Public Cloud Security

Protect Your Workloads in the Cloud

Read the white paper: Securing Your Public and Hybrid Cloud
适用于:

Security Fabric Solutions for Public Clouds Overview

Public clouds have become very popular due to their ability to provide elastic and scalable infrastructure for applications, storage, and data. These capabilities change the way the world does business. When organizations choose to consume infrastructure as a service (IaaS) by leading cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), network security needs to be thought of differently than when security was solely on premises. Even though the cloud provider’s infrastructure is secured by the cloud provider, organizations are required to implement security controls protecting the applications and data they put into that cloud infrastructure. This must meet or exceed their on-premises security postures.

By leveraging Fortinet Security Fabric Enabled Solutions, organizations can implement optimal cloud application workload security throughout their public cloud and hybrid cloud application deployment. Fortinet secures workloads in public clouds to ensure privacy and confidentiality while leveraging the cloud benefits of scalability, metering, and time-to-market.

 

Supported Cloud Platforms:

Security Fabric Use Cases:

Security in the cloud is intended to increase the organizations confidence to deploy applications in the cloud and by such improve overall organizational agility and ability to respond to market demand. By leveraging Fortinet’s Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric:

 

Cloud Services Hub

Cloud Services Hub

 

 

Organizations can build remote access VPN termination points in the cloud and leverage the global presence of large-scale cloud providers.  This FortiGate-based solution applies both when applications reside in the cloud, as well as when applications reside on-premises.  On-premises applications are commonly connected to the cloud over IPsec VPN tunnels. 

 

hybrid cloud

Hybrid Cloud

 

For web applications and mail servers, the combinations of FortiGate, FortiWeb, FortiMail, and FortiSandbox offer unique in-depth protection. This solution offers capabilities that help organizations comply with regulatory and security requirements such as PCI, SOX, GLBA, or HIPAA. Additionally, these capabilities help with relieving the need to constantly apply patches to web servers and reduce the risk from advanced threats.

 

Security Management from the cloud

Security management from the cloud

Organizations can leverage a cloud-based virtual network to provide shared services to cloud and on-premises networks. Networks and applications that are independently developed and operated by different organizational units (Line of Business) and connected to the Cloud Services Hub over a VPN connection can utilize shared services such as application based firewalling, application communication protection, context and application aware web application firewalls (WAF), Email security, and Sandbox based advanced threat protection services, which can all be managed from the cloud.

 

Remove access VPN

Remote Access VPN

This solution outlines the various scenarios enterprise organizations may encounter in which they are required to connect a variety of on-premises data center-based services to cloud-based services in order to deliver enterprise applications to customers and employees. FortiGate VPN functionality is available for both on- and off-cloud deployments, offering enterprises a secure and seamless operation of applications across a variety of infrastructures.

 

Advanced application protection

Advanced application protection

 

Leverage the global presence of top cloud infrastructure providers as well as the elasticity of storage and compute resources to deploy centralized and global security management and operations systems in the cloud. FortiManager, FortiAnalyzer, and FortiSIEM can all be deployed in the cloud to streamline operations of the organizations global information security infrastructure.

 

 

Fortinet Cloud Security News

5/22/2018: Fortinet Expands Fabric-Ready Partner Program with Fabric Connectors
Fabric Connectors provide open, one-click integration with alliance partner technologies to automate security operations, policies and DevOps processes

___________________________________________________________________________________________________

05/15/2018: Amazon GuardDuty and Automating Cloud Security with the Security Fabric
Fortinet is excited to announce the integration of the Security Fabric with Amazon GuardDuty to automate remediation and threat intelligence in Amazon Web Services.

___________________________________________________________________________________________________

2/5/2018: Fortinet FortiGate Virtual Machine Now Available for Google Cloud Platform
FortiGate virtual appliance provides Google Cloud enterprise customers with secure workload and application.

Fortinet Cloud Security Videos

Cloud Security Solution
Cloud Security Automation with AWS Auto Scaling

The Three Pillars of Fortinet Cloud Security

Cloud Security Solution Functions and Products

Management Products

Products that help organizations manage information security in the cloud:

  • FortiManager: Cloud-based management for Fortinet products
  • FortiAnalyzer: Cloud-based reporting to streamline SOC operations
  • FortiSIEM: Fortinet’s multivendor Security Information and Event Management solution

Enforcement Products

Products that protect cloud-based applications and data:

  • FortiGate: Industry-lLeading next-gen firewall runs in the cloud or on-premises
  • FortiWeb: Fortinet’s web application firewall protects web applications and helps with patching and regulatory compliance
  • FortiMail: Secure email gateway protects against email-bourne threats and data loss via email
  • FortiSandbox: FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss
  • FortiCASB: A security broker controls and monitors the organization’s access to SaaS applications.

Connectors and API's

  • Fortinet Cloud Connectors: Provide an abstraction layer for Fortinet products to treat cloud infrastructures in a seamless manner by translating. Network addresses into security objects and providing various other security integrations with cloud provider API’s.
  • Fortinet Fabric APIs: The APIs enable automated operations through dynamic sharing of local and global threat intelligence across security components
  • Fortinet DevOps stitches: Automation recipes making security or infrastructure events automatically trigger actions

Features and Benefits

Icon automation

Streamlined and automated management

Compliance icon

Consistent security across public and private cloud applications

icon benefits application control

Multi-layer advanced application protection

analytics icon

Flexible pay as you go billing and licensing

icon benefits scalable

Scalable and resilient protection for elastic workloads

cloud ready icon

Support leading IaaS Provders

   

FortiGate 云防火墙型号与规格

FortiGate 云防火墙可通过公有云市场在主要的公有云环境中部署成一个虚拟设备,无论是作为 BYOL 的情况,还是作为按需供应的情况。

FortiGuard 服务

FG Application Control

应用控制

可对您的用户正在运行的应用程序获得无可比拟的实时可见性,并轻松执行您可接受的使用策略,从而提供安全性并满足合规要求。通过 FortiGuard 应用控制,您可以快速创建策略来允许、拒绝或限制对应用程序或整个类别的应用程序的访问。

FG Web Filtering

网页过滤

通过对恶意、被侵入或不当网站的访问阻拦来保护您的组织。

Icon cloudsandbox

FortiSandbox 云

FortiSandbox 云服务是一个高级威胁检测解决方案,能够执行动态分析来提前识别未知的恶意软件。FortiSandbox 云生成的可执行威胁情报会反馈到防火墙网络安全策略配置中,进行威胁阻断。

FG Antivirus

反病毒

FortiGuard 反病毒可阻断最新病毒、间谍软件以及其他内容层面的威胁。它采用行业领先的高级检测引擎来阻止不断变化的新威胁在您的网络中获得据点、访问网络中宝贵的内容。

Credential Stuffing Defense Icon

内容阻断 & 复原

内容阻断 & 复原 (CDR) 功能可实时移除文件中所有的活动内容,创建一个清洁的平面文件。所有活动内容都被视为可疑内容并被移除。CDR 可以处理所有传入文件,对它们进行解构,然后移除所有不符合防火墙策略的元素。

FG Intrusion Prevention

入侵防御

FortiGuard IPS 通过检测威胁并在威胁侵入到网络设备前对此阻断,以此抵御最新的网络入侵。

Security Rating Service icon

安全评级

安全审计更新服务旨在引导客户设计、实现并持续维护适合其组织的目标 Security Fabric 安全架构安全状态。Security Fabric 安全架构从根本上是构建于最佳安全实践之上,通过运行这些审计检查,安全团队将能够识别 Security Fabric 安全架构设置中的关键漏洞和配置弱点,并实施最佳实践建议。

icon product menu cloud access security broker

FortiCASB

FortiCASB 是云访问安全代理 (CASB) 服务,可针对组织使用的云服务提供可见性、合规性、数据安全和威胁防御。FortiCASB 支持众多主流 SaaS 服务提供商,通过全面的报告工具提供关于用户、行为和云端存储的数据的分析结果。

FG AntiBotnet

IP 信誉 & 反僵尸安全服务

FortiGuard IP 信誉服务从 Fortinet 分布式威胁传感器网络、CERT、MITRE、进行合作的竞争对手以及其他全球资源收集恶意来源 IP 数据,合力提供关于敌对来源的最新威胁情报。有来自分布式网络网关近乎实时的情报,再结合 FortiGuard Labs 的世界级研究,组织可得到更安全的保护并对攻击实施主动拦截。

FG Mobile Security

移动安全

Fortinet 的移动安全服务能有效防御以移动设备为目标的最新威胁。它采用行业领先的高级检测引擎来阻止不断变化的新威胁在您的网络中获得据点、访问网络中宝贵的信息。

Industrial Control systems icon

工控系统

FortiGuard Industrial Security Service(工业安全服务)会持续更新签名,以识别和监控大多数常见的 ICS/SCADA (监控和数据采集)协议,以实现精细可见化和精细控制。另外还对主要 ICS 制造商的应用和设备提供漏洞保护。

FG AntiSpam

反垃圾邮件

FortiGuard Antispam(反垃圾邮件)可提供一种全面且多层次的方法对组织处理的垃圾邮件进行检测、过滤。双路径检测技术可以显著地减少边界垃圾邮件数量,给您一个无与伦比的邮件攻击控制与感染控制体验。

 

适用于 FortiGate 的 FortiGuard 服务捆绑包 

企业防护捆绑包
应对当今高级威胁形势的安全防护。它提供可用于 FortiGate 的所有 FortiGuard 安全服务,包括有:NGFW 应用控制和 IPS、网页过滤、FortiCloud 沙盒服务、反病毒、移动安全、IP 信誉&、反僵尸网络、反垃圾邮件,以及可选择 8x5 或 24x7 支持服务的核心 FortiCare 安全服务。

统一威胁管理 (UTM) 防护捆绑包
传统 UTM 安全服务包括 NGFW 应用控制和 IPS、网页过滤、杀毒、反垃圾邮件,以及可选择 8x5 或 24x7 支持服务的核心 FortiCare 安全服务

威胁防护捆绑包 
核心防护技术包括:应用控制、IPS、AV、僵尸 IP/域以及移动恶意软件服务。FortiCare 安全服务可提供 24x7 支持服务。 

产品演示

您可以直接从主要的公有云应用市场用 FortiGate 云防火墙的免费试用版看其演示,使用原生云脚本可以在常见的云使用场景中自动部署 FortiGate。 试用版功能齐全并可以转换为付费版本,请查看各云应用市场了解更多详情。 

FortiGate 在 Microsoft Azure Marketplace 中的试用版

FortiGate 在 AWS Marketplace 中的试用版

Public Cloud Security

FortiGate Cloud Firewall Ecosystem

Amazon Web Services
Amazon Web Services

AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.

Solution brief

Learn more on the Fortinet-AWS alliance

Google Cloud Platform
Google Cloud Platform

Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.

Solution brief

IBM
IBM

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.

Microsoft Azure
Microsoft Azure

Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.

Oracle
Oracle

Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.

Solution brief