Research

Fortinet Releases New AV Engine Clean of Trend Micro Technology

By Charlotte Dunlap

November 16, 2005 — CSO — Summary

Event Summary

October 24, 2005 Fortinet, the provider of ASIC-accelerated, network-based multi-threat security systems for real-time network protection, announced a groundbreaking new technology that increases protection against damaging Zero-Day virus attacks and raises the bar on security system performance.

Analytical Summary

Current Perspective: Positive on Fortinets new anti-virus technology within the firmware used on its flagship security appliance FortiGate, which promises enhanced multi-layered AV detection capabilities and significantly improved performance and throughput. The company is hoping the new release will erase the cloud of uncertainty customers have had over the past years Trend Micro patent battle.

Vendor Importance: High to Fortinet which clearly needed to demonstrate that its product could stand on its own without using any part of Trend Micros AV technology.

Market Impact: Moderate on the all-in-one appliance space where Fortinet is considered a leading player with its FortiGate security appliance in terms of price and performance. Fortinets use of third-party testing (ICSA) helps validate its enhanced performance claims and instill customer confidence in the new product.

Perspective

Current Perspective Positive

We are taking a positive stance on Fortinets newest release of its security appliance which includes multi-layered detection including traditional signatures and a hot list that looks for variations of new threats; as well as a welcome performance increase resulting from object-oriented processing.

Fortinet has revamped its anti-virus engine via an update of its firmware called Fortinet FortiOS v2.8 MR11 used on the FortiGate security appliances, which now uses dual-pass scanning techniques that improves AV security as well as overall product performance. The company has augmented its real-time processing technology to now include streaming capabilities under the new anti-virus engine, scanning against not only traditional signatures but also scanning all content against a new hot list of what the company deems 10 to 20 of the most active viruses and worms in order to catch any variation of a threat, based on information Fortinet collects from customers and honeypots scattered throughout the world.

Fortinet has solicited the help of ICSA labs to validate its new architecture and performance. ICSSA has demonstrated that the new anti-virus engine and software enhancements have resulted in a 110% performance increase over the previous version during tests of the FortiGate product. These results stem from Fortinets method in which traffic is processed, analyzed, buffered, and stored, using an object-oriented approach. Fortinet now scans e-mails as objects, rather than waiting for the entire message to be buffered before performing a scan. As expected, the new release now completely avoids use of Trend Micros patent (600 Patent), which has been the subject of an ongoing International Trade Commission investigation, resulting in disruption to Fortinets sales of its flagship FortiGate product in the U.S. Despite the companys recent legal wrangling, Fortinet channel partners have not lost hope in the upstart and still consider it a leader in the UTM space in terms of price and performance. Competitors are still playing catch-up to Fortinet in some areas; for example, in the companys ability to provide a quarantine capability. The FortiGate solution rivals the best multi-service devices in the advanced firewall/VPN market with anti-virus, firewall, VPN, SSL VPN, content filtering, QoS, bandwidth shaping, anti-spyware, and anti-spam capabilities, plus a full services offering to ensure up-to-date definitions for signature-based features.