Trusted Company
About Us
Fortinet has been a driving force in the evolution of cybersecurity and its convergence with networking. We deliver cybersecurity everywhere our customers need it, and we do so responsibly by innovating sustainable security technologies, diversifying cybersecurity talent, and promoting responsible business across our value chain. The Fortinet Security Fabric consists in an integrated portfolio of over 50 enterprise-grade products that are the most deployed, most patented, and among the most validated in the industry.
- Founded in October 2000
- U.S.-based company, incorporated in the State of Delaware
- Publicly traded company (FTNT). Traded on the U.S. Nasdaq Stock Exchange and regulated by the U.S. Securities and Exchange Commission (SEC). The ultimate control of Fortinet is dispersed among numerous stockholders and is not concentrated.
- The members of Fortinet’s board of directors are U.S. citizens and our Executive Leadership team is comprised of citizens of NATO-member countries.
- State-of-the-art headquarters in Sunnyvale, California
- Over half a million customers trust Fortinet solutions
- Over 13,500 employees globally
- Member of the United Nations Global Compact (UNGC)
Board
Product security is foundational to how we do business and is overseen by the Audit and Cybersecurity Committees of our board of directors.
Admiral James Stavridis USN (Ret.), former Supreme Allied Commander Europe, has served on Fortinet’s Board since October 2021 and is Chair of the Cybersecurity Committee.
Kenneth Goldman, former CFO of Yahoo! and former member of the Public Company Accounting Oversight Board (PCAOB), has served on the board since October 2020 and is Chair of our Audit Committee.
Leadership
Ken Xie
Founder, Chairman of the Board, and Chief Executive Officer (CEO)
Fortinet is managed by a seasoned Silicon Valley-based leadership team, led by Founder, Chairman and CEO Ken Xie. He is supported by a leadership team with deep experience in networking and security.
An American innovator and proven entrepreneur starting in his days at Stanford University, Ken has proudly called Silicon Valley home for about forty years. A highly regarded cybersecurity expert and entrepreneur with over 30 years of experience, he’s an innovator and proven entrepreneur that has built three successful businesses and created thousands of jobs and billions of dollars of investment across the United States.
From the beginning, Ken has fostered a culture that embraces his entrepreneurial spirit and values innovation that puts customers first. Ken’s dedication to innovating network security and his continued business success is reflected in his many recognitions, including his appointment to the National Academy of Engineering, appointment to the Advisory Board of Stanford University’s Institute for Economic Policy research (SIEPR) and his role as board member for the World Economic Forum Center for Cybersecurity. Ken has also been the recipient of multiple honors as a top CEO from Computer Reseller News and Glassdoor.
Third-Party Validation
Fortinet is one of the most validated cybersecurity companies in the world. More than 100 industry analyst reports validate Fortinet solutions across networking and security. Fortinet is continually positioned in leadership positions across research reports from major industry analyst firms like Gartner, IDC, and Forrester, and is included in nine Gartner Magic Quadrants.
Earned Trust: Strong and Broad Customer Base
Large customers test our products daily and have tested and purchased our products for over 20 years. This is the best validation of the effectiveness of our products. Fortinet protects enterprises, service providers, and government organizations around the world. With well over half a million users globally relying on Fortinet, we are proud of the real-world utilization and validation of our solutions to protect networks and data across all sectors.
Key Subsidiaries and Advisory Councils
As part of our global corporate structure, we have subsidiaries that assist Fortinet in doing business in key markets. These companies support our global business in different aspects including providing sales support and marketing services, technical support services, and in some cases, research and development services.
Fortinet Federal is a wholly owned independently managed subsidiary dedicated to delivering modernized and secure infrastructure to the U.S. government. The Fortinet Strategic Advisory Council, comprised of senior public and private sector experts, provides guidance and advice on the evolving cyberthreat landscape to the business and engages with customers and partners. Our Veterans Program Advisory Council is comprised of global veterans-related organizations and will provide insights and guidance to the Fortinet Training Institute’s Veterans Program.
Key Subsidiaries
Fortinet Australia PTY LTD
Fortinet UK Limited
Fortinet Technologies
India Private Ltd.
Fortinet Technologies
(Canada) ULC
Advisory Councils
Trusted Partners
Collaboration with the public sector and industry has been a fundamental aspect of Fortinet’s strategy for many years. Through partnerships, industry collaboration, and information sharing, we strive to ensure a secure and productive economy for all, actively working with the industry, CERTs, government entities, and academia to proactively exchange threat information and enhance cyber resilience globally.
International Partnerships
World Economic Forum
Fortinet is the first cybersecurity founding partner of the Centre for Cybersecurity (C4C). The C4C’s mission is to provide an independent and impartial platform to reinforce the importance of cybersecurity as a strategic priority and drive global public-private action to address systemic cybersecurity challenges.
Partnership against Cybercrime (PAC): Fortinet is a founding member of the World Economic Forum PAC, an initiative formed with the goal of building trusted public and private sectors’ threat-sharing relationships.
View the Partnership Against Cybercrime Report
Cybercrime Atlas: Officially launched in 2023, Fortinet is an inaugural founding grantor of the Cybercrime Atlas initiative. Cybercrime Atlas will provide a platform for leading cybercrime investigators, national and international law enforcement agencies, and global businesses to share knowledge, generate policy recommendations, and identify opportunities for coordinated action to fight cyberthreats.
Cyber Threat Alliance
Fortinet is a founding member of the CTA, an independent non-profit organization composed of cybersecurity providers and practitioners dedicated to sharing critical threat intelligence to raise the level of security for organizations globally.
MITRE Engenuity: Center for Threat Informed Defense
Fortinet is a Research Partner with the CTID. The CTID is a research and development hub, and serves as a focal point for the threat-informed defense community, driving applied research and advanced development to improve cyber defense at scale for the global community. Fortinet has been engaged in several new and innovative projects with MITRE to help the industry make advances in threat detection, visibility, and reporting.
Fortinet Contributed Projects
Forum of Incident Response and Security Teams
Fortinet is a member of FIRST, a consortium of incident response and security teams from every country to ensure a safe internet for everyone. Through FIRST, Fortinet works with national CERTs (Computer Emergency Response Teams) across the world.
INTERPOL: Project Gateway
Fortinet’s partnership with the Interpol Gateway includes sharing threat information generated by the Fortinet FortiGuard Labs global threat research team with INTERPOL. FortiGuard Labs routinely responds to breaking requests for intelligence (RFIs) as new cases emerge.
NATO
Fortinet entered a partnership with NATO NCI Agency, the NICP, to collaborate on intelligence sharing on cyberthreats. This partnership enables the proactive identification and stopping of advanced persistent threats and cybercriminals that threaten national security, delivering greater security for all of our customers and all organizations.
Key Government Partnerships and Engagements
Joint Cyber Defense Collaborative (JCDC)
The Cybersecurity and Infrastructure Security Agency (CISA) established JCDC in 2021 to bring together public and private entities with the goal to gather, analyze, and share actionable information to more proactively protect and defend against cyberthreats.
Fortinet Contributed Projects:
NIST’s National Cybersecurity Center for Excellence (NCCoE), National Cybersecurity Excellence Partnership Member
The National Cybersecurity Excellence Partnership (NCEP) is a public-private sector collaboration program focused on building resiliency in U.S. information systems.
IT Sector Coordinating Council
The Information Technology Sector Coordinating Council (IT SCC) serves as the principal entity for coordinating with the U.S. government on a wide range of critical infrastructure protection and cybersecurity activities and issues. The IT SCC works to facilitate a secure, resilient, and protected global information infrastructure, and Fortinet leads several of the IT SCC’s activities focused on improving cybersecurity in federal, state, and local government.
Indiana Executive Council on Cybersecurity (IECC)
Established in 2017, the Council is led by Indiana’s Department of Homeland Security, Office of Technology, State Police, and National Guard. Fortinet proudly serves as an advisory member.
University of Wisconsin – Milwaukee Connected Systems Institute
Fortinet is a supporting member of the university’s Connected Systems Institute. Through this partnership, we are working collaboratively to strengthen the security of IT/OT in the manufacturing sector.
Purdue University
Purdue and Fortinet partner to secure the future of operational technology and manufacturing globally. Through this partnership, we collaborate and educate current and future students and other industry partners while supporting research and development of the current drive to Digital Twin and Industry 4.0.
Trade Associations
To strengthen our engagement across public and private sector organizations, we actively participate in tech-focused associations and coalitions to further our efforts to close the cybersecurity skills gap, securely close the digital divide, and promote stronger network security policies.
Our partnerships are driven by three distinct parts of the business: FortiGuard Labs, the Fortinet Training Institute, and our global public policy engagement:
FortiGuard Labs
Disrupting cybercriminals and dismantling the attack infrastructure is a joint responsibility that requires strong, trusted relationships with other public and private organizations. Cybercriminals operate like businesses, and if we keep forcing them to start over, rebuild, and shift tactics, it is costly for their organizations and better for the digital world. For Fortinet, sharing actionable threat intelligence between organizations and helping shape the future of mitigation against cyberthreats is vital.
Fortinet Training Institute
The Fortinet Training Institute provides certification and training in the growing field of cybersecurity to address the rapidly evolving threat landscape and job market needs. Leveraging extensive network security expertise, the institute works with global leaders like the World Economic Forum as part of our effort to drive change on the most pressing cybersecurity issues. Our partnerships extend to industries, academia, government, and nonprofits in an effort to reach more people and help close the cybersecurity skills gap.
Global Public Policy
Governments around the world are crafting national cybersecurity frameworks, reviewing data security and privacy policies, updating product certifications and standards, and determining the government’s role related to artificial intelligence (AI). These discussions are critical to the future of network security, shaping and influencing future regulatory requirements and expectations of our customers. Fortinet routinely engages with policymakers on legislative and regulatory matters with a focus on policies that will strengthen network security to better protect the networks and data critical to all sectors.
Trusted Process
As part of Fortinet’s effort to make possible a digital world you can always trust, we focus heavily on how we do business to ensure our processes are compliant, sustainable, and in line with customer expectations.
Trade Compliance
Fortinet’s Global Trade Compliance team is designed to ensure compliance with U.S. and host country government export and import laws and regulations. Fortinet prohibits selling or shipping products contrary to U.S. export control regulations. We also have controls, and checks and balances across functional teams that go beyond industry standards to ensure compliance with Section 889 of the NDAA and other government programs such as the Trade Agreements Act (TAA), and we conduct regular audits to confirm that these controls are being consistently and properly applied internally and in our supply chain.
Responsible Disclosure & Transparency
Safeguarding customers is our top priority. As a leading cybersecurity vendor, Fortinet secures some of the world’s most critical infrastructure and more than 775,000 organizations worldwide. We design our products to align with the highest security assurance standards to provide robust, trusted, and secure technologies. Our Secure Product Development Lifecycle Policy, which is based on secure-by-design and secure-by-default principles, ensures that security is integrated into each product from inception, covering every stage of the product lifecycle. Fortinet’s Product Security team disclosure policies are aligned with ISO/IEC 30111:2019 for vulnerability handling, ISO/IEC 29147:2018 for vulnerability disclosure, and the FIRST PSIRT Services Framework. By disclosing vulnerabilities proactively and transparently, we provide customers with the information they need to protect their assets effectively.
Sustainability
Our company vision, a digital world you can always trust, is essential to achieving just and sustainable societies. At Fortinet, we believe it is our corporate social responsibility to deliver on this vision by innovating sustainable security technologies, diversifying cybersecurity talent, and promoting responsible business across our value chain.
We are on a journey toward embedding sustainability into our business model and every aspect of our operations. Our ongoing action and dedication to progressing our journey resulted in Fortinet being included in the 2022 Dow Jones Sustainability Indices (DJSI) — World and North America.
Promoting Business Ethics and Human Rights
We are committed to doing business ethically in respect to human rights and in compliance with all laws. Our corporate governance practices aim to ensure accountability to meet our responsibilities across our entire value chain. We train and require our employees, suppliers, and partners to comply with all Fortinet's policies, codes of conduct, principles, and values. New direct suppliers added into our enterprise resource planning system are processed through a two-step verification process, including a screening in high-risk areas. Our direct suppliers and vendors are screened against several criteria, including human rights, the U.S. Foreign Corrupt Practices Act, and sanctions lists.
Respecting the Environment
We are focused on addressing the impacts of climate change and minimizing the environmental footprint of our solutions, operations, and our broader value chain. We publicly committed to the Science-based Target Initiative (SBTi) and to reaching net zero by 2030 for Scope 1 and Scope 2 emissions. We are ISO 14001 certified for our largest owned warehouse, located in Union City, California.
Privacy and Data Security
We believe in security by design and privacy by design. It is Fortinet’s policy to respect privacy and data security consistent with government requirements and customer expectations. Our Privacy team regularly reviews new requirements and updates our policy and efforts as needed.
Fortinet implements organizational, administrative, and technical measures based on commercially reasonable procedures using:
- Industry-standard information security measures prescribed for use by the National Institute of Standards and Technology (NIST)
- Security measures aligned with the ISO/IEC 27000 series of standards
- The Sarbanes-Oxley Act (SOX) and SSAE 18/ISAE 3402 (SOC)
- Data protection and privacy laws and regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)
- Business-continuity management measures aligned with the ISO/IEC 22301 standard, or other generally recognized industry standards, designed to safeguard the confidentiality, integrity, and availability of Fortinet infrastructure and data and the resiliency of Fortinet operations
Visit the Trust Resource Center to learn more about Fortinet Information Security and Data Privacy Programs and access certifications and audit reports.
Diversity, Equity, Inclusion
Fortinet is building an inclusive workplace that empowers talent of diverse backgrounds to reach their full potential. We are committed to a diverse workforce with a global representation of all genders, races, ethnicities, nationalities, ages, and sexual orientations. We also ensure that all our employees have equal opportunity, fair recruitment, and equitable remuneration. Our offices are designed with employee needs and comfort at the core, with our owned offices offering ergonomic equipment, sports facilities, and other services to all employees.
Audits
Fortinet, often under the direction and oversight of the Audit Committee of Fortinet’s board of directors, has better than industry standard internal controls and processes design to ensure Fortinet’s solutions are the most trustworthy solutions on the market. Fortinet regularly engages with independent third-party auditors to audit and test Fortinet’s processes and controls to ensure they are effective and exceed industry standards.
Trusted Products
As a leading vendor in the cybersecurity industry, Fortinet secures the largest enterprises, service providers, and government organizations around the world. As such, it is essential that our products adhere to the highest security assurance standards and are developed with security at the forefront of the product development lifecycle. Fortinet places significant focus on customer demands, standards, and government requirements. We are also deliberate and strategic in where we design and manufacture our products and solutions.
"Fortinet’s mission is to secure
people, devices, and data everywhere"
Our Commitment
Fortinet recognizes that supply-chain security is an increasingly important dimension of cybersecurity and enterprise risk management. Fortinet is committed to implementing a comprehensive approach to protecting the security and integrity of our products throughout the product design, development, manufacturing, delivery, and support processes.
RESEARCH AND DEVELOPMENT (R&D)
In alignment with key government requirements and expectations we do not perform source code development or internal R&D in Russia or China.
We ensure alignment with secure development best practices including NIST 800-53, NIST 800-161, NIST 800-218, US EO 14028, and UK TSB.
With rigorous selection and qualification of major manufacturing partners, we adhere to NIST 800-161: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
The Fortinet Information Security Program is based on and aligned with industry-leading security standards and frameworks including ISO 27001/2 and NIST 800-53, as well as data privacy regulations such as GDPR and CCPA.
COUNTRIES OF ORIGIN
The countries of origin of our operating system, FortiOS, are the United States and Canada.
RESPONSIBLE RADICAL TRANSPARENCY
Fortinet has a longstanding commitment to being a role model in ethical and responsible product development and vulnerability disclosure. As an early signer of the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge, we are advancing our dedication to a culture of responsible radical transparency, further prioritizing the safety and security of our customers.
Visit the Trust Resource Center to learn more about Fortinet Information Security and Data Privacy Programs and access certifications and audit reports.
The Fortinet Approach
- The Fortinet Secure Development Lifecycle covers every stage of the product lifecycle, from design through end-of-life.
- Security is designed into the product from inception.
- Fortinet has strong product security scrutiny at all stages of the product development lifecycle, internal and external.
- Fortinet proactively identifies product vulnerabilities and works diligently to promptly remediate them, following a transparent process.
- Fortinet operates in partnership with our customers and regional CERT teams, sharing information and feedback.
- Fortinet works with industry to develop and implement stronger standards for the benefit of all our customers.
Certifications and Approved Product Lists
Fortinet is committed to meeting a wide range of national, regional, and international requirements, and we subject our solutions and services to independent third-party audits and testing to guarantee compliance. Fortinet is committed to ensuring our products and services consistently exceed industry benchmarks and are compliant across the verticals that we serve.
Government entities occasionally certify products and services for use in their networks and eligibility for procurement is based on rigorous review and adherence to certifications.
Proprietary ASICs
Built by contract manufacturers including Toshiba America Electronic Components, Inc. and Renesas Electronics America, Inc., Fortinet’s proprietary ASICs use foundries in Taiwan and Japan operated by either Taiwan Semiconductor Manufacturing Company Limited (TSMC) or by the contract manufacturer.