40Minutes to Grow your business

with FortiSASE
Q4 2022
History
Enterprise Network Security
As it was

• Perimeter based

The Internet • Trust-Untrust network model

• IP and User authentication

MPLS VPN VPN

HQ / DC Branch SOHO Roaming

User

© Fortinet Inc. All Rights Reserved. 3

Enterprise Network Security
With the birth of Cloud Applications

The Internet SaaS IaaS

Apps
• A single point of access
for the cloud

• «Consistent» security
policy
Cloud Proxy (SWG)

• Users, networks and

devices

MPLS VPN VPN

HQ / DC Branch SOHO Roaming

User

© Fortinet Inc. All Rights Reserved. 4

Enterprise Network Security
With Sdwan and beyond MPLS

The Internet SaaS IaaS

• SDWan for the network

Apps

• SWG for the cloud

• CASB, DLP add-ons

Cloud Proxy (SWG)

• = SASE

SDWan SDWan SSL VPN

HQ Branch SOHO Roaming

User

© Fortinet Inc. All Rights Reserved. 5

Enterprise Network Security
It does look great BUT now…

I need to build my Who is monitoring ? How does How about my

network connectivity What SLA ? Authentication really remote office in…?
with 3rd party devices work for my Users (Digital Divide)
and devices ?

Does cloud-only Consistent policy How many

really work in all On-Net / Off-Net ? agents on the
environments? user’s laptop?
Local segmentations?

© Fortinet Inc. All Rights Reserved. 6

Vision
 Web is Top Attack Vector
Hybrid Workforce is the New Norm
“Web continues to be one of the top attack vector.
“Remote/hybrid work is here to stay. Survey data shows 2022 Verizon Data Breach Report indicates 90% of
that 80% of workers continue to adopt hybrid workstyle breaches use web applications.”
Gartner, Chaing IT practices for remote work-force , August 2022 2022 Verizon Data Breach Report

TRENDS

Aging VPN Deployments Growing Shadow IT Presence

“VPN deployments must move away from implicit access to “91% of organizations report that biggest surprises to
improve security posture.” cloud adoption are Lack of visibility and not enough
Gartner, Remote Access Options for Enterprise Endpoint – April 2022 having control .”
2022 Cloud Security Report; Cybersecurity Insiders

© Fortinet Inc. All Rights Reserved. 8

Fortinet Technology Vision
Consistent Security Everywhere
Control and Protect
Everyone and Everything
on or off the Network
Speed Counter
Secure Any Application
Speed Operations, with Threats, with
AI-powered Automation Journey on Any Cloud
Coordinated Protection

Users connect
from many
locations

Apps & data

Resources Everywhere
live in many
Entities Anywhere

locations

Everything needs
to be secure &
compliant

Building block
service creation

Users & Devices Networks Applications

© Fortinet Inc. All Rights Reserved. 9

Convergence of On-Prem and Remote Users Network

Single-vendor
SASE Benefits

Single-vendor • Reduced complexity

On-prem SASE Remote Users eliminating multiple products
NGFW Simplicity Cloud-Delivered
• Efficient operations
SD-WAN Consistent Security Security
Better User Experience with single agent
• Cost savings from product
and vendor reduction

© Fortinet Inc. All Rights Reserved. 10

FortiSASE: Cloud-Delivered Security & Networking

Remote Users Consistent FortiOS with AI/ML Powered Security

Internet

SaaS

SWG FWaaS ZTNA CASB SD-WAN

Public Cloud
Cloud-Delivered Security (SSE) SD-WAN
Work-from-home
users

Data Center
Fortinet Single-Vendor SASE Approach

Secure Hybrid Workforce with Superior User Experience with Shift from CAPEX to OPEX
Consistent Security Operational Efficiency Based model

© Fortinet Inc. All Rights Reserved. 11

Solving Challenges
Solving Challenges

I need to build my Who is monitoring ?

network connectivity What SLA ?
with 3rd party devices

© Fortinet Inc. All Rights Reserved. 13

Cloud-delivered SD-WAN Integration With SSE
Data Center

Public
Cloud Apps
SD-WAN Private Access
SD-WAN Hub
SD-WAN Hub
Augment to existing SD-WAN

FortiSASE
Intelligent routing & steering
User Telemetry

Broader app support (UDP-based

VoIP, video, UC)

Remote
© Fortinet Inc. All Rights Reserved. 14
Secure Private Access With SD-WAN/NGFW Networks

CAPABILITIES

• Dual SD-WAN Hub Connectivity

• Intelligent Steering
• Dynamic Routing

BENEFIT

• Broader application access

including UDP(VOIP/Video)
• Superior User Experience
• Seamless connectivity
without infra upgrades

© Fortinet Inc. All Rights Reserved. 15

Secure Private Access With SD-WAN/NGFW Networks

CAPABILITIES

• Telemetry based Access

• Per App / Per user / Trust level
access

BENEFIT

• Consistent Remote access

• Private and Public
• Seamless connectivity
without infra upgrades

© Fortinet Inc. All Rights Reserved. 16

Solving Challenges

How does How about my

Authentication really remote office in…?
work for my Users (Digital Divide)
and devices ?

Does cloud-only
really work in all
environments?
Local segmentations?

© Fortinet Inc. All Rights Reserved. 17

Secure Private Access With Natively Integrated ZTNA

Data Center

Public Enabling Universal ZTNA

Cloud Apps

ZTNA App
ZTNA App Gateway
Gateway Cloud provisioned ZTNA connections

Device attributes, user info, security

posture based security
FortiSASE

Granular per-session posture checks

User Telemetry

Continuous posture re-assessment

Remote © Fortinet Inc. All Rights Reserved. 18

 ZTNA Secure Application Access
5. Upon ZTNA
verification User is
user/device posture
granted access to the
requested application
over an encrypted
session
SaaS 2. FortSASE centrally
4. FortSASE centrally Multi Factor Authentication
orchestrates
authenticates users Zero Trust
Access GW Access Policies and
Fortinet Cloud against Customer ADs
telemetry
with optional MFA between all
1. Fortinet access
Access GWs and users
GWs are deployed
as close to the apps
as possible user/device posture

FortiSASE
Controller
Cloud Adoption

IaaS /PaaS Apps

FGT
Access GW
Public Cloud

user/device posture

3. Fortinet ZTNA
App2 agent continuously
On-Prem sends telemetry
user/device posture info to FortiSASE
App1 Access GW
On-prem

User Traffic User

Control /Orchestration FCT ZTNA agent

© Fortinet Inc. All Rights Reserved. 19

 Fortinet Next Generation CASB

API BASED NEXT GENERATION CASB INLINE CASB

Agentless
deployment Part of SASE
Solution
Data Security Visibility
Integration with
Applications using
API Connector
Managed & Unmanaged location
with the help of FortiClient

Threat Dual Mode Compliances

Part of SASE Licensing Protection
CASB FortiClient performs posture
Visibility to BYOD / assessment, visibility and
Unmanaged location & protection for cloud applications
devices

Visibility & Compliance Visibility & Remediation

© Fortinet Inc. All Rights Reserved. 20

Solving Challenges

Consistent policy How many

On-Net / Off-Net ? agents on the
user’s laptop?

© Fortinet Inc. All Rights Reserved. 21

FortiClient USP
Version 7 offers unique advantages

Customization Automation Migration Integration

• Possibility to combine • Automated provisioning • Can offer a hybrid • Seamless integration

ZTNA and Endpoint SSLVPN + ZTNA with SASE to protect
• Automated ZTNA
Management approach to provide a remote endpoints
encryption (no button
• Selectively include all smooth migration at the and enforce ZTNA
for user to click)
Endpoint security pace of the Customer for SaaS apps
functions • For example, may use
ZTNA for subset of
apps, and SASE
for others

© Fortinet Inc. All Rights Reserved. 22

EMS Embedded in SASE

CAPABILITIES

• Client Management
• Network and Client Sandboxing
• Zero Trust Tags

BENEFIT

• Consistent Policies
• Cloud Provisioned

© Fortinet Inc. All Rights Reserved. 23

Competitive and Conclusions
The Fortinet Advantage
Fast, secure and scalable security for the hybrid workforce

Secure Scalable

Users High performance

• Single Agent for multiple use cases Endpoints Low Latency

Applications Global Peering
• Deployment simplification with SD-WAN integration
• Best-in-class security everywhere
• Simple Management & Licensing
Simple
Integration
Management
Troubleshooting

© Fortinet Inc. All Rights Reserved. 25

Competitive Landscape
Prisma Access
• Separate agents (Global Protect & Cortex XDR) required for endpoint
security and traffic redirection
• Lacks secure automatic tunnel functionality for ZTNA private application
access
• 3x longer time to value than FortiSASE
• All security services are not available at each
Prisma Access compute locations
Netskope
• Cloud Firewall inspection limited for web traffic ONLY
• Netskope client-connector is a mere traffic redirection
agent and doesn’t offer end point protection
• Limited ZTNA posture and compliance checks for secure
private application access
• Need 3rd party partnership for SD-WAN (Infiot acquisition not mature )
Zscaler
• Low security efficacy; lacks 3rd party validation
• Traffic redirection agent cannot function as EPP;
need partnership with other vendors for endpoint security and SD-WAN
• App connector performance limited to 1Gbps
• 2x longer time to value than FortiSASE
Cato Networks
• Relies on 3rd party security services including URL filtering,
advanced threat protection
• Need partnership with other vendors for endpoint security
• Security efficacy not validated by 3rd party
• Primarily positioned from Mid-Market and sown market only
© Fortinet Inc. All Rights Reserved. 26