SOURCE: Fortinet

February 17, 2009 12:00 ET

Fortinet Expands Security Portfolio With Debut of Web Application/XML Firewall Appliance

FortiWeb-1000B Protects Web-Based Applications and Back-End Databases, Common for Cloud Computing

SUNNYVALE, CA--(Marketwire - February 17, 2009) - Fortinet® -- the pioneer and leading provider of unified threat management (UTM) solutions -- today announced the debut of a new web security appliance that provides application and XML firewalling to protect, balance and accelerate web applications, databases and the information exchanged between them. The new FortiWeb-1000B is a mid- to large-enterprise product and is the first in a family of Fortinet web application security appliances.

FortiWeb™ appliances can drastically reduce the deployment time and complexities associated with securing web-based applications, and can also aid companies in meeting regulatory mandates such as PCI-DSS compliance. Together with Fortinet's FortiDB™ database security product, the FortiWeb-1000B forms the basis for a broad protection schema to support the growing prevalence of cloud computing and other enterprise activities that have a need to access confidential and personal data over the Internet or intranets.

Web applications are essentially a public interface to databases storing sensitive information, so the need to secure this interface is as critical as securing the databases themselves. While many web applications today have built-in security protocols, writing secure web application code is difficult and often not the priority of the developer. In addition, there are a number of challenges to securing the code of various web applications: New vulnerabilities, patching schedules, code revisions, code access, vulnerability identification and deployment timelines. The ideal scenario would separate the security of the web application from the application itself to enforce uniform security measures regardless of the level of security built into the web application and provide an umbrella of security protection across a number of web applications.

"With the Internet representing such a preponderance of business interactions today, the opportunities that cyber criminals have to target both the communications and the data it carries is almost limitless without the right precautions in place," Jon Crotty, IDC. "Web and XML applications are de-rigueur requirements for any business that wants to have an online presence -- and that's just about everyone -- so we fully expect web application firewall to burgeon as a business, especially with the growth of SaaS and cloud computing. A product that simplifies and strengthens the implementation of web applications should find strong reception."

FortiWeb At-A-Glance:

The FortiWeb-1000B web security appliance is ideal for medium and large enterprises, ASPs, and Software-as-a-Service/cloud computing providers. Key benefits of the FortiWeb-1000B include the following:

--  Web applications secured - Provides uniform, umbrella approach to
    securing multiple web-based applications with web application and XML
    firewalls, regardless of strength of web application's native security
--  Deployment simplified - Simplifies deployment and management of web
    applications with a central security appliance;
--  Content accelerated - Accelerates web applications through XML/SSL
    offloading with the FortiASIC CP6, shared by Fortinet's FortiGate®
    integrated security product for improved performance;
--  Resources load balanced - Load balances traffic and routes content
    across multiple web servers for improved server resource utilization,
    increased performance and application stability;
--  Compliance achieved - Complies with PCI version 1.2 requirements,
    ensuring that a web-application firewall is in place in front of public-
    facing web applications to detect and prevent web-based attacks.

The FortiWeb-FortiDB Combination

FortiWeb and FortiDB appliances operate independently of one another, but are powerful in a tandem deployment to provide broad data security. In network topography, the FortiWeb appliance sits inline in front of web application servers, while the FortiDB is deployed out of band, automatically monitoring, auditing and scanning databases. Deploying these devices in tandem provides multiple layers of security to prevent numerous types of threats originating from multiple vectors. In addition, compliance with various portions of the PCI-DSS is more easily achieved with the combination of these two products.

"Following the introduction of our FortiDB database security appliance family last year, we are further extending our protection to the web traffic going to and coming from those databases for a more comprehensive approach toward data protection," said Michael Xie, CTO and co-founder, Fortinet. "The expansion of our core FortiGate network security gateways to include data and web application security appliances enables Fortinet to better provide customers a broad solution for protecting networks and applications at the core and perimeter."

Additional information on FortiWeb and other Fortinet products can be accessed at

About Fortinet (

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection -- including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Anti-spam. Fortinet is privately held and based in Sunnyvale, California.

Copyright © 2008 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWeb, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse and FortiDB. Other trademarks belong to their respective owners.

Contact Information