Skip to content Skip to navigation Skip to footer

Adaptive Cloud Security for AWS

Consistent multi-layered security from across clouds and data centers to Amazon Web Services (AWS)

Adaptive Cloud Security for AWS Solution Brief
Adaptive Cloud Security for AWS banner background banner dots

Overview

Fortinet Solutions for AWS Security

Many enterprises are turning to AWS to build new applications, extend internal data centers, and ultimately take advantage of the elasticity of the public cloud. While AWS security covers its infrastructure, customers are responsible for protecting everything they build and store within it.

Fortinet accelerates the journey to AWS with purpose-built cloud security. Fortinet adaptive cloud security solutions protect workloads and business applications across on-premises data centers and cloud environments—with multilayer security for cloud-based applications. Organizations can achieve: a consolidated view of their security posture, a single console for policy management and governance reporting, and event monitoring regardless of physical, virtual, or cloud infrastructure, and across private, public, and hybrid clouds.

Fortinet offers Software-as-a-Service (SaaS), virtual machine (VM), container, and API-based protection that delivers natively integrated security functionality that complements AWS services such as GuardDuty, Security Hub, and AWS Outposts. Supporting the broadest set of use cases, Fortinet products offer comprehensive security for AWS workloads including firewall, security gateway, intrusion prevention, and web application security.

 

Autodesk Leverages Fortinet in AWS to Scale Cloud Security With Ease

Listen as Anish John, senior network engineer at Autodesk, describes how they use AWS Transit Gateway and Fortinet Cloud Security Services Hub to scale security and greatly reduce latency.

立即觀看

Featured Products on AWS Marketplace

Fortinet offers its industry leading series of network security products over the AWS Public Cloud enabling customers advanced security protection for their cloud based infrastructure and applications. Following is a list of products that can be purchased directly from the AWS Marketplace.

 

icon fortigate

The FortiGate-VM on AWS delivers next-generation firewall (NGFW) capabilities for organizations of all sizes, with the flexibility to be deployed as a NGFW and/or a VPN gateway.

On-Demand  |  Bring Your Own License (BYOL)

icon fortiweb

The FortiWeb web application firewall (WAF) defends web-based applications from known and unknown zero-day threats. Its AI-based machine learning identifies threats with virtually no false-positive detections. 

On-Demand | BYOL | Container Edition | WAF-as-a-Service

icon fortimanager

FortiWeb rule sets are additional security signatures that can be used to enhance the protections included in the base AWS WAF product. They are based on FortiWeb security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs.

Complete OWASP Top 10  | General and Known Exploits  | SQLi/XSS | Malicious Bots | API Gateway

icon ips

Fortinet Managed IPS Rules deliver curated and automatically updated rulesets for AWS Network Firewall based on the latest threat information from FortiGuard Labs.

icon fortimanager

FortiManager provides single-pane-of-glass management for unified, end-to-end protection across the extended enterprise. It delivers insight into network traffic and offers enterprise-class features for threat containment. 

icon fortianalyzer

FortiAnalyzer delivers critical insight into threats across the entire attack surface and provides Instant visibility, situation awareness, real-time threat intelligence, and actionable analytics.

On-Demand | BYOL

icon fortimail

Secured by FortiGuard, FortiMail delivers the latest technologies and intelligence, including integrated sandboxing, to stop even the most sophisticated email-borne threats. 

icon fortisandbox

FortiSandbox for AWS enables organizations to defend against advanced threats natively in the cloud, working alongside network, application, email, endpoint security, and other third-party security solutions, or as an extension to their on-premises security architectures to leverage cloud elasticity and scale.

On-Demand BYOL

Visit AWS Marketplace for a complete list of Fortinet products on AWS    

FortiGuard Security Services for AWS

應用程式控制

可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性,並輕鬆實施您可接受的使用原則,進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制,您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。

網頁篩選

透過對惡意、被入侵或不當網站的存取封鎖來保護您的組織。

FortiSandbox 雲端

FortiSandbox 雲端服務是一個進階威脅偵測解決方案,可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制,進而消除威脅。

防毒

FortiGuard 防毒可阻斷最新病毒、間諜軟體以及其他內容層面的威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的內容。

入侵防護

FortiGuard IPS 透過偵測威脅並在威脅侵入到網路裝置前進行封鎖,以此抵禦最新的網路入侵。

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

內容威脅 & 解除

內容威脅 & 解除 (CDR) 功能可即時移除檔案中所有的活動內容,建立一個清潔的平面檔案。所有活動內容都被視為可疑內容並被移除。CDR 可以處理所有入埠檔案,對它們進行解構,然後移除所有不符合防火牆原則的元素。

IP 聲譽評等 & 預防殭屍網路安全服務

FortiGuard IP 聲譽評等服務從 Fortinet 分佈式威脅感測器網路、CERT、MITRE、進行合作的競爭對手以及其他全球資源彙集惡意來源 IP 資料,這些資源共同協作,合力提供關於敵對來源的最新威脅情報。憑藉來自分佈式網路閘道近乎即時的情報,再結合 FortiGuard Labs 的世界級研究,組織可得到更安全的保護並對攻擊實施主動攔截。

FortiGate Enterprise Bundle

Our Enterprise (ENT) bundle now includes:

  • Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
  • Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers. 

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • Security Rating 
  • Industrial Security Service
  • FortiCare
FortiGate UTM Bundle

The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare

The FortiGuard Advantage: 

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization. 
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
FortiGate Advanced Threat Protection Bundle

The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes: 

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction 
  • FortiCare 24*7
Services Table
Service Advanced Threat Protection
(ATP)
 
Unified Protection
(UTM)
 
Enterprise Protection
(ENT)
 
360 Protection


FortiManager Cloud
     
FortiAnalyzer Cloud
     
SD-WAN Cloud Assist Monitoring
     
SD-WAN One Click VPN Overlay
     
FortiConverter Service
     
Industrial Security Service
   

Security Rating
   

CASB
     
Anti-Spam
 


Web Filtering
 

Advanced Malware Protection




IPS




FortiCare + Application Control




View by:

Enhance security and improve high availability practices in your AWS environment. View the various deployment scenarios.

Related Resources

Fortinet Use Cases for AWS

Fortinet adaptive cloud security enables the broadest set of use cases for AWS.

Cloud Platform Visibility and Control

  • Cloud infrastructure visibility and control.
    Monitor activity and configuration of multiple cloud resources while simplifying regulatory compliance reporting.
  • Compliance in the cloud.
    Automate compliance auditing and reporting for on-premises and cloud environments.
  • Cloud-based security management and analytics.
    Leverage the global presence of AWS to deploy centralized and global security management and analytics systems in the cloud.

Application Security

  • Web application security.
    Secure web applications from known and unknown attacks using Fortinet web application security solutions.
  • Container security.
    Enable security for all stages of container deployment and rollout.

Network Security

  • Secure hybrid cloud.
    Deploy secure connectivity, network segmentation, and application security for hybrid-cloud-based deployments.
  • Cloud security services hub.
    Unify disparate environments through a central security services hub, or transit network.
  • Logical (intent-based) segmentation.
    Deploy intent-based segmentation, which builds access rules and segments based on user identity or business logic, and adjusts rules dynamically in response to a continuous trust assessment.
  • Secure remote access
    Connect to cloud resources with virtual private network (VPN) connections across multiple cloud and on-premises environments.

Click here to learn more about these use cases. 

Features and Benefits

Icon automation

Simplify security management with single-pane control across AWS and on-premises data centers

icon benefits management

Leverage Fortinet Cloud Security Services Hub for scalable and multilayer secure connectivity

cloud ready icon

Gain cloud-native visibility and control into AWS workloads and applications

reduce cash icon

Security offerings in VM, container, and SaaS form factors with flexible bring-your-own-license (BYOL) and pay-as-you-go (PAYG) billing options.

Adaptive Cloud Security for AWS

 Fortinet Dynamic Security for AWS - Diagram


Fortinet breaks down the barriers that inhibit security visibility and management across private, public, and hybrid cloud platforms. The Fortinet adaptive cloud security solution for AWS helps organizations maintain operationally viable, consistent security in a shared responsibility model from on-premises to the cloud. It delivers comprehensive and fully programmable multilayer security and threat prevention capabilities for AWS users.

Read the AWS reference architecture for more information.

 

FortiGate Next-Generation Firewall (NGFW) on AWS

FortiGate on AWS delivers NGFW capabilities for organizations of all sizes, with the flexibility to be deployed as a NGFW and/or VPN gateway. It enables broad protection and automated management for consistent enforcement and visibility across hybrid cloud infrastructures. FortiGate scales from the smallest footprint in the industry to the highest capacity NGFW virtual appliance on AWS.

立即觀看

 

 

FortiGate NGFW Quick Start on AWS

Deploy a FortiGate auto-scaling baseline on AWS in just a few steps to quickly test the comprehensive suite of powerful security features. Includes a 15-day free trial on Marketplace.

AWS Quick Start

FortiWeb Cloud WAF-as-a-Service

FortiWeb Cloud WAF-as-a-Service is a Security-as-a-Service SaaS cloud-based web application firewall (WAF) that protects public cloud-hosted web applications from the OWASP Top 10, zero-day threats, and other application layer attacks.

Requiring no hardware or software, the FortiWeb colony of WAF gateways can run in most AWS regions. This allows organizations to scrub application traffic within the same region their applications reside, addressing performance and regulation concerns, as well as keeping traffic cost to a minimum.

More information

Cloud Workload Protection with FortiCWP

FortiCWP is Fortinet’s Cloud Workload Protection (CWP) solution. FortiCWP uses API level integration into AWS management and security services to monitor and track cloud resources including their configurations, activity, traffic flows. FortiCWP will also scan cloud data stores for sensitive or malicious content and produce reports on an organization’s compliance with common regulatory standards. FortiCWP also supports Microsoft Azure and Google Cloud Platform.

Learn more