Public Cloud Security

Protect Your Workloads in the Cloud

Read the white paper: Securing Your Public and Hybrid Cloud
Доступно в:
  • облако

Security Fabric Solutions for Public Clouds Overview

Public clouds have become very popular due to their ability to provide elastic and scalable infrastructure for applications, storage, and data. These capabilities change the way the world does business. When organizations choose to consume infrastructure as a service (IaaS) by leading cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), network security needs to be thought of differently than when security was solely on premises. Even though the cloud provider’s infrastructure is secured by the cloud provider, organizations are required to implement security controls protecting the applications and data they put into that cloud infrastructure. This must meet or exceed their on-premises security postures.

By leveraging Fortinet Security Fabric Enabled Solutions, organizations can implement optimal cloud application workload security throughout their public cloud and hybrid cloud application deployment. Fortinet secures workloads in public clouds to ensure privacy and confidentiality while leveraging the cloud benefits of scalability, metering, and time-to-market.

 

Featured Public Cloud Platforms:

Security Fabric Use Cases:

Security in the cloud is intended to increase the organizations confidence to deploy applications in the cloud and by such improve overall organizational agility and ability to respond to market demand. By leveraging Fortinet’s Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric:

 

Cloud Services Hub

Cloud Services Hub

 

 

Organizations can build remote access VPN termination points in the cloud and leverage the global presence of large-scale cloud providers.  This FortiGate-based solution applies both when applications reside in the cloud, as well as when applications reside on-premises.  On-premises applications are commonly connected to the cloud over IPsec VPN tunnels. 

 

hybrid cloud

Hybrid Cloud

 

For web applications and mail servers, the combinations of FortiGate, FortiWeb, FortiMail, and FortiSandbox offer unique in-depth protection. This solution offers capabilities that help organizations comply with regulatory and security requirements such as PCI, SOX, GLBA, or HIPAA. Additionally, these capabilities help with relieving the need to constantly apply patches to web servers and reduce the risk from advanced threats.

 

Security Management from the cloud

Security management from the cloud

Organizations can leverage a cloud-based virtual network to provide shared services to cloud and on-premises networks. Networks and applications that are independently developed and operated by different organizational units (Line of Business) and connected to the Cloud Services Hub over a VPN connection can utilize shared services such as application based firewalling, application communication protection, context and application aware web application firewalls (WAF), Email security, and Sandbox based advanced threat protection services, which can all be managed from the cloud.

 

Remove access VPN

Remote Access VPN

This solution outlines the various scenarios enterprise organizations may encounter in which they are required to connect a variety of on-premises data center-based services to cloud-based services in order to deliver enterprise applications to customers and employees. FortiGate VPN functionality is available for both on- and off-cloud deployments, offering enterprises a secure and seamless operation of applications across a variety of infrastructures.

 

Advanced application protection

Advanced application protection

 

Leverage the global presence of top cloud infrastructure providers as well as the elasticity of storage and compute resources to deploy centralized and global security management and operations systems in the cloud. FortiManager, FortiAnalyzer, and FortiSIEM can all be deployed in the cloud to streamline operations of the organizations global information security infrastructure.

 

 

Fortinet Cloud Security News

7/23/2018: Fortinet Expands Security Fabric Offerings on Google Cloud Platform to enable consistent protection across hybrid cloud environments.

___________________________________________________________________________________________________

5/22/2018: Fortinet Expands Fabric-Ready Partner Program with Fabric Connectors
Fabric Connectors provide open, one-click integration with alliance partner technologies to automate security operations, policies and DevOps processes

___________________________________________________________________________________________________

05/15/2018: Amazon GuardDuty and Automating Cloud Security with the Security Fabric
Fortinet is excited to announce the integration of the Security Fabric with Amazon GuardDuty to automate remediation and threat intelligence in Amazon Web Services.

Fortinet Cloud Security Videos

Cloud Security Solution
Cloud Security Automation with AWS Auto Scaling

The Three Pillars of Fortinet Cloud Security

Cloud Security Solution Functions and Products

Management Products

Products that help organizations manage information security in the cloud:

  • FortiManager: Cloud-based management for Fortinet products
  • FortiAnalyzer: Cloud-based reporting to streamline SOC operations
  • FortiSIEM: Fortinet’s multivendor Security Information and Event Management solution

Enforcement Products

Products that protect cloud-based applications and data:

  • FortiGate: Industry-lLeading next-gen firewall runs in the cloud or on-premises
  • FortiWeb: Fortinet’s web application firewall protects web applications and helps with patching and regulatory compliance
  • FortiMail: Secure email gateway protects against email-bourne threats and data loss via email
  • FortiSandbox: FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss
  • FortiCASB: A security broker controls and monitors the organization’s access to SaaS applications.

Connectors and API's

  • Fortinet Cloud Connectors: Provide an abstraction layer for Fortinet products to treat cloud infrastructures in a seamless manner by translating. Network addresses into security objects and providing various other security integrations with cloud provider API’s.
  • Fortinet Fabric APIs: The APIs enable automated operations through dynamic sharing of local and global threat intelligence across security components
  • Fortinet DevOps stitches: Automation recipes making security or infrastructure events automatically trigger actions

Features and Benefits

Icon automation

Streamlined and automated management

Compliance icon

Consistent security across public and private cloud applications

icon benefits application control

Multi-layer advanced application protection

analytics icon

Flexible pay as you go billing and licensing

icon benefits scalable

Scalable and resilient protection for elastic workloads

cloud ready icon

Support leading IaaS Provders

   

Cloud Security Solution Functions and Products

The Fortinet network security product line is available on all of the leading cloud providers by using a BYOL procurement model as well as on-demand per-usage (PAYG) models billed directly by the cloud provider. Fortinet enables customers to protect their cloud based infrastructures and applications using the most flexible deployment modes across a variety of use cases and cloud infrastructure providers. 

Fortinet offers its industry leading series of network security products over the AWS Public Cloud enabling customers advanced security protection for their cloud based infrastructure and applications. Following is a list of products that can be purchased directly from the AWS Marketplace on a PAYG basis. 

Fortinet offers additional products running over the AWS Public cloud - the following list can be viewed using this link.

Fortinet offers its industry leading series of network security products over the Microsoft Azure Public Cloud enabling customers advanced security protection for their cloud based infrastructure and applications. Following is a list of products that can be purchased directly from the Azure Marketplace on a PAYG basis. 

Fortinet offers additional products running over the Azure Public cloud - the following list can be viewed using this link.

 

Fortinet offers its industry leading series of network security products over the Google Cloud Platform Public Cloud (GCP) enabling customers advanced security protection for their cloud based infrastructure and applications. Following is a list of products that are available on GCP.

Fortinet offers its industry leading series of network security products over the Oracle Cloud Public Cloud enabling customers advanced security protection for their cloud based infrastructure and applications. Following is a list of products that are available on Oracle Cloud.

FortiGuard Services

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

Product Category Thumb SS security audit

Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Security Rating Service icon

Security Rating Service

Security Audit Update Service is intended to guide customers to design, implement and continually maintain the target Security Fabric security posture suited for their organization. The Security Fabric is fundamentally built on security best practices and by running these audit checks, security teams will be able to identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup, and implement best practice recommendations.

icon product menu cloud access security broker

FortiCASB

FortiCASB is a cloud-native Cloud Access Security Broker (CASB) subscription service that is designed to provide visibility, compliance, data security, and threat protection for cloud-based services being used by an organization. With support for major SaaS service providers, FortiCASB provides insights into users, behaviors, and data stored in the cloud with comprehensive reporting tools.

FG AntiBotnet

IP Reputation & Anti-botnet Security

The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.

FG Mobile Security

Mobile Security

Fortinet’s Mobile Security Service provides effective protection against the latest threats targeting mobile devices. It employs industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and gaining access to its invaluable information.

Industrial Control systems icon

Industrial Control Systems

The FortiGuard Industrial Security Service continuously updates signatures to identify and police most of the common ICS/SCADA (supervisory control and data acquisition) protocols for granular visibility and control. Additional vulnerability protection is provided for applications and devices from the major ICS manufacturers.

FG AntiSpam

AntiSpam

FortiGuard Antispam provides a comprehensive and multi-layered approach to detect and filter spam processed by organizations. Dual-pass detection technology can dramatically reduce spam volume at the perimeter, giving you unmatched control of email attacks and infections.

 

FortiGuard Service Bundles for FortiGate

Enterprise Protection Bundle
Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

UTM Protection Bundle
Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support

Threat Protection Bundle 
Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support. 

Product Demo

The FortiGate cloud firewall can be demonstrated as a free trial directly from leading public cloud marketplaces, with cloud-native scripts available to automatically deploy FortiGate in common cloud usage scenarios.  Trial instances are fully functional and can be converted into paid instances – see each cloud marketplace for more details. 

Protect your workloads in the clouds

FortiGate Cloud Firewall Alliance Partners

 

Amazon Web Services

Amazon Web Services

AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.

Solution brief

Learn more on the Fortinet-AWS alliance

 
IBM Security

IBM

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.

 

Microsoft Azure

Microsoft Azure

Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.

Oracle

Oracle

Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.

Solution brief

Google Cloud Platform

Google Cloud Platform

Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. FortiGate provides critical firewalling and advanced security for Google Cloud Platform regions. Fortinet provides scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.

Solution brief