Fortinet adds new security, management features to its SASE platform

Fortinet has added features that broaden the range of management and security tools for its secure access service edge (SASE) package.

The company has exanded its Secure Private Access offering that ties SASE resources together with SD-WAN-based applications through a Fortinet SD-WAN hub located in a nearby point-of-presence (PoP). The idea is to support larger hybrid environments and simplify anywhere access to corporate applications, said Nirav Shah, vice president of products with Fortinet.

“We can now let customers connect to multiple hubs and provide the app steering and health checking and security across all of those networks,” he said. 

Fortinet’s FortiSASE platform includes SD-WAN, secure web gateway, firewall as a service, CASB and zero-trust network access all running on top of its FortiOS operating system.

The driving idea with FortiSASE and these new features, are available now, is to support and secure remote users located anywhere with the most in-office experience possible, Shah said.

Another new feature, Secure Internet Access, lets customers assign their IP addresses to SASE-based resources. Until now these addresses were assigned automatically. “There are a number of use cases, such as legacy applications for example, where it matters how the user is going to those applications and what kind of access is given, and now we are giving customers the flexibility of choosing how they want to use the IP addresses of those applications,” Shah said. 

Another new feature improves secure access to SaaS-based applications in shared or multitenant access environments. Called Secure SaaS Access, it provides multitenant users better control access to specific cloud-based resources via Fortinet’s cloud access security broker (CASB) and with newly added tenant information. Fortinet supports dual-mode, inline, and API-based CASB capabilities.

“For example, Google and Google Cloud have many sub-applications such as Google Drive Gmail, so when the traffic comes into our SASE PoP, in addition to our application-based security and control, we use our URL-based CASB. Now we also use a URL-based CASB where we can insert the HTTP header with the tenant ID information and provide them that specific access to certain resources.”

The new features should strengthen Fortinet’s standing in the developing integrated, single-vendor SASE market that includes Cisco, Cato, Palo Alto, Versa, and VMware.  

“Demand for single-vendor SASE tends to come from: smaller enterprises that don’t have strongly siloed network and security teams and don’t require best of breed across all capabilities, and from architecture teams in large global multinationals,” Gartner stated in a recent report on single vendor SASE offerings.