SUNNYVALE, Calif., Feb. 17, 2009 - Fortinet^® - the pioneer and leading provider of unified threat management (UTM) solutions -today announced the debut of a new web security appliance that provides application and XML firewalling to protect, balance and accelerate web applications, databases and the information exchanged between them. The new FortiWeb-1000B is a mid- to large-enterprise product and is the first in a family of Fortinet web application security appliances.

FortiWeb™ appliances can drastically reduce the deployment time and complexities associated with securing web-based applications, and can also aid companies in meeting regulatory mandates such as PCI-DSS compliance. Together with Fortinet's FortiDB™ database security product, the FortiWeb-1000B forms the basis for a broad protection schema to support the growing prevalence of cloud computing and other enterprise activities that have a need to access confidential and personal data over the Internet or intranets.

Web applications are essentially a public interface to databases storing sensitive information, so the need to secure this interface is as critical as securing the databases themselves. While many web applications today have built-in security protocols, writing secure web application code is difficult and often not the priority of the developer. In addition, there are a number of challenges to securing the code of various web applications: New vulnerabilities, patching schedules, code revisions, code access, vulnerability identification and deployment timelines. The ideal scenario would separate the security of the web application from the application itself to enforce uniform security measures regardless of the level of security built into the web application and provide an umbrella of security protection across a number of web applications.

"With the Internet representing such a preponderance of business interactions today, the opportunities that cyber criminals have to target both the communications and the data it carries is almost limitless without the right precautions in place," Jon Crotty, IDC. "Web and XML applications are de-rigueur requirements for any business that wants to have an online presence -- and that's just about everyone -- so we fully expect web application firewall to burgeon as a business, especially with the growth of SaaS and cloud computing. A product that simplifies and strengthens the implementation of web applications should find strong reception."

FortiWeb At-A-Glance:
The FortiWeb-1000B web security appliance is ideal for medium and large enterprises, ASPs, and Software-as-a-Service/cloud computing providers. Key benefits of the FortiWeb-1000B include the following:

• Web applications secured - Provides uniform, umbrella approach to securing multiple web-based applications with web application and XML firewalls, regardless of strength of web application's native security code;
• Deployment simplified - Simplifies deployment and management of web applications with a central security appliance;
• Content accelerated - Accelerates web applications through XML/SSL offloading with the FortiASIC CP6, shared by Fortinet's FortiGate™integrated security product for improved performance;
• esources load balanced - Load balances traffic and routes content across multiple web servers for improved server resource utilization, increased performance and application stability;
• Compliance achieved - Complies with PCI version 1.2 requirements, ensuring that a web-application firewall is in place in front of public-facing web applications to detect and prevent web-based attacks.

The FortiWeb-FortiDB Combination
FortiWeb and FortiDB appliances operate independently of one another, but are powerful in a tandem deployment to provide broad data security. In network topography, the FortiWeb appliance sits inline in front of web application servers, while the FortiDB is deployed out of band, automatically monitoring, auditing and scanning databases. Deploying these devices in tandem provides multiple layers of security to prevent numerous types of threats originating from multiple vectors. In addition, compliance with various portions of the PCI-DSS is more easily achieved with the combination of these two products.

"Following the introduction of our FortiDB database security appliance family last year, we are further extending our protection to the web traffic going to and coming from those databases for a more comprehensive approach toward data protection," said Michael Xie, CTO and co-founder, Fortinet. "The expansion of our core FortiGate network security gateways to include data and web application security appliances enables Fortinet to better provide customers a broad solution for protecting networks and applications at the core and perimeter."

Additional information on FortiWeb and other Fortinet products can be accessed at http://www.fortinet.com/products.