公有云安全

帮助您保护公有云基础设施和工作负载安全无虞

Key Principles and Strategies for Securing the Enterprise Cloud
适用于:
web product icon public cloud

了解并管控您的云环境和应用

企业正越来越多地跨多个云部署各种工作负载,因此关键业务数据和服务日益分散在此类分布式基础设施中。以安全责任共担模型为指导原则,企业依靠云提供商来保护网络、存储和计算资源,同时自身有责任为公有云中构建、部署或存储的一切内容提供全面保护。由于采用多云架构,大多数企业需要维护异构环境,每个云平台的工具存在显著差异。

Dynamic Cloud Security

Dynamic Cloud Security

   

通过Fortinet云安全解决方案在任何云中安全部署任何应用

作为多云安全领域的领导者,Fortinet 可让您自信从容地在任何云中部署任何应用。我们的解决方案在本地和公有云中为整个数字攻击面提供了广泛保护。与各个主要云提供商解决方案的原生集成有助于跨所有云提供统一、无缝地执行自动化集中管理。为您提供统一可视性、高效安全和策略管理,以支持风险管理并满足合规要求。 

diagram-public-cloud-overview.jpg

Fortinet 云安全解决方案可为客户提供全面保护,无论是数据和应用、操作系统、访问和身份管理、加密、API 还是网络流量,均不在话下。该特性可对公有云提供商的安全特性进行有效补充,提供全面且合规的保护。

与云提供商解决方案的原生集成

Fortinet 云安全解决方案和产品通过紧密集成所有主要公有云提供商解决方案来确保工作负载的安全性,保护数据的隐私性和机密性,同时充分发挥上云的优势,获得极佳的可扩展性,并且按需使用、按量付费,让业务更快速触达市场 。

我们的专用云安全解决方案可与主要 Fortinet 产品协同支持不同的云部署模式和用例,同时支持集中管理、开放 API 集成、计量监测、云平台编排和自动化。

 

 

Fortinet 云安全解决方案视频

Secure SD-WAN with Dynamic Cloud Security
FortiGate Next-Generation Firewall on AWS
FortiGate Next-Generation Firewall on Microsoft Azure

特性及优势

Icon automation

简化的自动化管理

Compliance icon

跨公有云和私有云应用提供一致的安全保护

icon benefits application control

多层高级应用保护

analytics icon

灵活的即付即用计费和许可

Scalable

面向灵活工作负载的可扩展弹性保护

cloud ready icon

支持领先的 IaaS 提供商

Public Cloud Security Use Cases:

Security in the cloud is intended to increase the organizations confidence to deploy applications in the cloud and by such improve overall organizational agility and ability to respond to market demand. By leveraging Fortinet’s Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric:

 

SaaS Visibility and Control

Software-as-a-Service (SaaS) application usage is often unregulated and unsecure. A lack of visibility and control on SaaS applications usage heightens risk.

 

SaaS Visibility and Control use case

 

Solution

FortiCASB-SaaS leverages the SaaS application API to monitor all SaaS activity and configuration of multiple SaaS services.

FortiCASB-SaaS provides centralized, detailed visibility on all SaaS applications usage. This enables organizations to implement uniform application control and security policies, protect their sensitive data against advanced threats, and support security compliance and governance.

Benefits

  • Organizations gain full visibility over usage of SaaS applications including their potential to spread malware or leak data
  • Provides full support for major SaaS applications such as Salesforce.com, Microsoft Office 365, etc.

Read the Solution Brief

Cloud Infrastructure Visibility and Control

As cloud use increases, so does the likelihood of misconfiguration. Analysts estimate that by 2023, misconfiguration will cause 99% of cloud-related risk, leading to disrupted services and unexpected costs.

 

Cloud infrastructure visibility and control use case

 

Solution

FortiCWP leverages the public cloud management API to monitor activity and configuration of multiple cloud resources. It continuously evaluates configurations across regions and public cloud types, and provides consistent visibility. The solution simplifies regulatory compliance violation reporting, and enhances compliance by providing guidance on security best practices. It also offers threat and risk management tools that help trace misconfigurations to their source.    

Benefits

  • Consistent compliance reporting across multiple clouds
  • Dynamic cloud heat map and threat maps
  • Streamlined incident investigation

Read the Solution Brief

Compliance in the Cloud

For many organizations, it is a time consuming burden to achieve compliance with PCI DSS, HIPPA, SOX, GDPR, and other regulation mandates.

 

Compliance in the cloud use case

 

Solution

FortiCWP aggregates and organizes security information from multiple cloud services and API’s into meaningful compliance reports and live compliance dashboards.

FortiSIEM provides a broader view of compliance across multiple clouds, Fortinet Security Fabric products and third-party products. It can create compliance reports at the push of a button.

FortiAnalyzer collects logs from Fortinet Security Fabric elements, and FortiManager enables changes to be audited, reviewed, approved, and implemented. Together, they close the loop on compliance gap mitigation. All systems support automated processes to facilitate compliance policy management and workflow, reducing risk when policies are changed.

Benefits

  • Automated compliance auditing and reporting for on-premises and cloud environments.
Cloud Based Security Management and Analytics

Using legacy management tools alongside new technologies creates complex incompatibilities, especially when seeking to manage from the cloud.

 

Cloud based security management and analytics use case

 

Solution

Leverage the multi-regional and global presence of top cloud infrastructure providers to deploy centralized and global security management and analytics systems in the cloud. FortiManager-VM, FortiAnalyzer-VM, and FortiSIEM-VM can all be deployed in the cloud to scale and globalize.

Benefits

  • Centralized, unified security management and visibility 
  • Enhanced audit and compliance reporting
  • Faster incident response 
  • Improved operational and cost efficiency, reducing risk
  • Increased ability to automate security management

Read the Solution Brief

Web Application Security

Commonly cloud-based applications are using web services to communicate internally as well as outwards. Such applications are vulnerable to various threats and the organizations operating these applications are often required to meet compliance requirements.

 

Web Application Security use case

 

Solution

Fortinet offers a variety of web application security solutions that are ideally suited for cloud-based customers. FortiWeb-VM, a purpose-built industry-leading web application firewall offered on all major cloud platforms, secures web services application programming interfaces (APIs), as well as front-end web applications to protect from known and unknown threats. Through integration with FortiWeb, FortiGate-VMs centrally enforce security policies and provide increased visibility. FortiCloud Sandbox Service performs dynamic analysis to identify previously unknown malware.

Benefits

  • Provide centralized protection for web applications
  • Enhance regulatory compliance for applications
  • Deploy API-specific security packages
  • Automate threat responses with the Fortinet Security Fabric: FortiWeb detects threats and FortiGate blocks them

Read the Solution Brief

Container Security

Teams need to be able to rapidly develop modular applications in containers, whether on-premises, in the cloud, or within an orchestration tool such as Kubernetes. In addition, each application needs consistent protection against threats.

 

Container aware security use case

 

Solution

Fortinet’s container security solution is divided to four complementary areas of protection. Container-aware security with the FortiGate cloud connector enables awareness of container labels when defining security policies. Container-enabled security with FortiWeb as a container image can be bundled within an application chain. Container-integrated security allows a Fortinet solution to be dynamically integrated into Kubernetes clusters and inserted in the application chain. Container registry security with FortiSandbox scans pulled, pre-configured container images for zero-day threats.

Benefits

  • Enable security for all stages of container deployment and rollout
  • Support faster development with security elements built-in

Read the Solution Brief

Secure Productivity

As organizations increasingly outsource the IT management aspect of productivity and email applications, the visibility and control over these applications is reduced. Security teams need the ability to provide consistent purpose-built security across multi-cloud environments.

 

Secure productivity use case

 

Solution

The combination of FortiMail, FortiSandbox, and FortiCASB-SaaS provides critical capabilities when securing Microsoft Office 365. The Fortinet Security Fabric enables deep visibility into email for protection from zero-day threats and monitoring the Office 365 application programming interface (API) layer.

Benefits

  • Consistent on cloud / off cloud security
  • Strong authentication, email security and cloud visibility

Read the Solution Brief

Secure Hybrid Cloud

Security posture is often inconsistent between data centers and clouds, leading to poor network visibility and complex security management. Connectivity needs to be protected between cloud environments and data centers.

 

Secure hybrid cloud use case

 

Solution

FortiGate next-generation firewall (NGFW) and cloud security solutions offer best-of-breed secure connectivity, network segmentation, and application security for hybrid-cloud-based deployments. They provide centralized, consistent security policy enforcement and connect through a high-speed VPN tunnel. FortiGate-VMs deployed in the public cloud can securely communicate and share consistent policies with FortiGate NGFWs of any form factor provisioned in a private data center.

Benefits

  • High-speed virtual private network (VPN) connections protect data without compromising performance
  • Security policies enforced consistently across all environments
  • Single-pane-of-glass management

Read the Solution Brief

Cloud Security Services Hub

When teams develop applications in separate virtual networks and clouds, there is no centralized security management, making it challenging to secure the resulting applications and separate environments.

 

Cloud Security Services hub use case

 

Solution

Security teams looking to unify disparate environments need a central security services hub, or transit network. The hub splits security from application development to provide centralized, shared, and consistent security enforcement. It also securely connects networks, locations, clouds, and data centers. Additionally, it analyzes and enforces security polices on inbound and outbound traffic between cloud and the internet.

Benefits

  • Security enforced consistently across all networks 
  • Secure connections enforced between locations
  • Teams can develop security solutions autonomously without waiting for security policies to be applied, reducing risk

Read the Solution Brief

Logical (Intent-Based) Segmentation

Segmenting cloud environments is challenging because dynamic provisioning results in constantly changing IP addresses. Network segmentation based on static IP address rules is therefore ineffective.

 

Logical intent-based segmentation use case

 

Solution

FortiGate-VMs provide intent-based segmentation, which builds access rules and segments based on user identity or business logic, and adjusts rules dynamically in response to a continuous trust assessment. FortiGate-VMs leverage metadata or tags associated with cloud-based resources across multiple clouds as an element in enforcing security policies. As a result, they intuitively define which workloads and elements in the cloud are allowed to communicate with other workloads and elements, whether they are inside or outside the cloud.

Benefits

  • Able to dynamically adjust security policies based on logical roles of resources, accommodating the fluidity of changes
  • Effectively blocks lateral attack movement and is able to inspect north-south and east-west traffic

Read the Solution Brief

Secure Remote Access

Organizations need global, on-demand, secure access to cloud resources. Traditional remote access VPNs, however, cannot meet these requirements.

 

Secure remote access use case

 

Solution

Security teams need configuration templates that enable secure remote access termination in the cloud. Then, they can dynamically provision FortiGate-VM instances that are pre-configured with these templates globally. This enables mobile workforces, customers, and business partners to connect to the virtual organization network. It also connects the cloud network to business applications through VPN tunnels, whether deployed in the cloud or on-premises.

Benefits

  • Low-latency, always-on connectivity to business applications through closest entry point into the network
  • Consistent user experience regardless of application location
  • Global high availability design eliminates impact of network single point of failure

   

Fortinet 云安全解决方案功能和产品

Fortinet 动态云安全解决方案和产品能够打破企业整个基础设施的安全可视性和管理复杂化障碍,有助于完善云提供商解决方案的功能和可扩展性。同时,Fortinet 可通过全自动功能简化运营、策略管理和可视性,从而改进安全生命周期管理。通过将安全功能原生集成至各个云平台,Fortinet 产品可为应用提供全面防护,并支持最广泛的云计算使用场景。 

diagram-securing-cloud.jpg

Fortinet 网络安全产品线可在所有领先云提供商的解决方案上使用,并提供自带许可 (BYOL) 或按需即付即用 (PAYG) 选项。

 

  • FortiManager: 面向 Fortinet 产品的基于云的管理
  • FortiAnalyzer: 基于云的报告有助于简化 SOC 运营。 
  • FortiSIEM: Fortinet 的多厂商安全信息和事件管理解决方案。 
  • FortiCWP: 安全代理控制并监控组织对公有云基础设施的管理。  

 

  • FortiGate: 行业领先的下一代防火墙可在云端或本地运行
  • FortiWeb: Fortinet 的 Web 应用防火墙能够保护 Web 应用,并有助于快速修补和提高合规性。 
  • FortiMail: 安全的电子邮件网关可防止通过电子邮件传播威胁和损害数据。
  • FortiSandbox: 提供高级检测、自动规避、实用洞察和灵活部署的强大组合,能够防止针对性攻击和后继数据丢失。

 

 

  • Fortinet Cloud Connectors: 提供一个抽象层,将Fortinet 产品与云平台相关服务进行API层面的紧密集成。将网络地址转换为安全对象,并为其他各种安全集成提供云提供商 API。
  • Fortinet Fabric APIs: 这些 API 可通过跨安全组件动态共享本地和全局威胁情报来实现自动化运营。
  • Fortinet DevOps stiches: 确保安全或基础设施事件自动触发操作的自动化方案。

Fortinet 在 AWS Marketplace 上提供了其行业领先的网络安全产品系列,可为基于云的基础设施和应用提供高级安全保护。

推荐产品:

Fortinet 在 Google Cloud Platform Marketplace 上提供了其行业领先的网络安全产品系列,可为基于云的基础设施和应用提供高级安全保护。 

Fortinet 在 Oracle 云上提供了其行业领先的网络安全产品系列,可为基于云的基础设施和应用提供高级安全保护。 

推荐产品:

 

Fortinet 在阿里云上提供了其行业领先的网络安全产品系列,可为基于云的基础设施和应用提供高级安全保护。

推荐产品:

 

Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.

For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:

  • Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
  • Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
  • Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.

FortiGuard

Industry Leading AI-driven Protection and Intelligence

FortiCare

World-class Global Support and Professional Services

Mission critical security-driven networks deserve the best support available.  FortiCare provides 24x7 support options to help keep your FortiGates up and running.  We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements. 

Want faster resolution?  Choose our Advanced Support option.

Need help to get going with new deployments and integrations?  FortiCare can do it, too, with Professional Services and Resident Engineers!  Contact Sales to find out how.

Delivering world-class security is not all that we do! We can help our customers lower their total cost of ownership (TCO) and simplify day-to-day security operations through our FortiOps services, which provide cloud-based management, visibility, and automation across their Fortinet Security Fabric.

FortiOps

Cloud-based Management, Visibility, and Operations

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CASB
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
360 Protection


FortiManager Cloud
     
FortiAnalyzer Cloud
     
SD-WAN Cloud Assist Monitoring
     
SD-WAN One Click VPN Overlay
     
FortiConverter Service
     
Industrial Security Service
   

Security Rating
   

CASB
   

Anti-Spam
 


Web Filtering
 

Advanced Malware Protection




IPS




FortiCare + Application Control




资源

Fuse Community


产品演示

FortiGate 云防火墙可以直接从领先的公有云市场免费试用,并提供可在常见云使用场景中自动部署 FortiGate 的云原生脚本。  试用实例具有完整功能,并能够转换为付费实例 – 请访问各个云市场,获取更多详细信息。

FortiGate Cloud Firewall Ecosystem