SlideShare a Scribd company logo

Fortinet Solution Mapping with AWS Well-Architecture

Download as PPTX, PDF
Y
Yitao Cen

Showcasing how Fortinet Security Fabric mapping with AWS Well-Architecture

Technology
1 of 10
Yitao Cen, Head of Product Marketing, APAC Alan Chen, Technical Marketing Engineer, APAC
2 © Fortinet Inc. All Rights Reserved. AWS Well-Architected Framework The AWS Well-Architected Framework describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. By answering a few foundational questions, learn how well your architecture aligns with cloud best practices and gain guidance for making improvements. Operational Excellence Pillar Security Pillar Reliability Pillar Performance Efficiency Pillar Cost Optimization Pillar Sustainability Pillar
3 © Fortinet Inc. All Rights Reserved. The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture. Security Pillar Security Foundations SEC01. How do you securely operate your workload? Identity & Access Management SEC02. How do you manage authentication for people and machines? SEC03. How do you manage permissions for people and machines? Detection SEC04. How do you detect and investigate security events? Infrastructure Protection SEC05. How do you protect your network resources? SEC06. How do you protect your compute resources? Data Protection SEC07. How do you classify your data? SEC08. How do you protect your data at rest? SEC09. How do you protect your data in transit? Incident Response SEC10. How do you anticipate, respond to, and recover from incidents? Application Security SEC11. How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle? https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
4 © Fortinet Inc. All Rights Reserved. • Q: How do you detect and investigate security events? • A: Capture and analyze events from logs and metrics to gain visibility. Take action on security events and potential threats to help secure your workload. • Best Practices: FortiSIEM and FortiSOAR are ideal choice for satisfying SEC04 best practices. FortiSIEM support below AWS services integration for centralized logging and analysis: • AWS Cloud Trail, AWS Cloud Watch, AWS ELB, AWS Kinesis, AWS RDS, AWS Security Hub, AWS SQS, AWS S3. With FortiSOAR implement, you are able to define the most flexible playbook for automate incident response. Why Chose Fortinet Solution rather than AWS native services? • FortiSIEM and FortiSOAR are designed to be the backbone of your security operations team, delivering capabilities ranging from automatically building your inventory of assets to applying cutting edge behavioral analytics to rapidly detect and respond to threats. • Out-of-box reports are easy for continuous compliance, as well as visualized threat hunting makes security operation more efficiency. • Self-learning asset inventory, real-time analytics, streamlined investigation are all ready-to-use features for offloading security operation team efforts compare with all DIY using AWS services. • Industry-leading threat intelligence and deep fabric integration makes you always up-to-date on detection and automate response across your entire IT landscape. Security Pillar - Detection SEC04 SEC04-BP01 Configure service and application logging SEC04-BP02 Analyze logs, findings, and metrics centrally SEC04-BP03 Automate response to events SEC04-BP04 Implement actionable security events
5 © Fortinet Inc. All Rights Reserved. • Q: How do you protect your network resources? • A: Any workload that has some form of network connectivity, whether it’s the internet or a private network, requires multiple layers of defense to help protect from external and internal network-based threats. • Best Practices: FortiGate and FortiWeb are ideal choice for satisfying SEC05 best practices, to protect network traffic, Web based traffic and API traffic, as well as ensure traffic are all intended. FortiGate is able to deliver: • Network segmentation at VPC level • Site-to-Site VPN and Client-to-Site VPN capabilities • Traffic/Policy analysis • Secure data access by integrate with S3 endpoint. • Traffic inspection via Intrusion Prevention System, Anti-Virus, URL/DNS Filtering • Automated incident response FortiWeb is able to deliver: • Industry top tier Web and API security • Anti-Virus for mitigating file upload attack Why Chose Fortinet Solution rather than AWS native services? • User friendly management console with Machine Learning based threat protection. • Flexible and Cloud native deployment for minimizing influence on existing architecture. • The best TCO offering: the only NGFW support AWS Graviton instance. • Easy to forecast security cost with simple pricing model. Security Pillar - Infrastructure Protection SEC05 SEC05-BP01 Create network layers SEC05-BP02 Control traffic at all layers SEC05-BP03 Automate network protection SEC05-BP04 Implement inspection and protection
6 © Fortinet Inc. All Rights Reserved. • Q: How do you protect your compute resources? • A: Compute resources in your workload require multiple layers of defense to help protect from external and internal threats. Compute resources include EC2 instances, containers, AWS Lambda functions, database services, IoT devices, and more. • Best Practices: In SEC06, AWS suggests to protect the entire workload, including AWS instances, services and IoT devices. Then security practices should cover below assets: Host, Workload, Code, Supply Chain, API. Fortinet can support security testing in source code, container, web and API, as well as protecting IoT devices to cover BP01,02,04,05: • Static or source code testing via FortiDevSec • Container scanning and IAC scanning via FortiDevSec • Advanced Web/API Vulnerability testing with Fuzzing via FortiDAST • Automate compute protection via FortiWeb for Web/API and FortiGate for EC2/containers and IoT devices • Secure remote access dedicated for System Operation via FortiPAM Privilige Access Management Why Chose Fortinet Solution rather than AWS native services? • The Easy-to-use and comprehensive portal where users can log in and view all the issues across all their applications and all the different scan types. • Seamless integration with in Fortinet portfolio. Easy to see correlated results and perform automated protection. • Noise reduction via intelligently correlates across multiple scan results and manipulates the risk ratings accordingly. Security Pillar - Incident Response SEC06 SEC06-BP01 Perform vulnerability management SEC06-BP02 Reduce attack surface SEC06-BP03 Implement managed services SEC06-BP04 Automate compute protection SEC06-BP05 Enable people to perform actions at a distance SEC06-BP06 Validate software integrity
7 © Fortinet Inc. All Rights Reserved. • Q: How do you protect your data in transit? • A: Protect your data in transit by implementing multiple controls to reduce the risk of unauthorized access or loss. • Best Practices: In this part, FortiGate can fit in some use cases. FortiGate is able to deliver: • Encryption in transit via IPSEC VPN in network-to-network scenario • Integrate with AWS GuardDuty for automate block unintended data access Why Chose Fortinet Solution rather than AWS native services? • User friendly management console, with flexible and cloud native deployment for minimizing influence on existing architecture. • High performance to support scale IPSEV VPN tunnels and volume data transit. • The best TCO offering: the only NGFW support AWS Graviton instance. Security Pillar - Data Protection SEC09 SEC09-BP01 Implement secure key and certificate management SEC09-BP02 Enforce encryption in transit SEC09-BP03 Automate detection of unintended data access SEC09-BP04 Authenticate network communications
8 © Fortinet Inc. All Rights Reserved. • Q: How do you anticipate, respond to, and recover from incidents? • A: Preparation is critical to timely and effective investigation, response to, and recovery from security incidents to help minimize disruption to your organization. • Best Practices: Fortinet Cloud Consulting Services and Security Advisory Services which include incident readiness, playbook and response process improvement will help customers to apply all best practices in this chapter. Fortinet Cloud Consulting services and Security Advisory Services can help customer on: • developing incident management plans • Prepare forensic capabilities • Automate containment via playbook and Fortinet Security Fabric With Fortinet professional services, and Tabletop Exercise services, customer can apply pre-provision access and pre-deploy tools, as well as run game days aka simulations. Why choose Fortinet? • Fortinet is the 20+ year leader in security industry, the consultants and engineers have expertise in incident readiness and response. • Most of security vendors are only good at security instead of cloud, Fortinet has rich resources on cloud architect and security consultant and service delivery engineers. Security Pillar - Incident Response SEC10 SEC10-BP01 Identify key personnel and external resources SEC10-BP02 Develop incident management plans SEC10-BP03 Prepare forensic capabilities SEC10-BP04 Automate containment capability SEC10-BP05 Pre-provision access SEC10-BP06 Pre-deploy tools SEC10-BP07 Run game days
9 © Fortinet Inc. All Rights Reserved. • Q: How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle? • A: Training people, testing using automation, understanding dependencies, and validating the security properties of tools and applications help to reduce the likelihood of security issues in production workloads. • Best Practices: Customer should focus on securing DevOps which also means the DevSecOps life cycle, covering the Software Development Life Cycle. In this chapter, Fortinet can help on BP02, 03 and 07 via FortiDevSec and FortiDAST with Static and Dynamic scanning integration with CI/CD pipeline. FortiDevSec: • orchestrates and automates continuous application security testing for developers and DevOps directly into the application CI/CD DevOps lifecycle. • It offers comprehensive application scanning, including scanning source code, open-source/ third party libraries, secret, container images, IaC files and live web application URLs. • includes all the above types of scanning to provide comprehensive vulnerability management. DAST scanning alone is provided through FortiDAST, but FortiDevSec is seamlessly integrated into and includes FortiDAST. Why choose Fortinet? • The Easy-to-use and comprehensive portal where users can log in and view all the issues across all their applications and all the different scan types. • Scanners get set up automatically. Unified configuration for all your scans with no need for siloed plugins • Noise reduction via intelligently correlates across multiple scan results and manipulates the risk ratings accordingly. Security Pillar - Application Security SEC11 SEC11-BP01 Train for application security SEC11-BP02 Automate testing throughout the development and release lifecycle SEC11-BP03 Perform regular penetration testing SEC11-BP04 Manual code reviews SEC11-BP05 Centralize services for packages and dependencies SEC11-BP06 Deploy software programmatically SEC11-BP07 Regularly assess security properties of the pipelines SEC11-BP08 Build a program that embeds security ownership in workload teams
Fortinet Solution Mapping with AWS Well-Architecture

Recommended

Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxSecure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxYitao Cen
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...Amazon Web Services
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareBMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareMike Rizzo
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik FergusonCloudExpoEurope
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 

Recommended

Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxSecure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxYitao Cen
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...Amazon Web Services
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareBMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareMike Rizzo
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik FergusonCloudExpoEurope
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdfYounesChafi1
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire Vijay Νavgire
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Secure design best practices and design patterns
Secure design best practices and design patternsSecure design best practices and design patterns
Secure design best practices and design patternsIntopalo Digital Oy
 
CIE_overview
CIE_overviewCIE_overview
CIE_overviewPercy Green
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Srinivasa Addepalli
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaHamilton Oliveira
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAmazon Web Services
 
Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments Bunmi Sowande
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWSKrzysztof Kąkol
 
Resume
ResumeResume
ResumeSuboor Ali(suboorali@rediffmail.com)
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Abhishek Kumar
Abhishek Kumar Abhishek Kumar
Abhishek Kumar Abhishek Kumar
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series BreakfastCSO_Presentations
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

More Related Content

Similar to Fortinet Solution Mapping with AWS Well-Architecture

Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdfYounesChafi1
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire Vijay Νavgire
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Secure design best practices and design patterns
Secure design best practices and design patternsSecure design best practices and design patterns
Secure design best practices and design patternsIntopalo Digital Oy
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Srinivasa Addepalli
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaHamilton Oliveira
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAmazon Web Services
 
Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments Bunmi Sowande
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWSKrzysztof Kąkol
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 

Similar to Fortinet Solution Mapping with AWS Well-Architecture (20)

Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
Secure design best practices and design patterns
Secure design best practices and design patternsSecure design best practices and design patterns
Secure design best practices and design patterns
 
CIE_overview
CIE_overviewCIE_overview
CIE_overview
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
 
Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments Securing Virtual and Cloud Environments
Securing Virtual and Cloud Environments
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
 
Resume
ResumeResume
Resume
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
Abhishek Kumar
Abhishek Kumar Abhishek Kumar
Abhishek Kumar
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 

Recently uploaded

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

Fortinet Solution Mapping with AWS Well-Architecture

  • 1. Yitao Cen, Head of Product Marketing, APAC Alan Chen, Technical Marketing Engineer, APAC
  • 2. 2 © Fortinet Inc. All Rights Reserved. AWS Well-Architected Framework The AWS Well-Architected Framework describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. By answering a few foundational questions, learn how well your architecture aligns with cloud best practices and gain guidance for making improvements. Operational Excellence Pillar Security Pillar Reliability Pillar Performance Efficiency Pillar Cost Optimization Pillar Sustainability Pillar
  • 3. 3 © Fortinet Inc. All Rights Reserved. The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture. Security Pillar Security Foundations SEC01. How do you securely operate your workload? Identity & Access Management SEC02. How do you manage authentication for people and machines? SEC03. How do you manage permissions for people and machines? Detection SEC04. How do you detect and investigate security events? Infrastructure Protection SEC05. How do you protect your network resources? SEC06. How do you protect your compute resources? Data Protection SEC07. How do you classify your data? SEC08. How do you protect your data at rest? SEC09. How do you protect your data in transit? Incident Response SEC10. How do you anticipate, respond to, and recover from incidents? Application Security SEC11. How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle? https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
  • 4. 4 © Fortinet Inc. All Rights Reserved. • Q: How do you detect and investigate security events? • A: Capture and analyze events from logs and metrics to gain visibility. Take action on security events and potential threats to help secure your workload. • Best Practices: FortiSIEM and FortiSOAR are ideal choice for satisfying SEC04 best practices. FortiSIEM support below AWS services integration for centralized logging and analysis: • AWS Cloud Trail, AWS Cloud Watch, AWS ELB, AWS Kinesis, AWS RDS, AWS Security Hub, AWS SQS, AWS S3. With FortiSOAR implement, you are able to define the most flexible playbook for automate incident response. Why Chose Fortinet Solution rather than AWS native services? • FortiSIEM and FortiSOAR are designed to be the backbone of your security operations team, delivering capabilities ranging from automatically building your inventory of assets to applying cutting edge behavioral analytics to rapidly detect and respond to threats. • Out-of-box reports are easy for continuous compliance, as well as visualized threat hunting makes security operation more efficiency. • Self-learning asset inventory, real-time analytics, streamlined investigation are all ready-to-use features for offloading security operation team efforts compare with all DIY using AWS services. • Industry-leading threat intelligence and deep fabric integration makes you always up-to-date on detection and automate response across your entire IT landscape. Security Pillar - Detection SEC04 SEC04-BP01 Configure service and application logging SEC04-BP02 Analyze logs, findings, and metrics centrally SEC04-BP03 Automate response to events SEC04-BP04 Implement actionable security events
  • 5. 5 © Fortinet Inc. All Rights Reserved. • Q: How do you protect your network resources? • A: Any workload that has some form of network connectivity, whether it’s the internet or a private network, requires multiple layers of defense to help protect from external and internal network-based threats. • Best Practices: FortiGate and FortiWeb are ideal choice for satisfying SEC05 best practices, to protect network traffic, Web based traffic and API traffic, as well as ensure traffic are all intended. FortiGate is able to deliver: • Network segmentation at VPC level • Site-to-Site VPN and Client-to-Site VPN capabilities • Traffic/Policy analysis • Secure data access by integrate with S3 endpoint. • Traffic inspection via Intrusion Prevention System, Anti-Virus, URL/DNS Filtering • Automated incident response FortiWeb is able to deliver: • Industry top tier Web and API security • Anti-Virus for mitigating file upload attack Why Chose Fortinet Solution rather than AWS native services? • User friendly management console with Machine Learning based threat protection. • Flexible and Cloud native deployment for minimizing influence on existing architecture. • The best TCO offering: the only NGFW support AWS Graviton instance. • Easy to forecast security cost with simple pricing model. Security Pillar - Infrastructure Protection SEC05 SEC05-BP01 Create network layers SEC05-BP02 Control traffic at all layers SEC05-BP03 Automate network protection SEC05-BP04 Implement inspection and protection
  • 6. 6 © Fortinet Inc. All Rights Reserved. • Q: How do you protect your compute resources? • A: Compute resources in your workload require multiple layers of defense to help protect from external and internal threats. Compute resources include EC2 instances, containers, AWS Lambda functions, database services, IoT devices, and more. • Best Practices: In SEC06, AWS suggests to protect the entire workload, including AWS instances, services and IoT devices. Then security practices should cover below assets: Host, Workload, Code, Supply Chain, API. Fortinet can support security testing in source code, container, web and API, as well as protecting IoT devices to cover BP01,02,04,05: • Static or source code testing via FortiDevSec • Container scanning and IAC scanning via FortiDevSec • Advanced Web/API Vulnerability testing with Fuzzing via FortiDAST • Automate compute protection via FortiWeb for Web/API and FortiGate for EC2/containers and IoT devices • Secure remote access dedicated for System Operation via FortiPAM Privilige Access Management Why Chose Fortinet Solution rather than AWS native services? • The Easy-to-use and comprehensive portal where users can log in and view all the issues across all their applications and all the different scan types. • Seamless integration with in Fortinet portfolio. Easy to see correlated results and perform automated protection. • Noise reduction via intelligently correlates across multiple scan results and manipulates the risk ratings accordingly. Security Pillar - Incident Response SEC06 SEC06-BP01 Perform vulnerability management SEC06-BP02 Reduce attack surface SEC06-BP03 Implement managed services SEC06-BP04 Automate compute protection SEC06-BP05 Enable people to perform actions at a distance SEC06-BP06 Validate software integrity
  • 7. 7 © Fortinet Inc. All Rights Reserved. • Q: How do you protect your data in transit? • A: Protect your data in transit by implementing multiple controls to reduce the risk of unauthorized access or loss. • Best Practices: In this part, FortiGate can fit in some use cases. FortiGate is able to deliver: • Encryption in transit via IPSEC VPN in network-to-network scenario • Integrate with AWS GuardDuty for automate block unintended data access Why Chose Fortinet Solution rather than AWS native services? • User friendly management console, with flexible and cloud native deployment for minimizing influence on existing architecture. • High performance to support scale IPSEV VPN tunnels and volume data transit. • The best TCO offering: the only NGFW support AWS Graviton instance. Security Pillar - Data Protection SEC09 SEC09-BP01 Implement secure key and certificate management SEC09-BP02 Enforce encryption in transit SEC09-BP03 Automate detection of unintended data access SEC09-BP04 Authenticate network communications
  • 8. 8 © Fortinet Inc. All Rights Reserved. • Q: How do you anticipate, respond to, and recover from incidents? • A: Preparation is critical to timely and effective investigation, response to, and recovery from security incidents to help minimize disruption to your organization. • Best Practices: Fortinet Cloud Consulting Services and Security Advisory Services which include incident readiness, playbook and response process improvement will help customers to apply all best practices in this chapter. Fortinet Cloud Consulting services and Security Advisory Services can help customer on: • developing incident management plans • Prepare forensic capabilities • Automate containment via playbook and Fortinet Security Fabric With Fortinet professional services, and Tabletop Exercise services, customer can apply pre-provision access and pre-deploy tools, as well as run game days aka simulations. Why choose Fortinet? • Fortinet is the 20+ year leader in security industry, the consultants and engineers have expertise in incident readiness and response. • Most of security vendors are only good at security instead of cloud, Fortinet has rich resources on cloud architect and security consultant and service delivery engineers. Security Pillar - Incident Response SEC10 SEC10-BP01 Identify key personnel and external resources SEC10-BP02 Develop incident management plans SEC10-BP03 Prepare forensic capabilities SEC10-BP04 Automate containment capability SEC10-BP05 Pre-provision access SEC10-BP06 Pre-deploy tools SEC10-BP07 Run game days
  • 9. 9 © Fortinet Inc. All Rights Reserved. • Q: How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle? • A: Training people, testing using automation, understanding dependencies, and validating the security properties of tools and applications help to reduce the likelihood of security issues in production workloads. • Best Practices: Customer should focus on securing DevOps which also means the DevSecOps life cycle, covering the Software Development Life Cycle. In this chapter, Fortinet can help on BP02, 03 and 07 via FortiDevSec and FortiDAST with Static and Dynamic scanning integration with CI/CD pipeline. FortiDevSec: • orchestrates and automates continuous application security testing for developers and DevOps directly into the application CI/CD DevOps lifecycle. • It offers comprehensive application scanning, including scanning source code, open-source/ third party libraries, secret, container images, IaC files and live web application URLs. • includes all the above types of scanning to provide comprehensive vulnerability management. DAST scanning alone is provided through FortiDAST, but FortiDevSec is seamlessly integrated into and includes FortiDAST. Why choose Fortinet? • The Easy-to-use and comprehensive portal where users can log in and view all the issues across all their applications and all the different scan types. • Scanners get set up automatically. Unified configuration for all your scans with no need for siloed plugins • Noise reduction via intelligently correlates across multiple scan results and manipulates the risk ratings accordingly. Security Pillar - Application Security SEC11 SEC11-BP01 Train for application security SEC11-BP02 Automate testing throughout the development and release lifecycle SEC11-BP03 Perform regular penetration testing SEC11-BP04 Manual code reviews SEC11-BP05 Centralize services for packages and dependencies SEC11-BP06 Deploy software programmatically SEC11-BP07 Regularly assess security properties of the pipelines SEC11-BP08 Build a program that embeds security ownership in workload teams