Fortinet Extends Advanced Application Security with FortiWeb Cloud WAF-as-a-Service on Amazon Web Services

Fortinet to secure applications on AWS with FortiWeb Cloud WAF-as-a-Service

SUNNYVALE, Calif. - 25.06.2019


John Maddison, EVP of Products and Solutions at Fortinet
“As organizations increasingly build out their business in the cloud and use web applications, they increase their exposure to known and unknown targeted attacks. Delivered through the Fortinet Security Fabric, FortiWeb Cloud Web Application Firewall (WAF)-as-a-Service allows organizations to rapidly deploy web applications while providing best-in-class security for mission-critical applications.”

News Summary
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the addition of FortiWeb Cloud WAF-as-a-Service to its robust cloud security portfolio offerings. FortiWeb Cloud WAF-as-a-Service on Amazon Web Services (AWS) allows organizations to rapidly deploy web applications while providing best-in-class security for mission-critical applications – protecting applications and APIs from threats and addressing compliance requirements. Organizations protecting their web applications with this Software-as-a-Service (SaaS) solution can deploy the full WAF solution without the need to deploy and manage infrastructure or possess specific web application security skills, enabling rapid application deployment.

The Evolving Attack Surface in the Cloud
To keep up with digital transformation, IT teams are increasingly deploying applications to the cloud and building cloud-native applications. However, this rapid deployment can introduce vulnerabilities and requires robust security to defend the evolving attack surface and protect applications from threats. Organizations’ disaggregation of security tools compounds the challenge of protecting the attack surface. IT teams need security solutions that accurately protect web assets, are intuitive and are simple to deploy and easy to manage in order to truly take advantage of the benefits of migrating applications to the cloud or building cloud-native applications. Pairing this with the shortage of general cybersecurity expertise and web application security in particular, DevOps teams managing web applications are especially in need of security solutions that are easy to use as the resources to monitor threats across hybrid cloud environments are limited. 

Reaping the Benefits of the Cloud with Fortinet’s Security-Driven Approach
Fortinet is addressing the issues that IT teams, including DevOps, face with the addition of FortiWeb Cloud WAF-as-a-Service to its cloud security portfolio. FortiWeb Cloud WAF-as-a-Service is available for purchase on AWS Marketplace or through your preferred Fortinet reseller and leverages the flexibility of AWS by automatically provisioning security protection for customers across multiple AWS Regions. As part of the Fortinet Security Fabric, FortiWeb Cloud WAF-as-a-Service provides the following benefits:

  • Accurate and easy to manage Cloud WAF offering: As one of the first machine learning-enabled WAF technology in the industry, customers deploying FortiWeb Cloud WAF-as-a-Service benefit from high accuracy of detection and threat prevention, eliminating false positives and ensuring applications keep running. The solution also gives users the ability to perform a comprehensive self-tuning of policies to eliminate the operational overhead of managing a WAF service. FortiWeb Cloud WAF-as-a-Service also provides web application security that is easy to deploy and maintain with minimal configuration and management. The solution allows access to advanced configuration options when needed, removing the usual complexity required when setting up a WAF.  
  • Advanced threat protection for web applications: FortiWeb Cloud WAF-as-a-Service safeguards applications from vulnerability exploits, bots, malware uploads, DDoS attacks, advanced persistent threats (APTs), both unknown and zero-day attacks, among others. It also includes services from Fortinet’s award-winning FortiGuard Labs, providing signatures, sandboxing and IP reputation to ensure organizations have the latest protection and updates on threats.
  • Low total cost of ownership (TCO): As a cloud-native SaaS solution deployed in the same AWS Region as an organizations’ applications, FortiWeb Cloud WAF-as-a-Service doesn’t require maintenance of hardware or software and can reduce outbound data transfer costs significantly. Organizations pay Intra-Region Data Transfer rates for traffic to the service and FortiWeb Cloud WAF-as-a-Service handles the data transfer out costs as part of its subscription. IT teams can leverage the benefits of low latency and intra-region bandwidth rates for traffic between applications and the WAF.
  • Simplifies compliance requirements: Fortinet delivers FortiWeb Cloud WAF-as-a-Service using a colony of WAF gateways in the same AWS Region as an organizations’ application. This avoids potentially subjecting the application to additional regional regulatory requirements.
  • Flexible purchasing options: Whether customers prefer pre-provisioned capacity or paying by the volume of processed data, FortiWeb Cloud WAF-as-a-Service supports the most suitable option for customers’ business priorities and budgetary considerations.

Supporting Quotes
“The availability of FortiWeb Cloud WAF-as-a-Service on AWS makes it easy for organizations to get a SaaS cloud-based web application firewall up and running for advanced threat protection within minutes in a single global AWS Region. Fortinet’s SaaS solution is delivered from multiple AWS Regions and runs closest to customer applications, providing customers with the flexible performance and cost benefits they desire to support their business agility.”
- Dan Plastina, Vice President, Security Services, Amazon Web Services, Inc.

“At Steelcase, we’ve always viewed technology as a key differentiator. We were earlier adopters of virtualization and cloud-based solutions to drive our business forward. As we began migrating applications and workloads to the public cloud, we selected Fortinet given its robust cloud security offerings that are unified with the Fortinet Security Fabric. FortiWeb in particular has enabled Steelcase to effectively secure our web applications and has made it easier to manage operations and reports that previously were time-consuming and complex.”   
- Frank Stevens, Cloud Security Architect at Steelcase    

Additional Resources

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security features without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 400,000 customers trust Fortinet to protect their businesses. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Copyright © 2019 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.