Last week I met with Fortinet, which announced that its intrusion prevention system (IPS) had been certified as the fastest and with having the leading catch rate in the industry.
FortiGate-3950B was tested using BreakingPoint security-testing products and NSS Labs test-criteria methodology.
It said that two level-four and level-seven tests were conducted, one with IPS optimisation enabled and the other without. The traffic setup was unidirectional and a large number of IP addresses were used on both the client and server sides to provide the most realistic network conditions.
FortiGate-3950B provided a throughput of 16.9Gbps, which Fortinet said is "necessary to deliver the advanced IPS services required to detect and block incoming threats without affecting network performance".
I spoke with Fortinet's Mark Hyland about this and the UTM market, which had been boosted by Dell's acquisition of SonicWALL previously in the week.
He said: “Our partners look at the SME as a window of opportunity. The FortiGate is for mid-market and offers functionality such as a WiFi controller, a VPN and two-factor authentication, but some users don't know about this.
“All of our technology is built in-house. As for the next-generation firewall, we were doing that years ago with our first unified threat management (UTM) system. We have got the fastest firewall in the world and we believe that if you can do fast, you can do more. It comes down to architecture and technology.”
Hyland said its next step is to enhance the capabilities of its firewall for classification of packet data; after all, if it can do things quickly, then it will want to be able to do so capably.
I asked Hyland if he felt that faster meant less secure. He said that with one of the biggest service providers in the world as a customer, he was confident, but the priority was security.
“It is intelligence built into a network, you have got to embed it not just at the core but push it out to the network edge for mobile devices and laptops,” he said.
Many vendors will tell me (and probably you too) that their solution is the fastest, most capable and most secure with the most functions.
Whether you believe them is up to you, but what Fortinet said does make sense. If the throughput is faster, you can analyse more in the same space of time. But the challenge comes if you decide that a 'proper' job takes longer.