Business & Technology

Innovation Insights: Fortinet Extends the Security Fabric into the Cloud

By John Maddison | April 11, 2017

To compete successfully, today’s organizations are having to develop new ways to connect users, devices, data, applications, and services together. To do this they are adopting a variety of cloud-based architectures and services that allow them to meet market demands with more agility, be more responsive to user needs and resource demands, and remain relevant to their customers.

Today’s networks are actually a collection of different networked ecosystems (traditional, private cloud, WANs and SD-WANs, IoT, public cloud – including infrastructure and software as a service [IaaS and SaaS], and highly mobile end users) being synchronized together. In this network of networks, data needs to moves freely between environments, be repeatedly processed and correlated, and automatically delivered to employees, partners, and customers through a variety of applications and services.

In order to achieve the scale, elasticity, and efficiency benefits of the cloud, however, the data and security elements across all environments must be integrated, visible, and able to share intelligence to ensure automated protection. But because some of this data is managed locally, some is geographically dispersed, and some resides on networks owned and maintained by third-party service providers, managing and protecting it in a way that ties everything together in order to unify visibility and control is problematic.

In fact, according to a recent survey by ESG Research, 62% of cybersecurity professionals say it is difficult to get the same level of visibility into cloud-based workloads as they have on their physical networks, while 56% state that their organization’s current network security operations and processes lack the right level of automation and orchestration needed for the cloud.

To address this challenge, Fortinet just announced that we have extended the performance, automation, visibilty, and management of the Fortinet Security Fabric into all types of cloud environments, spanning across private and public cloud ecosystems. These enhanced capabilities ranges from increased scalability, to new public cloud features, to extending visibility into SaaS applications via a new CASB offering. And all have been designed to deliver optimal security performance at cloud-scale.

Reducing the Cloud Attack Surface through Visibility and Control

Fortinet has extended the core capabilities of our Security Fabric architecture to enable businesses to experience the same level of cybersecurity and threat intelligence in cloud environments as they do on their physical networks. Its latest enhancements, including the recent FortiOS 5.6 release, deliver elastic, end-to-end cloud security to enterprises and service providers.

Here are a few highlights:

-       Unmatched Security Performance for Private and Public Clouds:

Improving the performance of security devices in the cloud environment is especially challenging because they are limited to the power and capacity of the CPU of the VMs they are installed on. With the volume of data that organizations need to process, cloud security is likely to become too expensive or a bottleneck.

To address this challenge, Fortinet’s FortiGate security devices have been significantly optimized, enabling them to deliver 3X faster per-core throughput than previously benchmarked, with increased capacity options of 16, 32, or more CPU cores in a single VM. This enables cloud-scale performance for private and public clouds at an unmatched price/performance advantage. The FortiGate virtualized appliance also provides the world’s fastest VM performance, at up to 132 Gbps on six cores when accelerated with Fortinet Security Processing Units (SPU).

-       Automated Public Cloud Security for Azure and AWS through On-Demand and Autoscale:

Businesses are accelerating the offloading of IT infrastructure to the cloud where on-demand consumption models can help them shift CapEx to OpEx. This has a number of advantages, including refocusing IT staff on business-critical processes, no longer having to build out infrastructure to meet peak demands, and increasing strategic reinvestments back into the business.

Security needs to be able to adapt to these cloud environment demands through such services as autoscaling and on-demand protection, while maintaining a consistent security profile, centralized policy and intelligence orchestration, and unified visibility across the distributed enterprise network ecosystem.

The Fortinet Security Fabric virtual solutions now deliver complete content and network protection on-demand through Azure Marketplace. And Fortinet solutions with enhanced auto-scaling and orchestration are also now available for both AWS on-demand and BYOL, further enabling elastic workloads and security that automatically scale up or down as the network dynamically adjusts to traffic and data requirements.

-       VM On-Demand Delivers Pay-as-you-Go Metering for Cloud Providers:

An essential part of the service provider and MSSP cloud business model is the ability to accurately bill customers for the consumption of cloud resources. This has been especially tricky for security services, as many cloud-based security tools are simply virtual versions of their enterprise-based appliances. Which means they don’t provide the tools needed to meter and track security consumption. And this isn’t just a service provider issue. Many large enterprises with centralized, billable IT services have struggled to appropriately charge Lines Of Business (LOBs) for the security services they require.

Fortinet’s new VM On-Demand now provides a turnkey VM licensing and provisioning platform for cloud providers, MSSPs, and enterprises with large private cloud resources. Metering allows them to deliver on-demand pricing and automation to end customers or LOBs using the pricing model provided by other cloud-based services. The VM On-Demand security platform supports consumption-based, pay-as-you-go billing, with hourly or volume-based metering options, as well as NFV orchestration compatibility for MSSPs. Coupled with FortiHypervisor, VM On-Demand offers cloud providers and enterprises with the widest choice of physical, virtual, and hybrid customer-premise equipment (CPE) form factors to provide managed security and SD-WAN services.

-       New Cloud Application Security with FortiCASB:

The volume of data being stored, processed, and accessed in the cloud through SaaS applications has exploded. Virtually every organization today uses some sort of cloud-based application, ranging from simple data storage, to the management of customer and inventory databases, to transitioning to cloud-based office tools to enhance collaboration and productivity.

This introduces a number of security challenges that organizations have been wrestling with for some time. These include little to no visibility into what data has been stored in the cloud, who is accessing that data, and how to ensure the integrity of that data by detecting and preventing the introduction of malware. While some organizations are now able to monitor and control SaaS application traffic while users are connected through the network, their security options for off-network devices and users have been limited.

Fortinet new API-based FortiCASB (Cloud Access Security Broker) service now enables IT teams to maintain security visibility into some of the most widely used SaaS applications, including Office 365, whether users are on or off-network. FortiCASB is a cloud-based security broker inserted between users and applications to authenticate and control access, protect data from cloud-borne threats and malware, and control which data is allowed to be stored off-network, all while delivering compliance and audit tools designed to provide better and more granular control of SaaS applications and expand visibility into this growing area of the network.


The adoption of cloud computing models is happening at the same time that the cybercrime ecosystem continues to mature, compliance obligations continue to evolve, and the security skills gap continues to widen. Organizations are understandably looking for innovative security solutions and architectures to help them securely embrace the potential of the new digital economy.

The Fortinet Security Fabric, empowered by FortiOS 5.6, extends the Security Fabric deeper into the cloud, expanding visibility and tightening control across the breadth of an organization’s entire attack surface. It also adds expands its suite of automated operations designed to quickly identify and resolve security issues anywhere across the distributed network, and accelerated performance to ensure organizations never have to choose between critical business operations and security.

Read more about the new cloud security capabilities that Fortinet announced here.