SMB Security at Fortinet Accelerate 2024

Apr 17, 2024

In this episode of Powering SMB, hosts Mark Vincent and Sean Washington dive deep into the latest advancements and integrations unveiled at Fortinet’s annual flagship event, Fortinet Accelerate 2024. 

They explore the critical updates to FortiOS, Fortinet’s proprietary operating system, and discuss the new AI-driven capabilities that are setting new standards in network security efficiency and proactive threat management. 

The episode highlights the evolution of Fortinet’s security solutions, focusing on the seamless integration and management of their expansive product suite through the innovative Unified Agent. Mark and Sean break down complex concepts like Zero Trust Network Access (ZTNA) and how Fortinet’s integrated approach simplifies security management across devices and applications, providing robust protection without compromising ease of use. 

Whether you’re a tech enthusiast or an SMB owner striving to enhance your security posture, this episode offers valuable insights into leveraging cutting-edge technology to safeguard your digital assets effectively. Join them as they unpack the potential impacts of these technologies on small and medium businesses navigating the complexities of modern IT landscapes.

 Mark Vincent   0:04
 Good afternoon.
 Good morning.
 I guess it could be good evening too.
 Welcome to another episode of Powering SMB.
 Uh, I’m your host.
 Mark Vincent, along with Sean Washington.

Sean Washington   0:18

Mark Vincent   0:19
 Are you doing today good.

Sean Washington   0:22
 Yeah, not bad.

Mark Vincent   0:23

Sean Washington   0:24
 5th meeting of the day and it’s still nice and fresh.

Mark Vincent   0:29
 Like to hear it today.
 We’re gonna talk about foreign net Excelerate, which was their big trade show event conference that they do every year.
 I was lucky enough to get attend this year and kind of talking about everything. Fortinet in general.
 For those of you who don’t know what Fortinet is, there’s security vendor.
 Really good one.
 They make a whole suite of products and solutions to help keep your networks secure.
 How many objects can I give you?
 A little quiz here, Sean.
 How many different Fortinet products are there?
 Any clue?

Sean Washington   1:06
 Well, you’re trying to make me look smart.
 Our parentally.
 I’m gonna guess there’s probably about 60.

Mark Vincent   1:15
 Wow, OK.
 Yeah, not bad.
 43 is was my count at this at the event they had a nice sort of like partner Pavilion Expo Place where they would show off a lot of their solutions.

Sean Washington   1:20
 OK, cool.

Mark Vincent   1:30
 A good portion of that Hall was their own solutions.
 And they literally would have a number.
 Uh, next to each one of their own solutions, I think I came up with 43 unique products that they sell.
 If it’s something that needs to be secured, these guys seem to have a a solution for it.

Sean Washington   1:49
 So yeah, my, you know, the way that they kind of market themselves is an ecosystem.
 They use the word fabric, so they’re security fabric and they create all these ancillary services to complement what I would say is probably their core business as a next generation firewall.
 And you know, Mark had the pleasure of attending accelerate.
 I did not.
 So this is gonna be kind of me asking questions and understanding the newest changes there because when you build out one of these ecosystems as a software vendor.

Mark Vincent   2:14

Sean Washington   2:24
 It’s constantly evolving and there’s constantly new features or drivers for new features that are coming out, and I think they had some pretty exciting things that they released at this latest event.

Mark Vincent   2:34
 They did.
 They did.
 They had a new version of four to OS, which is their operating system.
 What makes them unique then?
 A lot of other vendors is that they do everything they do in silicon, so as they make changes or add feature sets, it actually becomes a new chip and a new operating system that you know takes advantage of these features.
 Forti OS, I believe, is up to version 7.6, I believe, which was the latest one that was released, had a ton of new features, had some really interesting stuff with AI, which I thought was pretty cool.

Sean Washington   3:03

Mark Vincent   3:13
 Literally on one of the morning sessions.
 Uh, they had, uh, one of their engineers come up and literally had a dialogue with the Fortinet device in natural language, trying to threat, you know, track track, a threat coming through the network, having it do things like search through a log file, looking for specific user, looking for a pattern.
 And once it identified that it kind of broke it into a very easy to understand chain of events.
 And if you would have done those same kind of operations manually, this could have taken let’s say two to three hours worth of investigative work to find all of the information this thing found in what equated to maybe 2 1/2 minute conversation with a computer wild. You know.
 Umm, very very quickly.

Sean Washington   4:07
 Now is that is that something that’s integrated into their kind of sock service or is that in the OS on each device?

Mark Vincent   4:15
 Well, The thing is you have to have the underpinnings and all of their stuff to allow for this.
 So the idea of this latest version of their OS is that they have the APIs, they have the underpinnings, the tools built into the OS to allow these kinds of things to happen.
 I think as the year progresses on, you’re going to see more and more actual practical applications of those underpinnings being sort of put into place.
 The demonstration that they showed on the line was a product called 4 Analyzer and it basically looks at network traffic and and is able to kind of cut it up and slice it and and look at stuff to kind of look for things that maybe are out of the ordinary.
 Umm, it also has.
 Uh, you know, the ability to read log files, so it would go through logs based on the conversation you were having with this AI.
 It would go out and look at the logs that were captured and be able to kind of put together a quick blow by blow of what happened.
 So they were looking for an attacker that was trying to move laterally through a network and they were able to pinpoint exactly when they came in, how they came in, what they were able to try to do.
 Luckily, the solution was robust enough to stop them, but it it it definitely showed that the chain of events which was really, really neat, very cool demonstration of their products.

Sean Washington   5:34
 And I have assumed that probably everyone that’s in this space is going to start integrating more and more quote unquote AI type functionality into their overall platforms.

Mark Vincent   5:45
 Yeah, I would agree.
 I think it’s probably that the next evolution of almost everything that touches us at the moment, right, I think the the key with them is that they, at least they’re forward thinking enough to have, umm, put this in the core part of the OS so that it becomes a feature that can be used throughout their entire ecosystem.
 Like I said, they these guys, the kind of the running joke is if you know anything stands still long enough, they’ll put a Fort, a label on it, right.
 They have Florida cameras, they’ve got Florida AP’s, fordu SWITCHES, forta, firewalls, you name it, everything got forwarded.
 Name to it.
 Umm, what makes it unique about their solution stack is that typically once you’re in there, you were mentioning the term fabric.
 They call everything.
 They’re security fabric.
 Once you add a Fortinet device into their fabric, it’s manageable from a single pane of glass O you can see you know you’re switch ports.
 You can see your apps, you can see your firewall rules all from the same screen, and you can even set up all your rules to make the interconnected in a much simpler fashion than you would if you had, you know, different vendors for different pieces of all this stuff.
 Pretty amazing.

Sean Washington   6:58
 And I think one thing they’ve really been talking about is this unified agent, let’s say, that’s probably the next biggest milestone.

Mark Vincent   7:06
 Yeah, that was the other.
 That was the other announcement there for sure was the unified agent.
 And what when I say unified agent like, you know typically let’s say you were the firewall vendor and you’re going to download a VPN client, right.
 Uh, that VPN client?
 Sole purpose in life is to just be a VPN client.
 It’s going to get you into the network 4 Dynet has kind of changed the way that they’re thinking on how they deploy their and and user component, right.
 So anything that touches the edge, that complete edge the the end users machine, they have a four to client that for a client what you know for most folks is just gonna be a VPN client, but it could also be your antivirus.
 It could be your ZTNA client.
 It could be a bunch of other things, all deployed from one singular application.
 So when you’re talking about security in the future especially, I really love the idea of these kind of concepts where you have a BYOD network, right?
 You’re bringing in your own device to connect into a corporate network with one single install.
 You can handle all of the endpoint protection that you need if you don’t have to install 12 different products for Anet client.
 If it’s licensed correctly, can do everything you never want with one piece of software.
 It’s pretty cool.

Sean Washington   8:23
 So we we actually were just having a conversation with one of our clients, consulting with them on how to grow their business.
 And this exact topic just came up.
 So I kind of wanted to dive down that rabbit hole a little bit more with Demark and understand this concept of BYOD or bring your own device is pretty prevalent in the concept of working from home or this hybrid work from home environment.

Mark Vincent   8:37
 Sure, the.

Sean Washington   8:49
 And this is a way to kind of not install or manage controls or at least administer a device, but at least be able to manage the network security controls at the application layer.
 I don’t.
 Maybe you can explain that better of exactly how this modern IT would work as juxtaposed with Fortinet solutions.

Mark Vincent   9:04
 I like the idea of this one.
 I’ll lot imagine a scenario where you’re a small business and you’re needing to procure laptops for your employees, or you don’t want to necessarily deal with the burden of managing an inventory.
 See a lot of folks nowadays that are like, hey, instead of me going out and buying a laptop for my employee, I’d prefer to see if I can give them a stipend.
 I give them a certain amount of money that they can spend on a laptop of their choice.
 They can get what they’re comfortable with, what they like to use, but you also want to make sure that that device is secured when it’s talking to your network.
 The four client the way that it’s built now supports what they call ZTNA.
 So every time a person launches an application on that device with that client on it, it’s looking at the the application itself.
 Is this application secure?
 Is it needing any patching?
 Is there anything that could be a potential problem for me to launch this out?
 The passes that check, then it looks at the network around it says hey.
 Is there anything squirrely going on here now that looks great, passes the next test, then it connects to corporate network only gets the information that it’s specific to that application, and even once you’re logged in, it’s continually looking at the connection between that application and the outside service that it’s using, validating that nothing has changed in the interim?
 Umm, all of this is happening in real time without any end user intervention whatsoever, which is the cool part about it.
 So there’s no, you know, jumping through a bunch of different hoops to make this magic happen.
 It just happens by default when this client is properly set U with this technology.

Sean Washington   11:00
 One time someone tried to easily explain ZTNA to me because this is a pretty pretty challenging concept for someone who’s not technical and the explanation was well, you can have the same controls at your Home Office that you would in the actual corporate office with the firewall.

Mark Vincent   11:21
 Correct any application, whether it be physical app or even SAS a you can control where they access it, how they access it, what device they access it from, as long as you’re using that client to make that connection, and you have the back end built out that way, it’s really pretty awesome.
 It gives you a bunch of creative control over what devices you allow into your network and how you allow access with those devices.
 Adam level that just before, you know, has never heard of.
 It’s really at the application layer versus anything else.
 It’s not at the network layer.
 It’s literally at the app, which is pretty awesome, and honestly, in a world where SAS becomes almost like 75% of the workload being used by most companies nowadays, it it makes a lot of sense that this would be the direction of a lot of people are going in.

Sean Washington   12:18
 There, if we’re going to explain this type of valuable solution to a small business or medium sized business that may not have any of these types of controls in place and they’re embracing a work from home environment.
 What is the value like?
 How do you talk to someone and say, do we want to have full control over your applications while people work from home?
 Because this is going to protect you from something like how?
 What is the best way to kind of educate someone on that?

Mark Vincent   12:46
 I think that the best way to educate them that way is to explain that this is probably the most.
 How can I put this in a in a way that makes the most sense it non obtrusive way of being able to access data without or access applications without necessarily impeding on the rights of other people if that makes sense.

Sean Washington   13:13

Mark Vincent   13:13
 My pause for one second.
 A problem we have a plan to possibly the, but the thing needed.
 And we’re back in five.
 Are you are you good with you?
 Remember where we’re at?

Sean Washington   13:45

Mark Vincent   13:47
 Alright good 54321.

Sean Washington   13:56
 Protecting privacy are for the interruption, protecting privacy from the perspective of using SaaS applications.
 So we can monitor the efficacy of those applications, security of those applications, but not necessarily intrude on any specific personal information that might be on those machines.

Mark Vincent   14:18
 Yep, Yep.
 You’re not peering into it.
 You’re literally looking at at a transactional level.
 That’s maybe the easiest way which it would have come with that in a minute ago, but that yes, you’re looking at it purely transactional level at an application layer if that sounds hopefully that is not too technical, but if you launch an app every time you launch an app, every time you run a web page, a webbed SAS app, it’s going to evaluate again who you are, where you’re coming from.
 The local machine in the state of that machine and the state of the connection that you’re connecting to.
 If all of these magical items all say, hey, this is great, it’s gonna allow that traffic to come through.
 If it doesn’t like something in the middle, it’s going to quarantine and throw you off the corner and say, hey, you need to resolve this, this and this before we can allow access because we feel like something here is insecure.

Sean Washington   15:10
 And I think another.

Mark Vincent   15:10
 So pretty awesome.

Sean Washington   15:12
 Yeah, and it doesn’t impact the performance.
 I’m assuming completely transparent to the end user.

Mark Vincent   15:17
 No, no, no.
 The user has no idea all the stuff is going on.
 To see a demo of it is pretty awesome.
 I highly recommend it.
 I mean it it does.
 You know like like 1 transaction was watching somebody using business app when I was at accelerate, they were sort of explaining ZTNA to the crowd and how it works.
 This person would launch this application and it did about 35 to 40 things to validate.
 The security of that entire transaction before you know it would allow everything to pull flow through, but it did all this in the background in a matter of a subsecond.
 So you don’t know that it’s happening, but it’s nice to know that it’s being done right.

Sean Washington   16:00
 Yeah, that is definitely pretty cool.

Mark Vincent   16:02

Sean Washington   16:02
 My understanding is this also helps people enforce policy for multi factor and single sign on.
 So it kind of a force people to be on a VPN.

Mark Vincent   16:13
 Absolutely yes.

Sean Washington   16:14
 It’s a facilitator of that.

Mark Vincent   16:16
 If you thought of if you thought of that client being the gateway for everything, right, and you could enable SSO on all of your applications to use the same SSO provider.
 In theory you go through this client, you log in with your credentials and your two Efe.
 Anything beyond that, you know you’re golden, you know, and you can set how often you’re being prompted for that 2FA transaction.
 If there’s something that’s really highly regulated or critical and you wanna make sure that you know after two hours even, like if you’re on the thing for an hour, if it’s beyond that, hey, I want you to validate you are who you say are.
 Again, you could set that all of that is very variable based on the business application and need, but yeah, it is nice that you can use this product as your central login for pretty much everything and that one secure connection will get you everywhere you want to go.

Sean Washington   17:11
 And then of course you can integrate it to things like Okta or Citrix or Parallels where these digital workspace type solutions.

Mark Vincent   17:17
 Ohh yeah and yeah, and that’s the beauty.
 That’s the cell, right?
 Once you have the SSO provider and you have that, what they call the source of all truths, right?
 It is the the master that says my credentials are the credentials.
 We don’t care about anybody else’s.
 These are the ones that matter.
 Once those that has been defined, there’s pretty much almost every app on the Sun now will support that same methodology.
 Say hey, I’m going to use these existing credentials you already have to validate you are who you say you are, and to allow that transaction to flow through.

Sean Washington   17:48
 Yeah, very cool.
 It’s also very complicated and hard to understand, but.

Mark Vincent   17:49
 You know there, I’m afraid.
 You you are a little bit correct there.
 I mean it’s it’s not something that a lot of folks could probably implement on their own, but that’s why there are guys like us to help, right?
 That’s the whole reason we’re here is to help put solutions like that together for folks that need it.

Sean Washington   18:13
 Now, I believe that everything we’ve talked about so far is about using Fortinet’s fabric to implement best practices and prevent any sort of threats.
 Right now they also have some tools.
 Newer things that they’re developing, I mean they’ve had them for a while.
 Umm they can integrate with this for a client to be more on the reactive side, uncovering threats in the network and mitigating those too.
 I’m talking about their EDR type solutions.
 These are those also integrated into this client.

Mark Vincent   18:50
 They are.
 They are.
 So basically they have all the threat controls integrated in everything.
 Everything that you’d ever wanna do on an endpoint is part of that client.
 Now, as of the latest releases so that you don’t need to install 50 different pieces of software, you install one client and all of that stuff is technically sitting there in lying in wait.
 Depending on how you have it licensed, different features we’ll take into effect, but from an EDR standpoint, you’re talking about detection response.
 They can see on the endpoint if you’ve been compromised or you’ve been attempted to be compromised.
 That can trickle through that entire fabric, where they can say, hey, I see that, you know John Doe over here, he downloaded an application once we ran it through the virus system, we can see that this is going to be a problem.
 It’s going to quarantine him off and make sure that that doesn’t get any further on the network.
 If they have something that maybe came in from a third party that was non umm Fortinet, but somehow follows it finds its well into the Fortinet ecosystem because of all these devices.
 Again, talk once it’s been established, they can help follow the the flow of all of that.
 Umm, back and forth to be able to to validate that you know this is this is a threat that needs to be handled.

Sean Washington   20:14

Mark Vincent   20:14
 Osborn, thought there for a SEC, but yeah, essentially it it works that way.
 Altogether, having the client a single client is a pretty awesome thing.

Sean Washington   20:26
 What you used to administer, I’m sure too.

Mark Vincent   20:29
 Imagine a scenario where you’ve got a bad actor, say an employee, that goes rogue and he wants to take a bunch of company data with him.
 Or maybe some financial information if you have.
 They have a technology called casby that looks at this sort of thing, right?
 I said, oh, these numbers that you’re pushing trying to upload here are bank account information.
 You know you can stop them at the gate, and since if you have everything on the same fabric, the 2nd that transaction tries to go through now is going to kill us Endpoint, but it’s going to cost his Endpoint not to be able to connect to the AP on the network.
 Make me shut is network port off on the switch, you know, puts them in a in a in a, A.
 Basically a disallowed state at the firewall level says you can’t.
 This user in particular this device, this person does not only have access until this particular issue is resolved.
 They have EDR then same thing the team over it for a net has a knock.
 They’ve got a network operations center of folks that are there 24 hours, 365 days a year looking for these kinds of events.
 And when they see them pop up, then they notify the end user or the organization they this is a problem you need to look at right away and they can give you the breakdown of, you know, transactionally speaking what happened that caused that state to happen.

Sean Washington   21:46
 Yeah, it’s really cool.

Mark Vincent   21:47

Sean Washington   21:47
 So it’s it sounds like this unified client basically has a good number of the products we were incorporating into those 43.

Mark Vincent   21:57
 It’s yes, it does.

Sean Washington   21:57
 Are all right in that client?

Mark Vincent   21:59
 Well, yeah.
 I mean there there’s underpinnings that allow access within those to the client.
 It’s not necessarily the client.
 Those 43 products are built into it, but that client knows how to interact with those other Fortinet services in a way that’s much more tightly integrated than say, you know, five different vendors, products, you’re all trying to put together to make something work.

Sean Washington   22:23
 Yeah, it’s definitely nice to bed.
 Just deal with the single vendor.

Mark Vincent   22:27
 Yeah, for sure for sure.
 I mean, if I were a net new business right now and I were setting up a brand new company from scratch, I would definitely try to keep as much of that new infrastructure in Fortinet fabric.
 If I have to buy a new equipment anyways, why not have everything that can talk to one another on a level that you’re not gonna get anywhere else, right?

Sean Washington   22:50

Mark Vincent   22:52

Sean Washington   22:54
 Some of the other things I see in some of the features here are kind of protecting Internet of Things.

Mark Vincent   22:54
 That was.
 Yes, they have a full IoT package that can look at different devices and different level.
 A lot of times these devices don’t have, umm, the ability to log into them or they don’t have an easy way of dealing with them right?
 They could be things in your house that you’re not aware of or things in your office building you’re not aware of that are just small little Internet devices that do something special, not like a camera.

Sean Washington   23:22
 Like a camera.

Mark Vincent   23:24
 Exactly like a camera, like a light switch control lot of controls.
 Have basically a little micro computers in them.
 They have an IoT module now that looks at all of these devices as it’s going through fabric on your network, either via Wi-Fi or via the switch.
 It will keep track of all these devices that are on there and then they have a database that they’re constantly running threats, threats against to validate that those pieces of equipment are good.
 If they find that like a camera, let’s say has a firmware version that has been known to be used by hackers, they will identify that on the network and they’ll quarantine that device until you patch the firmware on it.
 They’ll give you instructions on how to do that, so I watched a live demonstration of that was super cool at the.

Sean Washington   24:11
 That is very interesting.

Mark Vincent   24:13
 Yeah, because there’s a lot of people don’t think about that sort of thing.

Sean Washington   24:15
 Yeah, I’m gonna say it must be overlooked.

Mark Vincent   24:15
 You know you’ve got all these things in your house.
 I know in my own home I have a million light switches and thermostats and cameras and everything else, and you kind of just in some ways take take it for granted that that stuff is patched.
 But nine times out of 10, it probably isn’t, you know, umm and this kind of gives you that feeling.

Sean Washington   24:34

Mark Vincent   24:37
 Maybe even had stuff which is not for really.
 I say it’s not really a small business thing.
 Maybe it could be in some cases, but they have controls now for looking at even chips within a network device or a device that’s like a manufacturing type of situation where they can tell you, OK, this water pump for you know it’s going to pump water for 50,000 homes on wider district uses a specific type of firmware chip that we’ve known that can be hacked and addressed.
 And you may not be able to solve a solution for that other than coordinating and and sort of keeping that Device separate, or air gapped in some kind of way virtually away from everything else, but it has the ability to identify that.
 I never even quite honestly have ever thought of anything at that level, and it was.
 Siemens had a booth there and they’re talking about these giant industrial like factories and being able to look at components inside those factories because, you know, you see it on the news nowadays, these terrorist organization, state sponsored terrorism, they’re trying to take out people’s infrastructure as part of their game plan.
 And Fortinet’s working with people that are at that level of the these big manufacturing to be actually to try to stop that as well.
 Umm, wild stuff.

Sean Washington   26:09
 Yeah. It’s amazing.

Mark Vincent   26:11

Sean Washington   26:11
 You’re gonna be a cybersecurity company.
 You gotta start thinking of it all, I guess.

Mark Vincent   26:16
 I mean, there’s so many different ways that people are trying to gain access to systems nowadays that I would have never even thought.
 Years ago would have been a thing, but apparently you know, there’s a lot of smart folks out there that thought things that we never have.

Sean Washington   26:30
 Oh yeah.

Mark Vincent   26:31
 It helps to have us.
 You really need a security vendor in it.
 You know, it’s got you back that way for sure.

Sean Washington   26:39
 Any other specific feedback from the event?
 Anything glaringly important?
 I mean, we’ve touched on a lot of really interesting technical features.

Mark Vincent   26:47
 Those were the big three, I think.
 Really it’s it’s that that unified client is the newer version of the OS.
 Obviously there are.
 Are they always talk about the chip cycle, right?
 So every year, two years they come up with a new physical chip that is like literally twice as fast as last year’s model.
 They didn’t stop there.
 Again, they had that as well.
 I think previous to this event it was they do them by letter so you know if you bought a 90 have firewall let’s say as an example right as of the last month, if you’re buying a new version they have new new chips inside of.
 Now they’re the 90G speed wise, the G is probably 2X faster than the F, which is nuts, but that’s just the world we live in, right?
 Every couple months, every year or two, they come out with a better model.
 They’ve really been kind of interesting on how they go about it because they really do their own hardware software.
 So it’s much tighter integrated and it’s a lot faster as a result, they’re able to do stuff transactionally speaking, light years better than a lot of their competitors. That way.
 Umm, that was really the only other take away.
 I think I got out of it.
 It’s it’s the client.
 It’s the newer OS, it’s some of the ZTNA stuff and some of the AI stuff they’re doing with the big takeaways from there.
 Umm, you know a month from now this will be old hat and they’ll be 50 new announcements from them.
 They’re pretty fast moving company and they’ve got a lot of products, but it was a good show nonetheless.
 We enjoyed it.
 I was there with about uh, I don’t know, maybe 20 customers, clients and some others Integra staff members there that were actually there doing more important things than I was doing on the networking side.
 Umm I was more the executive tagging along versus some of our network engineers that were actually there to get training and certifications done.
 Why there as well?
 That’s a big part of that show is they have people that come in and you can take your tests and get certified on the latest products and all that.
 So a lot of our folks were there doing this well.

Sean Washington   28:55
 Sounds exciting.

Mark Vincent   28:56
 Yeah, it was good.
 You know, it is a conference season, so I’m actually have a couple of podcasts coming out over the next couple weeks that will go over whatever the latest greatest come out of this New Year’s conference season.
 So this was number one.

Sean Washington   29:12
 Well, excellent.

Mark Vincent   29:13
 Well, thank you for your time.
 As always, my friend, if uh, you know, hopefully you guys got some good information out of this and you know, we’ll see you next time.

Sean Washington   29:23
 Thanks for listening.
 This has been powering SMB, so you guys next time.

Mark Vincent   29:24
 Alright, thanks everyone.
 I guess about.
 Thank you.

Chase Newmyer stopped transcription