The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements

SUNNYVALE, Calif., April 11, 2011 - Fortinet® (NASDAQ: FTNT) - a leading network security provider and the worldwide leader of unified threat management (UTM) solutions, today announced that the Instituto de Salud Carlos III, a national public research and scientific support organization for the promotion of biomedical and health science research in Spain, has selected its FortiWeb™ to protect its web-based applications from security threats. Fortinet’s web application firewall was chosen for its advanced features and simplified deployment.

Instituto de Salud Carlos III (ISCIII) is missioned to develop and provide high-quality techno-scientific services for the Spanish National Healthcare System and society as a whole. One year ago, the ISCIII decided to optimize its IT infrastructure in order to eliminate server duplication and further increase information security. Since the public organization had been relying on the FortiGate® multi-threat security appliances for its network security for the past three years and had been very satisfied with Fortinet’s technology, it decided to replace its DMZ configuration, which involved multiple servers, with FortiWeb appliances. Configured to redirect web application requests to internal servers, FortiWeb became the sole point of access for all web-based applications from any of ISCIII’s internal and external networks.

“The number of users and the variety of access points used to enter our network means that we need a fast, reliable and secure communications network, which includes the protection of our web applications from Internet threats,” said Antonio José Arenas from the Systems Coordination and Information Technologies Unit at ISCIII. “Protect all our web applications, using different technologies, and maintain a high level of security throughout the life cycle of those applications was simply impossible. We chose FortiWeb because it provides us with a uniform and umbrella solution for web applications security and reduces complexities while representing a cost-effective investment.”

Working with Fujitsu España, through the Altimate distributor, ISCIII deployed last October two FortiWeb-400B to secure the sensitive information accessible from its Web applications, leveraging the following key features:

• The Institution has protected its webmail against user identity theft by implementing a “Brute Force Login” security policy,
• A “SQL Injection” policy was configured in order to prevent web application hacking. In fact, several of the ISCIII’s applications were hacked in the past with links to malicious websites incorporated in the applications,
• The institution has applied the “Information Disclosure” policy to help prevent attacks on servers, which store the applications containing sensitive information.

FortiWeb has also been configured to perform SSL application processing, which frees up valuable resources (CPU & RAM) that can then be used by other servers as the environment is fully virtualized.

Instituto de Salud Carlos III started to use Fortinet’s technology in 2007 when it replaced its perimeter firewalls, which could no longer cope with the increasing demand for network services. ISCIII deployed two FortiGate-1000A appliances in its main data center to provide high-performance, reliable network security while simplifying configuration. ISCIII activated the following security functions within the devices: firewall, IPS, antivirus, antispam, web filtering, and VPN. In addition, Instituto de Salud Carlos III has implemented two FortiGate-800 and two FortiGate-60C appliances to provide IPS and antivirus functions in two of its campuses. ISCIII also opted for one FortiAnalyzer™-800B device, which aggregates log data from the various FortiGate appliances and provides key reporting and analysis tools, as well as one FortiManager™-400B, which is used for the centralized configuration and management of the Fortinet deployment.

“As all organizations, public or private, are increasingly relying on the Internet for critical applications, they de facto become more vulnerable to cybercriminal attacks,” said Patrice Perche, senior vice president of international sales & support at Fortinet. “FortiWeb improves the security of confidential information and goes beyond traditional solutions to provide XML security enforcement, application acceleration, and server load balancing. It represents a natural expansion of FortiGate deployments to offer our customers a broad solution for protecting networks and applications at the core and perimeter.”