2. Fortinet 是亚马逊云科技生态中的卓越伙伴
连续11年网络防火墙魔力
象限领导者
The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of
Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer
Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and
data applied against a documented methodology; they neither represent the views of, nor constitute an
endorsement by, Gartner or its affiliates.
连续两年荣获优秀合作伙伴 更多的第三方认证
3. 共同在云中交付紧密集成的安全方案
Fortinet提供云中需要
的完整安全解决方案
亚马逊云科技确保云基础
设施安全
CUSTOMER DATA
PLATFORM, APPLICATIONS, IDENTITY & ACCESS
MANAGEMENT
OPERATING SYSTEM, NETWORK & FIREWALL
CONFIGURATION
CLIENT-SIDE DATA
ENCRYPTION & DATA
INTEGRITY
AUTHENTICATION
SERVER-SIDE
ENCRYPTION (FILE
SYSTEM AND/OR DATA)
NETWORKING TRAFFIC
PROTECTION
(ENCRYPTION,
INTEGRITY, IDENTITY)
SOFTWARE
COMPUTE STORAGE DATABASE NETWORKING
HARDWARE/AWS GLOBAL INFRASTRUCTURE
REGIONS AVAILABILITY ZONES EDGE LOCATIONS
11. 基于动态对象(实例Raw Data)的安全策略(API集成)
动态对象过滤条件:
• Instance ID
• Instance Type
• Image ID (AMI ID)
• Key Name
• Architecture (ex. x86)
• Subnet
• Security Group
• Placement Group
• Availability Zone
• Tenancy
• DNS name (private or
public)
• Tag
The next use case is based on new cloud features introduced by the cloud providers. AWS and Azure have introduced virtual tap and port mirroring capabilities, these were originally quite interesting and then turned out to be a very popular request from customers.
This functionality allows customers to listen to all the cloud transactions without sitting inline eliminating the need to rearchitect application environments to accommodate inline security. the ability to take the traffic and respond to threats is what we've seen attractive.
as customers take traffic from some of their VPCs in the cloud and forward it on to a set of FortiGate-VM’s that work in sniffer mode and leverage the automation connector in the fertigates that can activate automation stitches that then trigger lambda cloud automation functions such as Lambda and others, this allows organizations to enjopy the deep application layer visibility into transaction without introducing a network choke point.
Let’s say a certain type of traffic is being identified and you and that triggers an event with the automation stitches of the 40 gates and you can then activate a lambda script that can potentially make change something on the cloud side, so it's beyond just the visibility of intrusion detection, but also provides the ability to respond.