Fortinet Releases New AV Engine Clean of Trend Micro Technology

Summary

Event Summary

October 24, 2005 Fortinet, the provider of ASIC-accelerated, network-based multi-threat security systems for real-time network protection, announced a groundbreaking new technology that increases protection against damaging Zero-Day virus attacks and raises the bar on security system performance.

Analytical Summary

• Current Perspective: Positive on Fortinets new anti-virus technology within the firmware used on its flagship security appliance FortiGate, which promises enhanced multi-layered AV detection capabilities and significantly improved performance and throughput. The company is hoping the new release will erase the cloud of uncertainty customers have had over the past years Trend Micro patent battle.
• Vendor Importance: High to Fortinet which clearly needed to demonstrate that its product could stand on its own without using any part of Trend Micros AV technology.
• Market Impact: Moderate on the all-in-one appliance space where Fortinet is considered a leading player with its FortiGate security appliance in terms of price and performance. Fortinets use of third-party testing (ICSA) helps validate its enhanced performance claims and instill customer confidence in the new product.

Perspective

Current Perspective Positive

We are taking a positive stance on Fortinets newest release of its security appliance which includes multi-layered detection including traditional signatures and a hot list that looks for variations of new threats; as well as a welcome performance increase resulting from object-oriented processing.

Fortinet has revamped its anti-virus engine via an update of its firmware called Fortinet FortiOS v2.8 MR11 used on the FortiGate security appliances, which now uses dual-pass scanning techniques that improves AV security as well as overall product performance. The company has augmented its real-time processing technology to now include streaming capabilities under the new anti-virus engine, scanning against not only traditional signatures but also scanning all content against a new hot list of what the company deems 10 to 20 of the most active viruses and worms in order to catch any variation of a threat, based on information Fortinet collects from customers and honeypots scattered throughout the world.

Fortinet has solicited the help of ICSA labs to validate its new architecture and performance. ICSSA has demonstrated that the new anti-virus engine and software enhancements have resulted in a 110% performance increase over the previous version during tests of the FortiGate product. These results stem from Fortinets method in which traffic is processed, analyzed, buffered, and stored, using an object-oriented approach. Fortinet now scans e-mails as objects, rather than waiting for the entire message to be buffered before performing a scan. As expected, the new release now completely avoids use of Trend Micros patent (600 Patent), which has been the subject of an ongoing International Trade Commission investigation, resulting in disruption to Fortinets sales of its flagship FortiGate product in the U.S. Despite the companys recent legal wrangling, Fortinet channel partners have not lost hope in the upstart and still consider it a leader in the UTM space in terms of price and performance. Competitors are still playing catch-up to Fortinet in some areas; for example, in the companys ability to provide a quarantine capability. The FortiGate solution rivals the best multi-service devices in the advanced firewall/VPN market with anti-virus, firewall, VPN, SSL VPN, content filtering, QoS, bandwidth shaping, anti-spyware, and anti-spam capabilities, plus a full services offering to ensure up-to-date definitions for signature-based features.

While Fortinet is considered a leader in the UTM space with its FortiGate product, there have been concerns over the products performance and throughput in the past, with some customers feeling the company has been overly optimistic about its past performance claims. It is encouraging, however, that Fortinet has called on a third party review of the products performance and customers should experience the same results as ICSA Labs. Further, Fortinet has been under a dark cloud caused by patent litigation with Trend Micro. There is a great deal of confusion in the industry over the details of the patent infringement, with some still hoping for some sort of AV licensing agreement to be signed between the two companies. Finally, down the road the company faces increased competition from Check Point, which recently purchased Sourcefire for its Intrusion Prevention System technology. While Check Point initially faces a daunting integration project, the merged companies have the potential to offer a compelling UTM solution which threatens competitors such as Fortinet.

Positives and Concerns

Competitive Positives

• Fortinet has revamped its anti-virus engine via an update of its firmware called Fortinet FortiOS v2.8 MR11 used on the FortiGate security appliances, which now uses dual-pass scanning techniques that improve AV security as well as overall product performance. The company has augmented its real-time processing technology to now include streaming capabilities under the new anti-virus engine, scanning against not only traditional signatures but a new hot list of what the company deems 10 to 20 of the most active viruses and worms in order to catch any variation of a threat, based on information Fortinet collects from customers.
• Fortinet has solicited the help of ICSA labs which concludes the new anti-virus engine and software enhancements have resulted in a 110% performance increase over the previous version during tests of the FortiGate product. These results stem from Fortinets method in which traffic is processed, analyzed, buffered, and stored, using an object-oriented approach. Fortinet now scans e-mails as objects, rather than waiting for the entire message to be buffered before performing a scan.
• The new release now completely avoids use of Trend Micros patent (600 Patent), which has been the subject of an ongoing International Trade Commission investigation, resulting in disruption to Fortinets sales of its flagship FortiGate product in the U.S.
• Despite the companys recent legal wrangling, Fortinet channel partners have not lost hope in the upstart and still consider it a leader in the UTM space in terms of price and performance. Competitors are still playing catch-up to Fortinet in some areas, for example, in the companys ability to provide a quarantine capability. The FortiGate solution rivals the best multi-service devices in the advanced firewall/VPN market with anti-virus, firewall, VPN, SSL VPN, content filtering, QoS, bandwidth shaping, anti-spyware, and anti-spam capabilities, plus a full services offering to ensure up-to-date definitions for signature-based features.

Competitive Concerns

• While Fortinet is considered a leader in the UTM space with its FortiGate product, there has been some concern over the products performance and throughput, with some customers feeling the company has been optimistic in its past performance claims. It is encouraging, however, that Fortinet has called on a third-party review of the products performance and customers should experience the same results as ICSA Labs.
• Fortinet has been under a dark cloud caused by patent litigation with Trend Micro. There is a great deal of confusion in the industry over the details of the patent infringement, with some still hoping for some sort of AV licensing agreement to be signed between the two companies.
• Down the road, the company faces increased competition by Check Point which recently purchased Sourcefire for its Intrusion Prevention System technology. While Check Point initially faces a daunting integration project, the merged companies have the potential to offer a compelling UTM solution which threatens competitors such as Fortinet.