Fortinet says it’s all about the security ASICs

Xie claims his custom chips lower infosec computing costs by up to 10x


As security and networking converge, Fortinet CEO Ken Xie believes the company he co-founded will win this particular $200bn market with its custom application-specific ICs, or ASIC chips.

"On day one, 22 years ago, we leveraged ASIC technology to lower computing costs, increase computing power, and also add additional performance and more function," Xie said, speaking at the Morgan Stanley Technology, Media and Telecom conference this week.

Using its custom ASICs to accelerate security and networking tasks lowers customers' security computing costs by as much as 10x compared to using CPUs, he claimed. This becomes even more important as multi-cloud, 5G with 6G on the horizon, and the convergence of IT and operational technology environments expand, while an onslaught of traffic from applications, users, and devices put greater demands on network equipment and defenses.

"The old technology cannot meet all the demand," Xie argued.

Unlike some traditional switches and routers that can't determine context of an application, user, or device, Fortinet's internal segmentation is context aware, he added. "So that's where the ASIC basically does the same as like the GPU, TPU or IPU," Xie said.

This technology segments network and infrastructure assets across multiple clouds and in on-premises data centers, which Xie said better protects customers from ransomware and other threats that spread laterally through networks. Fortinet is not the only designer of network silicon, we must note: it is a competitor within a wide landscape of specialist processing units, including next-gen FPGAs and accelerators attached to host servers.

Essentially, these kinds of chips offload the work of filtering network packets and applying policies from a general-purpose processor, and handle it in dedicated hardware. This can mean more throughput for routing and checking incoming, internal, and outgoing traffic, for one thing.

"If you want to have this zero-trust environment, you have to have network security go inside the company, go inside the data center to handle both the north-south traffic and east-west traffic," Xie continued. "The need is all there. And it all depends on who can solve this issue, increase the speed, because there's almost like a one-to-100 gap."

Fortinet has a 40 percent market share in the network security space, according to Xie. That's larger than its next five closest competitors' shares combined, he claimed. "Last year the whole product revenue grew 47 percent," he said. "And the last quarter, the booking of the product probably grew over 60 percent."

Morgan Stanley has said the actual figure is 37 per cent.

Looking ahead to the rest of the year and beyond, Xie said he expects this network and security convergence to continue to boost Fortinet's growth. 

He cited Gartner and IDC's cloud security market forecasts, and put that market at $20bn over the next four or five years.

"The network security is still two-times to three-times larger, and still a more healthy growth," he said. "Then, if we see the convergence of network and security, for us the total addressable market will be almost $200bn." ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Cisco execs pledge simpler, more integrated networks
    Is this the end of Switchzilla's dashboard creep?

    Cisco Live In his first in-person Cisco Live keynote in two years, CEO Chuck Robbins didn't make any lofty claims about how AI is taking over the network or how the company's latest products would turn networking on its head. Instead, the presentation was all about working with customers to make their lives easier.

    "We need to simplify the things that we do with you. If I think back to eight or ten years ago, I think we've made progress, but we still have more to do," he said, promising to address customers' biggest complaints with the networking giant's various platforms.

    "Everything we find that is inhibiting your experience from being the best that it can be, we're going to tackle," he declared, appealing to customers to share their pain points at the show.

    Continue reading
  • Zero Trust: What does it actually mean – and why would you want it?
    'Narrow and specific access rights after authentication' wasn't catchy enough

    Systems Approach Since publishing our article and video on APIs, I’ve talked with a few people on the API topic, and one aspect that keeps coming up is the importance of security for APIs.

    In particular, I hear the term “zero trust” increasingly being applied to APIs, which led to the idea for this post. At the same time, I’ve also noticed what might be called a zero trust backlash, as it becomes apparent that you can’t wave a zero trust wand and instantly solve all your security concerns.

    Zero trust has been on my radar for almost a decade, as it was part of the environment that enabled network virtualization to take off. We’ve told that story briefly in our SDN book – the rise of microsegmentation as a widespread use-case was arguably the critical step that took network virtualization from a niche technology to the mainstream.

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading
  • This startup says it can glue all your networks together in the cloud
    Or some approximation of that

    Multi-cloud networking startup Alkira has decided it wants to be a network-as-a-service (NaaS) provider with the launch of its cloud area networking platform this week.

    The upstart, founded in 2018, claims this platform lets customers automatically stitch together multiple on-prem datacenters, branches, and cloud workloads at the press of a button.

    The subscription is the latest evolution of Alkira’s multi-cloud platform introduced back in 2020. The service integrates with all major public cloud providers – Amazon Web Services, Google Cloud, Microsoft Azure, and Oracle Cloud – and automates the provisioning and management of their network services.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading

Biting the hand that feeds IT © 1998–2022