Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Big Data and Analytics
    • Big Data and Analytics
    • Cloud
    • IT Management
    • Networking

    How Fortinet’s Intent-Based Segmentation Makes SDN Easier to Do

    By
    ZEUS KERRAVALA
    -
    February 9, 2019
    Share
    Facebook
    Twitter
    Linkedin
      Fortinet.conference

      There may be no hotter trend in networking and security than segmentation. The rise of software-defined systems have made it possible to carve up the network into virtual segments to isolate assets. In actuality, in discussions with IT pros, I find that segmentation is a little like going to the gym–where everyone talks about it but very few actually do it. 

      The reason for this is that applying segmentation can be very difficult. The concept is easy to understand: Keep high-value assets away from others and, as they say, “Bob’s your uncle” (this means “and there it is” or “and there you have it”; this is commonly used in United Kingdom and Commonwealth countries). In practicality, there are multiple kinds of segmentation and often a lack of understanding of how to apply the various types. 

      Recently, security vendor Fortinet announced something called intent-based segmentation (IBS) to help make the process easier. The term “intent-based” refers to having the ability to have a system configure and maintain itself based on business intent. If you’re not familiar with the term, I recently wrote this post on how intent-based networking (IBN) works. Although this was specifically networking, the concepts as applied to segmentation are the same. In fact, one could argue that intent-based segmentation is a subset of the overall IBN term.

      Varying Types of Segmentation

      Before I get into how IBS works, it’s worth reviewing the various types of segmentation. These are:

      • Macro-segmentation, also known as coarse grained segmentation, is akin to VLANs, although they are significantly more flexible. The primary use case is to isolate broad buckets of device types, such as medical devices or guest endpoints.
      • Micro-segmentation, also known as fine-grained segmentation, is a more granular version of macro. This lets IT pros tailor security settings to isolate classes of devices within a broad group. An example of this might be a hospital that wants to isolate cardiac heart pumps from all other medical equipment.
      • Application level segmentation is used isolate traffic at an application or even process level. This can isolate applications on the same physical or virtual server.
      • Endpoint segmentation enables segmentation to be applied at the device level, regardless of the network topology below it. This can be particularly useful in IoT environments.

      The obvious question here is which type of segmentation is best? The answer is all of them! It really depends on what the business is trying to achieve. In fact, the process of isolating cloud assets can involve using micro, macro and application segmentation.

      This is where Fortinet’s IBS comes into play. Its new family of next-generation firewalls (NGFW) includes intent-based segmentation as part of its feature set. The family includes two mid-range NGFWs (FG-401E / 601E) and two high-end ones (FG-3401E / 3601E). Performance ranges from 4.8Gbps to 66 Gpbs. All of the NGFWs are built in Fortinet’s own security processing unit (SPU). The home-grown silicon has an advantage over off-the-shelf silicon in that it’s tailored to the needs of security, similar to the way a graphics processing unit (GPU) is optimized for video.

      IBS Capabilities Can Be Adjusted to Workloads

      The IBS capabilities intelligently segment the IT assets based on the intent of the business objectives and aligns the security process and access control to prevent threats from spreading laterally across the network. This is something that’s difficult, if not impossible, to do with traditional security tools.

      To help understand, consider what happens when a user initiates or receives a transmission. The sessions traverse the public network, and that connection gets hardened and inspected to identify and prevent malware or traffic hijacking. This is certainly necessary but not enough. Isolating users and applications enables security professionals to see and control the devices that can interact with the connections, making it difficult for threat actors to intercept, steal or corrupt that data and helps ensure that data and resources are managed and secured as they move across an increasingly expanding network of connected ecosystems. Intent-based segmentation simplifies this by automating the process.

      The “intent” in IBS indicates it operates at a business or use-case level. For example, the security administrator can initiate a use case of separating critical assets, and the Fortinet NGFW will apply a combination of micro and macro segmentation. Other use cases are things such as border security, tiered cloud access, meeting compliance requirements and securing physical access. Each one of these has a specific architecture that simplifies deployment and on-going management.

      IBS Plugs in to Third-party Vendors

      One final note is that IBS works with third-party vendors that customers may have in place as part of their segementation strategy. This includes some widely deployed solutions, such as Vmware’s NSX and Cisco ACI.

      IT environments have grown more complex and dynamic, making it more difficult to reduce the overall attack surface.

      Segmentation plays a key role in doing this, but trying to stitch together multiple products is difficult, because keeping policies up to date becomes overwhelmingly hard to do. The concept of intent-based segementation simplifies this process, because it applies the right combination of segmenation techniques to ensure the objectives of the business are always being met.

      Zeus Kerravala is the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×