Securing an array of AWS Public Cloud Use Cases
The Fortinet Security Fabric for AWS extends consistent, best-in-class enterprise security to AWS based cloud environments. The Security Fabric protects business workloads across on-premises data centers and cloud environments—including multi-layered security for cloud based applications. The solution offers various types of security protection services ranging from VM based protection, through container based, API based and all the way through natively integrated security functionality powered by Fortinet and enforced by AWS. The Security Fabric supports a wide variety of public and hybrid cloud use cases, including:
Inside-Out IaaS Security
Implement a consistent security policy for Securing IaaS deployments from the inside out at the workload level, at the network level and at the API level:
- Host level security at the host using FortiClient enforcing host level integrity
- Network level security at the VPC level with FortiGate-VM enabling secure connectivity and L7 network access control
- API level security using FortiCASB enforcing configuration integrity and supporting compliance
Secure Access VPN
The Fortinet Security Fabric delivers best-in-class performance for securing VPN traffic for remote access VPN in AWS. By leveraging AWS multi-region global infrastructure, organizations can instantaneously scale their services globally and offer remote access VPN termination close to the end user. Remote access VPN can be used to enable access to cloud-based applications as well as on premises applications that are connected to the cloud over other forms of private links or VPN.
Businesses need seamless security protection that scales along with cloud workloads. The Fortinet Security Fabric includes next-generation firewalls (NGFWs) that complement native AWS Security groups while supporting secured and encrypted VPN connectivity across every flavor of cloud infrastructure. They can be managed from either a public cloud deployment or on-premises in a private data center.
Advanced Threat Prevention
An increasingly essential percentage of modern business applications are deployed over public cloud infrastructures in general and AWS in particular. At the same time, web and mail applications are responsible for the highest number of breaches per pattern. The Fortinet Security Fabric for AWS includes solutions designed to protect these kinds of business-critical applications from known and zero-day attacks by leveraging Security Fabric solutions such as FortiWeb, FortiMail and FortiSandbox. This mitigates the risk from server vulnerability and supports compliance with regulatory and security standards such as Payment Card Industry Data Security Standard (PCI DSS) and Health Information Portability and Accountability Act (HIPAA). Additionally, FortiSandbox can protect externally facing collaboration applications from advanced persistent threat risks resulting from malicious file uploads.
Security Management from the Cloud
Customers with a large global security infrastructure see it as an advantage to leverage cloud provider global availability and global network to deploy security management across multiple cloud regions and leverage cloud storage for logs. The cloud based deployment improves availability and scalability of management.
Cloud based management is used to:
- Manage global information security infrastructure
- Single point to view worldwide security events and take action
- Security management is always close to the administrator
Public Cloud Usage Monitoring and Control
Public cloud usage is not monitored and often unsecure and not cost effective.
Organizations gain full visibility over configuration changes across a variety of public cloud infrastuctures through a unified security platform.
- FortiCASB monitors cloud management API
- New user creation and new asset creations and deletions trigger event logs in FortiCASB
- Logs are synchronized with FortiManager
Cloud Services Hub
Since AWS connectivity far outperforms that of the typical mid-sized enterprise, organizations can offer security services at a global scale. Leveraging AWS Transit Architectures and services allows organizations to build a security hub encompassing a variety of Fortinet security products and share security services across multiple AWS VPC’s and networks worldwide. The security services enables at the cloud service hub are network visibility, VPN connectivity, next generation firewall (NGFW), advanced web application firewall, sandboxing, and mail security—the Fortinet Security Fabric provides a very broad set of services while leveraging cloud elasticity and on-demand scalability for optimized price/performance ratio and scalability.