COMPETITIVE BATTLECARD

Fortinet vs. Cisco ASA

Market Research & Analysis Cisco ASA Series Challenges
Selecting the right product is important. NSS Labs, IDC, and Gartner provide market research nnComplexity is the Enemy of Security
for security. In addition, NSS Labs provides third-party security lab validation with the same
nnA Borderless World Calls for New
test methodology on the competitors models. IDC provides the growth and contraction rates
Strategies
among competitors.
nnSlow Is Broken
Fortinets security innovation continues to disrupt competitors like Cisco. Fortinet has a faster
growth rating and is positioned as a leader in the Gartner Magic Quadrant for Unified Threat
Management. The NSS Labs Data Center firewall, NGFW, NGIPS, test validates Fortinets
superior performance and total cost of ownership over Cisco.

In the Gartner MQ for Enterprise Firewall, Fortinet would be in the top 3 positions and
continues to improve the position in each report. Fortinet has a higher standing compared
to Cisco.

Magic Quadrant for Enterprise Network Firewalls Magic Quadrant for Unified Threat Management

2016 Fortinet. All Rights Reserved CONFIDENTIAL For Partners and Customers under NDA 1
COMPETITIVE BATTLECARD: Fortinet vs. Cisco ASA

Next Generation Firewall (NGFW) Security Value Map

Check Point Fornet Hillstone 100%
Juniper Forcepoint Dell SonicWALL Huawei
Cisco ASA Cisco FirePOWER
Palo Alto Networks
Average
Barracuda

90%
WatchGuard

80%

Security Effecveness
70%

60%
Cyberoam

50%
February 2016

Average

40%
$100 $80 $60 $40 $20 $0

TCO per Protected Mbps

Products Tested

Security Without Compromise

Barracuda Networks F600.E20 v6.1.1-071 Fortinet FortiGate 3200D v5.2.4, build 5069
Check Point Software Technologies 13800 NGFW Appliance vR77.20 Hillstone Networks SG-6000-E5960 v5.5 SG6000-M-2-5.5R1P2.2
Cisco ASA 5585-X SSP-60 v5.4.0.3 Huawei Technologies USG6650 vV500R001C00SPC010T
Cisco FirePOWER Appliance 8350 v5.4.0.3 Juniper Networks SRX5400E JUNOS Software Release 12.3X48
Cyberoam Cyberoam CR2500iNG-XP v10.6.3 Palo Alto Networks PA-7050 v6.0.11-h1

High-Performance Architecture and Security Integration

Dell SonicWALL SuperMassive E10800 SonicOS Enhanced v6.0.1.13-177o WatchGuard Technologies XTM 1525 v11.9.4 build 486684
Forcepoint Stonesoft Next-Generation Firewall 1402 v5.8.5

There are a few architectures for security. There is the software-based

architecture, which relies on a general CPU, and it tends to have
performance issues. Using a CPU, with other off-the-shelf silicon,
which offloads some of the security tasks, to increase performance
is another approach. However, merchant chip vendors are not close
enough to the end customer to obtain feedback to improve its silicon.

The most effective approach is to design ASICs and integrate

software and security updates from proprietary and third-party threat
intelligence research teams. Fortinet is a security innovator and we
have taken the approach of designing our FortiASIC architecture,
which provides predictable high performance, ultra-low latency,
port density, and acceleration of content security compared to any
competitor in the market. It allows us to penetrate the different market segments.

Complexity is the Enemy of Security

Security Effectiveness & Third-Party Independent Certifications
Security effectiveness is critical in all businesses because the threat landscape continues to be extremely dynamic, and customers should
demand best-of-breed results. Deploying security from vendors who score low on security effectiveness can lead to malware taking
advantage of OS, application, and device exploits. It can be costly exposure and clean up to a business.

Ciscos Threat Intelligence is comprised with TALOS, which stitches together a number of acquisitions, which includes SPARK (Cisco IPS
sensors), SIO (IronPort/ Sender base), VRT/ AEGIS (Sourcefire), AMP (Sourcefire), Sandboxing (ThreatGrid), and other 3rd party feeds. Each
one does not share the collective intelligence.

Fortinets FortiGuard Threat Intelligence is the only vendor to provide threat intelligence built from the ground up to protect against
dynamic threats.

2016 Fortinet. All Rights Reserved CONFIDENTIAL For Partners and Customers under NDA 2
COMPETITIVE BATTLECARD: Fortinet vs. Cisco ASA

The NSS Labs Cyber Alert and Warning System can test real-time threat scenarios with a number of vendors. With time and vendors ability
to address the exploits, the security effectiveness can change. For those interested in an NSS Labs CAWS demo, please make a request to
[email protected].

There is the difference between Pay-to-Play and third-party independent labs, which provide reports, certifications, and recommendations.

Pay-to-Play labs would be commissioned by the vendor to validate a specific claim. There is no public test methodology. Instead, it is an
internal vendor methodology, which has been skewed for the commissioned vendor. The lab would validate, but it is only for the moment.
There is a tendency not to invite the other vendors to ensure the configuration and software update. The commissioned vendor would use
the test results as a marketing campaign to attempt to differentiate. Dont
Description Fortinet Cisco ASA
be fooled. Instead, ask these vendors why they are not participating in
NSS (Firewall NGFW) Recommended Recommended &
independent, public testing to prove their security abilities.
Neutral
True third-party independent labs have a public test methodology to ensure NSS (Firewall DC) x
vendors test in the same manner as each other. These independent labs are NSS Firewall Recommended x
attempting to influence security vendors to improve security effectiveness for NSS Breach Detection Recommended Recommended
customers. The value is security assurance.
NSS IPS (DC) x
Cisco does not participate in many third-party certifications. If security isNSS IPS (Enterprise) x
important to businesses, shouldnt they prove they have passed this security NSS WAF Recommended x
test methodology for validation and certification? A number of competitors ICSA FW x
are unable to show their levels of security effectiveness. ICSA IPS x
With NSS Labs, ICSA, Virus Bulletin (VB) 100, Antivirus (AV) Comparative, ICSA AV x
each lab provides a public testing methodology and continued testing ICSA WAF x
against the other vendors to help improve the security landscape for VB 100 x
businesses. Fortinet continues earn validation by these labs, which provide AV Comparative x
security assurance and demonstrated best-of-breed security effectiveness. Common Criteria
FIPS-140

2016 Fortinet. All Rights Reserved CONFIDENTIAL For Partners and Customers under NDA 3
COMPETITIVE BATTLECARD: Fortinet vs. Cisco ASA

Next Generation Firewall

As the firewall refresh continues, application visibility and control for applications,
users, and devices has been critical for the enterprise market segment. Programs
are needed to help customers better evaluate NGFWs in the enterprise and data
center segments.

Fortinet can be deployed inline or in transparent mode. We do have a Cyber Threat

Assessment Program, which provides an evaluation unit and visibility to applications,
threats, and users for customers PoC. For more information, email [email protected].

Network visibility has become critical in the enterprise to provide protection and
productivity. On the FortiGate, the FortiView provides visibility to applications, users,
devices, and threats. Fortinet supports over 3,300 application signatures, and the
visibility continues to grow. Customers can create custom application signatures for
their in-house application development. It is easy to deploy a FortiGate with feature-
rich visibility. Take a look at the video link, https://vimeo.com/156637845.

Unified Threat Management

Unified Threat Management provides consolidation of firewall, VPN, Intrusion Prevention, App Control, Antimalware, URL Filtering,
Antispam, Wireless, and other network and security functionality into a single platform.

Fortinet innovated this market segment. In this segment, customers are demanding consolidated security, high performance, simplified
management, and low total cost of ownership. Fortinet is the only security vendor, which vertically integrates the silicon, system, and
software with its threat updates delivered by the FortiGuard Threat Research team.

Fortinet offers a full wireless solution by integrating the wireless controller and offering a wide range of access points. In addition, there is RF
site management and wireless retail analytics for managing access points and integrating into a retail environment.

Cisco lacks security innovation in Unified Threat Management, which addresses the distributed enterprise and retail branch. Cisco is
missing a number of consolidated security functionalities. Cisco does not offer a full wireless or WAN optimization solution for SMB, branch,
and retail distributed locations.

Cobbling different content security together reduces the ability to control and mitigate threats. For example, the FirePower services uses
Webroot/BrightCloud for web filtering, which does not communicate back to the IPS or malware engines.

Virtualization
As businesses demand consolidation, scalability, reduced complexity, easy management, and cloud options, virtualization becomes
increasingly important. There are a number of methods.

1. Virtual Domain

2. Virtual Machine (VM) Support for VMWare, Microsoft Hyper-V, Citrix, and others.

3. Administrative Domains (ADOM)

4. Cloud Support for AWS and Microsoft Azure

5. Software-Defined Network (SDN)

Fortinet offers a variety of support for virtualization. Virtual Domain is supported in the desktop unit to chassis-based systems (FortiGate
60D to 5144C). The capacity starts at 10, where specific models and systems can be expanded to 100, 250, 500, and several thousand.
Fortinet supports a wide range of VM platforms like VMWare, Microsoft Hyper-V, Citrix, and others. Fortinet supports the cloud like AWS
and Microsoft Azure. Fortinet has demonstrated the FortiGate-VMX operating in the VMWare SDN environment.

2016 Fortinet. All Rights Reserved CONFIDENTIAL For Partners and Customers under NDA 4
COMPETITIVE BATTLECARD: Fortinet vs. Cisco ASA

Simplified, Unified, and Common Management

Security management can be challenging. Having multiple operating systems and complex licensing causes issues in managing security.

Cisco has about 7 different management consoles for 3 devices. This increases the burden on the administrator and it may leave the
enterprise vulnerable to threats and malware.

Fortinet delivers a single management console to simply security through the enterprise.

2016 Fortinet. All Rights Reserved CONFIDENTIAL For Partners and Customers under NDA 5
COMPETITIVE BATTLECARD: Fortinet vs. Cisco ASA

Total Cost of Ownership

Security vendors have different business models. Complex licensing models can result in the vendor taking advantage of the customer
during the renewal period. Check Point is known to have a very complex licensing model.

Fortinet beats Cisco in total cost of ownership in the data center, enterprise, and distributed enterprise/ branch offices.

Advanced Technologies
Security is vital with both wired and wireless. The legacy ASA 5500 series does not have any wireless capabilities. With the newer ASA
5500-X, on the entry model, ASA 5506-XW has wireless, which does not include the wireless controller functionality. Prospects would need
to purchase another appliance and learn another management console.

Cisco does not support the wireless controller and does not provide a complete wireless solution. Fortinet provides RF Site Survey Software
and FortiPresence (retail analytics), Fortinet provides as well as an integrated wireless controller in the FortiGate.

WAN Optimization provides acceleration between the two sites. Cisco does not offer this. Instead, another device would need to be added
to the network, and another management tool is required. FortiGate with HDD/SSD has Wan Optimization, which is ideal site-to-site
acceleration for collaborative environments.

Fortinet Key Advantages

1. Seamless: Consistent threat posture end to end, across the expanding attack surface.

2. Top-rated intelligence: threat intelligence and advanced threat protection from the inside or out for full visibility and control

3. Powerful: Get unrivaled network performance for today and the power to take on the future.

4. Innovative: security innovation from day 1

5. Best in Breed: best in security effectiveness and performance means customers can have peace of mind knowing they can scale and
maintain their business

6. Easy to deploy: with a common OS and management across FortiGate models a common OS and management across the
FortiGate models

7. Cyber Threat Assessment Program (CTAP): provides low touch assessment for threats, applications, and user visibility. Send your
inquiry to [email protected].

2016 Fortinet. All Rights Reserved CONFIDENTIAL For Partners and Customers under NDA 6
COMPETITIVE BATTLECARD: Fortinet vs. Cisco ASA

Resources
nnNSS Labs CAWS Demo on Competitors Security Effectiveness
CAWS Overview
nnMarket Research
NSS Labs Recommended in Firewall, Next Generation Firewall, IPS, Breach Detection System, and Web Application Firewall
Leader in the Gartner Magic Quadrant for Unified Threat Management
nnCyber Threat Assessment Program
nnCustomer Reference Program, [email protected]
nnCompetitive Trade-in Program
nnCompetitive Cross Matrix
nnFortiConverter is a multi-vendor configuration conversion to Fortinet FortiOS. More information can be found at
http://www.fortinet.com/products/forticonverter/index.html
nnFortiView Video, https://youtu.be/v1GAEn-ZCA
nnFortiGuard

http://www.fortiguard.com/encyclopedia/applications/
nnFortiGuard Threat Map, http://threatmap.fortiguard.com

2016 Fortinet. All Rights Reserved CONFIDENTIAL For Partners and Customers under NDA 7