Dynamic Security for AWS

  • Consistent multi-layered security from across clouds and datacenters to AWS
  • Seamless security management and visibility across clouds and datacenters from AWS
Security Fabric Automation for AWS
Security for AWS

Fortinet Solutions for Amazon Web Services (AWS)

More and more enterprises are turning to AWS to extend internal data centers and take advantage of the elasticity of the public cloud. While AWS secures the infrastructure, you are responsible for protecting everything you put in it. Fortinet virtual appliances offer comprehensive security for your AWS workloads including firewall, security gateway, intrusion prevention, and web application security.  

Using Fortinet on AWS gives you the same powerful security controls of our industry-leading hardware devices as well as these features:

 

aws cloud security solution

 

Features and Benefits:

 

reduce cash icon

Flexible billing integration: bring-your-own license (BYOL) or utility-based metering

icon benefits management

Centralized management across your data center and public cloud deployments

cloud ready icon

Integrated AWS auto scaling group into Cloud formation template for advanced security automation

Icon automation

Simplify network security management with AWS Transit VPC hub to save time and cost

Securing an array of AWS Public Cloud Use Cases

The Fortinet Security Fabric for AWS extends consistent, best-in-class enterprise security to AWS based cloud environments. The Security Fabric protects business workloads across on-premises data centers and cloud environments—including multi-layered security for cloud based applications. The solution offers various types of security protection services ranging from VM based protection, through container based, API based and all the way through natively integrated security functionality powered by Fortinet and enforced by AWS. The Security Fabric supports a wide variety of public and hybrid cloud use cases, including:

Hybrid Cloud

Inside-Out IaaS Security

Implement a consistent security policy for Securing IaaS deployments from the inside out at the workload level, at the network level and at the API level:

  • Host level security at the host using FortiClient enforcing host level integrity
  • Network level security at the VPC level with FortiGate-VM enabling secure connectivity and L7 network access control
  • API level security using FortiCASB enforcing configuration integrity and supporting compliance
Secure Access VPN

Secure Access VPN

The Fortinet Security Fabric delivers best-in-class performance for securing VPN traffic for remote access VPN in AWS. By leveraging AWS multi-region global infrastructure, organizations can instantaneously scale their services globally and offer remote access VPN termination close to the end user. Remote access VPN can be used to enable access to cloud-based applications as well as on premises applications that are connected to the cloud over other forms of private links or VPN.

Hybrid Cloud

Hybrid Cloud

Businesses need seamless security protection that scales along with cloud workloads. The Fortinet Security Fabric includes next-generation firewalls (NGFWs) that complement native AWS Security groups while supporting secured and encrypted VPN connectivity across every flavor of cloud infrastructure. They can be managed from either a public cloud deployment or on-premises in a private data center. 

Advanced Threat Prevention

Advanced Threat Prevention

An increasingly essential percentage of modern business applications are deployed over public cloud infrastructures in general and AWS in particular. At the same time, web and mail applications are responsible for the highest number of breaches per pattern. The Fortinet Security Fabric for AWS includes solutions designed to protect these kinds of business-critical applications from known and zero-day attacks by leveraging Security Fabric solutions such as FortiWeb, FortiMail and FortiSandbox. This mitigates the risk from server vulnerability and supports compliance with regulatory and security standards such as Payment Card Industry Data Security Standard (PCI DSS) and Health Information Portability and Accountability Act (HIPAA). Additionally, FortiSandbox can protect externally facing collaboration applications from advanced persistent threat risks resulting from malicious file uploads.

Security Management from the Cloud

Security Management from the Cloud

Customers with a large global security infrastructure see it as an advantage to leverage cloud provider global availability and global network to deploy security management across multiple cloud regions and leverage cloud storage for logs. The cloud based deployment improves availability and scalability of management.

Cloud based management is used to:

  • Manage global information security infrastructure
  • Single point to view worldwide security events and take action
  • Security management is always close to the administrator
Public Cloud Usage monitoring and control

Public Cloud Usage Monitoring and Control

Public cloud usage is not monitored and often unsecure and not cost effective.  

Organizations gain full visibility over configuration changes across a variety of public cloud infrastuctures through a unified security platform. 

  • FortiCASB monitors cloud management API
  • New user creation and new asset creations and deletions trigger event logs in FortiCASB
  • Logs are synchronized with FortiManager
Cloud Services Hub

Cloud Services Hub

Since AWS connectivity far outperforms that of the typical mid-sized enterprise, organizations can offer security services at a global scale.  Leveraging AWS Transit Architectures and services allows organizations to build a security hub encompassing a variety of Fortinet security products and share security services across multiple AWS VPC’s and networks worldwide. The security services enables at the cloud service hub are network visibility, VPN connectivity, next generation firewall (NGFW), advanced web application firewall, sandboxing, and mail security—the Fortinet Security Fabric provides a very broad set of services while leveraging cloud elasticity and on-demand scalability for optimized price/performance ratio and scalability.

Featured Products on AWS:

Fortinet offers its industry leading series of network security products over the AWS Public Cloud enabling customers advanced security protection for their cloud based infrastructure and applications. Following is a list of products that can be purchased directly from the AWS Marketplace.

 

Enhance security and improve high availability practices in your AWS environment. View the various deployment scenarios. 

 

FortiGuard Security Services for AWS

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Product Category Thumb SS virus outbreak

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

Product Category Thumb SS security audit

Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.

FG AntiBotnet

IP Reputation & Anti-botnet Security

The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
A La Carte Protection


Threat Intelligence Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Web Filtering
 

Antivirus + Sandboxing




IPS




Antispam
 

 
Internet DB



 
IP Reputation


 
Application Control