Fortinet Enables End-to-end Security Compliance with New Endpoint Vulnerability Management Solution

SUNNYVALE, Calif., Apr. 6, 2009 - Fortinet^®- a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions - today broadened and deepened its security product portfolio with the introduction of a new vulnerability management (VM) and compliance solution for endpoint assets, including desktops and laptops, as well as other network assets such as servers. Targeted at mid-to-large enterprises and government entities, the FortiScan-1000B appliance will help organizations protect thousands of computing assets by integrating the following capabilities into a single device: endpoint vulnerability management, industry and federal compliance, patch management and remediation, and network-level vulnerability management. FortiScan™ - together with Fortinet's complementary FortiDB™, FortiWeb™ and FortiGate® appliances - offer customers an end-to-end compliance strategy that extends from the client, to databases, to web applications, to the overall network.

FortiScan-1000B leverages technology gained from Fortinet's 2008 asset purchase from risk and IT security compliance company, Secure Elements. Secure Elements' C5 Compliance software solution was the leader in its class and forms the basis for the FortiScan-1000B appliance. Fortinet also integrated the Vulnerability Scanner module from its FortiAnalyzer™ family of logging, analyzing and reporting appliances into FortiScan. The Vulnerability Scanner is a network-based VM module designed to automatically discover, inventory and assess the security posture of servers, hosts and other devices. The C5 Compliance platform and the FortiAnalyzer VM module are combined on a security-hardened hardware platform to form FortiScan-1000B.

The FortiScan-1000B provides a powerful solution for organizations that require compliance with regulatory mandates such as PCI-DSS, SOX, GLBA, HIPAA, etc. In addition, for customers within the federal government and infrastructure markets, FortiScan offers enterprise-level security compliance for NIST (National Institute of Standards and Technology) / SCAP (Security Content Automation Protocol), including the Federal Desktop Core Configuration (FDCC) standard. The Secure Elements C5 Compliance solution was the first product of its kind to receive SCAP certification.

"The process for security compliance can be an arduous and costly one for many organizations, so having an automated compliance strategy that runs across and deep into the network - on a common product platform - can significantly mitigate security risks and help to alleviate the associated financial and technological burdens," said Michael Xie, CTO and co-founder of Fortinet.

The FortiScan-1000B appliance enables enterprises and government entities to quickly determine their security and compliance posture through an automated vulnerability discovery, auditing, remediation and reporting process that is easy to deploy and manage. FortiScan performs the following security functions as part of a comprehensive vulnerability management system:

• Vulnerability Management: Identifies security vulnerabilities and finds compliance exposures on hosts, servers and throughout the network transparently to end-users; endpoint VM is achieved through a client-resident agent, while network-level VM is accomplished through agent-less network analysis, from FortiAnalyzer, which provides network discovery, asset prioritization and profile-based scanning;
• Auditing: Audits and monitors across heterogeneous systems and provides industry-standard benchmarks for IS compliance audits for operating systems; users can either select from the list of audit benchmarks or create their own audit standards by choosing specific controls. This approach provides maximum flexibility for users and at the same time their audit framework will be standards based;
• Patch/Remediation: Delivers patch management with ready-to-deploy remediation and enforcement actions; remediation capability goes beyond traditional patch management, allowing network managers to change configurations and potentially mitigate weak settings, including disabling an application or denying a network request;
• Reporting/Compliance: Aids compliance for regulatory mandates with 360 degree reporting and analysis; provides industry, regulatory and best practices templates for ISO 17799, SOX, HIPAA, GLBA, NIST, SCAP, FISMA etc. Pre-defined reports and views for compliance are also provided.

Like the rest of Fortinet's product line, FortiScan-1000B will also rely on the FortiGuard™ subscription service to automate FortiScan policy, remediation, vulnerability database updates in real-time.

Merlin International is a solutions provider that includes Fortinet appliances in its Infrastructure Optimization solutions: "Compliance is a constant even in today's economy, so a complete strategy that helps to take the guess-work out of product selection and minimizes management and related costs are strong selling points for our customers," said John Trauth, president, Technology Systems Division, Merlin International. "We're also excited about the new revenue opportunity that the FortiScan-1000B brings, especially as it will be an easier sell -- not only as part of an overall compliance product line, but also because it is part of the Fortinet trusted security brand."

The FortiScan-1000B appliance comes with two terabytes of storage and can support up to 2,000 network assets. FortiScan-1000B will be available in the second quarter of this year. Additional information on FortiScan appliances can be found at http://www.fortinet.com/products/fortiscan/.

About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Antispam. Fortinet is privately held and based in Sunnyvale, California.

Copyright © 2009 Fortinet, Inc. All rights reserved. The symbols ^® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates, including, but not limited to, the following trademarks: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, and FortiDB. Other trademarks belong to their respective owners. Fortinet has not independently verified statements above attributed to other parties, and Fortinet does not endorse any such statements.