FortiWeb Web Application Firewall (WAF) is PCI DSS compliant, top security — NSS Labs recommended, has groundbreaking throughput up to 20 Gbps, and is available in hardware and virtual form factors. Fortinet FortiWeb is able to process up to tens of thousands of web transactions by providing hardware accelerated SSL offloading in most models. Although Payment Card Industry Data Security Standards (PCI DSS) compliance is the main reason most organizations deploy Web Application Firewalls (WAFs), many now realize that unprotected web applications are the easiest point of entry for even unsophisticated hackers. Externally facing web applications are vulnerable to attacks such as cross site scripting, SQL injection, and Layer—7 Denial of Service (DoS). Internal web applications are even easier to compromise if an attacker is able to gain access to an internal network where many organizations think they’re protected by their perimeter network defenses.
However, even commercial code is vulnerable as many organizations don’t have the resources to apply patches and security fixes as soon as they’re made available. Even if you apply every patch and have an army of developers to protect your systems, zero—day attacks can leave you defenseless and only able to respond after the attack has occurred. Deep integration with FortiGate and FortiSandbox—as the threat landscape evolves, many new threats require a multi pronged approach for protecting web—based applications. Advanced Persistent Threats that target users can take many different forms than traditional single—vector attack types and can evade protections offered only by a single device. Using an advanced multi—layered and correlated approach, FortiWeb provides complete security for your external and internal web—based applications from the OWASP Top 10 and many other threats.
Fortinet FortiWeb – Advanced False Positive Mitigation Tools
False positive detections can be very disruptive if a web application firewall isn’t configured correctly. Although the installation of a WAF may only take minutes, fine tuning it to minimize false positives can take days or even weeks, plus there’s the regular ongoing adjustments for application and environment changes. FortiWeb combats this problem with many sophisticated tools including alert tuning, white lists, automatic learning exceptions, correlated threat detection, and advanced code based syntax analysis. Blazing fast SSL offloading — FortiWeb is able to process up to tens of thousands of web transactions by providing hardware accelerated SSL offloading in most models. With near real—time decryption and encryption using ASIC based chip sets, FortiWeb can easily detect threats that target secure applications. FortiWeb user tracking — FortiWeb monitors users authenticating to web applications and tracks all their subsequent activity.
Included Vulnerability Scanning
Only FortiWeb includes a web application vulnerability scanner in every appliance at no extra cost to help you meet PCI DSS compliance. FortiWeb vulnerability scanning dives deep into all application elements and provides in—depth results of potential weaknesses in your applications. Vulnerability scanning is always up to date with regular updates from Fortinet FortiGuard Labs. Deep integration with FortiGate and FortiSandbox — as the threat landscape evolves, many new threats require a multi pronged approach for protecting web—based applications. Advanced Persistent Threats that target users can take many different forms than traditional single—vector attack types and can evade protections offered only by a single device. Fortinet FortiWeb integration with FortiGate and FortiSandbox extend basic WAF protections through synchronization and sharing of threat information to both deeply scan suspicious files and share infected internal sources.
Web applications and email systems have long been favorite targets of hackers because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences including financial loss, damage to brand reputation, and loss of customer trust. Most organizations do not recover from a major security breach, making it absolutely critical to protect your users and customers from threats that target applications and email systems.
Fortinet Data Center Application Security solution consists of a robust and integrated set of products to protect against these attacks. We are the only company that delivers a complete single—vendor solution with the proven performance and security effectiveness to meet the increasing demands of today’s data centers. In addition, our application security solutions can be integrated with Fortinet FortiGate next generation firewalls and Fortinet FortiSandbox sandbox for extra defenses against advanced persistent threats (APTs).
The enterprise data center is evolving rapidly with technologies such as virtualization, Software—Defined Networking, and public cloud computing. Trying to apply traditional security to new technologies generally will not be effective. Enterprises need to evaluate their data center initiatives and how they will impact network security to ensure all areas of the data center remain protected. Today’s data centers are dynamic and complex. Security solutions need to be flexible, effective, and easy to manage so they bring order to the chaos instead of adding to it. Fortinet can protect your physical, virtual, and cloud servers with one solution — whether data center, private cloud, or public cloud deployments.
Under constant attack, organizations cannot afford to choose between security and maintaining a high—performance business infrastructure. Your extended enterprise needs proven security that won't compromise performance: from deep within internal segments, to physical and virtual data centers, to dynamic cloud environments. Deploying network security solutions from multiple vendors causes unnecessary complexity and introduces security gaps. Our Enterprise Firewall Solution delivers industry—leading security effectiveness with unmatched performance capabilities — through one operating system managed within a single pane of glass.
Cloud computing is becoming increasingly popular among enterprises looking to take advantage of the quick deployment, unprecedented scalability, and cost savings. Private cloud infrastructure, including virtualization and Software—Defined Networking (SDN), are rapidly transforming data centers worldwide. At the same time, organizations are rapidly embracing public clouds, both migrating workloads to Infrastructure—as—a—Service (IaaS) clouds like AWS and Azure, and adopting Software—as—a—Service (SaaS) applications. This results in a hybrid cloud and increasingly multi—cloud environment that is truly borderless for your enterprise users, data, and applications.
Evolving your infrastructure means your security must evolve as well, to protect your enterprise regardless of where your infrastructure and applications are running. If your security can’t keep up with the agile public, private, and hybrid cloud environments of today, gaps in protection will occur. There are a number of deployment methods being used today that require scalable security capable of keeping up with elastic workloads. Fortinet provides comprehensive security for private, public, and hybrid deployments before, during, and after migration — with one solution.
At the heart of Fortinet data center security are the FortiGate data center firewalls which are purpose—built Fortinet FortiASIC processors that enable this extremely high level of performance. These custom content and network processors provide near—wire speed switching, routing, and stateful firewalling. The network processors eliminate the need for legacy Layer—2 switches and routers within the data center. Instead, Fortinet FortiGate takes over and performs network segmentation, switching, routing, and network security, all while reducing network complexity.
Furthermore, our integrated architecture provides extremely high throughput and exceptionally low latency, minimizing packet processing while accurately scanning the data for threats. Custom Fortinet FortiASIC processors deliver content inspection at multi—gigabit speeds. The only way for a network security platform to scale is via purpose—built ASICs to accelerate specific parts of the packet processing and content scanning function. Fortinet FortiGate technology utilizes optimum path processing (OPP) to optimize the different resources available in packet flow. The Fortinet FortiASIC can scale to 500 Gbps of firewall throughput independent of packet size while maintaining a high number of sessions and extremely low latency.
Fortinet FortiWeb provides integration with leading third—party vulnerability scanners including Acunetix, HP WebInspect, IBM AppScan, Qualys and WhiteHat to provide dynamic virtual patches to security issues in application environments. Vulnerabilities found by the scanner are quickly and automatically turned into security rules by FortiWeb to protect the application until developers can address them in the application code. Quarantined IPs HTTP Traffic service protects you from known attack sources like botnets, spammers, anonymous proxies, and sources known to be infected with malicious software.
Fortinet FortiWeb Security Service is designed just for FortiWeb including items such as application layer signatures, malicious robots, suspicious URL patterns and web vulnerability scanner updates. Finally, Fortinet FortiWeb offers FortiGuard’s top—rated antivirus engine that scans all file uploads for threats that can infect your servers or other network elements. Fortinet FortiWeb provides maximum flexibility in supporting your virtual and hybrid environments. The virtual versions of FortiWeb support all the same features as Fortinet hardware—based devices and work with all the top hypervisors.