Skip to content Skip to navigation Skip to footer

Private Cloud Security

Advanced Security for Private Cloud, SDN, and Virtualization Platforms

Key Use Cases and Strategies for Private Cloud
Private Cloud Security banner background banner dots

Overview

Virtualization and software-defined network (SDN) security are rapidly transforming data centers into agile, innovative, software-defined, and cost-effective private clouds. Yet, security is often an afterthought when it comes to private cloud deployments. Traditional security cannot keep up with these new environments, creating security gaps or manual security processes that negate the benefits of virtualization and SDN firewalls. Private cloud requires a software-defined approach to security due to the lack of visibility posed by east-west traffic and virtualized services.  Private cloud and software-defined data center (SDDC) assets need advanced protection from evolving threats, both known and unknown. 

diagram-private-cloud-security-overview-1.jpg

Secure NSX Environment with FortiGate VMX

FortiGate Virtual Firewall simplifies policy provisioning and provides deep visibility as well as automated enforcement in VMware NSX based Private Cloud environments.

立即觀看

FortiGate 虛擬新一代防火牆型號與規格

無論是作為 BYOL 的情況,還是作為按需供應的情況,FortiGate-VM 新一代防火牆均可透過公共雲端服務商場,在私人和公共雲端環境中部署成一個虛擬設備。 

導覽:

「V」系列的 VM 預設不包含 VDOM 授權。 VDOM 授權可以單獨購買。

實際效能可能因網路與系統組態而異。效能指標可使用執行 FOS v5.6.3 的 DELL R740(CPU Intel Xeon Platinum 8168 2.7 GHz、Intel X710 網路介面卡)進行查看。已用 VMware vSphere 6.5 Enterprise Plus 進行測試。SR-IOV 已啟用。


FortiGate-VM 提供適用於 AWS、Azure、Google、Oracle 與 IBM 等主要公共雲端平台的全面進階安全防護,支援自帶授權 (BYOL) 和按需計費(即用即付)。 詳細瞭解適用於公共雲端的 FortiGate-VM 高效能新一代防火牆:

FortiGuard 服务

FortiGuard Services for FortiGate-VM enable you to implement critical security controls and threat remediation within your virtual infrastructure, providing protection for north-south and east-west virtual traffic. 

應用程式控制

可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性,並輕鬆實施您可接受的使用原則,進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制,您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。

網頁篩選

透過對惡意、被入侵或不當網站的存取封鎖來保護您的組織。

FortiSandbox 雲端

FortiSandbox 雲端服務是一個進階威脅偵測解決方案,可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制,進而消除威脅。

防毒

FortiGuard 防毒可阻斷最新病毒、間諜軟體以及其他內容層面的威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的內容。

內容威脅 & 解除

內容威脅 & 解除 (CDR) 功能可即時移除檔案中所有的活動內容,建立一個清潔的平面檔案。所有活動內容都被視為可疑內容並被移除。CDR 可以處理所有入埠檔案,對它們進行解構,然後移除所有不符合防火牆原則的元素。

入侵防護

FortiGuard IPS 透過偵測威脅並在威脅侵入到網路裝置前進行封鎖,以此抵禦最新的網路入侵。

安全評級

安全稽核更新服務旨在引導客戶設計、實現並持續維護適合其組織的目標 Security Fabric 的安全狀態。Security Fabric 從根本上是構建於最佳安全實踐之上,透過執行這些稽核檢查,安全團隊將能夠識別 Security Fabric 設定中的關鍵漏洞和組態弱點,並實施最佳實踐建議。

FG FortiCASB

FortiCASB

FortiCASB 是一項原生雲端的雲端存取安全代理程式 (CASB) 訂購服務,旨在為組織使用的雲端服務實現可視性,確保合規性與資料安全,並提供威脅防護。FortiCASB 支援各個主要的 SaaS 服務提供商,透過全面的報告工具,提供對使用者、行為及雲端儲存資料的深入透視。

IP 聲譽評等 & 預防殭屍網路安全服務

FortiGuard IP 聲譽評等服務從 Fortinet 分佈式威脅感測器網路、CERT、MITRE、進行合作的競爭對手以及其他全球資源彙集惡意來源 IP 資料,這些資源共同協作,合力提供關於敵對來源的最新威脅情報。憑藉來自分佈式網路閘道近乎即時的情報,再結合 FortiGuard Labs 的世界級研究,組織可得到更安全的保護並對攻擊實施主動攔截。

行動裝置安全

Fortinet 的行動裝置安全服務能有效防禦以行動裝置為目標的最新威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的資訊。

工業控制系統

FortiGuard 工業安全服務會持續更新特徵碼,以識別和監控大多數常見的 ICS/SCADA (監控和資料擷取)協定,以實現精細化可見度和控制。另外還對主要 ICS 製造商的應用程式和裝置提供漏洞保護。

垃圾郵件防護

FortiGuard 反垃圾郵件可提供一種全面且多層次的方法,對組織處理的垃圾郵件進行偵測和篩選。雙通道偵測技術可以顯著地減少周邊垃圾郵件數量,給您一個無與倫比的郵件攻擊與感染控制體驗。

適用於 FortiGate 的 FortiGuard 服務 套件組合

企業防護套件組合
提供保護以應對當今進階威脅形勢。它提供 FortiGate 可用的所有 FortiGuard 安全服務,包括:NGFW 應用程式控制和 IPS、網頁篩選、FortiCloud 沙箱、防毒、行動裝置安全、IP 聲譽評等、預防殭屍網路、反垃圾郵件、FortiCare 核心安全服務以及 8x5 或 24x7 小時支援選擇。

統一威脅管理 (UTM) 防護套件組合
傳統 UTM 安全服務包括 NGFW 應用程式控制和 IPS、網頁篩選、防毒、反垃圾郵件、FortiCare 核心安全服務以及 8x5 或 24x7 小時支援選擇

威脅防護套件組合 
核心防護技術包括:應用程式控制、IPS、AV、殭屍網路 IP/域以及行動裝置惡意軟體服務。FortiCare 安全服務可提供全天候的支援服務。 

SDN and Private Cloud Ecosystem

應用範例

Security in the cloud enables the confidence to safely deploy applications in the software-defined data center and private cloud, improving overall organizational agility and ability to respond to market demand. By leveraging Fortinet Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market-leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric in the private cloud.    

 

導覽:

Inside Out IaaS Security

North-South Advanced L7 Security Protection

Organizations expanding their networks to accommodate the rapid deployment of data center-based services may often discover a strain on the security architecture’s ability to handle a subsequently growing security threat landscape. Implementing a virtual next-generation firewall with FortiGate-VM in the virtualized data center or private cloud provides extensive visibility and control of the infrastructure. FortiGate-VM automatically provisions and scales security, and has broad support for leading hypervisors, software-defined networks (SDNs) and cloud platforms. It provides advanced Layer 7 protection for north-south traffic in virtualized data centers.  

Download the eBook to learn more about the use cases
Cloud Services Hub

Intent-Based Segmentation: East-West Advanced L7 Security Protection

Microsegmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. Virtualization and SDN increase east-west traffic in software-defined data centers (SDDC), and poor visibility into traffic between VMs increases risk from security breaches. FortiGate-VM provides microsegmentation and control of east-west traffic in the SDDC, for workload isolation and application-aware security policy. It allows granular policy segmentation and isolation across clustered resources to provide visibility across the entire SDDC infrastructure.  

 

Download the eBook to learn more about the use cases
Remote Access VPN

Form Factor Consolidation

Enterprises can scale out or scale up with Fortinet FortiGate-VM virtual appliance offerings-virtualized versions of physical network security elements that deliver the same capabilities as a physical appliance in a virtual form factor. FortiGate virtual firewalls deliver advanced security capabilities in a virtual form factor and are ideally suited to secure virtualized resources in the data center or private cloud. Fortinet Security Fabric elements are all available packages as virtual appliances on a broad range of hypervisors.

The FortiGate-VMs run the same FortiOS operating system and FortiGuard threat intelligence as hardware models. Multiple VM sizes are available for maximizing throughput and performance.

Download the eBook to learn more about the use cases
Hybrid Cloud

Security Virtual Network Function (VNF)

Service providers need to deliver security services as virtual network functions both on-premises and in cloud. VNF handles specific network functions that run on one or more VMs on top of the hardware-networking infrastructure. Individual VNFs can be connected or combined together as building blocks to offer a full-scale networking communication service. Fortinet’s security VNF is deployed as an uCPE on-premises edge, or vCPE hosted in data center/cloud. FortiGate-VM is a small footprint security VNF with consolidated networking and security. It provides full application layer security with next-generation firewall, Intrusion prevention, AV, web filtering, and embedded Secure SD-WAN. VNF orchestration and service chaining is done via partner orchestrators such as Amdocs, Nuage, OpenStack, and others. 

Security Virtual Network Function (VNF)

Download the eBook to learn more about the use cases
Advanced application protection

Security for the Mobile Core/Telco Cloud

Mobile carriers need to deliver security services as virtual network functions for LTE and 5G mobile infrastructures. Fortinet VNFs provide a rich set of security functions for the virtual mobile infrastructure, particularly: 4G to 5G, edge cloud, cloud RAN, and telecommunications cloud. FortiOS helps secure critical control plane traffic throughout the telecommunications core. Fortinet VNFs for MEC include edge security and control, user-plane inspection, service chaining, and secure gateways.   VNFs support all modern acceleration technologies such as DPDK, SR-IOV, and AES-NI.  

Download the eBook to learn more about the use cases
Security Management from the Cloud

Compliance and Regulatory Requirements

Achieving regulatory compliance with regulation mandates such as PCI DSS, HIPPA, SOX, and GDPR can be a complex and time-consuming burden. Security or governance issues force organizations into using a private cloud. Certain countries require that application data pertaining to people in a particular locale remain within the country. For a broader view of compliance across cloud platforms, FortiSIEM can create compliance reports at the push of a button. FortiAnalyzer provides a closed-loop compliance-gap mitigation and collects fabric logs, while FortiManager enables customers to audit, review, approve, and implement changes from a central place. The benefits are automated compliance auditing and reporting on-premises, in the data center, and in the cloud. 

Download the eBook to learn more about the use cases

Secure the Virtualized Data Center and Private Cloud

Fortinet’s software-defined security solution is certified by leading SDN, virtualization and network function virtualization (NFV) platforms and can be applied to any data center transformed into a cloud environment.  Integration with leading hypervisor and private cloud solutions from VMware, Nutanix, Cisco, OpenStack, Microsoft and more, allows automated insertion and orchestration of private cloud security throughout software defined data centers as well as rich API extensibility. Fortinet Fabric Connectors provide open, API-based integration and orchestration with multiple SDN and private cloud platforms, enabling security automation and simplified management.

Fortinet’s Private Cloud Security strategy is defined by three key pillars - Native integration of security capabilities to each private cloud platform by abstracting the cloud specific intricacies; Broad protection of applications across all private cloud platforms by offering the broad set of security products and Single pane of glass management via unified management of policy, events and analytics across physical, virtual and cloud infrastructure to eliminate security and compliance gaps

The FortiGate-VM Series is a virtual appliance version of our market-leading, high-performance FortiGate next-generation firewall (NGFW) that delivers advanced protection for north-south and east-west traffic in virtualized data centers and private cloud.  

As an innovator and leader in data center security, Fortinet offers the largest range of virtual appliances that provide in-depth visibility and control of virtual network traffic with scalability, performance, and value. Virtual appliances also deliver elasticity, automation, and orchestration for comprehensive private cloud security, SDN security, and VM security.  

 

Telco Cloud/Mobile Security/NFV

For virtualized service provider infrastructures, Fortinet offers a broad range of next generation virtual firewalls virtualized network functions (VNFs). Powered by Fortinet’s Virtual SPU Technology, FortiGate VNFs deliver significant increases in application and carrier security performance through innovative security processing optimizations and the latest packet processing acceleration technologies. The FortiGate NGFW VNFs provide comprehensive network security capabilities; these VNFs have a small footprint, boot within seconds, and require less storage, thereby enabling service providers to protect their virtual networks and cloud platforms cost effectively.  For more info, click here.

 

Private Cloud Security News