Magic Quadrant for Mobile Device Management Software-2013

Frequently Asked Questions for Wandera Mobile Threat Defence (MTD) bundled with CES PlansService-RelatedWhat is Wandera?Wandera is a Mobile Security Solution for your device. This service allows you to secure your mobile device against any malicious device or network threats. Wandera will protect your device from malicious activities, guard your sensitive information, and ensure that you stay protected while using your mobile device. To give you more visibility you may receive notifications if and when we detect a threat, the app will provide you with details of the threats detected and steps that you may take to resolve them.How does Wandera service work?Wandera works through the use of a mobile application to scan for malicious software and device vulnerabilities as well as a secure mobile gateway in the cloud that examines and analyses your mobile device traffic. Once you have Wandera installed and activated on your device, there is no need for you to do anything else.Why does Wandera require a VPN installation?Wandera uses a VPN connection on your device to deliver real-time network threat protection. Without installing the VPN configuration, the Wandera app will prompt a reminder within the app to “Enable Network Protection”, and no network threat protection will be available. Device threat protection, however, remains available without the VPN configuration enabled.I have another VPN configuration installed. Will there be a conflict?Wandera can coexist with other VPN configurations on your device. The app is designed to set its VPN configuration as a priority. This is done to ensure that network-based threat protection is continuously enabled for our users.Why should I allow notifications for the Wandera app?Wandera app is designed to provide you with app push notifications when threats are detected on your device. Does the Wandera app impact my battery life?Unlike other mobile security apps, Wandera has been built based on mobile-friendly principles. Our lightweight VPN and app on average, consume only less than 5% of the overall battery life across a 24hr period.What mobile operating systems do Wandera support?Wandera supports both iOS and Android operating system.Can I install Wandera in my memory card?Wandera does not install in your memory card. It installs in your mobile device’s onboard memory.When Wandera detects a threat, what do I need to do?In most cases, Wandera will take action automatically by blocking the threat. For certain types of threats, such as a risky app, user intervention will be required, and the user may need to delete the app. The app interface will indicate this clearly for you.Singapore Telecommunications LimitedI had ignored a malware alert earlier, how may I remove the malware?You may run a manual scan to see the alert again. If you ignored the warning of a malicious application, Wandera would remind you to remove the threat the next time you open the app.I have not checked for Wandera updates in a while. Am I still protected?Wandera will periodically scan in the background; however, please do check that the application is updated regularly to maximise the level of protection offered.What does Wandera scan?Wandera scans and detects malicious apps installed on your device as well as check for device vulnerabilities such as jailbreak/rooting or outdated/vulnerable operating system.Does Wandera scan and read message contents and attachments?No, it does not scan or read any of your messages or attachments.Subscription RelatedI did not receive my SMS with the activation link, who can I contact?PleasecallourCustomerService(180****6800)forassistance.What happens if I changed my phone but retained the same mobile number?To continue the service with your new mobile device, you will need to activate Wandera in your new mobile device with the same SMS activation link. If you have misplaced your activation link, please contact our CustomerService(180****6800)torequestforanewactivationlink.PleasenotethatWanderawillnolonger protect your previous device once the new device is activated.What if I changed my SIM card but retain the same mobile number and mobile phone?Wandera will continue to protect your mobile device.TroubleshootingI’ve tapped on the activation link from the SMS invite. However, I’m receiving an error page on my browser?Please ensure that you are not on private browsing mode in Safari or Incognito mode in Google Chrome. Check and ensure that cookies and JavaScript are allowed on the browser that you are using. Uninstall the app and tap on the activation link again, follow the on-screen instructions to download and re-activate the app.I’ve missed the VPN installation step, how can I reinstall it?Open the Wandera app and click on the “Enable Network Protection” button. This will prompt you to install the VPN configuration.I’ve read the notifications in the app, how can I remove them?In the notifications screen, hold down on the notification that you wish to delete and swipe right to remove it. Singapore Telecommunications LimitedWhat should I do if I have any other problems? PleasecallourCustomerService(180****6800).Singapore Telecommunications Limited。

F ortiGate 3900E SeriesFG-3980E/-DC and FG-3960E/-DCHigh Performance with FlexibilityThe FortiGate 3900E Series enables organizations to build security-driven networks that can weave security deep into their datacenter and across their hybrid IT architecture to protect any edge at any scale.Powered by a rich set of AI/ML-based FortiGuard Services and an integrated security fabric platform, the FortiGate 3900E Series delivers coordinated, automated, end-to-end threat protection across all use cases.The industry’s first integrated Zero Trust Network Access (ZTNA) enforcement within an NGFW solution, FortiGate 3900E Series automatically controls, verifies, and facilitates user access to applications delivering consistent convergence with a seamless user experience.HighlightsGartner Magic QuadrantLeader for both Network Firewalls and SD-WAN.Security-Driven Networking FortiOS delivers convergednetworking and security.Unparalleled Performance with Fortinet’s patented / SPU / vSPU processors.Enterprise Security with consolidated AI / ML-powered FortiGuard Services.Hyperscale Security to secure any edge at any scale.Feature FG-3980E/-DC FG-3960E/-DC FIREWALL 1.05 Tbps 620 Gbps IPS 32 Gbps 30 Gbps NGFW28 Gbps 22 Gbps THREAT PROTECTION 20 Gbps13.5 GbpsNETWORK INTERFACESMultiple 40/100 GE QSFP+/QSFP28, 1/10 GE SFP/SFP+ slots and GE RJ45Multiple 40/100 GE QSFP+/QSFP28, 1/10 GE SFP/SFP+ slots and GE RJ45Data SheetFortiOS EverywhereFortiOS, Fortinet’s Advanced Operating SystemFortiOS enables the convergence of high performing networking and security across the Fortinet Security Fabric. Because it can be deployed anywhere, it delivers consistent and context-aware security posture across network, endpoint, and multi-cloud environments. FortiOS powers all FortiGate deployments whether a physical or virtual device, as a container, or as a cloud service. This universal deployment model enables the consolidation of many technologies and use cases into a simplified, single policy and management framework. Its organically built best-of-breed capabilities, unified operating system, and ultra-scalability allows organizations to protect all edges, simplify operations, and run their business without compromising performance or protection.FortiOS dramatically expands the Fortinet Security Fabric’s ability to deliver advanced AI/ML-powered services, inline advanced sandbox detection, integrated ZTNA enforcement, and more, provides protection across hybrid deployment models for hardware, software, and Software-as-a-Service with SASE.FortiOS expands visibility and control, ensures the consistent deployment and enforcement of security policies, and enables centralized management across large-scale networks with the following key attributes:•Interactive drill-down and topology viewers that display real-time status•On-click remediation that provides accurate and quick protection against threats and abuses •Unique threat score system correlates weighted threats with users to prioritize investigationsFortiConverter ServiceFortiConverter Service provides hassle-free migration to help organizations transition from a wide range of legacy firewalls to FortiGate Next-Generation Firewalls quickly and easily. The service eliminates errors and redundancy by employing best practices with advanced methodologies and automated processes. Organizations can accelerate their network protection with the latest FortiOS technology.Intuitive easy to use view into the network andendpoint vulnerabilitiesVisibility with FOS Application SignaturesAvailable inCloudHostedVirtualApplianceContainerFortiGuard ServicesNetwork and File SecurityServices provide protection against network-based and file-based threats. This consists of Intrusion Prevention (IPS) which uses AI/M models to perform deep packet/SSL inspectionto detect and stop malicious content, and apply virtual patching when a new vulnerability is discovered. It also includes Anti-Malware for defense against known and unknown file-based threats. Anti-malware services span both antivirus and file sandboxing to provide multi-layered protection and are enhanced in real-time with threat intelligence from FortiGuard Labs. Application Control enhances security compliance and offers real-time application visibility. Web / DNS SecurityServices provide protection against web-based threats including DNS-based threats, malicious URLs (including even in emails), and botnet/command and control communications. DNS filtering provides full visibility into DNS traffic while blocking high-risk domains, and protects against DNS tunneling, DNS infiltration, C2 server ID and Domain Generation Algorithms (DGA). URL filtering leverages a database of 300M+ URLs to identify and block links to malicious sites and payloads. IP Reputation and anti-botnet services prevent botnet communications, and block DDoS attacks from known sources.SaaS and Data SecurityServices address numerous security use cases across application usage as well as overall data security. This consists of Data Leak Prevention (DLP) which ensures data visibility, management and protection (including blocking exfiltration) across networks, clouds, and users, while simplifying compliance and privacy implementations. Separately, our Inline Cloud Access Security Broker (CASB) service protects data in motion, at rest, and in the cloud.The service enforces major compliance standards and manages account, user and cloud application usage. Services also include capabilities designed to continually assess your infrastructure, validate that configurations are working effectively and secure, and generate awareness of risks and vulnerabilities that could impact business operations. This includes coverage across IoT devices for both IoT detection and IoT vulnerability correlation.Zero-Day Threat PreventionZero-day threat prevention entails Fortinet’s AI-based inline malware prevention, our most advanced sandbox service, to analyze and block unknown files in real-time, offering sub-second protection against zero-day and sophisticated threats across all NGFWs. The service also has a built-in MITRE ATT&CK® matrix to accelerate investigations. The service focuses on comprehensive defense by blocking unknown threats while streamlining incident response efforts and reducing security overhead.OT SecurityThe service provides OT detection, OT vulnerability correlation, virtual patching, OT signatures, and industry-specific protocol decoders for overall robust defense of OT environments and devices.Secure Any Edge at Any ScalePowered by Security Processing Unit (SPU)Traditional firewalls cannot protect against today’s content- and connection-based threats because they rely on off-the-shelf hardware and general-purpose CPUs, causing a dangerous performance gap. Fortinet’s custom SPU processors deliver the power you need—up to520Gbps—to detect emerging threats and block malicious content while ensuring your network security solution does not become a performance bottleneck.ASIC AdvantageFortiCare ServicesFortinet is dedicated to helping our customers succeed, and every year FortiCare Services help thousands of organizations get the most from our Fortinet Security Fabric solution. Our lifecycle portfolio offers Design, Deploy, Operate, Optimize, and Evolve services. Operateservices offer device-level FortiCare Elite service with enhanced SLAs to meet our customer’s operational and availability needs. In addition, our customized account-level services provide rapid incident resolution and offer proactive care to maximize the security and performance of Fortinet deployments.Network Processor 6 NP6Fortinet’s new, breakthrough SPU NP6network processor works inline with FortiOS functions delivering:•Superior firewall performance for IPv4/IPv6, SCTP and multicast traffic with ultra-low latency•VPN, CAPWAP and IP tunnel acceleration •Anomaly-based intrusion prevention, checksum offload, and packet defragmentation•Traffic shaping and priority queuingContent Processor 9 CP9Content Processors act as co-processors to offload resource-intensive processing of security functions. The ninth generation of the Fortinet Content Processor, the CP9, accelerates resource-intensive SSL (including TLS 1.3) decryption and security functions while delivering:•Pattern matching acceleration and fast inspection of real-time traffic for application identification•IPS pre-scan/pre-match, signature correlation offload, and accelerated antivirus processingUse CasesNext Generation Firewall (NGFW)•FortiGuard Labs’ suite of AI-powered Security Services—natively integrated with your NGFW—secures web, content, and devices and protects networks from ransomware and sophisticated cyberattacks•Real-time SSL inspection (including TLS 1.3) provides full visibility into users, devices, and applications across the attack surface•Fortinet’s patented SPU (Security Processing Unit) technology provides industry-leading high-performance protectionSegmentation•Dynamic segmentation adapts to any network topology to deliver true end-to-end security—from the branch to the datacenter and across multi-cloud environments •Ultra-scalable, low latency, VXLAN segmentation bridges physical and virtual domains with Layer 4 firewall rules•Prevents lateral movement across the network with advanced, coordinated protection from FortiGuard Security Services detects and prevents known, zero-day, and unknown attacksSecure SD-WAN•FortiGate WAN Edge powered by one OS and unified security and management framework and systems transforms and secures WANs•Delivers superior quality of experience and effective security posture for work-from-any where models, SD-Branch, and cloud-first WAN use cases•Achieve operational efficiencies at any scale through automation, deep analytics, and self-healingMobile Security for 4G, 5G, and IoT•SPU-accelerated, high performance CGNAT and IPv6 migration options, including: NAT44, NAT444, NAT64/ DNS64, NAT46 for 4G Gi/sGi, and 5G N6 connectivity and security •RAN Access Security with highly scalable and highest-performing IPsec aggregation and control Security Gateway (SecGW)•User plane security enabled by full threat protection and visibility into GTP-U inspection Datacenter Deployment (NGFW, IPS, Segmentation)InternetFortiClientZTNA / VPNFortiGate NGFWFortiGateIPSFortiManager NOC OperationsFortiAnalyzer SOC OperationsData CenterHardwareFortiGate 3980E/-DCFortiGate 3960E/-DCInterfaces1. 1 x Console Port2. 1 x USB Port3. 2 x GE RJ45 Management Ports4. 16 x 1/10 GE SFP/SFP+ Slots5. 10 x 40/100 GE QSFP+/QSFP28 Slots Hardware FeaturesInterfaces1. 1 x Console Port2. 1 x USB Port3. 2 x GE RJ45 Management Ports4. 16 x 1/10 GE SFP/SFP+ Slots5. 6 x 40/100 GE QSFP+/QSFP28 Slots Hardware Features100 GE Connectivity for NetworkHigh-speed connectivity is essential for network security segmentation at the core of data networks. The FortiGate 3900E Series provides multiple 100 GE QSFP28 slots, simplifying network designs without relying on additional devices to bridgedesired connectivity.Note: All performance values are “up to” and vary depending on system configuration.1IPsec VPN performance test uses AES256-SHA256.2 IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3 SSL Inspection performance values use an average of HTTPS sessions of different cipher suites.4 NGFW performance is measured with Firewall, IPS and Application Control enabled. 5Threat Protection performance is measured with Firewall, IPS, Application Control andMalware Protection enabled.Specifications(1518 / 512 / 64 byte, UDP)/ 680 Gbps370 Gbps Firewall Latency (64 byte, UDP) 4.00 μsFirewall Throughput (Packet per Second)1020 Mpps555 Mpps Concurrent Sessions (TCP)160 MillionNew Sessions/Second (TCP)800 000720 000 Firewall Policies200 000IPsec VPN Throughput (512 byte) 1400 Gbps280 Gbps Gateway-to-Gateway IPsec VPN Tunnels 40 000Client-to-Gateway IPsec VPN Tunnels200 000SSL-VPN Throughput9.5 Gbps9 Gbps Concurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)30 000SSL Inspection Throughput(IPS, avg. HTTPS) 326 Gbps23 Gbps SSL Inspection CPS (IPS, avg. HTTPS) 317 00014 000SSL Inspection Concurrent Session(IPS, avg. HTTPS) 312 MillionApplication Control Throughput(HTTP 64K) 255 Gbps40 GBPS CAPWAP Throughput (HTTP 64K)14 Gbps13.5 Gbps Virtual Domains (Default / Maximum)10 / 500Maximum Number of FortiSwitchesSupported300Maximum Number of FortiAPs(Total / Tunnel)8192 / 4096 Maximum Number of FortiTokens20 000High Availability ConfigurationsActive-Active, Active-Passive, Clustering Storage Temperature-31°–158°F (-35°–70°C) Humidity10%–90% non-condensing Noise Level63 dBAForced Airflow Front to Back Operating Altitude Up to 7400 ft (2250 m) Compliance FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB Certifications USGv6/IPv6Ordering Information1 GE SFP RJ45 Transceiver Module FN-TRAN-GC 1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+slots.1 GE SFP SX Transceiver Module FN-TRAN-SX 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.10 GE SFP+ RJ45 Transceiver Module FN-TRAN-SFP+GC10 GE SFP+ RJ45 transceiver module for systems with SFP+ slots.10 GE SFP+ Transceiver Module, Short Range FN-TRAN-SFP+SR10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots.10 GE SFP+ Transceiver Module, Long Range FN-TRAN-SFP+LR10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots.10 GE SFP+ Transceiver Module, Extended Range FN-TRAN-SFP+ER10 GE SFP+ transceiver module, extended range for all systems with SFP+ and SFP/SFP+ slots.40 GE QSFP+ Transceiver Module, Short Range FN-TRAN-QSFP+SR40 GE QSFP+ transceiver module, short range for all systems with QSFP+ slots.40 GE QSFP+ Transceiver Module, Long Range FN-TRAN-QSFP+LR40 GE QSFP+ transceiver module, long range for all systems with QSFP+ slots.100 GE QSFP28 Transceivers, Short Range FN-TRAN-QSFP28-SR100 GE QSFP28 transceivers, 4 channel parallel fiber, short range for all systems with QSFP28slots..100 GE QSFP28 Transceivers, Long Range FN-TRAN-QSFP28-LR100 GE QSFP28 transceivers, 4 channel parallel fiber, long range for all systems with QSFP28slots.100 GE QSFP28 Transceivers, CWDM4FN-TRAN-QSFP28-CWDM4100 GE QSFP28 transceivers, LC connectors, 2KM for all systems with QSFP28 slots.AC Power Supply FG-7040E-PS-AC1500 W AC power supply module for FG-7030E, FG-7040E, FG-6300/6301F, FG-6500/6501F,FG-3960E, FG-3980E (not compatible for use with FG-7060E).SubscriptionsFortiGuard BundlesFortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.FortiCare EliteFortiCare Elite offers enhanced SLAs and quick issue resolution through a dedicated support team. It provides single-touch ticket handling, extended Extended End-of-Engineering-Support for 18 months, and access to the new FortiCare Elite Portal for a unified view of device and security health.Service Category Service Offering A-la-carteBundlesEnterprise ProtectionUnified Threat ProtectionAdvanced ThreatProtectionFortiGuard Security ServicesIPS Service••••Anti-Malware Protection (AMP) — Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Service ••••URL, DNS & Video Filtering Service •••Anti-Spam••AI-based Inline Malware Prevention Service ••Data Loss Prevention Service 1••OT Security Service (OT Detection, OT Vulnerability correlation, Virtual Patching, OT Signature / Protocol Decoders) 1•Application Control included with FortiCare Subscription CASB SaaS Controlincluded with FortiCare SubscriptionSD-WAN and SASE ServicesSD-WAN Underlay Bandwidth and Quality Monitoring Service •SD-WAN Overlay-as-a-Service for SaaS-based overlay network provisioning•SD-WAN Connector for FortiSASE Secure Private Access•FortiSASE subscription including cloud management and 10Mbps bandwidth license 2•NOC and SOC ServicesFortiGuard Attack Surface Security Service (IoT Detection, IoT Vulnerability Correlation, and Security Rating Updates) 1••FortiConverter Service ••Managed FortiGate Service•FortiGate Cloud (SMB Logging + Cloud Management) •FortiAnalyzer Cloud•FortiAnalyzer Cloud with SOCaaS •FortiGuard SOCaaS•Hardware and Software SupportFortiCare Essentials •FortiCare Premium ••••FortiCare Elite•Base ServicesInternet Service (SaaS) DB Updates included with FortiCare SubscriptionGeoIP DB UpdatesDevice/OS Detection Signatures Trusted Certificate DB Updates DDNS (v4/v6) Service1. Full features available when running FortiOS 7.4.12. Desktop Models onlyFortinet CSR PolicyFortinet is committed to driving progress and sustainability for all through cybersecurity,with respect for human rights and ethical business practices, making possible a digitalworld you can always trust. You represent and warrant to Fortinet that you will notuse Fortinet’s products and services to engage in, or support in any way, violationsor abuses of human rights, including those involving illegal censorship, surveillance,detention, or excessive use of force. Users of Fortinet products are required to complywith the Fortinet EULA and report any suspected violations of the EULA via theprocedures outlined in the Fortinet Whistleblower Policy. Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.October 20, 2023FG-3900E-DAT-R33-20231020。

PA-220The controlling element of the PA-220 is PAN-OS®, the same software that runs all Palo Alto Networks NGFWs. PAN-OS natively classifies all traffic, inclusive of applications, threats, and content, and then ties that traffic to the user regardless of location or device type. The application, con-tent, and user—in other words, the elements that run your business—then serve as the basis of your security policies, resulting in improved security posture and reduced incident response times.Key Security and Connectivity FeaturesML-Powered Next-Generation Firewall• Embeds machine learning (ML) in the core of the firewall to provide inline signatureless attack prevention for file-based attacks while identifying and immediately stopping never-before-seen phishing attempts.• Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW.• Uses behavioral analysis to detect IoT devices and make policy recommendations; cloud- d elivered and natively i ntegrated service on the NGFW.• Automates policy recommendations that save time and r educe the chance of human error.Identifies and categorizes all applications, on all ports, all the time, with full Layer 7 inspection • Identifies the applications traversing your network i rrespective of port, protocol, evasive techniques, or en-cryption (TLS/SSL).• Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect, and apply traffic-shaping.• Offers the ability to create custom App-ID™ tags for pro-prietary applications or request App-ID development for new applications from Palo Alto Networks.• Identifies all payload data within the application (e.g., files and data patterns) to block malicious files and thwart data exfiltration attempts.• Creates standard and customized application usage reports, including software-as-a-service (SaaS) reports that provide insight into all sanctioned and unsanctioned SaaS traffic on your network.• Enables safe migration of legacy Layer 4 rule sets to A pp-ID-based rules with built-in Policy Optimizer, giving you a rule set that is more secure and easier to manage. Enforces security for users at any location, on any device, while adapting policy based on user activity• Enables visibility, security policies, reporting, and forensics based on users and groups—not just IP addresses.• Easily integrates with a wide range of repositories to lever-age user information: wireless LAN controllers, VPNs, d irectory servers, SIEMs, proxies, and more.• Allows you to define Dynamic User Groups (DUGs) on the firewall to take time-bound security actions without wait-ing for changes to be applied to user directories.• Applies consistent policies irrespective of users’ locations (office, home, travel, etc.) and devices (iOS and Android®mobile devices, macOS®, Windows®, Linux desktops, lap-tops; Citrix and Microsoft VDI and Terminal Servers).• Prevents corporate credentials from leaking to third-party websites and prevents reuse of stolen credentials by e nabling multi-factor authentication (MFA) at the network layer for any application without any application changes.• Provides dynamic security actions based on user behavior to restrict suspicious or malicious users.Prevents malicious activity concealed ine ncryp ted traffic• Inspects and applies policy to TLS/SSL-encrypted traffic, both inbound and outbound, including for traffic that uses TLS 1.3 and HTTP/2.• Offers rich visibility into TLS traffic, such as amount of encrypted traffic, TLS/SSL versions, cipher suites, and more, without decrypting.• Enables control over use of legacy TLS protocols, insecure ciphers, and misconfigured certificates to mitigate risks.• Facilitates easy deployment of decryption and lets you use built-in logs to troubleshoot issues, such as applications with pinned certificates.• Lets you enable or disable decryption flexibly based on URL category and source and destination zone, address, user, user group, device, and port, for privacy and regula-tory compliance purposes.• Allows you to create a copy of decrypted traffic from the firewall (i.e., decryption mirroring) and send it to traffic collection tools for forensics, historical purposes, or data loss prevention (DLP).Offers centralized management and visibility • Benefits from centralized management, configuration, and visibility for multiple distributed Palo Alto Networks NGFWs (irrespective of location or scale) through Panorama™ net-work security management, in one unified user interface.• Streamlines configuration sharing through Panorama with templates and device groups, and scales log collection as logging needs increase.• Enables users, through the Application Command Center (ACC), to obtain deep visibility and comprehensive insights into network traffic and threats.Detects and prevents advanced threats with cloud-delivered security servicesToday’s sophisticated cyberattacks can spawn 45,000 variants in 30 minutes using multiple threat vectors and a dvanced techniques to deliver malicious payloads. Tradi-tional siloed security causes challenges for organizations by introducing security gaps, increasing overhead for security teams, and hindering business productivity with inconsis-tent access and visibility.• SaaS Security —delivers integrated SaaS security that lets you see and secure new SaaS applications, protect data, and prevent zero-day threats at the lowest total cost of ownership (TCO).Delivers a unique approach to packet processing with Single-Pass Architecture• Performs networking, policy lookup, application and decod -ing, and signature matching—for all threats and c ontent—in a single pass. This significantly reduces the amount of processing overhead required to perform multi p le functions in one security device. • Avoids introducing latency by scanning traffic for all signa-tures in a single pass, using stream-based, uniform s igna t ure matching. • Enables consistent and predictable performance when se c urity subscriptions are enabled. (In table 1, “Threat P re v ention throughput” is measured with multiple subscrip-tions enabled.)Enables SD-WAN functionality• Allows you to easily adopt SD-WAN by simply enabling it on your existing firewalls.• Enables you to safely implement SD-WAN, which is natively integrated with our industry-leading security.• Delivers an exceptional end user experience by minimizinglatency, jitter, and packet loss.The PA-220 supports a wide range of networking features that enable you to more easily integrate our security featuresinto your existing network.Note: Results were measured on PAN-OS 10.1.* Firewall throughput is measured with App-ID and logging enabled, using 64 KB HTTP/appmix transactions.† Threat Prevention throughput is measured with App-ID, IPS, antivirus, anti- spyware, WildFire, DNS Security, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions.‡ IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled. § New sessions per second is measured with application-override utilizing 1 byte HTTP transactions.Seamlessly integrated with our industry-leading NGFWs, our Cloud-Delivered Security Services use the network effect of 80,000 customers to instantly coordinate intelligence and pro -tect against all threats across all vectors. Eliminate coverage gaps across your locations and take advantage of best-in-class security delivered consistently in a platform to stay safe from even the most advanced and evasive threats. Services include:• Threat Prevention —goes beyond a traditional intrusion prevention system (IPS) to prevent all known threats across all traffic in a single pass without sacrificing performance.• Advanced URL Filtering —provides best-in-class web protection while maximizing operational efficiency with the industry’s first real-time web protection engine and i ndustry-leading phishing protection.• WildFire ®—ensures files are safe with automatic detection and prevention of unknown malware powered by industry- leading cloud-based analysis and crowdsourced intelligence from more than 42,000 customers.• DNS Security —harnesses the power of ML to detect as well as prevent threats over DNS in real time and empowerss ecurity personnel with the intelligence and context to craft policies and respond to threats quickly and effectively.• IoT Security —provides the industry’s most comprehen -sive IoT security solution, delivering ML-powered visibility, p revention, and enforcement in a single platform.• Enterprise DLP —offers the industry’s first cloud- d elivered enterprise DLP that consistently protects sensitive data across networks, clouds, and users.3000 Tannery WaySanta Clara, CA 95054Main: +1.408.753.4000Sales: +1.866.320.4788Support: +1.866.898.9087© 2021 Palo Alto Networks, Inc. Palo Alto Networks is a registeredtrademark of Palo Alto Networks. A list of our trademarks can be found at https:///company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.strata_ds_pa-220_060721To learn more about the features and associated capacities of the PA-220, please visit /network- security/next-generation-firewall/pa-220.。

F ortiGate 3400E SeriesFG-3400E/-DC and FG-3401E/-DCHigh Performance with FlexibilityThe FortiGate 3400E Series enables organizations to build security-driven networks that can weave security deep into their datacenter and across their hybrid IT architecture to protect any edge at any scale.Powered by a rich set of AI/ML-based FortiGuard Services and an integrated security fabric platform, the FortiGate 3400E Series delivers coordinated, automated, end-to-end threat protection across all use cases.The industry’s first integrated Zero Trust Network Access (ZTNA) enforcement within an NGFW solution, FortiGate 3400E Series automatically controls, verifies, and facilitates user access to applications delivering consistent convergence with a seamless user experience.HighlightsGartner Magic QuadrantLeader for both Network Firewalls and SD-WAN.Security-Driven Networking FortiOS delivers convergednetworking and security.Unparalleled Performance with Fortinet’s patented / SPU / vSPU processors.Enterprise Security with consolidated AI / ML-powered FortiGuard Services.Hyperscale Security to secure any edge at any scale.IPS NGFW Threat Protection Interfaces44 Gbps34 Gbps25 GbpsMultiple GE RJ45, 25 GE SFP28 / 10 GE SFP+ / GE SFP and 100 GE QSFP28 / 40 GE QSFP+ slotsData SheetFortiOS EverywhereFortiOS, Fortinet’s Advanced Operating SystemFortiOS enables the convergence of high performing networking and security across the Fortinet Security Fabric. Because it can be deployed anywhere, it delivers consistent and context-aware security posture across network, endpoint, and multi-cloud environments. FortiOS powers all FortiGate deployments whether a physical or virtual device, as a container, or as a cloud service. This universal deployment model enables the consolidation of many technologies and use cases into a simplified, single policy and management framework. Its organically built best-of-breed capabilities, unified operating system, and ultra-scalability allows organizations to protect all edges, simplify operations, and run their business without compromising performance or protection.FortiOS dramatically expands the Fortinet Security Fabric’s ability to deliver advanced AI/ML-powered services, inline advanced sandbox detection, integrated ZTNA enforcement, and more, provides protection across hybrid deployment models for hardware, software, and Software-as-a-Service with SASE.FortiOS expands visibility and control, ensures the consistent deployment and enforcement of security policies, and enables centralized management across large-scale networks with the following key attributes:•Interactive drill-down and topology viewers that display real-time status•On-click remediation that provides accurate and quick protection against threats and abuses •Unique threat score system correlates weighted threats with users to prioritize investigationsFortiConverter ServiceFortiConverter Service provides hassle-free migration to help organizations transition from a wide range of legacy firewalls to FortiGate Next-Generation Firewalls quickly and easily. The service eliminates errors and redundancy by employing best practices with advanced methodologies and automated processes. Organizations can accelerate their network protection with the latest FortiOS technology.Intuitive easy to use view into the network andendpoint vulnerabilitiesVisibility with FOS Application SignaturesAvailable inCloudHostedVirtualApplianceContainerFortiGuard ServicesNetwork and File SecurityServices provide protection against network-based and file-based threats. This consists of Intrusion Prevention (IPS) which uses AI/M models to perform deep packet/SSL inspectionto detect and stop malicious content, and apply virtual patching when a new vulnerability is discovered. It also includes Anti-Malware for defense against known and unknown file-based threats. Anti-malware services span both antivirus and file sandboxing to provide multi-layered protection and are enhanced in real-time with threat intelligence from FortiGuard Labs. Application Control enhances security compliance and offers real-time application visibility. Web / DNS SecurityServices provide protection against web-based threats including DNS-based threats, malicious URLs (including even in emails), and botnet/command and control communications. DNS filtering provides full visibility into DNS traffic while blocking high-risk domains, and protects against DNS tunneling, DNS infiltration, C2 server ID and Domain Generation Algorithms (DGA). URL filtering leverages a database of 300M+ URLs to identify and block links to malicious sites and payloads. IP Reputation and anti-botnet services prevent botnet communications, and block DDoS attacks from known sources.SaaS and Data SecurityServices address numerous security use cases across application usage as well as overall data security. This consists of Data Leak Prevention (DLP) which ensures data visibility, management and protection (including blocking exfiltration) across networks, clouds, and users, while simplifying compliance and privacy implementations. Separately, our Inline Cloud Access Security Broker (CASB) service protects data in motion, at rest, and in the cloud.The service enforces major compliance standards and manages account, user and cloud application usage. Services also include capabilities designed to continually assess your infrastructure, validate that configurations are working effectively and secure, and generate awareness of risks and vulnerabilities that could impact business operations. This includes coverage across IoT devices for both IoT detection and IoT vulnerability correlation.Zero-Day Threat PreventionZero-day threat prevention entails Fortinet’s AI-based inline malware prevention, our most advanced sandbox service, to analyze and block unknown files in real-time, offering sub-second protection against zero-day and sophisticated threats across all NGFWs. The service also has a built-in MITRE ATT&CK® matrix to accelerate investigations. The service focuses on comprehensive defense by blocking unknown threats while streamlining incident response efforts and reducing security overhead.OT SecurityThe service provides OT detection, OT vulnerability correlation, virtual patching, OT signatures, and industry-specific protocol decoders for overall robust defense of OT environments and devices.Secure Any Edge at Any ScalePowered by Security Processing Unit (SPU)Traditional firewalls cannot protect against today’s content- and connection-based threats because they rely on off-the-shelf hardware and general-purpose CPUs, causing a dangerous performance gap. Fortinet’s custom SPU processors deliver the power you need—up to520Gbps—to detect emerging threats and block malicious content while ensuring your network security solution does not become a performance bottleneck.ASIC AdvantageFortiCare ServicesFortinet is dedicated to helping our customers succeed, and every year FortiCare Services help thousands of organizations get the most from our Fortinet Security Fabric solution. Our lifecycle portfolio offers Design, Deploy, Operate, Optimize, and Evolve services. Operateservices offer device-level FortiCare Elite service with enhanced SLAs to meet our customer’s operational and availability needs. In addition, our customized account-level services provide rapid incident resolution and offer proactive care to maximize the security and performance of Fortinet deployments.Network Processor 6 NP6Fortinet’s new, breakthrough SPU NP6network processor works inline with FortiOS functions delivering:•Superior firewall performance for IPv4/IPv6, SCTP and multicast traffic with ultra-low latency•VPN, CAPWAP and IP tunnel acceleration •Anomaly-based intrusion prevention, checksum offload, and packet defragmentation•Traffic shaping and priority queuingContent Processor 9 CP9Content Processors act as co-processors to offload resource-intensive processing of security functions. The ninth generation of the Fortinet Content Processor, the CP9, accelerates resource-intensive SSL (including TLS 1.3) decryption and security functions while delivering:•Pattern matching acceleration and fast inspection of real-time traffic for application identification•IPS pre-scan/pre-match, signature correlation offload, and accelerated antivirus processingUse CasesNext Generation Firewall (NGFW)•FortiGuard Labs’ suite of AI-powered Security Services—natively integrated with your NGFW—secures web, content, and devices and protects networks from ransomware and sophisticated cyberattacks•Real-time SSL inspection (including TLS 1.3) provides full visibility into users, devices, and applications across the attack surface•Fortinet’s patented SPU (Security Processing Unit) technology provides industry-leading high-performance protectionSegmentation•Dynamic segmentation adapts to any network topology to deliver true end-to-end security—from the branch to the datacenter and across multi-cloud environments •Ultra-scalable, low latency, VXLAN segmentation bridges physical and virtual domains with Layer 4 firewall rules•Prevents lateral movement across the network with advanced, coordinated protection from FortiGuard Security Services detects and prevents known, zero-day, and unknown attacksSecure SD-WAN•FortiGate WAN Edge powered by one OS and unified security and management framework and systems transforms and secures WANs•Delivers superior quality of experience and effective security posture for work-from-any where models, SD-Branch, and cloud-first WAN use cases•Achieve operational efficiencies at any scale through automation, deep analytics, and self-healingMobile Security for 4G, 5G, and IoT•SPU-accelerated, high performance CGNAT and IPv6 migration options, including: NAT44, NAT444, NAT64/ DNS64, NAT46 for 4G Gi/sGi, and 5G N6 connectivity and security •RAN Access Security with highly scalable and highest-performing IPsec aggregation and control Security Gateway (SecGW)•User plane security enabled by full threat protection and visibility into GTP-U inspection Datacenter Deployment (NGFW, IPS, Segmentation)InternetFortiClientZTNA / VPNFortiGate NGFWFortiGateIPSFortiManager NOC OperationsFortiAnalyzer SOC OperationsData CenterHardwareFortiGate 3400E SeriesInterfaces1. 1 x USB Management Port2. 1 x Console Port3. 2 x GE RJ45 Management Ports4. 2 x 25 GE SFP28 / 10 GE SFP+ / GE SFP HA Slots5. 22 x 25 GE SFP28 / 10 GE SFP+ / GE SFP Slots6. 4 x 100 GE QSFP28 / 40 GE QSFP+ Slots Hardware Features100 GE Connectivity for NetworkHigh-speed connectivity is essential for network security segmentation at the core of data networks. The FortiGate 3400E Series provides multiple 100 GE QSFP28 slots, simplifying network designs without relying on additional devices to bridge desired connectivity.SpecificationsNote: All performance values are “up to” and vary depending on system configuration.1IPsec VPN performance test uses AES256-SHA256.2IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3SSL Inspection performance values use an average of HTTPS sessions of different cipher suites.4 NGFW performance is measured with Firewall, IPS and Application Control enabled.5Threat Protection performance is measured with Firewall, IPS, Application Control andMalware Protection enabled.(1518 / 512 / 64 byte, UDP)IPv6 Firewall Throughput (1518 / 512 / 86 byte, UDP)240 / 238 / 150 GbpsFirewall Latency (64 byte, UDP)3.33 μs Firewall Throughput (Packet per Second)225 Mpps Concurrent Sessions (TCP)50 Million New Sessions/Second (TCP)850 000Firewall Policies200 000IPsec VPN Throughput (512 byte) 1140 Gbps Gateway-to-Gateway IPsec VPN Tunnels 40 000Client-to-Gateway IPsec VPN Tunnels 200 000SSL-VPN Throughput11 Gbps Concurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)30 000SSL Inspection Throughput (IPS, avg. HTTPS) 330 Gbps SSL Inspection CPS (IPS, avg. HTTPS) 314 000SSL Inspection Concurrent Session (IPS, avg. HTTPS) 34.9 Million Application Control Throughput (HTTP 64K) 286 Gbps CAPWAP Throughput (HTTP 64K)57 Gbps Virtual Domains (Default / Maximum)10 / 500Maximum Number of FortiSwitches Supported300Maximum Number of FortiAPs (Total / Tunnel)4096 / 2048Maximum Number of FortiTokens 20 000High Availability ConfigurationsActive-Active, Active-Passive, ClusteringStorage Temperature -31°–158°F (-35°–70°C)Humidity 10%–90% non-condensingNoise Level 63 dBA Forced Airflow Front to Back Operating Altitude Up to 7400 ft (2250 m)Compliance FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CBCertificationsUSGv6/IPv6Ordering InformationDC, FG-3240C/-DC, FG-3000D/-DC, FG-3100D/-DC, FG-3200D/-DC, FG-3400/3401E, FG-3600/3601E, FG-3700D/-DC, FG-3700DX, FG-3810D/-DC and FG-3950B/-DC.AC Power Supply SP-FG3800D-PS AC power supply for FG-3400/3401E, FG-3600/3601E, FG-3700D, FG-3700D-NEBS, FG-3700DX,FG-3810D and FG-3815D.DC Power Supply SP-FG3800D-DC-PS DC power supply for FG-3400/3401E-DC. FG-3700D-DC, FG-3700D-DC-NEBS, FG-3810D-DC, FG-3815D-DC.1 GE SFP LX Transceiver Module FN-TRAN-LX 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.1 GE SFP RJ45 Transceiver Module FN-TRAN-GC 1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+slots.1 GE SFP SX Transceiver Module FN-TRAN-SX 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.10 GE SFP+ RJ45 Transceiver Module FN-TRAN-SFP+GC10 GE SFP+ RJ45 transceiver module for systems with SFP+ slots.10 GE SFP+ Transceiver Module, Short Range FN-TRAN-SFP+SR10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots.10 GE SFP+ Transceiver Module, Long Range FN-TRAN-SFP+LR10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots.10 GE SFP+ Transceiver Module, Extended Range FN-TRAN-SFP+ER10 GE SFP+ transceiver module, extended range for all systems with SFP+ and SFP/SFP+ slots.10 GE SFP+ Active Direct Attach Cable, 10m / 32.8 ft SP-CABLE-ADASFP+10 GE SFP+ active direct attach cable, 10m / 32.8 ft for all systems with SFP+ and SFP/SFP+ slots.25 GE SFP28 Transceiver Module, Short Range FN-TRAN-SFP28-SR25 GE SFP28 transceiver module, short range for all systems with SFP28 slots.25 GE SFP28 Transceiver Module, Long Range FG-TRAN-SFP28-LR25 GE SFP28 transceiver module, long range for all systems with SFP28 slots.40 GE QSFP+ Transceiver Module, Short Range FN-TRAN-QSFP+SR40 GE QSFP+ transceiver module, short range for all systems with QSFP+ slots.40 GE QSFP+ Transceiver Module, Short Range BiDi FG-TRAN-QSFP+SR-BIDI40 GE QSFP+ transceiver module, short range BiDi for all systems with QSFP+ slots.40 GE QSFP+ Transceiver Module, Long Range FN-TRAN-QSFP+LR40 GE QSFP+ transceiver module, long range for all systems with QSFP+ slots.100 GE QSFP28 Transceivers, Short Range FN-TRAN-QSFP28-SR100 GE QSFP28 transceivers, 4 channel parallel fiber, short range for all systems with QSFP28 slots. 100 GE QSFP28 Transceivers, Long Range FN-TRAN-QSFP28-LR100 GE QSFP28 transceivers, 4 channel parallel fiber, long range for all systems with QSFP28 slots. 100 GE QSFP28 Transceivers, CWDM4FN-TRAN-QSFP28-CWDM4100 GE QSFP28 transceivers, LC connectors, 2KM for all systems with QSFP28 slots.SubscriptionsFortiGuard BundlesFortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.FortiCare EliteFortiCare Elite offers enhanced SLAs and quick issue resolution through a dedicated support team. It provides single-touch ticket handling, extended Extended End-of-Engineering-Support for 18 months, and access to the new FortiCare Elite Portal for a unified view of device and security health.Service Category Service Offering A-la-carteBundlesEnterprise ProtectionUnified Threat ProtectionAdvanced ThreatProtectionFortiGuard Security ServicesIPS Service••••Anti-Malware Protection (AMP) — Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Service ••••URL, DNS & Video Filtering Service •••Anti-Spam••AI-based Inline Malware Prevention Service ••Data Loss Prevention Service 1••OT Security Service (OT Detection, OT Vulnerability correlation, Virtual Patching, OT Signature / Protocol Decoders) 1•Application Control included with FortiCare Subscription CASB SaaS Controlincluded with FortiCare SubscriptionSD-WAN and SASE ServicesSD-WAN Underlay Bandwidth and Quality Monitoring Service •SD-WAN Overlay-as-a-Service for SaaS-based overlay network provisioning•SD-WAN Connector for FortiSASE Secure Private Access•FortiSASE subscription including cloud management and 10Mbps bandwidth license 2•NOC and SOC ServicesFortiGuard Attack Surface Security Service (IoT Detection, IoT Vulnerability Correlation, and Security Rating Updates) 1••FortiConverter Service ••Managed FortiGate Service•FortiGate Cloud (SMB Logging + Cloud Management) •FortiAnalyzer Cloud•FortiAnalyzer Cloud with SOCaaS •FortiGuard SOCaaS•Hardware and Software SupportFortiCare Essentials •FortiCare Premium ••••FortiCare Elite•Base ServicesInternet Service (SaaS) DB Updates included with FortiCare SubscriptionGeoIP DB UpdatesDevice/OS Detection Signatures Trusted Certificate DB Updates DDNS (v4/v6) Service1. Full features available when running FortiOS 7.4.12. Desktop Models onlyFortinet CSR PolicyFortinet is committed to driving progress and sustainability for all through cybersecurity,with respect for human rights and ethical business practices, making possible a digitalworld you can always trust. You represent and warrant to Fortinet that you will notuse Fortinet’s products and services to engage in, or support in any way, violationsor abuses of human rights, including those involving illegal censorship, surveillance,detention, or excessive use of force. Users of Fortinet products are required to complywith the Fortinet EULA and report any suspected violations of the EULA via theprocedures outlined in the Fortinet Whistleblower Policy. Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.October 20, 2023FG-3400E-DAT-R24-20231020。

Every Business Is a Digital BusinessForeword Introduction Relationships at Scale Design for Analytics Data Velocity Seamless Collaboration Software-Defined Networking Active Defense Beyond the Cloud ConclusionResearch Methodology End Notes ContactsContents34618324252637787909197Technology is intertwined in nearly every aspect of business today, with information technology fast becoming a primary driver of market differentiation, business growth, and profitability. That is why we believe that understanding the technology trends that are changing the world as we know it extends well beyond the realm of IT executives—to COOs, CMOs, and CEOs. As leaders, it is our collective responsibility to grasp the importance of technology and to use it to deliver tangible business results for our stakeholders.The theme of this year’s Accenture Technology Vision is Every Business Is a Digital Business, and we seeit as a forecast for business, not merely technology. We describethe important technology trendsaffecting organizations in both thepublic and private sectors, and wesuggest that these changes signal abroader transformation in the roleof technology and in the businessmodels that will be requiredfor success.We further propose that the timeis now for leaders to act, in termsof understanding the power ofnew technologies and having theforesight to adopt them. Around theworld, we see organizations usingthe technologies described in theAccenture Technology Vision to adaptto a rapidly changing environment,to transform their relationships withconsumers, to further differentiatethemselves in the marketplace, and toexpand their global footprint.We hope that you find the AccentureTechnology Vision insightful as youconsider strategies for making yourorganizations even more relevant in adigital world. We wish you all the bestin your journey.ForewordPierre Nanterme Chairman & CEO Accenture Marty ColeGroup Chief Executive - Technology AccentureEnterprises have spent the last25 years working to peel awaythe nonessential pieces of their businesses; focus on the core, outsource the rest. But in this push to simplify, many companies have relegated IT to “keeping the lights on.” Without information and technology, a business is blind in today’s digital world. You must change the way you think about IT to map a clear path forward.Every business is now adigital business.The world has already changed around us, and IT is driving much of the transformation. IT is a minimum standard for how we effectively run our enterprise, but it’s gone furtherthan that. IT has become a drivingforce, in many situations the drivingforce, for how we effectively growour companies. Every industry isnow software driven; as such, everycompany must adopt IT as one ofits core competencies. By this wemean that software is absolutelyintegral to how we currently runour businesses as well as how wereimagine our businesses as theworld continues to change—how weredesign and produce things, how wecreate and manage new commercialtransactions, how we begin tocollaborate at unprecedented levelsinternally and with customers andsuppliers. In the new world, ourdigital efforts will be the key to howwe innovate and expandour business.There is a higher order of thinking—adigital mindset—that will, we believe,separate tomorrow’s most ableorganizations from their lesser rivals.Accenture observes that increasingnumbers of farsighted organizationsare recognizing IT as a strategicasset with which they can renewvital aspects of their operations—optimizing at least and innovatingat best. As such, they are investingin the digital tools, the capabilities,and the skills to more easily identifyuseful data, evaluate it, excerpt it,analyze it, derive insights from it,share it, manage it, comment on it,report on it, and, most importantly,act on it.We no longer have to look far forexamples. Here is Nike using wirelesssensors and Web technology tocreate a performance-trackingsystem that allows it to create newservices to monitor, and to improveand create new training routines forathletes. There is Ford, using sensordata to monitor both how a caroperates and the driver’s behavior,and seeking to apply analytics toimprove the experience for thenext generation.These companies, and many morelike them, clearly see digital asa strategic imperative—a tool ofTechnology is changing the gameEvery Business Is a Digital Businessicompetitive intent. They aren’t waiting for new technologies to be developed or to mature before they act. Nor should you.The obligation for action is allthe more pressing because the technologies to transform your business are here and now. They are already good enough. Mobile, cloud, social, virtualization, big data—many of the items continuously listed as “hot trends”—are quickly becoming part of the current generation of technology; they are well past the point where they should be areasof exploration and experimentation and are quickly becoming the tools with which companies can craft fast, cost-effective solutions to some of their toughest problems—andgreatest opportunities.As it has always done—as is itscharter—our Technology Vision looksover the horizon at the emergingdevelopments in technology thatshould be added to the list oftechnologies the enterprise shouldbe prepared to take advantage of,from data visualization solutionsand software-defined networks tomoving-target-defense securitysystems. Just as importantly, though,this year’s report communicates whyevery organization has to adopt adigital mindset. At the very least, itis necessary in order to anticipateand respond to ongoing technology-driven disruptions. has disrupted retail sectors farbeyond books and changed thewhole discussion about who “owns”IT. Similarly, Airbnb is sparking atransformation in the traditionalhotel business. But ideally, a digitalmindset will enable enterprises tolaunch preemptive strikes oftheir own.It is incumbent upon the executiveleadership team to be stewardsof this new mindset. They mustrecognize that it’s no longer possibleto separate “the technology”from “the business”; the two aretoo tightly intertwined. IT helpsredesign the company’s productsand supports its processes; it drivesits supply chains; it becomes partof the products themselves andcreates new ones; it allows accessto new consumers; it providesthe frameworks to create net newservices. An organization cannot bethe best in its sector unless itexcels at understanding andusing technology.Your stakeholders may not yet beprobing into how your top teamviews IT. But it won’t be long beforethey do.Relationships at Scale Moving beyond transactions to digital relationshipsAccenture Technology Vision 2013Businesses need to rethink their digital strategies to move beyond e-commerce and marketing. Although mobile technology, social networks, and context-based services have increased the number of digital connections with consumers, most companies are still just creating more detailed views of consumers, consumer attributes, and transactions. Individually, these connections may represent new types of user experiences, even new sets of sales channels—but that’s not the real opportunity. Taken in aggregate, digital represents a key new approach to consumer engagement and loyalty: companies can manage relationships with consumers at scale.Relationships at ScaleIt is time for businesses to return their attention to their relationships with consumers. Business success has always been built on relationships and on the relevance of products and services to buyers’ needs. Just a few generations ago, consumers were often friends—and certainly neighbors—of the local grocer, pharmacist, and everyone else who provided the things consumers needed. But that model changed with large-scale industrialization and with the introduction of IT. Handcraftsmanship was replaced by mass production. Advice delivered over the counter was replaced by global call centers. A human face making a sale was often replaced by a Web page.That might imply that a growing distance between companies and consumers is inevitable—and over the last few decades, many consumers might agree that they have beentreated with greater indifference and far less personal attention.Yet now, the opposite is true: technology is finally at a point where buyers can be treated like individuals again. Consumersare more than faceless digital transactions, more than a cookiefile or a transaction history ora demographic profile; they’rereal people with real differences. Companies now have rich channels through which to communicate with consumers in a much more personal way. Farsighted organizations are seeing a golden opportunity to use mobile communications channels, social media, and context-based services to create truly personal relationships with consumers—but digital relationships this time—and to leverage those relationships to drive revenue growth. Specifically, enterprises arecustomizing the experience forevery interaction they have withconsumers regardless of the channel.This mass personalization includesnot only the interactions thatcompanies have with consumers butthe interactions that consumers havewith each other. The potential payoffis two-pronged: a relationship withthe consumer your competitors don’thave and a differentiated brand.Learning more thanever beforeBusinesses now have new ways tolearn about consumers based onincreasingly digital interactions,whether through e-mail, socialmedia, Web pages, online chat,mobile apps, or tweets. And it’s notjust online interactions that benefitfrom those insights; by maintainingintegrated communications acrossboth physical and virtual channels,enterprises can use insight fromdigital channels to improve servicein in-store situations as well.For instance, Catalina, a globalmarketing company, is usingconsumers’ in-store location,determined by the product QR codesthey scan, along with consumers’profiles to generate offers asthey shop for groceries. With theunderstanding of exactly whereshoppers are in the store, offerscan be personalized in such a wayto provide not just a digital offerbut an offer that is relevant towhat shoppers are looking at in thephysical store at that moment.These digital interactions allowcompanies to capture, measure,analyze, and exploit socialinteractions in new ways. Bysimply being digital in nature, theinteractions allow enterprises toactually measure the results ofConsumers are more than faceless digitaltransactions, more than a cookie file ora transaction history or a demographicprofile; they’re real people with realdifferences. ”“itheir sales and marketing efforts, scaling them when they succeed and scotching them when they fail. Using analytics can also establish deeper consumer insights, allowing companies to create more compelling user experiences. This concept of mass personalization enables businesses to customize every interaction. Essentially, they can begin to establish arelationship with consumers, usingpast transactions to inform current conversations, using context to move from transactions to interactions,and ultimately using their consumerinsight to infuse the interactions with greater engagement and intimacy. Consumers aren’t just buyers any longerKey to making this transition isunderstanding that consumers aren’t just buyers anymore—they’ve evolved into connected consumers. They’re connected to social networks. They’re connected to like-minded consumers. They’re connected to brands. That means they also have the potential to be your advertisers. That’s a powerful constituency to into.Thanks to social media, consumers have more opportunities than ever before to express likes, dislikes, and recommendations. They aren’t simply purchasing a product or service—they are doing a lot more. On Yelp, they’re detractors or cheerleaders. On and Menuism,they’re reviewers and advertisers. On Spotify, they’re DJs offering music recommendations. On TripAdvisor, they’re travel guides. And, thanks tomobility, they can do it where they want, when they want.The Cleveland Indians, a Major League baseball team, is actively working to use its relationships with its most avid fans to create a group of evangelists to promote theteam. The Indians’ Social Media Club incents fans to create a buzz about the team through a myriad of social channels, from Facebook to Tumblr. More than just pointing fans to socialforums, they are actively incenting them to participate, offering ticket discounts and, for active posters, chances to be invited to a special Social Suite in the ballpark and to share their comments about the game. This paradigm brings immediacy to social conversation—consumers have the ability to bring friends togetherUsing analytics can also establish deeperconsumer insights, allowing companiesto create more compelling user experiences.”“iito share experiences and to report on those experiences. These technologies have permanently altered the ways in which consumers share information, collaborate, interact, entertain themselves, inform themselves, and maintain awareness of events around them. Enterprises need to recognize the change and begin to harness it. All of this contributes to a new standard among consumers:they expect the mobile and social experience to be highly personalized.They expect to be given the abilityto get pertinent, contextualinformation that relates to theirlives, their friends, their needs,and their pursuits. And becausethe experience is personalized it’salso more powerful. Ninety-twopercent of consumers globally saythey trust earned media, such asword-of-mouth endorsements orrecommendations from friends andfamily, above all other formsof advertising.Even watching TV is changing.Accenture research shows thatmore than 40 percent of consumersare showing increasing “secondscreen” habits, using a smartphoneor tablet while watching TV suchthat they are accessing multiplestreams of information at the sametime. This could mean tweeting ona smartphone while watching a TVdrama or viewing players’ statisticswhile watching sports. For the 2011–2012 season, the National HockeyLeague deployed an online game tobe played while watching the StanleyCup finals; fans won points bycorrectly predicting outcomes on theice, like the result of a face-off.Based on these new behaviors,businesses face several relatedopportunities: Because many of thesenetworks are public, companies havean unprecedented opportunity totrack what people are saying aboutthem. More important, they havethe opportunity to use these newattitudes and technologies to createrelationships, which will result incustomer acquisition and, for currentcustomers, repeat sales.Moving the mindsetfrom transactions torelationshipsThe goal is to use insight tochange communication withconsumers from transactions tointeractions to an unprecedentedlevel of relationship and loyalty—the equivalent of frequent-flierprograms on steroids. The problemis that, until now, most enterpriseshave viewed online channelsprimarily as a way to reduce costs,iiiivnot improve relationships. It’s time to shift that mindset. Consumers are already having conversations about enterprises among themselves. Fueled by every new consumer service and every new user experience, consumer behaviors have changed far faster than businesses. Facebook, eBay, Yelp, Foursquare, and many other companies in effect continue to train huge segments of consumers to communicate among themselves, outside the purview of businesses, coming back to a business site only to conduct final transactions. Companies may not be able to, and frankly shouldn’t, take complete control of the conversations their consumers are having in these new electronic storefronts and plazas. But they do need to figure out how to become participants, react with relevant offers, and respondto concerns.It’s time for enterprises to reimaginetheir consumer engagementstrategy. Too many are still stuck inthe days of ads and focus groups.When they want to communicateto consumers, they broadcast amessage through their marketingchannels, and when they need tohear back, they bring together arepresentative group from whichthey can extrapolate insights. Today,the channels are increasing (thinkYouTube, Twitter, customer servicechat) and consumer insight cancome from a much wider sample ofconsumer and information sources:the Web, mobile technology, social-media sites, and others. But it’simportant to remember in thisscenario that technology is only atool. Reimagining a consumerengagement strategy is not basedsolely on technology.That new consumer-engagementstrategy will require aggregatedinsight across applications so thateach channel feeds informationinto a holistic view of consumers.That means more collaborationacross sales and marketing andacross digital and physical saleschannels, and even the ability totrack and acquire informationbeyond the business’s ownchannels. Businesses should breakdown the internal barriers thatsegment consumer interactionsby channel in order to create aunified consumer strategy acrossall channels. Siloed approacheserode the value of integratedcustomer interactions. Burberry,for example, jointly developed anapplication with SAP that placesall the consumer informationBurberry has from its separatecustomer channels in the hand ofits sales associates. In the store,they can use an iPad to access ashopper’s profile that pulls togetherIt’s time for enterprises to reimaginetheir consumer engagement strategy.”“vcontact details, transactional history, lifetime spending statistics, recommendations based on purchases, and social-media comments regarding the brand. An omnichannel relationship strategyJettison the idea of a single subgroup within the enterprise that is responsible for the entire “digital” channel. Instead, the enterprise must figure out how all the groups will work in concert. Each group should work together toward an overarching, omnichannel relationship strategy, one that promotes collaboration and sharing among channels to manage relationships with consumers in an ongoing fashion.Enterprises must find out howand where consumers are most comfortable interacting with them. That may depend on circumstancesas varied as demographics orproximity to a buying decision;one customer may prefer a digitalinteraction whereas another mayprefer to speak to a live customer-service agent. Unfortunately,businesses can’t automaticallyreplace some channels in favorof others; they must allow theconsumer to choose from among aportfolio of channels, depending onthe consumer’s needs at any giventime.For example, Virgin America isoffering customer service throughTwitter and Facebook. Customersupport monitors tweets andFacebook posts to the airline forindications that someone needs help,allowing consumers to make simplerequests, like reserving a wheelchairfor a flight, without waiting on holdfor a call center rep.That said, every challenge reveals anopportunity. These new channels—whether through mobile appson smartphones, through social-networking capabilities such asPinterest, or through corporatewebsites—allow new ways ofcommunicating with the consumerthat help increase the quality andutility of interactions. It’s not aquestion of replacing channels oreven weaving them all together intoa single interface. Savvy companiesunderstand that different channelsrepresent opportunities to createdifferent experiences that trulyleverage each channel. Having aportfolio of channels creates theopportunity to give a consumer theright interaction at the right time.Consider the way a retailer interactswith a customer: a discount deliveredin an e-mail is often considered“spam,” while that same discountdelivered as a consumer scans aproduct QR code is just good service.Understanding how, when, andSavvy companies understand that differentchannels represent opportunities to createdifferent experiences that truly leverage eachchannel. Having a portfolio of channels createsthe opportunity to give a consumer the rightinteraction at the right time. ”“viwas displayed, starting at 99 percentand ticking down by 1 percent everysecond until the consumer enteredthe Meat Pack store. When a discountwas redeemed, the person’s Facebookstatus automatically changed toinform the world.Similarly, businesses will haveto disrupt the mindset that says“relationships” equate to “marketing.”This means that IT must forge closelinks with other groups that touchconsumers and reach out to businessunits, such as product development,that manage interactions with othercommunities.Insight leads toincreased consumersatisfactionWith deeper interaction, businessescan more quickly understand whatconsumers like—and what theydon’t. Better insight into customerpreferences allows businesses toiterate product development faster,to scale up production or kill afeature or a service before too muchis invested. They can build futurebusiness cases on a more substantialand substantiated information base.Higher customer satisfactionequates to repeat customersand higher revenue throughincreased volumes and loweredcost of customer acquisition. Butcompanies also gain from a betterunderstanding of consumers. Thedeeper the relationship with thecustomer, the more reliable themetrics the customer provides.Again, it’s the difference betweenthe vagueness of a focus group andthe specificity of actual consumerbehavior—the importance of trackingwhat consumers do, not whatthey say.• Catalog your consumer interactions, tools, and channels.• Educate your internal teams on the tools and channels currently available.• Determine the questions to be answered to create a holistic view of your customer.• Identify metrics for tracking the success of your social and communication channels in terms of a consumer relationship.• Begin “social listening” to build momentum toward your larger strategy.• Propagate current tools and channels across business units where applicable.In 100 days, refresh the mindset of your consumer channels to move beyond transactions to, in addition, drive consumer interactions and relationships.Your 100-day planWith consumers changing their attitudes about sharing andaccessing information and becoming willing to be more transparent, forward-thinking enterprises are realizing that they can benefit from an unprecedented granular view of consumers—not just what they bought, but when, and where, and what they were doing before and while they made the purchase decision. Businesses can do this by taking advantage of internal data sources (that is, instrumentation and quantification of decision making captured by their own software) and external data sources (such as social-media sites and information gathered by resellers and partners). The goal, to use a term that may sound contradictory, is masspersonalization —using technology to provide resort service at a motel cost. That is, using what you knowabout the consumer from thecommunications channels he uses to better understand his behavior and needs. Consumers newly accustomed to accessing account information in corporate databases to transact and interact have ratcheted up their expectations about how businesses will communicate and respond. But companies now have the ability to make the consumer feel special, to increase engagement, and to develop intimacy, as never before.This time next yearIn 365 days, reimagine your consumer strategy across the enterprise as a consumer-relationship strategy and create the cross-organizational ties to drive it.• Create a cross-functional team responsible for reviewing, updating, and improving your consumer-relationship strategy.• Standardize your methodology around how consumer interactions are shared throughout the organization.• Redesign your organization’s communication-channel strategy in light of the holistic consumer-relationship strategy.• Establish an environment to test and then deploy technologies that will support your consumer- relationship strategy.• Review your metrics and data to improve your consumer interactions and update your consumer-relationship strategy.A new level of customer intimacyCompanies that embark on this voyage of mass personalization can expect a variety of new benefits. Because shoppers can move—quickly and entirely digitally—from awareness to recommendation to purchase after interacting on blogs, Twitter, Yelp, and other social sources, it’s actually possible to compress the sales cycle. Offering on-the-spot promotions through digital channels also potentially increases impulse purchases. Providers that are better at controlling that experience will benefit by lowering the costs of sales and marketing and generating greater sales volumes. Personalization also creates a virtuous loop. The more you personalize the experience, thericher the data collected becomes. Companies can boost the quality of data in much the same way that night-vision goggles amplify available vision: to shine a light on data and behaviors, already present, but previously undetected. A new level of intimacy with consumers is now possible. But effectively scaling meaningful relationships represents a real change in the way companies need to approach their consumer strategies. This shift is being enabled by technology; however, implementing it will require a new, unified approach across IT and the business. Now is the time to take the next step. The customers are out there; it’s time for the enterprise to get to know them.Sidebar: Gauging the Value of TrustDuring its bankruptcy proceedings in 2011, Borders, the bookstore chain, won judicial approval to sell its intellectual property, includinga customer database, to Barnes & Noble. The issue at stake: shoppers’ data privacy.Anticipating privacy concerns, Borders’ lawyers persuaded the court to appoint an independent third party to consider the privacy impact on the 48 million Borders customers whose personal information would be transferred with the sale of the intellectual property. In the end, the customers were given the chance to opt out of the transfer.The bookseller’s readiness to tellcustomers how their data couldpotentially be used and, crucially,to give them a choice in thematter shows how companies andconsumers may interact in the futureon issues of privacy. It’s also a primeexample of the mobility of datathese days—and a good indicator ofthe importance of establishing, letalone maintaining, accountability forsuch data.A decade ago, Accenture askedwhether enterprises coulddifferentiate themselves based onconsumer trust. We flagged fivedimensions of trust—safekeeping ofpersonal information, control overthe data, personal access to one’sdata, accountability, and the benefitsof letting corporations use one’sdata—and we spelled out practicalsteps that would help companiesmove toward operating modelsbased on trust. Even before theage of social media and big data,our recommendations were clear:companies must seek ways to useknowledge about their customersto provide better services to them,doing so in ways that increase trust,not suspicion.Ten years on, plenty has changed:the entities collecting informationare savvier than ever about data, andthey have more channels throughwhich to gather it (think “big data”)and more powerful tools with whichto extract insights from it. Fortheir part, individuals are far moresensitive about the use of their data,even though more and more data issought from them and more isgiven by them, both willinglyand unwittingly.In general, individuals are morelikely to think in terms of what’s init for them if they give out personaldata. “When you put informationabout yourself out there, that’s atransaction,” Margaret Stewart,Facebook’s director of productdesign, told Fast Company recently.“But you need to feel that you’regetting something back in return.When we start to provide thingsiii。