Fortinet, Cato Networks add security for distributed SD-WANs

Fortinet and Cato Networks have added services to their respective cloud-based security platforms to increase protection for traffic flowing from distributed software-defined WANs.

This week, Fortinet updated its FortiOS operating system that underpins the Fortinet Security Fabric, which delivers security services across all points in a network in real time. Cato added risk-based application access control to its secure access service edge (SASE) portfolio.

Fortinet updated the FortiOS to version 7.2. New features include an inline sandbox and an inline cloud access security broker (CASB). Also, an advanced device protection service automatically discovers, segments and enforces policies for IoT devices. Other improvements include intrusion prevention and outbreak detection systems.

When it comes to security, companies want the flexibility of choosing whether to buy it in an appliance, containers, virtualized software or as a cloud service, Fortinet chief marketing officer John Maddison said.

"They want this kind of flexible deployment, but they want all that functionality in the same operating system," he said.

Fortinet has its roots in security but also offers the FortiGate Secure SD-WAN. Cato Networks has grown up from the networking side. The company launched its cloud-based SD-WAN in 2017 but has been building out security services in recent months, introducing a CASB at the end of January.

Cato added risk-based application access control called Cato Single Pass Cloud Engine (SPACE) to its SASE portfolio in the latest announcement. SPACE uses identity, policy and real-time device behavior to control access to applications and access to capabilities within applications.

For example, a company could configure a device to upload to a platform but not download from it -- a level of granularity beyond traditional network access control hardware. Segmenting permissions on a granular level is critical when workers connect insecure home devices to corporate networks.

Both announcements follow the trend of joining networking and security within distributed SD-WAN environments, IDC analyst Chris Rodriguez said. Using many point security products doesn't make sense when dealing with multiple SD-WANs.

"[SD-WAN and security] companies are kind of trying to compete in each other's marketplaces, but at the same time, they're doing that because they sense that these things are becoming more intertwined," Rodriguez said.

Companies should consider whether a vendor's roots were in security or SD-WAN to get some sense of where its service would likely excel, Rodriguez said.

Fortinet's and Cato's latest security services are available at no additional charge to existing FortiOS and Cato Client customers.

Madelaine Millar is a news writer covering network technology at TechTarget. She has previously written about science and technology for MIT's Lincoln Laboratory and the Khoury College of Computer Sciences, as well as covering community news for Boston Globe Media.