Organizations are increasingly deploying a variety of workloads across multiple clouds. In turn, business-critical data and services are increasingly scattered across this distributed infrastructure. Using the shared responsibility model as a guiding principle, enterprises rely on cloud providers to protect the network, storage, and computing layers, while enterprises own the security for everything that is built, deployed, or stored in the public cloud. Due to multi-cloud adoption, most enterprises maintain heterogeneous environments, with tools from each cloud platform differing significantly.
Public Cloud Security
Secure Your Public Cloud Infrastructure and Workloads
Key Principles and Strategies for Securing the Enterprise Cloud
Gain Visibility and Control Over Your Cloud Environments and Applications
Dynamic Cloud Security |
Deploy Any Application In Any Cloud With Fortinet
As the leader in multi-cloud security, Fortinet gives you the confidence to deploy any application in any cloud. Our solutions provide broad protection across the entire digital attack surface, both on-premises and in public clouds. Native integration with each of the major cloud providers enables automated, centralized management across all clouds uniformly and seamlessly. Giving you unified visibility and control and policy management that supports risk management and compliance requirements.
Fortinet cloud security addresses customer components such as your data and applications, operating systems, access and identity management, encryption, APIs, and network traffic. This complements the public cloud provider’s security features to provide complete and compliant protection.
Native Integration with Your Cloud Provider
Fortinet’s cloud security solutions and products enable secure workloads through tight integration with all major public cloud providers to ensure privacy and confidentiality while leveraging the benefits of scalability, metering, and time to market.
Our purpose-built cloud security solutions collaborate with key Fortinet products for varying cloud deployment models and use cases, while allowing for centralized management, open API integrations, metering consumption, cloud platform orchestration, and automation.
Fortinet Cloud Security News
-
2020年2月27日NSE 7 Public Cloud Security 6.0The NSE 7 Public Cloud Security 6.0 training has recently been updated.
-
2019年12月16日Fortinet Tightens Partnership with Google Cloud to Provide Advanced Cloud Security and Accelerate the Cloud On-Ramp
-
2019年12月3日Fortinet Further Expands Integration of its Dynamic Cloud Security Solutions with New Amazon Web Services (AWS) Solution
-
2019年11月4日Fortinet Expands Integration of Cloud Security Offerings with Microsoft Azure to Provide Advanced Protection
Features and Benefits
Streamlined and automated management
Consistent security across public and private cloud applications
Multi-layer advanced application protection
Flexible pay as you go billing and licensing
Scalable and resilient protection for elastic workloads
Support leading IaaS Provders
Public Cloud Security Use Cases:
Security in the cloud is intended to increase the organizations confidence to deploy applications in the cloud and by such improve overall organizational agility and ability to respond to market demand. By leveraging Fortinet’s Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric:
▼
SaaS Visibility and Control
Software-as-a-Service (SaaS) application usage is often unregulated and unsecure. A lack of visibility and control on SaaS applications usage heightens risk.
Solution
FortiCASB-SaaS leverages the SaaS application API to monitor all SaaS activity and configuration of multiple SaaS services.
FortiCASB-SaaS provides centralized, detailed visibility on all SaaS applications usage. This enables organizations to implement uniform application control and security policies, protect their sensitive data against advanced threats, and support security compliance and governance.
Benefits
- Organizations gain full visibility over usage of SaaS applications including their potential to spread malware or leak data
- Provides full support for major SaaS applications such as Salesforce.com, Microsoft Office 365, etc.
Cloud Infrastructure Visibility and Control
As cloud use increases, so does the likelihood of misconfiguration. Analysts estimate that by 2023, misconfiguration will cause 99% of cloud-related risk, leading to disrupted services and unexpected costs.
Solution
FortiCWP leverages the public cloud management API to monitor activity and configuration of multiple cloud resources. It continuously evaluates configurations across regions and public cloud types, and provides consistent visibility. The solution simplifies regulatory compliance violation reporting, and enhances compliance by providing guidance on security best practices. It also offers threat and risk management tools that help trace misconfigurations to their source.
Benefits
- Consistent compliance reporting across multiple clouds
- Dynamic cloud heat map and threat maps
- Streamlined incident investigation
Compliance in the Cloud
For many organizations, it is a time consuming burden to achieve compliance with PCI DSS, HIPPA, SOX, GDPR, and other regulation mandates.
Solution
FortiCWP aggregates and organizes security information from multiple cloud services and API’s into meaningful compliance reports and live compliance dashboards.
FortiSIEM provides a broader view of compliance across multiple clouds, Fortinet Security Fabric products and third-party products. It can create compliance reports at the push of a button.
FortiAnalyzer collects logs from Fortinet Security Fabric elements, and FortiManager enables changes to be audited, reviewed, approved, and implemented. Together, they close the loop on compliance gap mitigation. All systems support automated processes to facilitate compliance policy management and workflow, reducing risk when policies are changed.
Benefits
- Automated compliance auditing and reporting for on-premises and cloud environments.
Cloud Based Security Management and Analytics
Using legacy management tools alongside new technologies creates complex incompatibilities, especially when seeking to manage from the cloud.
Solution
Leverage the multi-regional and global presence of top cloud infrastructure providers to deploy centralized and global security management and analytics systems in the cloud. FortiManager-VM, FortiAnalyzer-VM, and FortiSIEM-VM can all be deployed in the cloud to scale and globalize.
Benefits
- Centralized, unified security management and visibility
- Enhanced audit and compliance reporting
- Faster incident response
- Improved operational and cost efficiency, reducing risk
- Increased ability to automate security management
Web Application Security
Commonly cloud-based applications are using web services to communicate internally as well as outwards. Such applications are vulnerable to various threats and the organizations operating these applications are often required to meet compliance requirements.
Solution
Fortinet offers a variety of web application security solutions that are ideally suited for cloud-based customers. FortiWeb-VM, a purpose-built industry-leading web application firewall offered on all major cloud platforms, secures web services application programming interfaces (APIs), as well as front-end web applications to protect from known and unknown threats. Through integration with FortiWeb, FortiGate-VMs centrally enforce security policies and provide increased visibility. FortiCloud Sandbox Service performs dynamic analysis to identify previously unknown malware.
Benefits
- Provide centralized protection for web applications
- Enhance regulatory compliance for applications
- Deploy API-specific security packages
- Automate threat responses with the Fortinet Security Fabric: FortiWeb detects threats and FortiGate blocks them
Container Security
Teams need to be able to rapidly develop modular applications in containers, whether on-premises, in the cloud, or within an orchestration tool such as Kubernetes. In addition, each application needs consistent protection against threats.
Solution
Fortinet’s container security solution is divided to four complementary areas of protection. Container-aware security with the FortiGate cloud connector enables awareness of container labels when defining security policies. Container-enabled security with FortiWeb as a container image can be bundled within an application chain. Container-integrated security allows a Fortinet solution to be dynamically integrated into Kubernetes clusters and inserted in the application chain. Container registry security with FortiSandbox scans pulled, pre-configured container images for zero-day threats.
Benefits
- Enable security for all stages of container deployment and rollout
- Support faster development with security elements built-in
Secure Productivity
As organizations increasingly outsource the IT management aspect of productivity and email applications, the visibility and control over these applications is reduced. Security teams need the ability to provide consistent purpose-built security across multi-cloud environments.
Solution
The combination of FortiMail, FortiSandbox, and FortiCASB-SaaS provides critical capabilities when securing Microsoft Office 365. The Fortinet Security Fabric enables deep visibility into email for protection from zero-day threats and monitoring the Office 365 application programming interface (API) layer.
Benefits
- Consistent on cloud / off cloud security
- Strong authentication, email security and cloud visibility
Secure Hybrid Cloud
Security posture is often inconsistent between data centers and clouds, leading to poor network visibility and complex security management. Connectivity needs to be protected between cloud environments and data centers.
Solution
FortiGate next-generation firewall (NGFW) and cloud security solutions offer best-of-breed secure connectivity, network segmentation, and application security for hybrid-cloud-based deployments. They provide centralized, consistent security policy enforcement and connect through a high-speed VPN tunnel. FortiGate-VMs deployed in the public cloud can securely communicate and share consistent policies with FortiGate NGFWs of any form factor provisioned in a private data center.
Benefits
- High-speed virtual private network (VPN) connections protect data without compromising performance
- Security policies enforced consistently across all environments
- Single-pane-of-glass management
Cloud Security Services Hub
When teams develop applications in separate virtual networks and clouds, there is no centralized security management, making it challenging to secure the resulting applications and separate environments.
Solution
Security teams looking to unify disparate environments need a central security services hub, or transit network. The hub splits security from application development to provide centralized, shared, and consistent security enforcement. It also securely connects networks, locations, clouds, and data centers. Additionally, it analyzes and enforces security polices on inbound and outbound traffic between cloud and the internet.
Benefits
- Security enforced consistently across all networks
- Secure connections enforced between locations
- Teams can develop security solutions autonomously without waiting for security policies to be applied, reducing risk
Logical (Intent-Based) Segmentation
Segmenting cloud environments is challenging because dynamic provisioning results in constantly changing IP addresses. Network segmentation based on static IP address rules is therefore ineffective.
Solution
FortiGate-VMs provide intent-based segmentation, which builds access rules and segments based on user identity or business logic, and adjusts rules dynamically in response to a continuous trust assessment. FortiGate-VMs leverage metadata or tags associated with cloud-based resources across multiple clouds as an element in enforcing security policies. As a result, they intuitively define which workloads and elements in the cloud are allowed to communicate with other workloads and elements, whether they are inside or outside the cloud.
Benefits
- Able to dynamically adjust security policies based on logical roles of resources, accommodating the fluidity of changes
- Effectively blocks lateral attack movement and is able to inspect north-south and east-west traffic
Secure Remote Access
Organizations need global, on-demand, secure access to cloud resources. Traditional remote access VPNs, however, cannot meet these requirements.
Solution
Security teams need configuration templates that enable secure remote access termination in the cloud. Then, they can dynamically provision FortiGate-VM instances that are pre-configured with these templates globally. This enables mobile workforces, customers, and business partners to connect to the virtual organization network. It also connects the cloud network to business applications through VPN tunnels, whether deployed in the cloud or on-premises.
Benefits
- Low-latency, always-on connectivity to business applications through closest entry point into the network
- Consistent user experience regardless of application location
- Global high availability design eliminates impact of network single point of failure
Fortinet Cloud Security Solution Functions and Products
Fortinet dynamic cloud security solutions and products complement the power and scalability of cloud providers by breaking down the barriers that complicate security visibility and management across an organization’s entire infrastructure. At the same time, Fortinet streamlines operations, policy management, and visibility for improved security lifecycle management with full automation capabilities. And with native integration of security capabilities to each cloud platform, Fortinet products enable broad protection of applications and support for the broadest set of cloud use cases.
The Fortinet network security product line is available on all of the leading cloud providers with BYOL or on-demand per-usage (PAYG) options.
▼
- FortiManager. Cloud-based management for Fortinet products
- FortiAnalyzer. Cloud-based reporting to streamline SOC operations.
- FortiSIEM. Fortinet's multi-vendor Security Information and Event Management solution.
- FortiCWP. A security broker controls and monitors the organization's management of public cloud infrastructures.
- FortiGate: Industry leading next-generation firewall runs in the cloud or on-premise
- FortiWeb: Fortinet's web-application firewall protects web applications and helps with patching and regulatory compliance.
- FortiMail: Secure email gateway protects against email-bourne threats and data loss via email.
- FortiSandbox: Offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss.
- Fortinet Cloud Connectors: Provide an abstraction layer for Fortinet products to treat cloud infrastructures in a seamless manner by translating. Network addresses into security objects and providing various other security integrations with cloud provider API’s.
- Fortinet Fabric APIs: The APIs enable automated operations through dynamic sharing of local and global threat intelligence across security components.
- Fortinet DevOps stiches: Automation recipes making security or infrastructure events automatically trigger actions.
▼
Fortinet offers its industry leading series of network security products on AWS Marketplace enabling advanced security protection for your cloud based infrastructure and applications. Featured products:
- FortiGate Next-Generation Firewall
- FortiWeb Web Application Firewall (WAF)
- FortiManager (BYOL) Centralized Security Management
- FortiAnalyzer Centralized Log Analytics
- FortiMail-VM BYOL
- FortiSandbox Advanced Threat Protection
Learn more about Fortinet Solutions on AWS.
Fortinet offers its industry leading series of network security products on the Microsoft Azure Marketplace enabling advanced security protection for your cloud based infrastructure and applications.
- FortiGate Next-Generation Firewall (NGFW) - Single VM
- FortiWeb Web Application Firewall
- Fortinet FortiSandbox Advanced Threat Protection
- FortiMail Secure Cloud Email
- FortiManager Centralized Security Management
- FortiAnalyzer Centralized Log Analytics
Learn more about Fortinet Solutions on Azure.
Fortinet offers its industry leading series of network security products on the Google Cloud Platform Marketplace enabling advanced security protection for your cloud based infrastructure and applications.
- FortiGate Next-Generation Firewall
- FortiWeb Web Application Firewall
- FortiManager Centralized Security Management
- FortiAnalyzer Centralized Log Analytics
Learn more about Fortinet Solutions on Google Cloud Platform
Fortinet offers its industry leading series of network security products over the Oracle Cloud enabling you advanced security protection for your cloud based infrastructure and applications.
Featured products:
- FortiGate Next-Generation Firewall for OCI
- FortiWeb Web Application Firewall
- FortiManager Centralized Security Management
- FortiAnalyzer Centralized Log Analytics
Learn more about Fortinet Solutions on Oracle Cloud.
Fortinet offers its industry-leading series of network security products on the Alibaba Cloud, enabling advanced security for your cloud-based infrastructure and applications.
Featured products:
- FortiGate Next-Generation Firewall - Single VM (On-Demand)
- FortiGate Next-Generation Firewall - Single VM (BYOL)
- FortiManager Centralized Security Management
- FortiAnalyzer Centralized Log Analytics
Learn more about Fortinet Solutions on Alibaba Cloud.
FortiGuard 服務
應用程式控制
可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性,並輕鬆實施您可接受的使用原則,進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制,您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。
FortiSandbox 雲端
FortiSandbox 雲端服務是一個進階威脅偵測解決方案,可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制,進而消除威脅。
Content Disarm & Reconstruction
Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.
安全評級
安全稽核更新服務旨在引導客戶設計、實現並持續維護適合其組織的目標 Security Fabric 的安全狀態。Security Fabric 從根本上是構建於最佳安全實踐之上,透過執行這些稽核檢查,安全團隊將能夠識別 Security Fabric 設定中的關鍵漏洞和組態弱點,並實施最佳實踐建議。
FortiCASB
FortiCASB 是一項原生雲端的雲端存取安全代理程式 (CASB) 訂購服務,旨在為組織使用的雲端服務實現可視性,確保合規性與資料安全,並提供威脅防護。FortiCASB 支援各個主要的 SaaS 服務提供商,透過全面的報告工具,提供對使用者、行為及雲端儲存資料的深入透視。
IP 聲譽評等 & 預防殭屍網路安全服務
FortiGuard IP 聲譽評等服務從 Fortinet 分佈式威脅感測器網路、CERT、MITRE、進行合作的競爭對手以及其他全球資源彙集惡意來源 IP 資料,這些資源共同協作,合力提供關於敵對來源的最新威脅情報。憑藉來自分佈式網路閘道近乎即時的情報,再結合 FortiGuard Labs 的世界級研究,組織可得到更安全的保護並對攻擊實施主動攔截。
工業控制系統
FortiGuard 工業安全服務會持續更新特徵碼,以識別和監控大多數常見的 ICS/SCADA (監控和資料擷取)協定,以實現精細化可見度和控制。另外還對主要 ICS 製造商的應用程式和裝置提供漏洞保護。
垃圾郵件防護
FortiGuard 反垃圾郵件可提供一種全面且多層次的方法,對組織處理的垃圾郵件進行偵測和篩選。雙通道偵測技術可以顯著地減少周邊垃圾郵件數量,給您一個無與倫比的郵件攻擊與感染控制體驗。
適用於 FortiGate 的 FortiGuard 服務 套件組合
企業防護套件組合
提供保護以應對當今進階威脅形勢。它提供 FortiGate 可用的所有 FortiGuard 安全服務,包括:NGFW 應用程式控制和 IPS、網頁篩選、FortiCloud 沙箱、防毒、行動裝置安全、IP 聲譽評等、預防殭屍網路、反垃圾郵件、FortiCare 核心安全服務以及 8x5 或 24x7 小時支援選擇。
統一威脅管理 (UTM) 防護套件組合
傳統 UTM 安全服務包括 NGFW 應用程式控制和 IPS、網頁篩選、防毒、反垃圾郵件、FortiCare 核心安全服務以及 8x5 或 24x7 小時支援選擇
威脅防護套件組合
核心防護技術包括:應用程式控制、IPS、AV、殭屍網路 IP/域以及行動裝置惡意軟體服務。FortiCare 安全服務可提供全天候的支援服務。
Resources
▼
Solution Guides
White Papers
Case Studies
Data Sheets
Fuse Community
FortiGate Cloud Firewall Ecosystem
Alcide
Alcide is a cloud-native security leader with the mission to empower DevOps and security teams to manage application and networking security through the intelligent automation of security policies applied uniformly, regardless of the workload and infrastructure.
Alibaba Cloud
As a business unit of Alibaba Group, Alibaba Cloud provides a comprehensive suite of global cloud computing services to power both our international customers’ online businesses and Alibaba Group’s own e-commerce ecosystem.
Amazon Web Services
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
Google Cloud Platform
Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.
HashiCorp
HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded tens of millions of times each year and are broadly adopted by the Global 2000.
Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.
IBM
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
Microsoft Azure
Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.
- Fortinet-Microsoft Azure Solution brief
- Learn more about the Fortinet-Microsoft Azure alliance
Oracle
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.
Refactr
The Refactr DevSecOps automation platform is an all-in-one solution for designing and executing secure automation pipelines that include infrastructure delivery, application configuration, and security actions. Customers can quickly deploy Fortinet’s solutions through pre-built pipelines and leverage existing Fortinet automation content built with open DevOps and security automation tools.
Tufin
Tufin leads the Security Policy Orchestration market, enabling enterprises to centrally manage, visualize, and control security policies across hybrid cloud and physical network environments.
Product Demo
The FortiGate cloud firewall can be demonstrated as a free trial directly from leading public cloud marketplaces, with cloud-native scripts available to automatically deploy FortiGate in common cloud usage scenarios. Trial instances are fully functional and can be converted into paid instances – see each cloud marketplace for more details.