. “The expansion of our core FortiGate network security
gateways to include data and web application security appliances enables
Fortinet to better provide customers a broad solution for protecting networks
and applications at the core and perimeter.”
FortiWEB and FortiDB are distributed in Australia by
Whitegold Solutions, Lan 1, and Distribution Central. FortiWEB and FortiDB are distributed
in New Zealand by Ingram Micro and Distribution Central.
Additional information on FortiWeb and other Fortinet
products can be accessed at http://www.fortinet.com/products.
About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat
management, or UTM, security systems, which are used by enterprises and service
providers to increase their security while reducing total operating costs.
Fortinet solutions were built from the ground up to integrate multiple levels
of security protection--including firewall, antivirus, intrusion prevention,
VPN, spyware prevention and anti-spam -- designed to help customers protect
against network and content level threats. Leveraging a custom ASIC and unified
interface, Fortinet solutions offer advanced security functionality that scales
from remote office to chassis-based solutions with integrated management and
reporting. Fortinet solutions have won multiple awards around the world and are
the only security products that are certified in six programs by ICSA
Labs: Firewall, Antivirus, IPSec VPN,
SSL VPN, Network IPS, and Anti-spam. Fortinet is privately held and based in
Copyright © 2008 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWeb, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse and FortiDB. Other trademarks belong to their respective owners.
