As threats and challenges to networks have become more sophisticated, Agile Software has had to become increasingly sophisticated in our approach to protecting our critical IT resources from network-based threats.

Agile Software delivers solutions that enable companies to work with their customers and suppliers to efficiently build better, more profitable products faster and at less cost. Our leading supply chain management solutions are used by more than 750 companies, including Bosch, Cisco, GE Medical, Johnson & Johnson and Microsoft. As a global company, we support 24x7 communications with our customers and our offices in the U.S., Europe and Asia.

Firewalls, which effectively deal with network-level attacks, do not inspect the contents of data packets ­ they only process the packet addresses, or "headers." Therefore, they can't detect threats that are contained in the contents of packets. However, the most damaging and costly threats to our network, such as viruses, worms and network intrusions, have used malicious content to do their damage. These threats were not stopped by our conventional firewalls; and, as a result, we've had to deploy numerous systems to provide effective network protection ­ including network devices, such as intrusion detection systems (IDS) and VPN gateways. We've also deployed application software that runs on host PCs and servers, such as antivirus software and content filtering software. With so many systems to install, maintain and update, ensuring adequate network protection has become a full-time job.

At Agile, we've been especially concerned about the threat posed by virus attacks, so we've installed popular antivirus software on all of our hosts. We found that our antivirus software worked well at detecting viruses, worms and other types of malicious content ­ as long as every protected host had installed the most up-to-date file containing the signatures of the latest known viruses. However, we still felt exposed. Every time a new threat was detected, we scrambled to update every desktop, laptop and server with new virus definitions. This process could take multiple people working for several days (and nights) given our large, distributed and occasionally unconnected workforce and disrupted all other IT projects. At one point, we became so concerned about the potential damage that could be caused by a new virus that we considered disconnecting from the Internet every time we learned of a new threat until every host had updated virus information. Of course, disconnecting from the public network altogether is one way to stay secure ­ but it simply isn't an option given our reliance on the Internet.

After searching extensively for a better solution, we discovered Fortinet and installed their FortiGate Network Protection Gateways (NPGs) to prevent viruses and other harmful content from ever entering our private network.

We have deployed two FortiGate-300 Secure Content Processing Gateways (SCPGs) behind the routers at the edge of our network. The FortiGate units scan our network traffic in real time for viruses, worms and other threats. In addition, the FortiGate units also provide firewall, VPN, content filtering, IDS and traffic-shaping services. Deployment of the FortiGate-300s was easy, using an intuitive, Web-based GUI that provides easy access to all of the functions. Because the FortiGate units are hardware-based and use special content processing application-specific integrated circuits (ASICs), we see no degradation in our network performance, even when scanning real-time Web traffic for attacks and inappropriate content.

The FortiGate units have helped us close the vulnerability window and significantly reduce the risk of virus and worm outbreaks. By preventing the spread of even a modest virus outbreak, the FortiGate units can save us hundreds of thousands in lost data, downtime and IT resources. Now, when we learn of a new virus, all we need to do is ensure that our FortiGate units have been updated ­ which occurs automatically. We still update the antivirus software on all of our hosts ­ but we can schedule this activity at our convenience without having to shut down our network and stop all of our other projects. In addition, by utilizing the Web content filtering features, we are able to stop misuse and abuse of our costly network resources.

Overall, the FortiGate units paid for themselves in just a few months of operation and have given us a new level of network protection. In the future, we plan to deploy FortiGate-50 and FortiGate-100 units at our smaller branch offices and telecommuter locations because they provide us with a well-integrated, powerful and cost-effective solution for network protection.

The Fortinet FortiGate line of Network Protection Gateways provides real-time, hardware-based protection against content-based security threats ­ such as viruses and worms ­ combined with content filtering, firewall, VPN, intrusion detection and traffic-shaping functions in cost-effective, easily managed units. Fortinet is the premier provider of network protection systems.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access