Business & Technology

Fortinet Raises the Bar for Cloud Security. Again.

By Lior Cohen | April 09, 2019

Fortinet has a Longstanding Commitment to Cloud Security Leadership

As digital transformation requirements drive organizations to adopt and expand cloud usage, Fortinet is positioned to support a wide range of cloud migration initiatives—from extending and migrating applications and datecenters to the cloud, to helping companies build applications on the cloud through helping customers consume SaaS applications.

Due to the breadth of security offerings (FortiGate, FortiWeb, FortiSandbox, FortiMail, etc.) available on all six of the leading cloud platforms (Alibaba, AWS, Azure, Google, IBM, and Oracle), Fortinet is uniquely positioned to offer organizations the confidence to deploy any application on any cloud as they can take their security with them supporting any cloud adoption initiative.

Four Major Advances in Cloud Security

In keeping with our Fortinet’s long history of security innovation on premise, Fortinet offers these expertise for the cloud as well. We are proud to announce Four new advances that further demonstrate our commitment to the variety of cloud adoption initiatives organizations are undertaking—enabling them with the confidence needed due to consistent security across their entire infrastructure even as their cloud and networking initiatives continue to evolve.

1. Accelerated Performance—Virtual Security Processor (vSPU) for FortiGate VM

As organizations migrate existing applications into the cloud, they too often find that many of these applications—especially those with high performance requirements—cannot benefit from the flexibility and potential that these new cloud architectures have to offer. Quite often, this is due to the performance constraints inherent in the virtual security solutions they have deployed to protect themselves and their resources, and not in the cloud environment itself. To truly unleash the potential of the cloud’s scale, customers need a new class of high-performance virtual security appliances designed for cloud environments.

Fortinet’s new Virtual Security Processing Unit (vSPU) for the FortiGate-VM solution, modeled after the award-winning security ASICs in place in Fortinet’s physical devices, extends accelerated security performance into private and public clouds. Our new vSPU technology enables customers to migrate their high performance applications to the cloud without compromising on speed or security. It also supports a variety of other use cases, including highly available, large scale VPN in the cloud.

Fortinet’s revolutionary vSPU architecture provides a whole new level of performance for virtual security. We also made the process of integrating with new acceleration technologies much easier, which, in turn, provides customers with the benefit of early access to high performance security in the public and private cloud.

Fortinet has achieved this by applying our 15+ years of proven hardware design leadership to cloud software by optimizing code, eliminating unnecessary processing, and addressing many of the processing challenges and complexities faced by other security solutions. As a result, Fortinet is now the first to market with high performance support for AWS C5n and Intel QAT, on top of their existing support for DPDK and SR-IOV running in a variety of environments.

2. Cloud Security Analytics—FortiCASB-Cloud 4.1

Gartner predicts that through 2023, at least 99% of cloud security failures will be the result of misconfiguration. So whether an organization is migrating to the cloud or building cloud-native applications, the cloud’s management interface is one of the new threat vectors that organizations need to address. In fact, while many organizations are still trying to use their traditional security tools to deal with cloud security issues, it is important to realize that none of these tools  address the threats associated with the misconfiguration of cloud infrastructures—let alone the potential risks associated with such misconfigurations being distributed across multiple disperse and distinct cloud infrastructures.

The cloud security management capabilities provided by FortiCASB-Cloud 4.1 provides organizations with the visibility and controls they need to mitigate the growing risks associated with the configuration of their public cloud infrastructures, as well as with the applications they have built in the cloud.

FortiCASB-Cloud powers security teams with insights and information that help them communicate cloud security information and findings more effectively with cloud DevOps teams. This information helps them better address potential risks, such as those that can be addressed through modifications to infrastructure code in the CI/CD pipeline. Among its capabilities. FortiCASB-Cloud offers organizations the ability to investigate security events, optimize security configurations, and assess an overall security posture against internal or external policies and regulatory requirements.

  • FortiCASB-Cloud leverages the public cloud management API to monitor activity and configure multiple public cloud resources on AWS, Azure, and Google Cloud Platform
  • FortiCASB-Cloud continuously evaluates configurations across regions and public cloud types to:
                    - Provide guidance on security best practices
                    - Offer threat and risk management tools to help mitigate cloud risk
                    - Trace misconfigurations to their source
                    - Enable regulatory compliance violation reporting

3. Container Security

As organizations build native cloud applications. they often leverage emerging technologies such as containers and serverless workloads. The use of these technologies to accelerate the application development process is accelerating digital transformation. However, traditional security tools—even those designed for the cloud—cannot address all of the security needs of these workloads.

FortiGate (FortiOS 6.2) Fabric Connectors and New Technology Partners

Fortinet offers a comprehensive Container and emerging technology solution for our customers through a mix of organic products and tools, and integrations with 3rd parties. 

FortiOS 6.2 addresses these cloud container challenges with the following advances:

  • FortiGate running FortiOS 6.2 Fabric Connectors delivers container-aware security by helping customers secure any traffic entering or leaving (north-south) their container clusters using logical policies based on labels and meta-data information attached to container resources. Since containers cannot be defined using static IP address information, these capabilities are essential when securing container-based workloads for publicly facing cloud applications.
  • FortiCASB-Cloud 4.1 delivers container-aware security by providing full visibility into container service configuration risk profiles and vulnerabilities, as well as well as detailed traffic analysis to and from container hosts.
  • Fortinet Cloud Technology Alliance Partnerships deliver container-integrated security with partnership with companies like: (1) Tufin, through their cloud-native Iris platform that manages native cloud security ,as well as their Orca platform that manages Kubernetes security without agents, and (2) Alcide, which offers deep integration into serverless and container-based workloads, leveraging emerging standards such as Istio, and supporting agents for containers. 

4. FortiMail 6.2 O365 Connector

For those organizations that consume O365 applications, many find it hard to implement a network-heavy security product which requires potentially challenging changes to network configuration. Fortinet addresses this challenge by offering organizations the ability to easily attach an industry-leading mail security to their O365 Exchange online instances that has been optimized for cloud performance and that functions as a cloud-native solution.  

Summary

Fortinet continues to be committed to solving the wide range of cloud adoption initiatives organizations are considering or implementing, whether migrating applications and infrastructure to the cloud, building cloud native applications, or consuming SaaS applications. Fortinet’s comprehensive strategy of the native integration of our portfolio of products and services into the cloud platforms, offering the broadest set of protections available, and enabling single pane of glass management and security operations offer customers the confidence they need to expand cloud operations while deploying any application on any cloud without concerns of risk, availability, or performance.

Read more about how Fortinet secures multi-cloud environments with our Security Fabric.

Read more about the news announced from Fortinet at Accelerate 19.