It is hard enough for enterprise security professionals to provide adequate risk management for their companies based on the fact that the Bring Your Own Device (BYOD) phenomena and explosion of remote workers has changed the nature of their job profoundly and permanently. The challenges get even bigger when looking at the complexities of managing corporate communications infrastructures from a security perspective if you are a distributed enterprise such as large retailers with possibly thousands of locations. To address the requirements of such enterprises, Sunnyvale, CA-based network security company Fortinet has unveiled its new Secure Wireless LAN solution to meet the specific needs of this important customer set.
The Fortinet Secure WLAN integrates a lot of capabilities into a single solution that otherwise would require enterprise IT departments to use solutions for such things as firewalls, UTM, policy management, etc. from as many as five or six vendors. It integrates wireless and wired access, security, authentication, switching and management, in an easily managed system that allows system-wide policy enforcement.
In a world that some have characterized as “IT Anarchy” where growing complexity caused by the need to manage people, devices, apps and network access is intensifying just as most legacy solutions and user behavior have left IT with less rather than more control, the Fortinet Secure WLAN is going to generate interest.
A comprehensive solution for distributed enterprises
As John Maddison, vice president of marketing at Fortinet explained to MobilityTechzone, “The distributed enterprise is expanding in terms of the things that need to be managed, and IT is looking for a reduction in the number of vendors to deal with, and more importantly solutions that fill in the missing pieces that can provide them with increased visibility and control.” He explained that the Fortinet Secure WLAN gives administrators a broad, unified solution that provides unprecedented protection, superior total cost of ownership (TCO) and granular control through user authentication and device visibility across the entire network.
As part of the solution Fortinet introduced new wired and wireless products: the FortiSwitch-28C and FortiSwitch-348B Ethernet switches and FortiAP-14C and FortiAP-28C wireless access points.
Key features of the Fortinet Secure WLAN include:
Integrated security: Advanced and integrated threat protection coupled with fully featured wireless access— providing administrators a streamlined, single-pane-of-glass to manage users and devices as well as unified policy enforcement across wired and wireless networks.
Lower TCO: No need to purchase separate WLAN controllers, and there are no per AP and cloud management licensing fees, which can quickly add up as wireless is deployed in multiple locations.
Device Visibility: IT can define and enforce policies based on device types. Mobile device access (iPhone, Android, etc.) is configured by on-boarding the device via user and device authentication and applying a per device and user policy to ensure the right destinations are reached. This is critical for accommodating the growing BYOD population. .
Authentication: Integrated authentication with single sign-on and policy enforcement across access points, security appliances and switched devices.
Scalability: Fortinet supports centralized, mesh, and distributed controller-less access point deployments with a variety of indoor, outdoor and remote APs. These APs, when combined with FortiGate virtual or appliance-based wireless controllers, are ideal for education, healthcare, retail and distributed enterprise environments.
The new hardware
As mentioned, there are new Ethernet switch and access points. These have been designed to integrate easily with existing Fortinet products, and have the added attractions of being over Ethernet, i.e., no need for addition cabling and the ability to supply power to peripherals like phones and cameras. Plus the new FortiAPs are small, plug-and-play 802.11n wireless access points that allow organizations to easily and securely extend wireless access to branch and home offices while retaining centralized management and policy control.
It also should be noted that switch and access point management, as well as user and device policy enforcement, is powered by FortinetFortiGate security appliances, which integrate advanced firewall protection, VPN connectivity, endpoint and application control, Web filtering, antimalware and data loss prevention. And, for enterprises that require two-factor authentication, the Fortinet Secure WLAN solution supports FortiAuthenticator series of authentication appliances that deliver both hardware token and soft token-based two-factor authentication to any third-party device.
Leveraging the FortiOS
How Fortinet has engineered this to be important to distributed enterprises is based on its leveraging of new or improved features and capabilities in the FortiOS 5 operating system. These include:
- Consistent policy enforcement of all wired and wireless network traffic using the controller built into all FortiGate appliances. Profile changes made from a FortiGate can be pushed out to thousands of access points;
- Bandwidth management for prioritizing mission-critical and bandwidth intensive applications;
- Identity-based policy management for identifying anything connected to the network, including mobile devices such as smartphones and tablets, and then pushing customizable policies that can be tailored for each device;
- Single-pane-of-glass device management for managing all infrastructure products attached to the network through a FortiGate or FortiManager appliance;
- Application control for allowing, blocking or rate-limiting access to thousands of applications, a crucial building block for today’s high-bandwidth wireless infrastructure;
- Rogue AP detection, mitigation and wireless IPS to block unauthorized access points from creating a point of information leakage from the network and detecting wireless anomalies.
“Because of the explosive growth of mobile devices and applications in the workplace, networks need to be re-architected for low latency, increased throughput, and of course strong security,” said Rohit Mehra, vice president, Network Infrastructure, IDC. “Solutions such as Fortinet’s new Secure WLAN solution address the major pain points that distributed enterprises face today – securely accommodating the exponential growth of BYOD for both employee and guest access; identifying and mitigating security issues; and reducing costs and complexities associated with provisioning and managing overlay wireless networks.”
Maddison of Fortinet also explained the growing need for such solutions. “BYOD has put immense pressure on IT to obtain better visibility and control. These pressures will only increase as those devices become more app intensive and more transactional in terms of their use.” He also observed that the new access points and switches are important parts of this announcement since meeting the needs to provide improved and secure wireless access in environments that have increasingly un-tethered requirements is important. “The Secure WLAN increases IT’s visibility and their span of control, and for a distributed enterprise making it secure and making management manageable is critical,” he added.
Market realities, particularly for distributed enterprises, are such that the observation made by famous futurist Nicholas Negraponte many years ago about us being in an inversion where everything that has gone over wires would be wireless and to some extent vice versa, has taken a few years to foment in the enterprise. For virtually all enterprises, regardless of size or location, that inversion has taken place and as a result of BYOD and other industry trends like virtualization and all things cloud related, it is not just a fact of life but something to be leveraged for competitive advantage.
The challenges that IT departments face in managing all of the complexity caused by the dramatic shifts that characterize the “new normal” cannot be under-estimated. Visibility and control are important for securing the enterprise, and a single solution that addresses multiple pain points makes a lot of sense.
Edited by
Stefania Viscusi