In what amounts to an overhaul of the company's security hardware/software strategy, Fortinet (NASDAQ:FTNT) has unveiled its Security Fabric architecture. The architecture, announced through a jargon-heavy press release, aims to integrate local and global threat intelligence with a company's security appliance, as well as segment network traffic into functional security zones (promised to provide better visibility and control for network traffic) and feed security data into a "centralized security policy engine."
All of that can't be done using Fortinet's appliances alone. Thus, the Security Fabric allows security data to be shared between Fortinet and third-party appliances/software via APIs, as well as between various Fortinet hardware and software products. The company claims the solution lets configuration policies be applied to an entire fabric at once, rather than forcing enterprises to configure products individually. VMware (NYSE:VMW) and various other software firms support the Security Fabric; some of Fortinet's hardware rivals could be less keen on partnering.
Fortinet's Security Fabric architecture
Fortinet has also rolled out new high-end security appliances - it now refers to its hardware as next-gen firewalls (NGFWs) in its PRs rather than unified threat management ("UTM") systems - that are powered by a new proprietary ASIC (the FortiASIC CP9). Fortinet's ASICs have often given it a performance edge for high-throughput applications. The company's new 6040E firewall delivers up to 320Gbps of throughput.
To a large extent, the Security Fabric feels like an attempt to better take on fast-growing NGFW leader Palo Alto Networks (NYSE:PANW). Palo Alto trumpets the ability of its hardware to quickly provide advanced classification of network traffic - and with it, better visibility into what users are doing - thanks to the company's proprietary single-pass architecture. Security rules are then enforced for the traffic through an integrated policy engine.
Palo Alto's Single-Pass Architecture for classifying content
Meanwhile, Juniper (NYSE:JNPR) is improving the raw performance of its firewalls. The company has launched a new version of its vSRX virtual firewall (it's sold as a software that runs on third-party servers) that promises up to 100Gbps of performance - Juniper claims it's "the highest performing virtual firewall in the industry." The cSRX, a virtual firewall that runs on containers (increasingly popular lightweight alternatives to server virtual machines) has also been launched; a Juniper exec asserts the product is the first of its kind. In both its enterprise networking and security businesses, Juniper has been fairly willing as of late to support open standards and integrate with third-party hardware, as it tries to gain ground against Cisco (NASDAQ:CSCO) and others.
"A 100 Gbps virtual firewall sounds absolutely ridiculous - in a good way," says an exec at a Juniper reseller. However, he admits Juniper needs to improve its security marketing efforts. "They aren't the one people think of when people think of next generation firewall-type stuff yet… They've definitely got [virtual firewall] throughputs typically beyond what Palo Alto can deliver, so it's a matter of convincing the market that, 'Hey, we're in this space for real and we can do really well with it.'"
Fortinet's billings rose 35% Y/Y in Q4 to $380.9M, and Palo Alto's rose 62% in FQ2 (the company's January quarter) to $459M. Juniper's security sales, under pressure for a long time, rose 20% in Q4 to $116.1M.
Palo Alto still clearly has a lot of momentum - the company's NGFWs are still viewed as the gold standard within the market, and it has done a very good job of developing popular security subscription services that integrate with its hardware. But today's announcements, along with recent moves from other rivals such as Cisco and Check Point (NASDAQ:CHKP), show that the competition is taking the threat posed by Palo Alto's breakneck growth seriously, and coming up with novel ways to stand out.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.
I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it. I have no business relationship with any company whose stock is mentioned in this article.