Episode 92 – Fortinet

Prologue

Fortinet (Nasdaq: FTNT) is an American multinational corporation headquartered in Sunnyvale, California. It develops and sells cybersecurity solutions, including but not limited to physical products such as firewalls, plus software and services such as anti-virus protection, intrusion prevention systems and endpoint security components.

Fortinet was founded in 2000 by brothers Ken Xie and Michael Xie. The company’s first and main product was FortiGate, a physical firewall. The company later added wireless access points, sandboxing, and messaging security.

By 2004, Fortinet had raised over $90 million in funding. The company went public in November 2009, raising $156 million through an initial public offering.

In 2016, Fortinet released its Security Fabric architecture that included integration and automation with other network security devices and third-party vendors.

Prior to Fortinet, Ken Xie founded and served as an executive for NetScreen, a company that was acquired by Juniper Networks in 2004. Michael Xie served as an executive for ServeGate. In 2000, they co-founded Appligation Inc. The company was renamed to ApSecure in December 2000 and later renamed again to Fortinet, based on the phrase “Fortified Networks.”

Fortinet introduced its first product, FortiGate, in 2002, followed by anti-spam and anti-virus software. The company raised $13 million in private funding from 2000 to early 2003. An additional $30 million in financing was raised in August 2003, followed by $50 million in March 2004. Fortinet’s first channel program was established in October 2003. The company began distributing its products in Canada in December 2003, and in the UK in February 2004. By 2004 Fortinet had offices in Asia, Europe and North America.

In April 2005, a German court issued a preliminary injunction against Fortinet’s UK subsidiary in relation to source code for its GPL-licensed elements. The dispute ended a month later after Fortinet agreed to make the source code available upon request.

Fortinet became profitable in the third quarter of 2008. Later that year, the company acquired the intellectual property of IPLocks, a database security and auditing company. In August 2009, Fortinet acquired the intellectual property and other assets of Woven Systems, an ethernet switching company.

According to market research firm IDC, by November 2009 Fortinet held over 15 percent of the unified threat management market. Also in 2009, CRN Magazine‘s survey-based annual report card placed Fortinet first in network security hardware, up from seventh in 2007.

In November 2009, Fortinet had an initial public offering, wherein the company planned to raise $52.4 million through the sale of 5.8 million shares. Over 6 million shares were also sold by stockholders. Just before the first day of trading, Fortinet increased the share price from $9 to $12.50 and the price increased in the market to $16.62. By the end of the first day of trading the company had raised $156 million in financing.

By 2010, Fortinet had $324 million in annual revenues and held the largest share of the unified threat management market according to IDC.

Fortinet made four notable acquisitions from 2012 to 2016. The company acquired app-hosting service XDN (formerly known as 3Crowd) in December 2012 Coyote Point in 2013 and Wi-Fi hardware company Meru Networks in 2015. In June 2016, Fortinet acquired IT security, monitoring and analytics software vendor, AccelOps.

In July 2014, Fortinet announced a technical certification program called the Network Security Expert (NSE) program. In March 2016, Fortinet launched a Network Security Academy to help fill open cyber security jobs in the U.S. Fortinet donated equipment and provided information to universities to help train students for jobs in the field. Also in 2016, Fortinet launched a program called FortiVet to recruit military veterans for cybersecurity jobs.

The NSE Certification is broken into 8 levels from beginner to expert.

NSE1 – NSE3 are Cybersecurity Awareness Certification
NSE4 – NSE6 are Cybersecurity Technical Certification
NSE7 is Cybersecurity Advanced Certification
NSE8 is Cybersecurity Expert Certification

Similar to other certifications they are valid for 2 years and a higher tier certification renews all lower tier ones even if those were already expired.

Compared to other certification paths like Juniper or Cisco there is no pre-requisite to take any of their certification level including the highest one NSE8. They work in partnership with Pearson Vue Testing Centers worldwide.

You can find more about the certificates and materials on https://training.fortinet.com

Right now they are offering some free courses over on their website which are worth to check ( its free)
https://www.fortinet.com/training/cybersecurity-professionals#free-trainings

In January 2017, it was announced that Philip Quade, a former member of the NSA, would become the company’s chief information security officer. At the end of 2017, Fortinet reported $416.7 million in revenue, a 15 percent increase from the previous year.In June 2018, Fortinet acquired Bradford Networks, a maker of access control and IoT security solutions. In October 2018, Fortinet acquired ZoneFox, a threat analytics company. In January 2019, it was announced that Fortinet and founder Ken Xie would participate in the annual World Economic Forum held in Davos, Switzerland.

In September 2019, Fortinet settled a whistleblower lawsuit regarding what the company has described as an “isolated incident” of sales of intentionally mislabeled Chinese-made equipment to U.S. government end users. In late 2019, Fortinet acquired enSilo and CyberSponse. Also in 2019, Fortinet’s FortiGate SD-WAN and Next Generation Firewall received a “Recommended” rating from NSS Labs.

In July 2020, Fortinet acquired OPAQ Networks. OPAQ is a Secure Access Service Edge (SASE) cloud provider based in Herndon, Virginia.

Products and Services

Fortinet released its first product, FortiGate, a firewall, in 2002, followed by anti-spam and anti-virus software. FortiGate was updated to use application-specific integrated circuit (ASIC) architecture. The company has used ASIC in several of its products, including to support its SD-WAN features.

Initially the FortiGate was a physical, rack-mounted product but later became available as a virtual appliance that could run on virtualization platforms such as VMware vSphere.

Fortinet later merged its network security offerings, including firewalls, anti-spam and anti-virus software, into one product. In April 2016, Fortinet began building its Security Fabric architecture so multiple network security products could communicate as one platform. Later that year, the company added Security Information and Event Management (SIEM) products. In September 2016, the company announced it would integrate the SIEM products with the security systems of other vendors.

In 2017, Fortinet announced the addition of switches, access points, analyzers, sandboxes and cloud capabilities to the Security Fabric, in addition to endpoints and firewalls. Later in 2017, Fortinet created a standalone subsidiary, Fortinet Federal, to develop cybersecurity products for government agencies. Fortinet has received security effectiveness certifications through NSS Labs. Gartner, a research and consulting firm, has ranked Fortinet within the top three companies in its Magic Quadrant for enterprise network firewalls, which measures market trends and direction.

In July 2018, the company launched FortiGate SD-WAN, its proprietary SD-WAN service. FortiGate SD-WAN was included in the Challenger category of Gartner’s Magic Quadrant for WAN Edge Infrastructure later that year, joining the Leader category in 2020. Later in 2018, Fortinet released FortiGuard (AI) to better detect new and unknown threats, and also announced the 6.0 version of its FortiOS security operating system with enhanced centralized management and expanded cloud capabilities. The FortiGate 6501F. Presented by Fortinet, February 5, 2018

In May 2004, Trend Micro, a competing cyber security and defense company, filed a legal complaint against Fortinet. Though the International Trade Commission initially ruled against Fortinet the Trend Micro patents at the center of the dispute were later declared as invalid in 2010. In 2005, an OpenNet study suggested that Myanmar, which was under American sanctions, had begun using Fortinet’s FortiGuard system for internet censorship. Fortinet stated that their products are sold by third party resellers, and that they acknowledged US embargoes.

In 2019, Fortinet grew to 21,000 WAN edge customers, according to a Gartner report.

In February 2020, Fortinet released FortiAI, a threat-detection program that uses artificial intelligence. In July 2020, Fortinet launched multi-cloud SD-WAN. That year, BT Security selected Fortinet and other Threat Alliance members as Critical Partners. As of 2020, Fortinet has been awarded over 640 patents.

As of January 2021, the FortiGate line of firewalls is and remains the company’ main product which accounts for most of the gross revenue.

Research

In 2005, Fortinet created the FortiGuard Labs internal security research team.

In 2008, Fortinet researchers sent a report to Facebook highlighting a widget from Zango that appeared to be tricking users into downloading spyware.By 2014, Fortinet had four research and development centers in Asia, as well as others in the US, Canada and France.

In March 2014, Fortinet founded the Cyber Threat Alliance (CTA) with Palo Alto Networks in order to share security threat data across vendors. It was later joined by McAfee and Symantec. In 2015, the CTA published a white paper on the CryptoWall ransomware, which detailed how attackers obtained $325 million through ransoms paid by victims to regain access to their files.

In April 2015, Fortinet provided threat intelligence to Interpol in order to help apprehend the ringleader of several online scams based in Nigeria. The scams, which resulted in compromise of business emails and CEO fraud, had cost one business over $15 million. The following year, in March 2016, Fortinet and technology company, Cisco, joined NATO in a data-sharing agreement to improve their information security capabilities.

In January 2017, Fortinet worked with Interpol to conduct an investigation into web security in several southeast Asian countries. The investigation identified compromised websites, including government-operated web servers. Later that month, Fortinet researchers discovered a spyware that scammed victims by impersonating the IRS. Also in 2017, researchers helped identify malware, called Rootnik, and ransomware, called MacRansom, that targeted Android and MacOS systems respectively. In 2018, Fortinet entered into an information-sharing agreement with Interpol.

My Personal Experience with Fortinet so far

Using a Full GUI firewall at first was not as strange as I thought as it reminded me a lot of SophosXG UTM Firewalls I have met and used in the past in my lab as Firewall for my subnets and VMs running there.

For me it seemed that the features offered and the possibilities to configure more complex scenarios were above of what I have experienced so far on SophosXG UTM Firewalls I used prior. It could have been I was using a model with a lower tier of feature set when it came to Sophos? I do not know at this point.

One of the real life scenario I tried out to configure on the FortigateVM with FortiOS 7.0 ( latest at the time) was simple and probably an everyday scenario in many corporations out there what System Administrators have to do:

Scenario:

In an On Premises AD controlled environment create the foundations to be able to limit end users access to site f.e bbc.com * Allow or Deny* based on a criteria.

( You can include here specific ports f.e to reach website or service on IP / FQDN and port 14300 to make it more interesting )

My AD Lab environment in this example consisted of the below:

  • The 172.19.19.0/24 subnet
  • FortigateVM Firewall running FortiOS 7.0 with its Port2 Interface set at 172.19.19.6/24 serving as the Gateway for the 172.19.19.0 subnet. ( its WAN (port1) interface is Dynamic set in the 172.31.5.x/24 range)
  • AD DNS , DHCP , DC Server running Windows 2019 server running the hypervlab.local domain at 172.19.19.90/24
  • Two AD User Groups: Usera added to group Allow_BBC_Website_On_Fortigate and Userb added to group Block_BBC_Online_Website_On_Fortigate respectively
  • FSSO_Agent ( Fortinet Single Sign On Agent running on the Domain Controller to Sync AD Users and Groups with the FortigateVM Firewall at 172.19.19.1/32) so I can use them directly in Firewall Policies.
  • A Windows VM with Windows 11 at 172.19.19.26
  • A Linux VM with Rocky Linux at 172.19.19.22

Links

https://www.fortinet.com/training-certification

https://www.fortinet.com/training-certification#certification-levels

https://training.fortinet.com/

https://en.wikipedia.org/wiki/Fortinet