Dynamic Security for AWS

Consistent multi-layered security from across clouds and datacenters to AWS

Security Fabric Automation for AWS
web product icon aws security

Fortinet Solutions for AWS Security

Many enterprises are turning to AWS to extend internal data centers and take advantage of the elasticity of the public cloud. While AWS security covers its infrastructure, customers are responsible for protecting everything stored within it.

Fortinet accelerates the journey to AWS with purpose-built cloud security. Fortinet’s dynamic cloud security solutions protect applications and business workloads across both on-premises data centers and cloud environments—including multilayer security for cloud-based applications. Organizations achieve a single consolidated view of security policies, governance reporting, and event monitoring regardless of physical, virtual, or cloud infrastructure, and across private, public, and hybrid clouds.

Fortinet offers SaaS-, VM-, container-, and API-based protection that delivers natively integrated security functionality that complements AWS security tools such as GuardDuty and Security Hub. Supporting the broadest set of use cases, Fortinet products offer comprehensive security for AWS workloads including firewall, security gateway, intrusion prevention, and web application security.  

 

Fortinet Security Architecture on AWS

Fortinet dynamic cloud security for AWS helps organizations maintain consistent security protection in a shared responsibility model, from on-premises to the cloud. It delivers comprehensive and fully programmable multilayered security and threat prevention capabilities for AWS users. At the same time, it streamlines operations, policy management, and visibility for improved security life-cycle management with full automation capabilities.


Using Fortinet on AWS provides the same powerful security controls of our industry-leading hardware devices as well as the ability to dynamically scale and automate management and policy enforcement across hybrid clouds. Read the AWS reference architecture for more information.

 

Features and Benefits:

reduce cash icon

Flexible billing integration: bring-your-own license (BYOL) or utility-based metering

icon benefits management

Centralized management across your data center and public cloud deployments

cloud ready icon

Integrated AWS auto scaling group into Cloud formation template for advanced security automation

Icon automation

Simplify network security management with AWS Transit VPC hub to save time and cost

FortiGate Next-Generation Firewall on AWS

The FortiGate Next Firewall on AWS delivers next generation firewall capabilities for organizations of all sizes, with the flexibility to be deployed as next generation firewall and/or VPN gateway. It enables broad protection and automated management for consistent enforcement and visibility across your hybrid cloud infrastructure.

立即观看

FortiGate Next-Generation Firewall Quick Start on AWS

Deploy a FortiGate auto-scaling baseline on AWS in just a few steps, so you can quickly test the comprehensive suite of powerful security features. Includes a 15-day free trial on Marketplace. 

AWS Quick Start

Fortinet Use Cases for AWS

Fortinet Dynamic Cloud Security enables the broadest set of use cases for AWS.

Visibility & Control

  • Cloud infrastructure visibility and control.
    Monitor activity and configuration of multiple cloud resources while simplifying regulatory compliance reporting.

  • Compliance in the cloud.
    Automate compliance auditing and reporting for on-premises and cloud environments.
     
  • Cloud-based security management and analytics.
    Leverage the global presence of AWS to deploy centralized and global security management and analytics systems in the cloud.

Application Security

  • Web application security.
    Secure web services with broad visibility, integrated protection across multiple clouds, and automated operations.

  • Logical (intent-based) segmentation.
    Deploy intent-based segmentation, which builds access rules and segments based on user identity or business logic, and adjusts rules dynamically in response to a continuous trust assessment.

  • Container security.
    Enable security for all stages of container deployment and rollout.

  • Cloud workload protection.
    Centralized, standardized security policy management for Infrastructure-as-a-Service (IaaS) deployments from the inside-out at the workload level, network level, and the API level.

Secure Connectivity

  • Secure hybrid cloud.
    Deploy secure connectivity, network segmentation, and application security for hybrid-cloud-based deployments.

  • Cloud security services hub.
    Unify disparate environments through a central security services hub, or transit network.

  • Secure remote access.
    Dynamically provision secure remote access connections in the cloud.

Click here to learn more about these use cases. 

Featured Products on AWS Marketplace

Fortinet offers its industry leading series of network security products over the AWS Public Cloud enabling customers advanced security protection for their cloud based infrastructure and applications. Following is a list of products that can be purchased directly from the AWS Marketplace.

 

icon sm fortigate

The FortiGate-VM on AWS delivers next-generation firewall (NGFW) capabilities for organizations of all sizes, with the flexibility to be deployed as a NGFW and/or a VPN gateway.

On-Demand  |  Bring Your Own License (BYOL)

icon sm fortiweb

The FortiWeb web application firewall (WAF) defends web-based applications from known and unknown zero-day threats. Its AI-based machine learning identifies threats with virtually no false-positive detections. 

On-Demand | BYOL | Container Edition | WAF-as-a-Service

icon sm fortiweb

FortiWeb rule sets are additional security signatures that can be used to enhance the protections included in the base AWS WAF product. They are based on FortiWeb security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs.

Complete OWASP Top 10  | General and Known Exploits  | SQLi/XSS | Malicious Bots | API Gateway

icon sm fortimanager

FortiManager provides single-pane-of-glass management for unified, end-to-end protection across the extended enterprise. It delivers insight into network traffic and offers enterprise-class features for threat containment. 

icon sm fortianalyzer

FortiAnalyzer delivers critical insight into threats across the entire attack surface and provides Instant visibility, situation awareness, real-time threat intelligence, and actionable analytics.

On-Demand | BYOL

icon sm fortimail

Secured by FortiGuard, FortiMail delivers the latest technologies and intelligence, including integrated sandboxing, to stop even the most sophisticated email-borne threats. 

icon sm fortisandbox

FortiSandbox for AWS enables organizations to defend against advanced threats natively in the cloud, working alongside network, application, email, endpoint security, and other third-party security solutions, or as an extension to their on-premises security architectures to leverage cloud elasticity and scale.

On-Demand BYOL

Visit AWS Marketplace for a complete list of Fortinet products on AWS    

FortiGuard Security Services for AWS

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiCloud Sandbox

FortiCloud Sandbox Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

virus outbreak service icon

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

security audit service icon

Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.

FG AntiBotnet

IP Reputation & Anti-botnet Security

The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • CWP - providing visibility, compliance, data security and threat protection for your cloud-based services.
  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • CWP
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
360 Protection


FortiManager Cloud
     
FortiAnalyzer Cloud
     
SD-WAN Cloud Assist Monitoring
     
SD-WAN One Click VPN Overlay
     
FortiConverter Service
     
Industrial Security Service
   

Security Rating
   

CWP
   

Anti-Spam
 


Web Filtering
 

Advanced Malware Protection




IPS




FortiCare + Application Control




Resources

Enhance security and improve high availability practices in your AWS environment. View the various deployment scenarios.

Related Resources