Security Fabric Solutions for Public Clouds Overview
Public clouds have become very popular due to their ability to provide elastic and scalable infrastructure for applications, storage, and data. These capabilities change the way the world does business. When organizations choose to consume infrastructure as a service (IaaS) by leading cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), network security needs to be thought of differently than when security was solely on premises. Even though the cloud provider’s infrastructure is secured by the cloud provider, organizations are required to implement security controls protecting the applications and data they put into that cloud infrastructure. This must meet or exceed their on-premises security postures.
By leveraging Fortinet Security Fabric Enabled Solutions, organizations can implement optimal cloud application workload security throughout their public cloud and hybrid cloud application deployment. Fortinet secures workloads in public clouds to ensure privacy and confidentiality while leveraging the cloud benefits of scalability, metering, and time-to-market.
Supported Cloud Platforms:
Security Fabric Use Cases:
Security in the cloud is intended to increase the organizations confidence to deploy applications in the cloud and by such improve overall organizational agility and ability to respond to market demand. By leveraging Fortinet’s Security Fabric solutions to deploy use case driven security capabilities, organizations benefit from market leading security with streamlined management functionality. Following is a set of common deployment scenarios of Fortinet’s Security Fabric:
Cloud Services Hub
Organizations can build remote access VPN termination points in the cloud and leverage the global presence of large-scale cloud providers. This FortiGate-based solution applies both when applications reside in the cloud, as well as when applications reside on-premises. On-premises applications are commonly connnected to the cloud over IPsec VPN tunnels.
For web applications and mail servers, the combinations of FortiGate, FortiWeb, FortiMail, and FortiSandbox offer unique in-depth protection. This solution offers capabilities that help organizations comply with regulatory and security requirements such as PCI, SOX, GLBA, or HIPAA. Additionally, these capabilities help with relieving the need to constantly apply patches to web servers and reduce the risk from advanced threats.
Security management from the cloud
Organizations can leverage a cloud-based virtual network to provide shared services to cloud and on-premises networks. Networks and applications that are independently developed and operated by different organizational units (Line of Business) and connected to the Cloud Services Hub over a VPN connection can utilize shared services such as application based firewalling, application communication protection, context and application aware web application firewalls (WAF), Email security, and Sandbox based advanced threat protection services, which can all be managed from the cloud.
Remote Access VPN
This solution outlines the various scenarios enterprise organizations may encounter in which they are required to connect a variety of on-premises data center-based services to cloud-based services in order to deliver enterprise applications to customers and employees. FortiGate VPN functionality is available for both on- and off-cloud deployments, offering enterprises a secure and seamless operation of applications across a variety of infrastructures.
Advanced application protection
Leverage the global presence of top cloud infrastructure providers as well as the elasticity of storage and compute resources to deploy centralized and global security management and operations systems in the cloud. FortiManager, FortiAnalyzer, and FortiSIEM can all be deployed in the cloud to streamline operations of the organizations global information security infrastructure.
Fortinet Cloud Security News
5/22/2018: Fortinet Expands Fabric-Ready Partner Program with Fabric Connectors
Fabric Connectors provide open, one-click integration with alliance partner technologies to automate security operations, policies and DevOps processes
05/15/2018: Amazon GuardDuty and Automating Cloud Security with the Security Fabric
Fortinet is excited to announce the integration of the Security Fabric with Amazon GuardDuty to automate remediation and threat intelligence in Amazon Web Services.
2/5/2018: Fortinet FortiGate Virtual Machine Now Available for Google Cloud Platform
FortiGate virtual appliance provides Google Cloud enterprise customers with secure workload and application.
Fortinet Cloud Security Videos
The Three Pillars of Fortinet Cloud Security
Products that help organizations manage information security in the cloud:
Products that protect cloud-based applications and data:
- FortiGate: Industry-lLeading next-gen firewall runs in the cloud or on-premises
- FortiWeb: Fortinet’s web application firewall protects web applications and helps with patching and regulatory compliance
- FortiMail: Secure email gateway protects against email-bourne threats and data loss via email
- FortiSandbox: FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss
- FortiCASB: A security broker controls and monitors the organization’s access to SaaS applications.
Connectors and API's
- Fortinet Cloud Connectors: Provide an abstraction layer for Fortinet products to treat cloud infrastructures in a seamless manner by translating. Network addresses into security objects and providing various other security integrations with cloud provider API’s.
- Fortinet Fabric APIs: The APIs enable automated operations through dynamic sharing of local and global threat intelligence across security components
- Fortinet DevOps stitches: Automation recipes making security or infrastructure events automatically trigger actions
Features and Benefits
Streamlined and automated management
Consistent security across public and private cloud applications
Multi-layer advanced application protection
Flexible pay as you go billing and licensing
Scalable and resilient protection for elastic workloads
Support leading IaaS Provders
可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性，並輕鬆實施您可接受的使用原則，進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制，您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。
FortiSandbox 雲端服務是一個進階威脅偵測解決方案，可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制，進而消除威脅。
Content Disarm & Reconstruction
Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.
FortiGuard IPS 透過偵測威脅並在威脅侵入到網路裝置前進行封鎖，以此抵禦最新的網路入侵。
安全稽核更新服務旨在引導客戶設計、實現並持續維護適合其組織的目標 Security Fabric 的安全狀態。Security Fabric 從根本上是構建於最佳安全實踐之上，透過執行這些稽核檢查，安全團隊將能夠識別 Security Fabric 設定中的關鍵漏洞和組態弱點，並實施最佳實踐建議。
FortiCASB 是一項原生雲端的雲端存取安全代理程式 (CASB) 訂購服務，旨在為組織使用的雲端服務實現可視性，確保合規性與資料安全，並提供威脅防護。FortiCASB 支援各個主要的 SaaS 服務提供商，透過全面的報告工具，提供對使用者、行為及雲端儲存資料的深入透視。
IP 聲譽評等 & 預防殭屍網路安全服務
FortiGuard IP 聲譽評等服務從 Fortinet 分佈式威脅感測器網路、CERT、MITRE、進行合作的競爭對手以及其他全球資源彙集惡意來源 IP 資料，這些資源共同協作，合力提供關於敵對來源的最新威脅情報。憑藉來自分佈式網路閘道近乎即時的情報，再結合 FortiGuard Labs 的世界級研究，組織可得到更安全的保護並對攻擊實施主動攔截。
FortiGuard 工業安全服務會持續更新特徵碼，以識別和監控大多數常見的 ICS/SCADA （監控和資料擷取）協定，以實現精細化可見度和控制。另外還對主要 ICS 製造商的應用程式和裝置提供漏洞保護。
提供保護以應對當今進階威脅形勢。它提供 FortiGate 可用的所有 FortiGuard 安全服務，包括：NGFW 應用程式控制和 IPS、網頁篩選、FortiCloud 沙箱、防毒、行動裝置安全、IP 聲譽評等、預防殭屍網路、反垃圾郵件、FortiCare 核心安全服務以及 8x5 或 24x7 小時支援選擇。
統一威脅管理 (UTM) 防護套件組合
傳統 UTM 安全服務包括 NGFW 應用程式控制和 IPS、網頁篩選、防毒、反垃圾郵件、FortiCare 核心安全服務以及 8x5 或 24x7 小時支援選擇
核心防護技術包括：應用程式控制、IPS、AV、殭屍網路 IP/域以及行動裝置惡意軟體服務。FortiCare 安全服務可提供全天候的支援服務。
FortiGate Cloud Firewall Ecosystem
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
- Fortinet – IBM Security AppScan Solution Brief
- Fortinet – IBM Security QRadar Solution Brief
- Fortinet FortiGate and IBM QRadar Deployment Guide
- FortiGate App For IBM QRadar Technical Solution Guide
- Fortinet - IBM Resilient Technical Deployment Guide
- Learn more about the Fortinet-IBM Security Alliance
Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.