Business & Technology

Fortinet FortiWeb Advanced Application Security Integrates with Microsoft Azure Security Center

By Cynthia Hseih | June 26, 2017

The emerging trend towards security automation is becoming essential for cloud deployment. Traditionally, businesses configure a Web Application Firewall with static policies to address unchanging, known-bad threats. Unfortunately, it can be tricky to get them all right in a Public Cloud environment. With a growing number of attack variants, the more rules you add, the more potential there is to run into false positives.

FortiWeb’s integration with the Azure Security Center now allows customers to take a proactive policy approach to web security by combining monitoring techniques with alerts from Azure Security Center metrics to automatically take or change security policy actions. This approach not only allows security to dynamically adapt to changes, but also allows customers to enjoy the savings in a pay-as-you-go cloud environment by scaling or adjusting the amount of application firewall instances required based on real time requests and threat analytics.

Automating security does not need to be complicated. Setting up FortiWeb in the Azure Security Center generally takes less than 30 minutes. In the Azure Security Center portal you simply do the following:

  • Select the Recommendations widget
  • Add a web application firewall
  • Selecting from a list of Azure applications to protect
  • Finally, pick Fortinet’s FortiWeb solution to get started.

Traditionally, Web Application Firewalls are perceived as being high in initial setup costs, having too many false positives in their security rules, and not having an integration API available for cloud automation. FortiWeb overcomes all of these challenges through its virtualized form factor that supports the (perpetual) Bring Your Own License in the Azure Security Center. Additional FortiWeb filtering layers enable tuning from the attack log itself, providing granular exception controls, support for every use case, and user scoring to provide precise control of violations.

FortiWeb also uses multiple layers of protection to screen for threats like IP Reputation, Signatures, URL/HTTP protocol conformance, and behavior-based usage monitoring. It is also a key component in meeting the Payment Card Industry Data Security Standards (PCI DSS) required by those organizations that accept, store, and transmit credit card information online. It also feeds threat intelligence and log information to the Azure Security Center so you can have control over your cloud security posture and better detect advanced threats with its analytics-driven detection.

The Azure Security Center helps organizations detect, prevent, and respond to security vulnerability exploits through increased visibility and control over the security of their deployments.  

To address the OWASP Top 10 application vulnerabilities, and secure website publishing for Microsoft and other applications, FortiWeb is the ideal complement on Azure for protecting against web-based attacks and website defacement.

For more information about Fortinet Solutions on Microsoft Azure, please visit