Fortinet is extending its secure access service edge (SASE) solution, FortiSASE, to its wireless LAN (WLAN) portfolio to secure microbranches and internet of things (IoT) and operational technology (OT) devices.

“When it comes to SASE. It’s about securing that hybrid workforce and providing the SD-WAN deep integration,” Nirav Shah, VP of products and solutions at Fortinet, told SDxCentral. “But we also realized ‘why not enable our wireless LAN solution – especially the access point where we have hundreds and thousands of those access points deployed globally – for the access point, and integrate that with SASE.

“So we can provide a full inline inspection of the entire advanced security stack from content, device, web [to] application security before they access anything out there,” he added.

This extension is particularly beneficial for microbranches like retail stores, ATM centers, small health care clinics and small insurance companies where five to 15 employees typically run operations. “Oftentimes, they don’t have enough staff, especially with the cybersecurity skills shortage, to provide full security.”

In its recent Forrester Wave for zero-trust edge report, the firm also noted SASE is now well-suited for organizations with distributed small sites like retailers, retail banks and gas stations.

FortiAP offloads traffic from microbranch to SASE for security

For these microbranches, Fortinet claims its wireless LAN access points -FortiAP – now intelligently offload traffic from microbranches to a SASE point of presence (PoP) for security inspection for all devices, including IoT and OT devices.

FortiAP provides “the higher performance of connectivity while they are inside the offices,” Shah touted. “But when they are trying to access something outside, that’s when they connect to the SASE and we make sure that it has a full connectivity to that, so we provide enough options so that performance doesn’t become the bottleneck because that access point is going to connect to the nearest SASE point of presence.”

In Gartner’s latest single-vendor SASE Magic Quadrant, the analyst firm cautions Fortinet’s PoP footprint is geographically limited compared to other vendors. Despite fewer total numbers, Shah argues that what sets Fortinet apart is the focus on low latency and full security stack at each PoP.

Fortinet SASE to protect IoT, OT devices

Many IoT and OT devices, particularly those in microbranches, lack adequate security measures. Meanwhile, these devices are becoming increasingly targeted by attackers.

“So when IoT devices are connecting to the wireless LAN, we need to be extra careful,” Shah said. “And oftentimes, if you look at the wireless LAN industry, security has been an afterthought or there is no security.”

With the new function, Fortinet’s SASE will initiate a “full security inspection” as soon as these devices connect to the WLAN, designed to identify and mitigate zero-day threats in real time. And this also extends to OT devices, especially those with outdated software or hard-to-patch vulnerabilities, he added.

These new security capabilities include:

• Intrusion prevention system (IPS): Fortinet scans traffic against known signatures and IoT profiles to detect any risks.
• Sandboxing: The vendor offers an inline sandbox capability to find unknown threats.
• Zero-trust network access: If any IoT or OT device tries to access external applications, Fortinet enables zero-trust functionality to ensure only explicitly authorized access is allowed.

The new SASE extension will also unify management of the vendor’s WLAN portfolio with FortiSASE. The function is expected to be released in October.