Submit Search
Upload
Fortinet Solution Mapping with AWS Well-Architecture
•
Download as PPTX, PDF
•
0 likes
•
13 views
Y
Yitao Cen
Follow
Showcasing how Fortinet Security Fabric mapping with AWS Well-Architecture
Read less
Read more
Technology
Report
Share
Report
Share
1 of 10
Download now
Recommended
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptx
Yitao Cen
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
Amazon Web Services
Security Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/Malware
Mike Rizzo
Rik Ferguson
Rik Ferguson
CloudExpoEurope
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
Muhammad Mudassar
Recommended
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptx
Yitao Cen
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
Amazon Web Services
Security Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/Malware
Mike Rizzo
Rik Ferguson
Rik Ferguson
CloudExpoEurope
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
Muhammad Mudassar
Automating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
YounesChafi1
Resume | Vijay Navgire
Resume | Vijay Navgire
Vijay Νavgire
Automating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
Digital Catapult
Secure design best practices and design patterns
Secure design best practices and design patterns
Intopalo Digital Oy
CIE_overview
CIE_overview
Percy Green
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Cisco DevNet
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
Hamilton Oliveira
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
Amazon Web Services
Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments
Bunmi Sowande
Data Privacy By Design with AWS
Data Privacy By Design with AWS
Krzysztof Kąkol
Resume
Resume
Suboor Ali(suboorali@rediffmail.com)
Architecting Secure Web Systems
Architecting Secure Web Systems
InnoTech
Abhishek Kumar
Abhishek Kumar
Abhishek Kumar
CSO CXO Series Breakfast
CSO CXO Series Breakfast
CSO_Presentations
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
James Strong
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
todd331
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
XfilesPro
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
AndikSusilo4
More Related Content
Similar to Fortinet Solution Mapping with AWS Well-Architecture
Automating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
YounesChafi1
Resume | Vijay Navgire
Resume | Vijay Navgire
Vijay Νavgire
Automating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
Digital Catapult
Secure design best practices and design patterns
Secure design best practices and design patterns
Intopalo Digital Oy
CIE_overview
CIE_overview
Percy Green
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Cisco DevNet
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
Hamilton Oliveira
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
Amazon Web Services
Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments
Bunmi Sowande
Data Privacy By Design with AWS
Data Privacy By Design with AWS
Krzysztof Kąkol
Resume
Resume
Suboor Ali(suboorali@rediffmail.com)
Architecting Secure Web Systems
Architecting Secure Web Systems
InnoTech
Abhishek Kumar
Abhishek Kumar
Abhishek Kumar
CSO CXO Series Breakfast
CSO CXO Series Breakfast
CSO_Presentations
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
James Strong
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
todd331
Similar to Fortinet Solution Mapping with AWS Well-Architecture
(20)
Automating your AWS Security Operations
Automating your AWS Security Operations
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
Resume | Vijay Navgire
Resume | Vijay Navgire
Automating your AWS Security Operations
Automating your AWS Security Operations
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
Secure design best practices and design patterns
Secure design best practices and design patterns
CIE_overview
CIE_overview
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments
Data Privacy By Design with AWS
Data Privacy By Design with AWS
Resume
Resume
Architecting Secure Web Systems
Architecting Secure Web Systems
Abhishek Kumar
Abhishek Kumar
CSO CXO Series Breakfast
CSO CXO Series Breakfast
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
Recently uploaded
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
XfilesPro
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
AndikSusilo4
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Enjoy Anytime
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
Hyundai Motor Group
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
Neo4j
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Deakin University
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Hyundai Motor Group
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
Recently uploaded
(20)
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Fortinet Solution Mapping with AWS Well-Architecture
1.
Yitao Cen, Head of
Product Marketing, APAC Alan Chen, Technical Marketing Engineer, APAC
2.
2 © Fortinet Inc.
All Rights Reserved. AWS Well-Architected Framework The AWS Well-Architected Framework describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. By answering a few foundational questions, learn how well your architecture aligns with cloud best practices and gain guidance for making improvements. Operational Excellence Pillar Security Pillar Reliability Pillar Performance Efficiency Pillar Cost Optimization Pillar Sustainability Pillar
3.
3 © Fortinet Inc.
All Rights Reserved. The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture. Security Pillar Security Foundations SEC01. How do you securely operate your workload? Identity & Access Management SEC02. How do you manage authentication for people and machines? SEC03. How do you manage permissions for people and machines? Detection SEC04. How do you detect and investigate security events? Infrastructure Protection SEC05. How do you protect your network resources? SEC06. How do you protect your compute resources? Data Protection SEC07. How do you classify your data? SEC08. How do you protect your data at rest? SEC09. How do you protect your data in transit? Incident Response SEC10. How do you anticipate, respond to, and recover from incidents? Application Security SEC11. How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle? https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
4.
4 © Fortinet Inc.
All Rights Reserved. • Q: How do you detect and investigate security events? • A: Capture and analyze events from logs and metrics to gain visibility. Take action on security events and potential threats to help secure your workload. • Best Practices: FortiSIEM and FortiSOAR are ideal choice for satisfying SEC04 best practices. FortiSIEM support below AWS services integration for centralized logging and analysis: • AWS Cloud Trail, AWS Cloud Watch, AWS ELB, AWS Kinesis, AWS RDS, AWS Security Hub, AWS SQS, AWS S3. With FortiSOAR implement, you are able to define the most flexible playbook for automate incident response. Why Chose Fortinet Solution rather than AWS native services? • FortiSIEM and FortiSOAR are designed to be the backbone of your security operations team, delivering capabilities ranging from automatically building your inventory of assets to applying cutting edge behavioral analytics to rapidly detect and respond to threats. • Out-of-box reports are easy for continuous compliance, as well as visualized threat hunting makes security operation more efficiency. • Self-learning asset inventory, real-time analytics, streamlined investigation are all ready-to-use features for offloading security operation team efforts compare with all DIY using AWS services. • Industry-leading threat intelligence and deep fabric integration makes you always up-to-date on detection and automate response across your entire IT landscape. Security Pillar - Detection SEC04 SEC04-BP01 Configure service and application logging SEC04-BP02 Analyze logs, findings, and metrics centrally SEC04-BP03 Automate response to events SEC04-BP04 Implement actionable security events
5.
5 © Fortinet Inc.
All Rights Reserved. • Q: How do you protect your network resources? • A: Any workload that has some form of network connectivity, whether it’s the internet or a private network, requires multiple layers of defense to help protect from external and internal network-based threats. • Best Practices: FortiGate and FortiWeb are ideal choice for satisfying SEC05 best practices, to protect network traffic, Web based traffic and API traffic, as well as ensure traffic are all intended. FortiGate is able to deliver: • Network segmentation at VPC level • Site-to-Site VPN and Client-to-Site VPN capabilities • Traffic/Policy analysis • Secure data access by integrate with S3 endpoint. • Traffic inspection via Intrusion Prevention System, Anti-Virus, URL/DNS Filtering • Automated incident response FortiWeb is able to deliver: • Industry top tier Web and API security • Anti-Virus for mitigating file upload attack Why Chose Fortinet Solution rather than AWS native services? • User friendly management console with Machine Learning based threat protection. • Flexible and Cloud native deployment for minimizing influence on existing architecture. • The best TCO offering: the only NGFW support AWS Graviton instance. • Easy to forecast security cost with simple pricing model. Security Pillar - Infrastructure Protection SEC05 SEC05-BP01 Create network layers SEC05-BP02 Control traffic at all layers SEC05-BP03 Automate network protection SEC05-BP04 Implement inspection and protection
6.
6 © Fortinet Inc.
All Rights Reserved. • Q: How do you protect your compute resources? • A: Compute resources in your workload require multiple layers of defense to help protect from external and internal threats. Compute resources include EC2 instances, containers, AWS Lambda functions, database services, IoT devices, and more. • Best Practices: In SEC06, AWS suggests to protect the entire workload, including AWS instances, services and IoT devices. Then security practices should cover below assets: Host, Workload, Code, Supply Chain, API. Fortinet can support security testing in source code, container, web and API, as well as protecting IoT devices to cover BP01,02,04,05: • Static or source code testing via FortiDevSec • Container scanning and IAC scanning via FortiDevSec • Advanced Web/API Vulnerability testing with Fuzzing via FortiDAST • Automate compute protection via FortiWeb for Web/API and FortiGate for EC2/containers and IoT devices • Secure remote access dedicated for System Operation via FortiPAM Privilige Access Management Why Chose Fortinet Solution rather than AWS native services? • The Easy-to-use and comprehensive portal where users can log in and view all the issues across all their applications and all the different scan types. • Seamless integration with in Fortinet portfolio. Easy to see correlated results and perform automated protection. • Noise reduction via intelligently correlates across multiple scan results and manipulates the risk ratings accordingly. Security Pillar - Incident Response SEC06 SEC06-BP01 Perform vulnerability management SEC06-BP02 Reduce attack surface SEC06-BP03 Implement managed services SEC06-BP04 Automate compute protection SEC06-BP05 Enable people to perform actions at a distance SEC06-BP06 Validate software integrity
7.
7 © Fortinet Inc.
All Rights Reserved. • Q: How do you protect your data in transit? • A: Protect your data in transit by implementing multiple controls to reduce the risk of unauthorized access or loss. • Best Practices: In this part, FortiGate can fit in some use cases. FortiGate is able to deliver: • Encryption in transit via IPSEC VPN in network-to-network scenario • Integrate with AWS GuardDuty for automate block unintended data access Why Chose Fortinet Solution rather than AWS native services? • User friendly management console, with flexible and cloud native deployment for minimizing influence on existing architecture. • High performance to support scale IPSEV VPN tunnels and volume data transit. • The best TCO offering: the only NGFW support AWS Graviton instance. Security Pillar - Data Protection SEC09 SEC09-BP01 Implement secure key and certificate management SEC09-BP02 Enforce encryption in transit SEC09-BP03 Automate detection of unintended data access SEC09-BP04 Authenticate network communications
8.
8 © Fortinet Inc.
All Rights Reserved. • Q: How do you anticipate, respond to, and recover from incidents? • A: Preparation is critical to timely and effective investigation, response to, and recovery from security incidents to help minimize disruption to your organization. • Best Practices: Fortinet Cloud Consulting Services and Security Advisory Services which include incident readiness, playbook and response process improvement will help customers to apply all best practices in this chapter. Fortinet Cloud Consulting services and Security Advisory Services can help customer on: • developing incident management plans • Prepare forensic capabilities • Automate containment via playbook and Fortinet Security Fabric With Fortinet professional services, and Tabletop Exercise services, customer can apply pre-provision access and pre-deploy tools, as well as run game days aka simulations. Why choose Fortinet? • Fortinet is the 20+ year leader in security industry, the consultants and engineers have expertise in incident readiness and response. • Most of security vendors are only good at security instead of cloud, Fortinet has rich resources on cloud architect and security consultant and service delivery engineers. Security Pillar - Incident Response SEC10 SEC10-BP01 Identify key personnel and external resources SEC10-BP02 Develop incident management plans SEC10-BP03 Prepare forensic capabilities SEC10-BP04 Automate containment capability SEC10-BP05 Pre-provision access SEC10-BP06 Pre-deploy tools SEC10-BP07 Run game days
9.
9 © Fortinet Inc.
All Rights Reserved. • Q: How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle? • A: Training people, testing using automation, understanding dependencies, and validating the security properties of tools and applications help to reduce the likelihood of security issues in production workloads. • Best Practices: Customer should focus on securing DevOps which also means the DevSecOps life cycle, covering the Software Development Life Cycle. In this chapter, Fortinet can help on BP02, 03 and 07 via FortiDevSec and FortiDAST with Static and Dynamic scanning integration with CI/CD pipeline. FortiDevSec: • orchestrates and automates continuous application security testing for developers and DevOps directly into the application CI/CD DevOps lifecycle. • It offers comprehensive application scanning, including scanning source code, open-source/ third party libraries, secret, container images, IaC files and live web application URLs. • includes all the above types of scanning to provide comprehensive vulnerability management. DAST scanning alone is provided through FortiDAST, but FortiDevSec is seamlessly integrated into and includes FortiDAST. Why choose Fortinet? • The Easy-to-use and comprehensive portal where users can log in and view all the issues across all their applications and all the different scan types. • Scanners get set up automatically. Unified configuration for all your scans with no need for siloed plugins • Noise reduction via intelligently correlates across multiple scan results and manipulates the risk ratings accordingly. Security Pillar - Application Security SEC11 SEC11-BP01 Train for application security SEC11-BP02 Automate testing throughout the development and release lifecycle SEC11-BP03 Perform regular penetration testing SEC11-BP04 Manual code reviews SEC11-BP05 Centralize services for packages and dependencies SEC11-BP06 Deploy software programmatically SEC11-BP07 Regularly assess security properties of the pipelines SEC11-BP08 Build a program that embeds security ownership in workload teams
Download now