Cloud environments are outside of corporate network security protection and the realm of IT control, applying security policies consistently across the different autonomously developed applications and environments controlled by development operations (DevOps) teams is a challenging task. This problem is compounded by a lack of qualified security personnel and other resource constraints. The Fortinet Security Fabric helps address these challenges by leveraging public cloud network characteristics. It provides consistent security by building a centralized security services hub—delivering visibility.

Misconfiguration of cloud-based applications directly contributes to risk within cloud-based infrastructures. As developers focus on rapidly producing the most efficient and valuable applications, they often neglect which security controls are best suited to protecting their applications.

Security Services Hub, Separate from Development

A central security services hub (also known as a “transit network”), built separate from the development, maintained by security professionals, splits security management and operation from application development. It does it by providing security in a centralized, shared, logical network that is managed by the security team.

A Cloud Security Services Hub

The cloud security services hub can extend protection beyond that of a next-generation firewall (NGFW). It offers web application and API protection (WAAP) capabilities, sandboxing to detect unknown threats, and mail gateway protection.
NGFW

NGFW

NGFW provides defenses between virtual networks and out to the internet. It repels malicious IP addresses, implements segmentation policies, performs intrusion prevention (IPS) inspection, and leverages application control capabilities for securing egress communications.

VPN connectivity

VPN connectivity

The security services hub uses FortiGate NGFWs to establish and maintain secure VPN cloud connectivity across virtual networks and from other data centers, office locations, and remote users.

Secure web gateway

Secure web gateway

Secure web gateway acts as an exit point out to the internet for end-users as well as servers, organizational offices, branches, or even backhauled remote users. In this configuration, the security services hub enforces acceptable internet usage policies and mitigates the risk from malicious or suspicious websites or internet resources.

Web application security

Web application security

As the use of Software-as-a-Service (SaaS) applications grows to the point where almost all cloud based applications use the HTTP protocol the need for an effective and easy-to-use WAAP increases. A FortiWeb web application firewall (WAF/WAAP) can be part of the security services hub and used as the shared web application security entry point for internet traffic accessing web-based applications in different virtual networks that are used to build business applications.

Protecting against zero-day attacks

Protecting against zero-day attacks

Protecting against unknown and zero-day attacks is critical for organizations that handle large amounts of unsolicited content and files. Cloud security services hub contains a sandbox to scan relevant in-line traffic for unknown threats. This protection can also be integrated into the cloud application as a service.

Secure hybrid cloud

Hybrid clouds are a mix of on-premises and public cloud services, and their use is accelerating. Security across this extended environment tends to be inconsistently enforced and complex to manage—and connections are often unsecure.

Many organizations are going outside their on-premises data centers to leverage the public cloud as an additional infrastructure for developing and delivering IT solutions. Often, they develop new applications in the cloud and maintain old applications in the on-premises data center.

Centralized, Single-Pane-of-Glass Security Management provides broad visibility across the entire digital attack surface, both on-premises and in multiple clouds. It uses native integration with each of the major cloud providers and enables automated, centralized management of the entire security infrastructure from a single pane of glass.

Elements that protect and enable hybrid clouds

Firewalls

(NGFWs) provide secure connectivity, network segmentation, and application security for hybrid-cloud-based deployments. They help ensure centralized, consistent security policy enforcement and connect through a high-speed virtual private network (VPN) tunnel.

VMs

VM instances can securely communicate and share consistent policies which can securely communicate and share consistent policies.

FortiManager

Provides single-pane-of-glass management across the entire extended enterprise —including Fortinet NGFWs, switches, wireless infrastructure, and endpoints. Makes security management for enterprises easier, enabling security professionals to create and modify policies and objects with a consolidated, drag-and-drop-enabled editor.

Analytics

A comprehensive suite of easily customized reports enables organizations to analyze, report, and archive security events, network traffic, web content, and messaging data.

Protecting — and Enabling — Hybrid Clouds

Hybrid clouds give organizations new flexibility. The virtual and physical components of the Fortinet Security Fabric work together to centrally protect the resulting dynamic infrastructure and secure critical data from the customer to the cloud and back.

On-demand cloud security for Azure

Microsoft provides solutions such as the cloud infrastructure, applications, and services to deliver Azure as a highly available global platform. Customers, today, have a choice of on-premises, hybrid, and with a cohesive experience regardless of location.

Fortinet’s cloud security solution is extensible to physical, virtual, and cloud appliances with advanced security orchestration and unified threat protection.

Bring your own license

Fortinet supports a Bring-Your-Own-License (BYOL) perpetual license on Azure with the broadest enterprise security portfolio.

Ensure policy consistency

Fortinet’s one-Stop Hybrid Cloud Security Posture enables you to manage security instance deployments, physical or virtual, to ensure policy consistency across the Security Fabric.

Faster time to market and lower operating costs

Streamline security enforcement with simple templatized virtual appliance deployment option. Secure communications between VMs inside a private network , Secure inbound communications from the Internet, Secure communications across subscriptions, Secure communications to on-premises networks.

Consistent security delivery For hybrid IT

With the options of virtual domain (VDOM) and non-VDOM FortiGate appliances, FortiGate NGFW is built for Microsoft Azure Stack with the latest FortiOS update.

Better security and faster innovation

Many organizations are looking to migrate all systems from on-premises to Microsoft Azure. Fortinet offers the broad set of security portfolio from next-generation firewall, mail security gateway, webt application firewall, centralized policy management to log analytics, etc., in physical, virtualized, and cloud.

Secured by FortiGuard

It delivers global, real-time synergistic protection 24×365 against new and emerging threats. Woven into the full range of Fortinet products, these proactive updates keep your security solution one step ahead.

Fortinet web application security for the cloud

Cloud-based web services are essential but also vulnerable to cyberattacks. The Fortinet Security Fabric provides a fabric-based approach that uses machine learning (ML) to detect and block those attacks, which improves over time, to ultimately achieve nearly 100% accuracy.

Cloud-based applications use web services to communicate inside as well as outside the cloud. This increases risk: 48% of all data breaches are caused by hacking of web-based applications.