Fortinet has introduced a new vulnerability management (VM) and compliance solution for endpoint assets, including desktops and laptops, as well as other network assets such as servers. Targeted at mid-to-large enterprises and government entities, the FortiScan-1000B appliance will help organizations protect thousands of computing assets by integrating the following capabilities into a single device: endpoint vulnerability management, industry and federal compliance, patch management and remediation, and network-level vulnerability management. FortiScan — together with Fortinet’s complementary FortiDB, FortiWeb, and FortiGate appliances — offer customers an end-to-end compliance strategy that extends from the client, to databases, to web applications, to the overall network.
FortiScan-1000B leverages technology gained from Fortinet’s 2008 asset purchase from risk and IT security compliance company, Secure Elements. Secure Elements’ C5 Compliance software solution was the leader in its class and forms the basis for the FortiScan-1000B appliance. Fortinet also integrated the Vulnerability Scanner module from its FortiAnalyzer family of logging, analyzing and reporting appliances into FortiScan. The Vulnerability Scanner is a network-based VM module designed to automatically discover, inventory and assess the security posture of servers, hosts and other devices. The C5 Compliance platform and the FortiAnalyzer VM module are combined on a security-hardened hardware platform to form FortiScan-1000B.
The FortiScan-1000B provides a powerful solution for organizations that require compliance with regulatory mandates such as PCI-DSS, SOX, GLBA, HIPAA, etc. In addition, for customers within the federal government and infrastructure markets, FortiScan offers enterprise-level security compliance for NIST (National Institute of Standards and Technology) / SCAP (Security Content Automation Protocol), including the Federal Desktop Core Configuration (FDCC) standard. The Secure Elements C5 Compliance solution was the first product of its kind to receive SCAP certification.
“The process for security compliance can be an arduous and costly one for many organizations, so having an automated compliance strategy that runs across and deep into the network — on a common product platform — can significantly mitigate security risks and help to alleviate the associated financial and technological burdens,” said Michael Xie, CTO and co-founder of Fortinet.
The FortiScan-1000B appliance enables enterprises and government entities to quickly determine their security and compliance posture through an automated vulnerability discovery, auditing, remediation and reporting process that is easy to deploy and manage. FortiScan performs the following security functions as part of a comprehensive vulnerability management system:
• Vulnerability Management: Identifies security vulnerabilities and finds compliance exposures on hosts, servers and throughout the network transparently to end-users; endpoint VM is achieved through a client-resident agent, while network-level VM is accomplished through agent-less network analysis, from FortiAnalyzer, which provides network discovery, asset prioritization and profile-based scanning;
• Auditing: Audits and monitors across heterogeneous systems and provides industry-standard benchmarks for IS compliance audits for operating systems; users can either select from the list of audit benchmarks or create their own audit standards by choosing specific controls. This approach provides maximum flexibility for users and at the same time their audit framework will be standards based;
• Patch/Remediation: Delivers patch management with ready-to-deploy remediation and enforcement actions; remediation capability goes beyond traditional patch management, allowing network managers to change configurations and potentially mitigate weak settings, including disabling an application or denying a network request;
• Reporting/Compliance: Aids compliance for regulatory mandates with 360 degree reporting and analysis; provides industry, regulatory and best practices templates for ISO 17799, SOX, HIPAA, GLBA, NIST, SCAP, FISMA etc. Pre-defined reports and views for compliance are also provided.
Like the rest of Fortinet’s product line, FortiScan-1000B will also rely on the FortiGuard subscription service to automate FortiScan policy, remediation, vulnerability database updates in real-time.
The FortiScan-1000B appliance comes with two terabytes of storage and can support up to 2,000 network assets. FortiScan-1000B will be available in the second quarter of this year.