Fortinet Security Fabric for Alibaba Cloud
Fortinet solutions for Alibaba Cloud are designed to provide enterprise class security to your cloud-based applications. The solutions feature native integration into Alibaba cloud for seamless security and ease of automation, broad protection against both common and advanced threats, and central management and automation across clouds and data centers.
Fortinet Security Fabric for Alibaba Cloud
The Fortinet Security Fabric for Alibaba extends consistent, best-in-class security to the Alibaba Cloud. The Security Fabric protects business workloads across on-premises data center and cloud environments, including multi-layered security for born-in-the-cloud applications. Fortinet’s broad, integrated solution protects applications, data and the infrastructure supporting them.
Features and Benefits:
Complete visibility and automated, AI-driven threat protection across the entire attack surface
Flexible bring your own license (BYOL) options for scalable cloud workload deployment
Integrated cloud security competency with top-rated protection, tested by NSS Labs, Virus Bulletin, and AV-Comparatives
Cloud-ready, multilayered, and virtual domain (vDOM) support for granular security and intent-based segmentation
Single-pane-of-glass visibility and management of security and policies both inside and outside the Alibaba Cloud
Fortinet Use Cases for Alibaba Cloud
Cloud Workload Protection
Applications being built in or migrated to the cloud need to be protected against traditional internet-originated threats, as well as from new threats that propagate across workloads and are introduced via application programming interfaces.
The combination of inline protection for north-south traffic, host-based protection for east-west traffic, and protection for cloud API and configuration risks offers the tightest security solution for the cloud. Leverage FortiGate VM to protect virtual cloud networks from internet-originated threats as well as providing inter-cloud secure connectivity. Utilize FortiWeb VM to secure applications. Extend security within the cloud by using FortiClient on VMs, assuring compliance and connectivity. FortiCASB-Cloud protects from unwanted or unsupervised configurations at the cloud-account level.
Secure Hybrid Cloud
Security posture is often inconsistent between data centers and clouds, leading to poor network visibility and complex security management. Connectivity needs to be protected between cloud environments and data centers.
FortiGate next-generation firewall (NGFW) and Fortinet cloud security solutions offer best-of-breed secure connectivity, network segmentation, and application security for hybrid cloud-based deployments. They provide centralized, consistent security policy enforcement and connect through a high-speed VPN tunnel. FortiGate VMs deployed in the public cloud can securely communicate and share consistent policies with FortiGate NGFWs of any form factor provisioned across clouds or in a private data center.
Intent-based Segmentation
Segmenting cloud environments is challenging because dynamic provisioning results in constantly changing IP addresses. Network segmentation based on static IP addresses is ineffective. FortiGate VMs provide intent-based segmentation, which builds access rules and segments based on user identity or business logic and adjusts rules dynamically in response to a continuous trust assessment. FortiGate VMs leverage metadata or tags associated with cloud-based resources across multiple clouds as an element in enforcing security policies.
Cloud-based Security Management and Analytics
Leverage the multi-regional and global presence of top cloud infrastructure providers to deploy centralized and global security management and analytics systems in the cloud. FortiManager VM, FortiAnalyzer VM, and FortiSIEM VM can all be deployed in the cloud to scale and globalize.
Click here to learn more about these use cases.
Featured Fortinet Products on the Alibaba Cloud
FortiGate Next-Generation Firewall (NGFW) - Single VM
The FortiGate VM on the Alibaba Cloud delivers next-generation firewall (NGFW) capabilities for organizations of all sizes, with the flexibility to be deployed as a NGFW and/or a VPN gateway.
FortiWeb Web Application Firewall
The FortiWeb Web Application Firewall (WAF) provides advanced security and AI-based machine learning that defends web applications from vulnerability exploits, bots, malware uploads, DDoS attacks, advanced persistent threats (APTs), and zero-day attacks.
FortiManager Centralized Security Management
FortiManager provides single-pane-of-glass management for unified, end-to-end protection across the extended enterprise. It delivers insight into network traffic and offers enterprise-class features for threat containment.
FortiAnalyzer Centralized Log Analytics
FortiAnalyzer delivers critical insight into threats across the entire attack surface and provides instant visibility, situational awareness, real-time threat intelligence, and actionable analytics.
FortiGuard Threat Intelligence Service arms security professionals with actionable and prioritized threat intelligence that integrates into Fortinet security solutions, enabling a fast and proactive response to targeted attacks.
Visit Alibaba Marketplace for a complete list of Fortinet products available on Alibaba Cloud.
FortiGuard Security Services for Alibaba Cloud
Antivirus
FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
Application Control
Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.
Content Disarm & Reconstruction
Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.
Intrusion Prevention
FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.
IP Reputation & Anti-botnet Security
The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.
Virus Outbreak Protection Service
FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.
Web Filtering
Protects your organization by blocking access to malicious, hacked, or inappropriate websites.
Our Enterprise (ENT) bundle now includes:
- CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
- Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
- Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers.
The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- Web Filtering
- Antispam
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- CASB
- Security Rating
- Industrial Security Service
- FortiCare
The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- Web Filtering
- Antispam
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- FortiCare
The FortiGuard Advantage:
- FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization.
- Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
- Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- FortiCare 24*7
| Service | Advanced Threat Protection (ATP) |
Unified Protection (UTM) |
Enterprise Protection (ENT) |
360 Protection |
| FortiManager Cloud |
✔ |
|||
| FortiAnalyzer Cloud |
✔ |
|||
| SD-WAN Cloud Assist Monitoring |
✔ |
|||
| SD-WAN One Click VPN Overlay |
✔ |
|||
| FortiConverter Service |
✔ |
|||
| Industrial Security Service |
✔ |
✔ |
||
| Security Rating |
✔ |
✔ |
||
| CASB |
✔ |
✔ |
||
| Anti-Spam |
✔ |
✔ |
✔ |
|
| Web Filtering |
✔ |
✔ | ✔ |
|
| Advanced Malware Protection |
✔ |
✔ |
✔ |
✔ |
| IPS |
✔ |
✔ |
✔ |
✔ |
| FortiCare + Application Control |
✔ |
✔ |
✔ |
✔ |