Public Cloud Security

Protect Your Cloud Infrastructure and Workloads

Read the white paper: Securing Your Public and Hybrid Cloud

Security Fabric Solutions for Public Clouds Overview

Public clouds have become very popular due to their ability to provide elastic and scalable infrastructure for applications, storage, and data. These capabilities change the way the world does business. When organizations choose to consume infrastructure as a service (IaaS) by leading cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), network security needs to be thought of differently than when security was solely on premises. Even though the cloud provider’s infrastructure is secured by the cloud provider, organizations are required to implement security controls protecting the applications and data they put into that cloud infrastructure. This must meet or exceed their on-premises security postures.

By leveraging Fortinet Security Fabric Enabled Solutions, organizations can implement optimal cloud application workload security throughout their public cloud and hybrid cloud application deployment. Fortinet secures workloads in public clouds to ensure privacy and confidentiality while leveraging the cloud benefits of scalability, metering, and time-to-market.

 

Supported Cloud Platforms:

Security Fabric Use Cases:

Security in the cloud is intended to increase the organizations confidence to deploy applications in the cloud and by such improve overall organizational agility and ability to respond to market demand. By leveraging Fortinet’s Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric:

 

Cloud Services Hub

Cloud Services Hub

 

 

Organizations can build remote access VPN termination points in the cloud and leverage the global presence of large-scale cloud providers.  This FortiGate-based solution applies both when applications reside in the cloud, as well as when applications reside on-premises.  On-premises applications are commonly connected to the cloud over IPsec VPN tunnels. 

 

hybrid cloud

Hybrid Cloud

 

For web applications and mail servers, the combinations of FortiGate, FortiWeb, FortiMail, and FortiSandbox offer unique in-depth protection. This solution offers capabilities that help organizations comply with regulatory and security requirements such as PCI, SOX, GLBA, or HIPAA. Additionally, these capabilities help with relieving the need to constantly apply patches to web servers and reduce the risk from advanced threats.

 

Security Management from the cloud

Security management from the cloud

Organizations can leverage a cloud-based virtual network to provide shared services to cloud and on-premises networks. Networks and applications that are independently developed and operated by different organizational units (Line of Business) and connected to the Cloud Services Hub over a VPN connection can utilize shared services such as application based firewalling, application communication protection, context and application aware web application firewalls (WAF), Email security, and Sandbox based advanced threat protection services, which can all be managed from the cloud.

 

Remove access VPN

Remote Access VPN

This solution outlines the various scenarios enterprise organizations may encounter in which they are required to connect a variety of on-premises data center-based services to cloud-based services in order to deliver enterprise applications to customers and employees. FortiGate VPN functionality is available for both on- and off-cloud deployments, offering enterprises a secure and seamless operation of applications across a variety of infrastructures.

 

Advanced application protection

Advanced application protection

 

Leverage the global presence of top cloud infrastructure providers as well as the elasticity of storage and compute resources to deploy centralized and global security management and operations systems in the cloud. FortiManager, FortiAnalyzer, and FortiSIEM can all be deployed in the cloud to streamline operations of the organizations global information security infrastructure.

 

 

Fortinet Cloud Security News

5/22/2018: Fortinet Expands Fabric-Ready Partner Program with Fabric Connectors
Fabric Connectors provide open, one-click integration with alliance partner technologies to automate security operations, policies and DevOps processes

___________________________________________________________________________________________________

05/15/2018: Amazon GuardDuty and Automating Cloud Security with the Security Fabric
Fortinet is excited to announce the integration of the Security Fabric with Amazon GuardDuty to automate remediation and threat intelligence in Amazon Web Services.

___________________________________________________________________________________________________

2/5/2018: Fortinet FortiGate Virtual Machine Now Available for Google Cloud Platform
FortiGate virtual appliance provides Google Cloud enterprise customers with secure workload and application.

Fortinet Cloud Security Videos

Cloud Security Solution
Cloud Security Automation with AWS Auto Scaling

The Three Pillars of Fortinet Cloud Security

Cloud Security Solution Functions and Products

Management Products

Products that help organizations manage information security in the cloud:

  • FortiManager: Cloud-based management for Fortinet products
  • FortiAnalyzer: Cloud-based reporting to streamline SOC operations
  • FortiSIEM: Fortinet’s multivendor Security Information and Event Management solution

Enforcement Products

Products that protect cloud-based applications and data:

  • FortiGate: Industry-lLeading next-gen firewall runs in the cloud or on-premises
  • FortiWeb: Fortinet’s web application firewall protects web applications and helps with patching and regulatory compliance
  • FortiMail: Secure email gateway protects against email-bourne threats and data loss via email
  • FortiSandbox: FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss
  • FortiCASB: A security broker controls and monitors the organization’s access to SaaS applications.

Connectors and API's

  • Fortinet Cloud Connectors: Provide an abstraction layer for Fortinet products to treat cloud infrastructures in a seamless manner by translating. Network addresses into security objects and providing various other security integrations with cloud provider API’s.
  • Fortinet Fabric APIs: The APIs enable automated operations through dynamic sharing of local and global threat intelligence across security components
  • Fortinet DevOps stitches: Automation recipes making security or infrastructure events automatically trigger actions

Features and Benefits

Icon automation

Streamlined and automated management

Compliance icon

Consistent security across public and private cloud applications

icon benefits application control

Multi-layer advanced application protection

analytics icon

Flexible pay as you go billing and licensing

icon benefits scalable

Scalable and resilient protection for elastic workloads

cloud ready icon

Support leading IaaS Provders

   

Security Fabric Use Cases:

Security in the cloud is intended to increase the organizations confidence to deploy applications in the cloud and by such improve overall organizational agility and ability to respond to market demand. By leveraging Fortinet’s Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric:

 

Inside Out IaaS Security

Inside-Out IaaS Security

Providers protect the infrastructure – you need to protect your cloud assets. Implement a consistent security policy for Securing IaaS deployments from the inside out at the workload level, at the network level and at the API level. Host level security at the host using FortiClient enforcing host level integrity. Network level security at the VPC/vNET level with Fortigate-VM enabling secure connectivity and L7 network access control. API level security using FortiCASB enforcing configuration integrity and supporting compliance.

Cloud Services Hub

Cloud Services Hub

Organizations can leverage a cloud-based virtual network to provide shared services to cloud and on-premises networks. Networks and applications that are independently developed and operated by different organizational units (Line of Business) and connected to the Cloud Services Hub over a VPN connection can utilize shared services such as application based firewalling, application communication protection, context and application aware web application firewalls (WAF), Email security, and Sandbox based advanced threat protection services, which can all be managed from the cloud.

Remote Access VPN

Remote Access VPN

Organizations can build remote access VPN termination points in the cloud and leverage the global presence of large-scale cloud providers.  This FortiGate-based solution applies both when applications reside in the cloud, as well as when applications reside on-premises.  On-premises applications are commonly connected to the cloud over IPsec VPN tunnels.

Hybrid Cloud

Hybrid Cloud

This solution outlines the various scenarios enterprise organizations may encounter in which they are required to connect a variety of on-premises data center-based services to cloud-based services in order to deliver enterprise applications to customers and employees. FortiGate VPN functionality is available for both on- and off-cloud deployments, offering enterprises a secure and seamless operation of applications across a variety of infrastructures.

Advanced application protection

Advanced Application Protection

For web applications and mail servers, the combinations of FortiGate, FortiWeb, FortiMail, and FortiSandbox offer unique in-depth protection. This solution offers capabilities that help organizations comply with regulatory and security requirements such as PCI, SOX, GLBA, or HIPAA. Additionally, these capabilities help with relieving the need to constantly apply patches to web servers and reduce the risk from advanced threats.

Security Management from the Cloud

Security Management from the Cloud

Leverage the global presence of top cloud infrastructure providers as well as the elasticity of storage and computer resources to deploy centralized and global security management and operations systems in the cloud. 

FortiManager, FortiAnalyzer, and Forti-SIEM can all be deployed in the cloud to streamline operations of the organizations global information security infrastructure.

Public Cloud Usage monitoring and control

Public Cloud Usage Monitoring and Control

Public cloud usage is not monitored and often unsecure and not cost effective. Organizations gain full visibility over configuration changes across a variety of public cloud infrastructures through Fortinet unified platform. FortiCASB monitors Cloud management API, new user creation and new Asset creations and deletions trigger event logs in FortiCASB and logs are synchronized with FortiManager.

SaaS Usage Monitoring and Control

SaaS Usage Monitoring and Control

SaaS application usage is unregulated and often unsecure. Organizations gain full visibility over usage of SaaS applications including the spreading of malware or potential data leakage. FortiCASB monitors popular SaaS application API’s, new user creation and new Asset creations and deletions trigger event logs in FortiCASB. New Files are scanned by FortiSandbox to protect from malware propagation and logs are synchronized with FortiManager.

   

FortiGate 云防火墙型号与规格

FortiGate 云防火墙可通过公有云市场在主要的公有云环境中部署成一个虚拟设备,无论是作为 BYOL 的情况,还是作为按需供应的情况。

产品演示

您可以直接从主要的公有云应用市场用 FortiGate 云防火墙的免费试用版看其演示,使用原生云脚本可以在常见的云使用场景中自动部署 FortiGate。 试用版功能齐全并可以转换为付费版本,请查看各云应用市场了解更多详情。 

FortiGate 在 Microsoft Azure Marketplace 中的试用版

FortiGate 在 AWS Marketplace 中的试用版