SlideShare a Scribd company logo

Secure AWS with Fortinet Security Fabric.pptx

Download as PPTX, PDF
Y
Yitao Cen

The document discusses Fortinet's security solutions and partnerships on AWS, highlighting that Fortinet protects over 70% of Fortune 100 companies, has 30% of the global firewall market share, and over 630,000 customers worldwide. It provides an overview of Fortinet's cloud-native and hybrid cloud security offerings, as well as case studies demonstrating how these solutions help secure AWS environments and hybrid networks. The document also outlines Fortinet's consulting services and flexible consumption models available on AWS Marketplace to help customers design, deploy, and manage Fortinet security technologies in AWS.

Technology
1 of 32
Cen Yitao Head of Product Marketing, APAC
2 © Fortinet Inc. All Rights Reserved. Trusted AWS Partner with Critical Experience Providing protection on-prem and in the cloud across the globe 70% of Fortune 100 companies 30% Global Firewall Shipments 630,000+ Customers Worldwide 20k+ unique active subscriptions 50+ product listings • ISV Accelerate Partner • SaaS Revenue Recognition & MPOPP Partner • AWS Competencies • Network & Security • Graviton, WAF, and Outposts Ready • Deep AWS Integrations AWS CloudFront AWS WAF AWS Elastic Load Balancers AWS GuardDuty AWS Transit Gateway AWS Firewall Manager AWS Security Hub AWS GWLB
3 © Fortinet Inc. All Rights Reserved. Misconfiguration of cloud remains to be top threat–potentially leading to successful attacks Lack of visibility, control, and staff/expertise are the top barriers to faster cloud adoption. 2023 Cybersecurity Report Cloud Security Challenges Biggest challenges securing hybrid and multi-cloud environments
4 © Fortinet Inc. All Rights Reserved. Fortinet Offers Comprehensive Security Solutions on AWS Seamless security Fortinet Security Fabric natively integrates with AWS services providing single-pane-of- glass management and cloud-native visibility → enables Fortinet customers to quickly and securely migrate and scale workloads on AWS Leading AI/ML threat protection FortiGuard Labs delivers breadth of visibility, ground-breaking innovation, and rapid delivery of actionable threat intelligence
5 © Fortinet Inc. All Rights Reserved. Integrated security for full visibility and advanced threat defense Key Fortinet Solutions on AWS Use cases Benefits Fortinet Solutions AWS Integrations Web Application and API Protection Protect against OWASP Top 10 threats, zero-day, and other app layer attacks FortiWeb Cloud WAF-as-a-Service Fortinet Managed Rules AWS WAF Risk Management and Visibility Manage cloud risks with actionable insights FortiCNP Cloud Native Protection AWS Security Hub Amazon GuardDuty Amazon Inspector Hybrid Cloud Security, Natively Delivered Centralized visibility, control, and automation simplified FortiGate-VM FortiGate Cloud-Native Firewall (CNF) AWS Firewall Manager Gateway Load Balancer Fortinet Cloud Consulting Zero Trust Network Access Zero Trust Network Access Fortinet Zero Trust Access Fortinet ZTNA Application Gateway + AWS Firewall Manager AWS Gateway Load Balancer
6 © Fortinet Inc. All Rights Reserved. BK Bank Case Study • Current deployment was a mix of security tools • Secure, integrated network management solution to mitigate threats • Complete visibility into the cloud ecosystem • Integrated and dynamic protection for AWS Cloud environment Challenge FortiGate Next-Gen Firewall FortiWeb FortiAnalyzer FortiCNP Fortinet Cloud Consulting Services Solutions Deployed • Advanced security to protect against threat landscape • Protected with broad visibility across applications, users, and data • Meet PCI compliance regulations • Integrated, easy-to-manage platform Business Benefits: “ Integrated Fortinet solutions give us broad visibility, which provides for far easier and more proactive network management. This helps us improve all business processes.” —Caio Hyppolito, CTO, BK Bank Customer: BK Bank Industry: Financial Services Location: Brazil
7 © Fortinet Inc. All Rights Reserved. Accelerate Time to Value Fortinet Cloud Consulting JumpStart Kits Cloud Consulting Services Get a JumpStart on designing and implementing Fortinet products in your environment. Available in AWS Marketplace: • FortiGate-VM JumpStart • 5-day consulting engagement • 2 FortiGate-VM Instances • FortiGate CNF JumpStart • 2-day consulting engagement • 1M CNF credits for one year • FortiWeb-VM JumpStart • 5-day consulting engagement • 2 FortiWeb-VM Instances • Secure cloud migration methodology and implementation • Global-scale architecture recommendations • Automation for zero-touch provisioning • Cloud Security Posture Assessment Learn More “Fortinet Cloud Consulting Services has been great. Working with the Fortinet team helped us design and deploy this new architecture much more quickly than we could have without their assistance.” Ashish Palikhel. Senior Network Security Engineer Public Consulting Group LLC
8 © Fortinet Inc. All Rights Reserved. Flexible procurement options to fit your customers needs Fortinet Consumption Models on AWS Marketplace Hourly Pay for software and compute capacity by the hour, with no long- term commitments Monthly Make a monthly payment Annual and multiyear Annual and multi-year licensing Private Offers Negotiate a custom price with a software seller Enterprise Agreements / FortiFlex Flexible, scalable licensing Ideal for development and testing, or workloads with inconsistent traffic Ideal for temporary projects and baseline workloads Ideal for long-term workloads Ideal for larger, high- value transactions Consumption flexibility for dynamic environments
Use Cases
10 © Fortinet Inc. All Rights Reserved. Fortinet cloud-native security solutions keep your workloads safe Fortinet SaaS Solutions on AWS Protect against OWASP Top 10 threats, zero-day attacks, and other app layer attacks Web App & API Security Fortinet Managed Rules + AWS WAF FortiWeb Cloud WAF-as-a-Service Manage cloud risks with actionable insights Cloud Workload Protection & Posture Management FortiCNP Cloud-native Protection + Amazon GuardDuty & Inspector + AWS Security Hub Simplify and modernize your network security with a managed firewall-as-a-service Cloud-Native Network Security FortiGate CNF Firewall-as-a-Service + AWS Gateway Load Balancer + AWS Firewall Manager
11 © Fortinet Inc. All Rights Reserved. virtual private cloud virtual private cloud FortiWeb VM FortiGate VM Cloud Security Services Hub Protected Services and Workloads FortiSandbox VM High Speed VPN instances Containers FortiWeb Container Offices Amazon WorkSpaces Amazon API Gateway* flow logs Amazon Inspector Amazon GuardDuty Amazon Macie AWS Security Hub SD-WAN FortiGate AWS Outpost on-premises Data Center FortiCNP FortiWeb Cloud WAFaaS Fabric Connector AWS WAF Managed WAF Rulesets IaaS FortiGate Cloud Native Firewall (CNF) GWLB SaaS Fabric Management FortiManager FortiAnalyzer Transit GW Internet Fortinet Architecture for AWS
12 © Fortinet Inc. All Rights Reserved. Cloud-Native Firewall FortiGate CNF Managed Firewall Service Optimized TCO Offload infrastructure management and costs to Fortinet, Pay only for Security usage Advanced Threat Protection Deep Application Layer Visibility and consistent control for AWS workloads Threat Intelligence AI/ML powered FortiGuard Global Threat Intelligence for stopping advanced attacks Ease of use Simple UI to manage policies, Consistent Security Policies across cloud regions and on- premises Zero Operations Overhead Deploy security in minutes, easily deliver security across AWS and scale seamlessly with high resiliency Cloud Network Security
13 © Fortinet Inc. All Rights Reserved. Simplify and modernize network security on AWS FortiGate CNF FortiGate CNF Fully Managed (SaaS) Service AWS Integrations Customer manages security policies and rollouts Fortinet manages scalability, availability and software updates Network Protection for AWS VPCs Deep (L2-L7) Application layer Protection Inspect and control traffic between AWS VPCs and prevent lateral spread of threats AWS GW Load Balancer AWS Firewall Manager AWS Marketplace Edge Data Center Applications VPC A Customer 1 VPC B Customer 2 Service Management Central Management FortiGuard Global Threat Intelligence Internet FortiGate CNF requires just one CNF instance to secure an entire AWS region, including multiple accounts, sub-nets, VPCs, and availability zones
14 © Fortinet Inc. All Rights Reserved. Hybrid-Cloud Security Retain consistent protection and visibility across distributed environments Simplified Security Management FortiManager provides single-pane-of- glass management across the entire extended enterprise Advanced Threat Protection FortiGate Next-Generation Firewalls (NGFWs) provide secure connectivity/SD-WAN, network segmentation, and application security for hybrid-cloud-based deployments. Threat Intelligence The Fortinet Security Fabric integrates the latest AI-driven threat intelligence from our in- house research group, FortiGuard Labs. Compliance Reporting FortiAnalyzer allows you to analyze, report, and archive security events, network traffic, web content, and messaging data to help simplify compliance tasks. Zero Operations Overhead Integrations with key AWS services provide automated and scalable protection. Fortinet Security Fabric
15 © Fortinet Inc. All Rights Reserved. Web Application and API security Unlock additional security controls for AWS-hosted web apps and APIs leveraging ML Machine Learning Protect your web apps and APIs while reducing management overhead Web Application Security Protect against known and unknown threats including the OWASP Top 10. Bot Mitigation Block the full range of malicious bot activity (e.g., content scraping, denial of service, data harvesting, transaction fraud). API Security Protect the APIs that enable B2B communication and support your mobile applications. Easy to Deploy With a built-in setup wizard and predefined policies, deploy in just minutes and start protecting your apps from threats. FortiWeb Cloud WAF-as-a-Service
16 © Fortinet Inc. All Rights Reserved. Risk Management and Visibility Manage cloud risks with actionable insights with FortiCNP (Cloud-Native Protection) Vulnerability Management FortiCNP FortiGuard Threat Intelligence Fortinet Cloud Security Fabric Cloud Security Posture Management Data Security Network/Threat Detection Cloud Workload Protection Container Protection Amazon Inspector Amazon GuardDuty for S3 Amazon GuardDuty- Malware Protection, EKS, Cloud Trail Amazon GuardDuty- VPC Flow Logs AWS Security Hub Controls
17 © Fortinet Inc. All Rights Reserved. Implement a zero-trust access approach Fortinet Zero Trust Access • Continuously verifies who and what is using resources • Gain full visibility and control Fortinet ZTNA Application Gateway • Strong authentication capabilities • Powerful network access control tools • Pervasive application access policies • Provides least access privileges Gartner predicts that 60% of organizations will embrace Zero Trust as a starting point for security by 2025 “ ” Source: https://virtualizationreview.com/articles/2022/06/23/gartner-predictions.aspx Campus Branch Remote ZTNA Application Gateway Wherever the user is Verified user identity, device identity & posture check prior to access Wherever the application is SaaS Apps Data Center OS SaaS Zero Trust Network Access
18 © Fortinet Inc. All Rights Reserved. Security Vendor Overload Security Skills Shortage Expanding Attack Surface Compliance Complexity Fortinet Helps AWS Enterprise Customers with Key Challenges
19 © Fortinet Inc. All Rights Reserved. AWS Enterprise (ENT) Battlecard Why Fortinet for AWS Enterprise? 63% of Fortune 500 and 68% of Global 200 depend on Fortinet to stay secure. Fortinet is committed to assisting Enterprise customers with their workload protection, wherever they are deployed, via Fortinet's Security Fabric. Security Vendor Overload The cloud security market is currently filled with new companies offering niche solutions. Fortinet has been a Gartner leader for 14 years, has been in business for 20+ years, and has over 650K customers worldwide. The Security Fabric Fortinet has built provides a horizontal approach to security vs vertical. FortiGate VM (Firewall) FortiGate CNF (SaaS Firewall) Expanded Attack Surface As institutions adopt and build out new web applications & APIs, and innovate current applications on AWS, they want to make sure compliance and security is built into the fabric of that application. Threat protection is extremely important to organizations as they expose their web applications to the outside world. FortiWeb Cloud (SaaS WAF) Security Skills Shortage As organizations shift to the cloud and continue their cloud path, they often try and mimic security practices with their on-prem environment. On-prem and cloud are not apples-to-apples, and often enterprises have great security people but not great cloud security people. Cloud security experts are needed to ensure proper security deployment within the cloud infrastructure. Fortinet Jumpstart (Consulting) Compliance Complexity Navigating and maintaining compliance can present a myriad of challenges that are hard to get a grasp on. Fortinet helps reduce complexity and keep enterprises up to date with the latest security and compliance requirements. Fortinet Security Fabric Challenges/Solutions Customers Buyer Personas IT Security Business Operations Cloud Engineering IT Leadership Procurement/Finance Cloud Center of Excellence (CCoE)
Case Reference study on 10G FW on AWS
21 © Fortinet Inc. All Rights Reserved. DC and Branch SDWAN to AWS and N-S Protection Deployment Reference: Fast-Food chain stores in AWS 13 VPC-SEA1-SAP Availability Zone A Availability Zone B Availability Zone C VPC-SEA1-Business-App-DevQA Availability Zone A Availability Zone B JFC-App-Dev-Web-AZA JFC-App-Dev-Web-AZB JFC-App-Dev-App-AZA JFC-App-Dev-App-AZB JFC-App-Dev-DB-AZA JFC-App-Dev-DB-AZB VPC-SEA1-Business-App-Prod Availability Zone A Availability Zone B JFC-App-Prod-web-AZA JFC-App-Dev-Web-AZB JFC-App-Prod-App-AZA JFC-App-Prod-App-AZB JFC-App-Prod-DB-AZA JFC-App-Prod-DB-AZB VPC-SEA1-Infra-SS Availability Zone A Availability Zone C AD JFC-Infra-SS-AZA JFC-Infra-SS-AZA AD SSO SSO VPC-SEA1-Logging Availability Zone A Availability Zone C FortiAnalyzer JFC-Infra-SS-AZA JFC-Infra-SS-AZA FortiManager FortiAnalyzer FortiManager VPC-SEA1-Security Availability Zone A Availability Zone C Trend Micro JFC-Infra-SS-AZA JFC-Infra-SS-AZA SIEM Trend Micro SIEM VPC-SEA1-Secu-Int Availability Zone A VPC Attachment IPC Data Center VPN Attachment VPC Attachment VPC Attachment JFC Plaza VPC-US-EAST-1 IPSEC VPN Availability Zone B VPC-SEA1-Secu-Ext Availability Zone A Availability Zone B Branch Site Active/Passive Active / Active ALB Security Landing Zone to connect applications and workloads deployed on AWS to DataCenter • Security Landing Zone to connect SDWAN Branch sites to AWS. • Security Landing zone to filter N-S traffic to/from VPC • N-S traffic from AWS to DataCenter. • N-S Traffic from Internet to FFC published applications in AWS. • FortiGate in A/A for SDWAN to DC & Branch • FortiGate in A/P for N-S protection • FortiManager • FortiAnalyzer
Acceleration technology information on FGVM
23 © Fortinet Inc. All Rights Reserved. Fabric Connectors NATIVE INTEGRATION
24 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Container Security • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Native integration for FortiGate HA A/P • Config and Session Sync between FortiGate for seamless Failover Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Security into the Cloud - AWS Cloud Security Services Hub – FortiGate HA A/P Cluster FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 Sandboxing Mail Security VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud DX/ IPSec Transit GW VPC Attachments FortiGate A/P VPC Attachments Web Security
25 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Automated VPN provisioning to AWS TGW • Automated Scale up and down of FortiGate Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Fortinet Cloud Security Services Hub with Autoscaling and AWS Transit Gateway FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A Lambda Function CloudWatch Event Trigger API Gateway AWS Cloud DX/ IPSec VPN Attachments Transit GW Transit Gateway Attachments FortiGate ASG Sandboxing Web Security Mail Security
26 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Container Security • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Horizontal Scale of FortiGate • SD-WAN and Cloud On- Ramp for Hybrid and Multi-Cloud Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Security across the Cloud - AWS Cloud Security Services Hub – FortiGate Active-Active FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud DX/ IPSec Transit GW VPC Attachments FortiGate A/A Connect Attachments VPC Attachments Sandboxing Mail Security Web Security Multi Cloud Across Cloud
27 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Automated VPN provisioning to AWS TGW • Automated Scale up and down of FortiGate Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Fortinet Cloud Security Services Hub with Autoscaling and AWS Transit Gateway FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A Lambda Function CloudWatch Event Trigger API Gateway AWS Cloud DX/ IPSec VPN Attachments Transit GW Transit Gateway Attachments FortiGate ASG Sandboxing Web Security Mail Security
Auto-scaling & Scalability in AWS
29 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Horizontal scaling without SNAT enable • Centralize Security inspection for North- South protection • Centralize Security inspection for East-West protection Policy Enforcement Connector / Management and Analytics Security within the Cloud - AWS AWS GWLB – Transparent Inspection for North-South and East-West Protection FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud Transit GW Transit Gateway Attachments GWLB Private-AZ1 Private-AZ2 Private-AZ3 FGT2 Public-AZ1 Public-AZ2 Public-AZ3 FGT3 FGT1
30 © Fortinet Inc. All Rights Reserved. AWS GWLB Solution Overview L4 Load Balancer - Scaling - Stickiness - Health Checks - Flow rerouting - Encap Original traffic GWLB Geneve tunnel FortiGate L3 Gateway - Next-hop in route-table - No packet rewrite - FortiGate is the next-hop of packet flow - DNAT requires for Inbound - Complex scenario for horizontal scale - SNAT requires horizontal scale Without GWLB With GWLB Source Source Destination Destination
31 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Container Security • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Horizontal Scale of FortiGate • SD-WAN and Cloud On- Ramp for Hybrid and Multi-Cloud Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Security into the Cloud - AWS Cloud Security Services Hub – FortiGate Active-Active FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud DX/ IPSec Transit GW VPC Attachments FortiGate A/A Connect Attachments VPC Attachments Sandboxing Mail Security Web Security
Secure AWS with Fortinet Security Fabric.pptx

Recommended

AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS Shield
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 

Recommended

AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS Shield
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech TalkElastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
Amazon Web Services
 
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon Web Services Korea
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk Through
Kaushik Mohanraj
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
Amazon Web Services
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
Amazon Web Services
 
Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdf
Amazon Web Services
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
Amazon Web Services
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Amazon Web Services
 
AWS 101
AWS 101AWS 101
AWS 101
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
AWS Riyadh User Group
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
Amazon Web Services
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
Amazon Web Services
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
YounesChafi1
 
Fortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure WorkloadsFortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure Workloads
Amazon Web Services
 

More Related Content

What's hot

AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech TalkElastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
Amazon Web Services
 
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon Web Services Korea
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk Through
Kaushik Mohanraj
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
Amazon Web Services
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
Amazon Web Services
 
Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdf
Amazon Web Services
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
Amazon Web Services
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Amazon Web Services
 
AWS 101
AWS 101AWS 101
AWS 101
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
AWS Riyadh User Group
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
Amazon Web Services
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
Amazon Web Services
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 

What's hot (20)

AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech TalkElastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
 
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
AWS Lake Formation을 통한 손쉬운 데이터 레이크 구성 및 관리 - 윤석찬 :: AWS Unboxing 온라인 세미나
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk Through
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdf
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
 
AWS 101
AWS 101AWS 101
AWS 101
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
 

Similar to Secure AWS with Fortinet Security Fabric.pptx

2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
YounesChafi1
 
Fortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure WorkloadsFortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure Workloads
Amazon Web Services
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
Amazon Web Services
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
Lan & Wan Solutions
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
Cristina Garrido Lema
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
Krystel Hery
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
Imperva
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
 
Cloud for the Military - Projects, Promise
Cloud for the Military - Projects, PromiseCloud for the Military - Projects, Promise
Cloud for the Military - Projects, Promise
John Palfreyman
 
Fortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-ArchitectureFortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-Architecture
Yitao Cen
 
Deploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingDeploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load Balancing
Avi Networks
 
Enabling Remote Employees with Horizon VDI and Avi Networks
Enabling Remote Employees with Horizon VDI and Avi NetworksEnabling Remote Employees with Horizon VDI and Avi Networks
Enabling Remote Employees with Horizon VDI and Avi Networks
Avi Networks
 
Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010
solarisyourep
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
BAKOTECH
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
Abasse KPEGOUNI
 
OIS-K8-Multicloud.pptx
OIS-K8-Multicloud.pptxOIS-K8-Multicloud.pptx
OIS-K8-Multicloud.pptx
VoYat
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
sflynn073
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptx
abenyeung1
 

Similar to Secure AWS with Fortinet Security Fabric.pptx (20)

2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
 
Fortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure WorkloadsFortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure Workloads
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
Cloud for the Military - Projects, Promise
Cloud for the Military - Projects, PromiseCloud for the Military - Projects, Promise
Cloud for the Military - Projects, Promise
 
Fortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-ArchitectureFortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-Architecture
 
Deploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingDeploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load Balancing
 
Enabling Remote Employees with Horizon VDI and Avi Networks
Enabling Remote Employees with Horizon VDI and Avi NetworksEnabling Remote Employees with Horizon VDI and Avi Networks
Enabling Remote Employees with Horizon VDI and Avi Networks
 
Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
 
OIS-K8-Multicloud.pptx
OIS-K8-Multicloud.pptxOIS-K8-Multicloud.pptx
OIS-K8-Multicloud.pptx
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptx
 

Recently uploaded

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 

Recently uploaded (20)

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 

Secure AWS with Fortinet Security Fabric.pptx

  • 1. Cen Yitao Head of Product Marketing, APAC
  • 2. 2 © Fortinet Inc. All Rights Reserved. Trusted AWS Partner with Critical Experience Providing protection on-prem and in the cloud across the globe 70% of Fortune 100 companies 30% Global Firewall Shipments 630,000+ Customers Worldwide 20k+ unique active subscriptions 50+ product listings • ISV Accelerate Partner • SaaS Revenue Recognition & MPOPP Partner • AWS Competencies • Network & Security • Graviton, WAF, and Outposts Ready • Deep AWS Integrations AWS CloudFront AWS WAF AWS Elastic Load Balancers AWS GuardDuty AWS Transit Gateway AWS Firewall Manager AWS Security Hub AWS GWLB
  • 3. 3 © Fortinet Inc. All Rights Reserved. Misconfiguration of cloud remains to be top threat–potentially leading to successful attacks Lack of visibility, control, and staff/expertise are the top barriers to faster cloud adoption. 2023 Cybersecurity Report Cloud Security Challenges Biggest challenges securing hybrid and multi-cloud environments
  • 4. 4 © Fortinet Inc. All Rights Reserved. Fortinet Offers Comprehensive Security Solutions on AWS Seamless security Fortinet Security Fabric natively integrates with AWS services providing single-pane-of- glass management and cloud-native visibility → enables Fortinet customers to quickly and securely migrate and scale workloads on AWS Leading AI/ML threat protection FortiGuard Labs delivers breadth of visibility, ground-breaking innovation, and rapid delivery of actionable threat intelligence
  • 5. 5 © Fortinet Inc. All Rights Reserved. Integrated security for full visibility and advanced threat defense Key Fortinet Solutions on AWS Use cases Benefits Fortinet Solutions AWS Integrations Web Application and API Protection Protect against OWASP Top 10 threats, zero-day, and other app layer attacks FortiWeb Cloud WAF-as-a-Service Fortinet Managed Rules AWS WAF Risk Management and Visibility Manage cloud risks with actionable insights FortiCNP Cloud Native Protection AWS Security Hub Amazon GuardDuty Amazon Inspector Hybrid Cloud Security, Natively Delivered Centralized visibility, control, and automation simplified FortiGate-VM FortiGate Cloud-Native Firewall (CNF) AWS Firewall Manager Gateway Load Balancer Fortinet Cloud Consulting Zero Trust Network Access Zero Trust Network Access Fortinet Zero Trust Access Fortinet ZTNA Application Gateway + AWS Firewall Manager AWS Gateway Load Balancer
  • 6. 6 © Fortinet Inc. All Rights Reserved. BK Bank Case Study • Current deployment was a mix of security tools • Secure, integrated network management solution to mitigate threats • Complete visibility into the cloud ecosystem • Integrated and dynamic protection for AWS Cloud environment Challenge FortiGate Next-Gen Firewall FortiWeb FortiAnalyzer FortiCNP Fortinet Cloud Consulting Services Solutions Deployed • Advanced security to protect against threat landscape • Protected with broad visibility across applications, users, and data • Meet PCI compliance regulations • Integrated, easy-to-manage platform Business Benefits: “ Integrated Fortinet solutions give us broad visibility, which provides for far easier and more proactive network management. This helps us improve all business processes.” —Caio Hyppolito, CTO, BK Bank Customer: BK Bank Industry: Financial Services Location: Brazil
  • 7. 7 © Fortinet Inc. All Rights Reserved. Accelerate Time to Value Fortinet Cloud Consulting JumpStart Kits Cloud Consulting Services Get a JumpStart on designing and implementing Fortinet products in your environment. Available in AWS Marketplace: • FortiGate-VM JumpStart • 5-day consulting engagement • 2 FortiGate-VM Instances • FortiGate CNF JumpStart • 2-day consulting engagement • 1M CNF credits for one year • FortiWeb-VM JumpStart • 5-day consulting engagement • 2 FortiWeb-VM Instances • Secure cloud migration methodology and implementation • Global-scale architecture recommendations • Automation for zero-touch provisioning • Cloud Security Posture Assessment Learn More “Fortinet Cloud Consulting Services has been great. Working with the Fortinet team helped us design and deploy this new architecture much more quickly than we could have without their assistance.” Ashish Palikhel. Senior Network Security Engineer Public Consulting Group LLC
  • 8. 8 © Fortinet Inc. All Rights Reserved. Flexible procurement options to fit your customers needs Fortinet Consumption Models on AWS Marketplace Hourly Pay for software and compute capacity by the hour, with no long- term commitments Monthly Make a monthly payment Annual and multiyear Annual and multi-year licensing Private Offers Negotiate a custom price with a software seller Enterprise Agreements / FortiFlex Flexible, scalable licensing Ideal for development and testing, or workloads with inconsistent traffic Ideal for temporary projects and baseline workloads Ideal for long-term workloads Ideal for larger, high- value transactions Consumption flexibility for dynamic environments
  • 10. 10 © Fortinet Inc. All Rights Reserved. Fortinet cloud-native security solutions keep your workloads safe Fortinet SaaS Solutions on AWS Protect against OWASP Top 10 threats, zero-day attacks, and other app layer attacks Web App & API Security Fortinet Managed Rules + AWS WAF FortiWeb Cloud WAF-as-a-Service Manage cloud risks with actionable insights Cloud Workload Protection & Posture Management FortiCNP Cloud-native Protection + Amazon GuardDuty & Inspector + AWS Security Hub Simplify and modernize your network security with a managed firewall-as-a-service Cloud-Native Network Security FortiGate CNF Firewall-as-a-Service + AWS Gateway Load Balancer + AWS Firewall Manager
  • 11. 11 © Fortinet Inc. All Rights Reserved. virtual private cloud virtual private cloud FortiWeb VM FortiGate VM Cloud Security Services Hub Protected Services and Workloads FortiSandbox VM High Speed VPN instances Containers FortiWeb Container Offices Amazon WorkSpaces Amazon API Gateway* flow logs Amazon Inspector Amazon GuardDuty Amazon Macie AWS Security Hub SD-WAN FortiGate AWS Outpost on-premises Data Center FortiCNP FortiWeb Cloud WAFaaS Fabric Connector AWS WAF Managed WAF Rulesets IaaS FortiGate Cloud Native Firewall (CNF) GWLB SaaS Fabric Management FortiManager FortiAnalyzer Transit GW Internet Fortinet Architecture for AWS
  • 12. 12 © Fortinet Inc. All Rights Reserved. Cloud-Native Firewall FortiGate CNF Managed Firewall Service Optimized TCO Offload infrastructure management and costs to Fortinet, Pay only for Security usage Advanced Threat Protection Deep Application Layer Visibility and consistent control for AWS workloads Threat Intelligence AI/ML powered FortiGuard Global Threat Intelligence for stopping advanced attacks Ease of use Simple UI to manage policies, Consistent Security Policies across cloud regions and on- premises Zero Operations Overhead Deploy security in minutes, easily deliver security across AWS and scale seamlessly with high resiliency Cloud Network Security
  • 13. 13 © Fortinet Inc. All Rights Reserved. Simplify and modernize network security on AWS FortiGate CNF FortiGate CNF Fully Managed (SaaS) Service AWS Integrations Customer manages security policies and rollouts Fortinet manages scalability, availability and software updates Network Protection for AWS VPCs Deep (L2-L7) Application layer Protection Inspect and control traffic between AWS VPCs and prevent lateral spread of threats AWS GW Load Balancer AWS Firewall Manager AWS Marketplace Edge Data Center Applications VPC A Customer 1 VPC B Customer 2 Service Management Central Management FortiGuard Global Threat Intelligence Internet FortiGate CNF requires just one CNF instance to secure an entire AWS region, including multiple accounts, sub-nets, VPCs, and availability zones
  • 14. 14 © Fortinet Inc. All Rights Reserved. Hybrid-Cloud Security Retain consistent protection and visibility across distributed environments Simplified Security Management FortiManager provides single-pane-of- glass management across the entire extended enterprise Advanced Threat Protection FortiGate Next-Generation Firewalls (NGFWs) provide secure connectivity/SD-WAN, network segmentation, and application security for hybrid-cloud-based deployments. Threat Intelligence The Fortinet Security Fabric integrates the latest AI-driven threat intelligence from our in- house research group, FortiGuard Labs. Compliance Reporting FortiAnalyzer allows you to analyze, report, and archive security events, network traffic, web content, and messaging data to help simplify compliance tasks. Zero Operations Overhead Integrations with key AWS services provide automated and scalable protection. Fortinet Security Fabric
  • 15. 15 © Fortinet Inc. All Rights Reserved. Web Application and API security Unlock additional security controls for AWS-hosted web apps and APIs leveraging ML Machine Learning Protect your web apps and APIs while reducing management overhead Web Application Security Protect against known and unknown threats including the OWASP Top 10. Bot Mitigation Block the full range of malicious bot activity (e.g., content scraping, denial of service, data harvesting, transaction fraud). API Security Protect the APIs that enable B2B communication and support your mobile applications. Easy to Deploy With a built-in setup wizard and predefined policies, deploy in just minutes and start protecting your apps from threats. FortiWeb Cloud WAF-as-a-Service
  • 16. 16 © Fortinet Inc. All Rights Reserved. Risk Management and Visibility Manage cloud risks with actionable insights with FortiCNP (Cloud-Native Protection) Vulnerability Management FortiCNP FortiGuard Threat Intelligence Fortinet Cloud Security Fabric Cloud Security Posture Management Data Security Network/Threat Detection Cloud Workload Protection Container Protection Amazon Inspector Amazon GuardDuty for S3 Amazon GuardDuty- Malware Protection, EKS, Cloud Trail Amazon GuardDuty- VPC Flow Logs AWS Security Hub Controls
  • 17. 17 © Fortinet Inc. All Rights Reserved. Implement a zero-trust access approach Fortinet Zero Trust Access • Continuously verifies who and what is using resources • Gain full visibility and control Fortinet ZTNA Application Gateway • Strong authentication capabilities • Powerful network access control tools • Pervasive application access policies • Provides least access privileges Gartner predicts that 60% of organizations will embrace Zero Trust as a starting point for security by 2025 “ ” Source: https://virtualizationreview.com/articles/2022/06/23/gartner-predictions.aspx Campus Branch Remote ZTNA Application Gateway Wherever the user is Verified user identity, device identity & posture check prior to access Wherever the application is SaaS Apps Data Center OS SaaS Zero Trust Network Access
  • 18. 18 © Fortinet Inc. All Rights Reserved. Security Vendor Overload Security Skills Shortage Expanding Attack Surface Compliance Complexity Fortinet Helps AWS Enterprise Customers with Key Challenges
  • 19. 19 © Fortinet Inc. All Rights Reserved. AWS Enterprise (ENT) Battlecard Why Fortinet for AWS Enterprise? 63% of Fortune 500 and 68% of Global 200 depend on Fortinet to stay secure. Fortinet is committed to assisting Enterprise customers with their workload protection, wherever they are deployed, via Fortinet's Security Fabric. Security Vendor Overload The cloud security market is currently filled with new companies offering niche solutions. Fortinet has been a Gartner leader for 14 years, has been in business for 20+ years, and has over 650K customers worldwide. The Security Fabric Fortinet has built provides a horizontal approach to security vs vertical. FortiGate VM (Firewall) FortiGate CNF (SaaS Firewall) Expanded Attack Surface As institutions adopt and build out new web applications & APIs, and innovate current applications on AWS, they want to make sure compliance and security is built into the fabric of that application. Threat protection is extremely important to organizations as they expose their web applications to the outside world. FortiWeb Cloud (SaaS WAF) Security Skills Shortage As organizations shift to the cloud and continue their cloud path, they often try and mimic security practices with their on-prem environment. On-prem and cloud are not apples-to-apples, and often enterprises have great security people but not great cloud security people. Cloud security experts are needed to ensure proper security deployment within the cloud infrastructure. Fortinet Jumpstart (Consulting) Compliance Complexity Navigating and maintaining compliance can present a myriad of challenges that are hard to get a grasp on. Fortinet helps reduce complexity and keep enterprises up to date with the latest security and compliance requirements. Fortinet Security Fabric Challenges/Solutions Customers Buyer Personas IT Security Business Operations Cloud Engineering IT Leadership Procurement/Finance Cloud Center of Excellence (CCoE)
  • 20. Case Reference study on 10G FW on AWS
  • 21. 21 © Fortinet Inc. All Rights Reserved. DC and Branch SDWAN to AWS and N-S Protection Deployment Reference: Fast-Food chain stores in AWS 13 VPC-SEA1-SAP Availability Zone A Availability Zone B Availability Zone C VPC-SEA1-Business-App-DevQA Availability Zone A Availability Zone B JFC-App-Dev-Web-AZA JFC-App-Dev-Web-AZB JFC-App-Dev-App-AZA JFC-App-Dev-App-AZB JFC-App-Dev-DB-AZA JFC-App-Dev-DB-AZB VPC-SEA1-Business-App-Prod Availability Zone A Availability Zone B JFC-App-Prod-web-AZA JFC-App-Dev-Web-AZB JFC-App-Prod-App-AZA JFC-App-Prod-App-AZB JFC-App-Prod-DB-AZA JFC-App-Prod-DB-AZB VPC-SEA1-Infra-SS Availability Zone A Availability Zone C AD JFC-Infra-SS-AZA JFC-Infra-SS-AZA AD SSO SSO VPC-SEA1-Logging Availability Zone A Availability Zone C FortiAnalyzer JFC-Infra-SS-AZA JFC-Infra-SS-AZA FortiManager FortiAnalyzer FortiManager VPC-SEA1-Security Availability Zone A Availability Zone C Trend Micro JFC-Infra-SS-AZA JFC-Infra-SS-AZA SIEM Trend Micro SIEM VPC-SEA1-Secu-Int Availability Zone A VPC Attachment IPC Data Center VPN Attachment VPC Attachment VPC Attachment JFC Plaza VPC-US-EAST-1 IPSEC VPN Availability Zone B VPC-SEA1-Secu-Ext Availability Zone A Availability Zone B Branch Site Active/Passive Active / Active ALB Security Landing Zone to connect applications and workloads deployed on AWS to DataCenter • Security Landing Zone to connect SDWAN Branch sites to AWS. • Security Landing zone to filter N-S traffic to/from VPC • N-S traffic from AWS to DataCenter. • N-S Traffic from Internet to FFC published applications in AWS. • FortiGate in A/A for SDWAN to DC & Branch • FortiGate in A/P for N-S protection • FortiManager • FortiAnalyzer
  • 23. 23 © Fortinet Inc. All Rights Reserved. Fabric Connectors NATIVE INTEGRATION
  • 24. 24 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Container Security • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Native integration for FortiGate HA A/P • Config and Session Sync between FortiGate for seamless Failover Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Security into the Cloud - AWS Cloud Security Services Hub – FortiGate HA A/P Cluster FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 Sandboxing Mail Security VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud DX/ IPSec Transit GW VPC Attachments FortiGate A/P VPC Attachments Web Security
  • 25. 25 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Automated VPN provisioning to AWS TGW • Automated Scale up and down of FortiGate Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Fortinet Cloud Security Services Hub with Autoscaling and AWS Transit Gateway FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A Lambda Function CloudWatch Event Trigger API Gateway AWS Cloud DX/ IPSec VPN Attachments Transit GW Transit Gateway Attachments FortiGate ASG Sandboxing Web Security Mail Security
  • 26. 26 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Container Security • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Horizontal Scale of FortiGate • SD-WAN and Cloud On- Ramp for Hybrid and Multi-Cloud Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Security across the Cloud - AWS Cloud Security Services Hub – FortiGate Active-Active FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud DX/ IPSec Transit GW VPC Attachments FortiGate A/A Connect Attachments VPC Attachments Sandboxing Mail Security Web Security Multi Cloud Across Cloud
  • 27. 27 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Automated VPN provisioning to AWS TGW • Automated Scale up and down of FortiGate Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Fortinet Cloud Security Services Hub with Autoscaling and AWS Transit Gateway FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A Lambda Function CloudWatch Event Trigger API Gateway AWS Cloud DX/ IPSec VPN Attachments Transit GW Transit Gateway Attachments FortiGate ASG Sandboxing Web Security Mail Security
  • 29. 29 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Horizontal scaling without SNAT enable • Centralize Security inspection for North- South protection • Centralize Security inspection for East-West protection Policy Enforcement Connector / Management and Analytics Security within the Cloud - AWS AWS GWLB – Transparent Inspection for North-South and East-West Protection FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud Transit GW Transit Gateway Attachments GWLB Private-AZ1 Private-AZ2 Private-AZ3 FGT2 Public-AZ1 Public-AZ2 Public-AZ3 FGT3 FGT1
  • 30. 30 © Fortinet Inc. All Rights Reserved. AWS GWLB Solution Overview L4 Load Balancer - Scaling - Stickiness - Health Checks - Flow rerouting - Encap Original traffic GWLB Geneve tunnel FortiGate L3 Gateway - Next-hop in route-table - No packet rewrite - FortiGate is the next-hop of packet flow - DNAT requires for Inbound - Complex scenario for horizontal scale - SNAT requires horizontal scale Without GWLB With GWLB Source Source Destination Destination
  • 31. 31 © Fortinet Inc. All Rights Reserved. Cloud Security Services Hub VPC • Policy Enforcement Connector • Management / Analytics • Next Generation Firewall • Compliance Automation • Cloud Access Security Broker • Container Security • Denial of Service Protection • Single Policy Set across all deployments • Dynamically scalable security services • Leverage metadata instead of traditional IP in security policies • Automated workload and metadata discovery • Centralized management & analytics across deployments • Intuitive visibility • Horizontal Scale of FortiGate • SD-WAN and Cloud On- Ramp for Hybrid and Multi-Cloud Policy Enforcement Connector / Management and Analytics Enterprise Data Center / Branch Office Security into the Cloud - AWS Cloud Security Services Hub – FortiGate Active-Active FortiGate 10.30.0.0/16 VPC-C 10.20.0.0/16 VPC-B 10.10.0.0/16 VPC VPC • Advanced Threat Protection • VPN IPSec Tunnels • Web Application Firewall • Identity and Access Management VPC Python AWS CFT Terraform VPC-A AWS Cloud DX/ IPSec Transit GW VPC Attachments FortiGate A/A Connect Attachments VPC Attachments Sandboxing Mail Security Web Security

Editor's Notes

  1. Trusted partner with critical experience Our more than 630,000 customers entrust us to protect their data on premises or in the cloud. Fortinet protects 70 percent of Fortune 100 companies and is the most deployed network security solution in the world.
  2. The Fortinet cloud consulting team can help customers design a tailored path to an enhanced cloud security posture based on industry best practices and provide consulting services during the entire lifecycle of a project
  3. Cloud environments are highly dynamic so cloud security needs to be able to scale across all environments, across multiple threat vectors and keep pace with the changes within the cloud. 
  4. As a managed service, FortiGate CNF reduces the network security operations workload. Enterprises don't have to configure, provision, or maintain any firewall software infrastructure. In addition, they enjoy the following benefits: Enterprise-grade protection: FortiGate CNF supports the security inspection capabilities of a next-generation firewall, providing deep visibility into the application layer along with advanced detection and comprehensive protection powered by artificial intelligence (AI). It includes Geo-IP blocking, advanced filtering, and threat protection. With this level of traffic inspection, customers can reduce the risks of unauthorized events on AWS workloads caused by web-based threats, vulnerability exploits, and other external and internal threat vectors. Zero operations overhead: FortiGate CNF simplifies security delivery by using just one FortiGate CNF instance to secure an entire AWS region. It can protect multiple accounts, sub-nets, virtual private clouds (VPCs), and availability zones, consolidating security in a region. Cloud-native integration with AWS Gateway Load Balancer helps network security teams move at the speed and scale of applications teams. It eliminates do-it-yourself automation and helps easily secure Amazon Virtual Private Cloud (VPC) environments while improving high availability and scaling. Simplified management: Cloud-native organizations can use the lightweight user interface and intuitive wizards in the FortiGate CNF Console to easily create, deploy and manage security policies for their AWS environment. For hybrid cloud deployments, a centralized management tool like FortiManager can be used to define, deploy and manage advanced security policies, backed by the FortiGuard Global Threat Intelligence service, which operates consistently across hybrid environments – both on-premises and on AWS. Customers can secure elastic workloads where network address-based policies won’t work, by using metadata-based policies on dynamic objects that abstract away network dependencies. Integration with AWS Firewall Manager can be used to streamline security workflows and automate security rollout, saving time and increasing efficiency. Lower costs: Because there is no security software infrastructure to build, deploy and operate, costs are reduced. Organizations also can save on the training and resourcing costs that would be necessary to deliver do-it-yourself security on AWS. Aggregating security across a region into a single CNF instance avoids the extra costs accrued by solutions that charge by cloud networks or availability zones. In addition, the FortiGate CNF service utilizes AWS Graviton instances to deliver better price performance.
  5. We know organizations are looking to further simplify and modernize security on the cloud, which is why we’re working with Fortinet to deliver adaptive cloud security solutions. With FortiGate CNF, customers can build confidently, boost agility, and take advantage of everything AWS has to offer. As a fully managed cloud-native service, FortiGate CNF provides the enterprise-level firewall services and network security that helps reduce risk and improve compliance, and optimizes customers’ security investments. Fortinet support of key AWS services simplifies security management, facilitating full visibility across environments and providing broad protection across your workloads and applications. We’re looking forward to continuing our work with Fortinet to help our mutual customers accelerate their cloud security goals.
  6. FortiCNP is a cloud-native application protection solution that integrates with cloud service provider’s native security services and Fortinet’s Security Fabric to help organizations prioritize and manage cloud risks with context-rich actionable insights. This is a huge differentiator as no other solution is built on the security services provided by major cloud providers. With this approach FortiCNP is complementing the services, and not competing with them, as most other competitors do. We’re not developing new security services that compete with what the Cloud Service Providers have developed. In fact, we want Customers to leverage those services. They are more efficient and deeply integrated and built specifically for that cloud. The challenge is that these services generate a large amount of data that is difficult for Security Teams to correlate and understand what to do with. FortiCNP helps rationalize all the security data, making it easier for Security Teams to understand where the most critical risks are and what to do to remediate them. FortiCNP has native integrations with these different CSP security services. Given this, FortiCNP doesn’t require separate permissions to be able to access the security details. As such, FortiCNP enables zero permissions security coverage, which essentially removes any integration friction that many organizations experience. Through FortiCNP, data security and cspm capabilities and network detection capabilities support Google Cloud Platform. Additionally, through FortiCNP, vulnerability scanning for containers is also supported through GCP. And as we continue to integrate more and more CSP security services, security coverage will continue to expand, providing greater context to manage your cloud risk. FortiCNP also introduces a new patented technology called Resource Risk Insights or RRI. RRI will correlate and normalize security information generated by these security services and solutions to produce a normalized risk score. If you think about in another way, RRI adds context to all those security findings that it uses to stack rank the risks based on the scores, and to provide actionable insights for security teams to focus on the highest risk resources to mitigate and address. Lets see how RRI works in the next slide.
  7. Security Vendor Overload The Cloud Security Market is currently filled with new companies offering niche solutions, Fortinet has been a Gartner leader for 14 years, has been around for 20+ years and has over 630K customers worldwide. The Security Fabric Fortinet has built provides a horizontal approach to security. The Fortinet products that help overcome these obstacles are: FortiGate-VM- Full Featured NGFW FortiGate CNF- SaaS Managed Cloud Native FW Threat Protection As institutions adopt and build out new web applications & APIs and innovate current applications on AWS they want to make sure compliance and security is built into the fabric of that application. Threat Protection is extremely important to organizations as they expose their web applications to the outside world. The Fortinet product that can help overcome this obstacle is: FortiWeb Cloud- Can be positioned to mitigate risk for OWASP Top 10 and 0 Day attacks against Web Applications due to its’ AI/ML threat detection capabilities. Further it has additional capabilities to provide vulnerability scanning, web security, bot management, API protection and DDos Protection. Cloud Security Experts As organizations shift to the cloud and continue their cloud path, they often try and mimic security practices with their onprem environment. Onprem and cloud are not apples to apples and often enterprises have great security people but not great cloud security people. Cloud security experts are needed to ensure proper security deployment within the Cloud Infrastructure. The Fortinet product that can help overcome this obstacle is: Professional Services- Fortinet Professional services can become the expert on assisting deployment of Fortinet Cloud Security products. The services can cut down on time to deployment, control costs and overhead, as well as provide expertise and build trust that the products are deployed properly. We offer Professional services for each of our cloud security offerings, scoped out to the individual customers needs including Jumpstarts.
  8. In increasingly dynamic network environments, security solutions must be tightly coordinated with networking and other IT infrastructure to provide agility in the face of fast-paced and rapidly changing operations. Fortinet Fabric Connectors feature APIs and other interfaces to make them highly extensible platforms They provide out-of-the- box or built-in integration mechanisms and orchestration of FortiGate or FortiManager with key SDN and public cloud solutions — including with leading vendors such as AWS, Azure, Google Cloud, VMware, Oracle Cloud, and others. Fortinet Fabric Connectors for SDN (private clouds) and Cloud (public clouds), formerly known as Fortinet SDN Connector, enable either FortiGate as a standalone system, or FortiManager, which manages multiple FortiGates, to integrate with the third-party SDN or cloud platforms to synchronize dynamic address group objects that the FortiGate firewall policy protects No matter how objects change their forms and locations in elastic and volatile fashions, FortiGate can identify them as Address objects, which can be used as sources and destinations, and apply appropriate firewall policies automatically without administrator’s manual intervention. Fortinet Fabric Connector is deployed to integrate between FortiGate or FortiManager and third-party technology solutions. FortiManager is optional
  9. Line spacing Still didn’t have all Arial as font (the titles were Segoe) Update fuzzy logos Why are these boxes purple and the ones on 1 gray… (his last note said “endpoint protection uses our brand's purple color scheme, so for this diagram set I asked to switch some colors to align to that.”
  10. Line spacing Still didn’t have all Arial as font (the titles were Segoe) Update fuzzy logos Why are these boxes purple and the ones on 1 gray… (his last note said “endpoint protection uses our brand's purple color scheme, so for this diagram set I asked to switch some colors to align to that.”
  11. Line spacing Still didn’t have all Arial as font (the titles were Segoe) Update fuzzy logos Why are these boxes purple and the ones on 1 gray… (his last note said “endpoint protection uses our brand's purple color scheme, so for this diagram set I asked to switch some colors to align to that.”
  12. Line spacing Still didn’t have all Arial as font (the titles were Segoe) Update fuzzy logos Why are these boxes purple and the ones on 1 gray… (his last note said “endpoint protection uses our brand's purple color scheme, so for this diagram set I asked to switch some colors to align to that.”
  13. Line spacing Still didn’t have all Arial as font (the titles were Segoe) Update fuzzy logos Why are these boxes purple and the ones on 1 gray… (his last note said “endpoint protection uses our brand's purple color scheme, so for this diagram set I asked to switch some colors to align to that.”
  14. Without GWLB, FortiGate is the gateway for our application in AWS, we need to configure DNAT/VIP for Inbound request to our application. Yes, we can deploy Fortigate on horizontal scale with A-A-A and also auto-scaling. However, it will requires SNAT to keep symmetric traffic. And for outbound traffic, we need additional Lambda script or to balance the outbound traffic, we have to integrate FGT to TGW with VPN/IPSEC attachment for ECMP load balancer With GWLB, With GWLB will help us to simplify the deployment model where SNAT or DNAT are not necessary needed. It provide the ability to implement transparent firewall in public cloud environment and more important we can deploy our FortiGate in horizontal scale without SNAT AWS introduce GWLB as combination of L3 gateway + L4 Load Balancer that will become a next-hop in Route-table without changing source/destination IP and Port and with L4 Load balancer capabilities of GWLB, it will provide scale and elasticity to the appliances, it provides stickiness so the appliance can see the traffic in both direction so it will avoid asymmetric traffic. The Packet from source will be routed to GWLB and then without changing source/dest IP/port, GWLB will direct the packet to FortiGate by encapsulate it using Geneve tunnel
  15. Line spacing Still didn’t have all Arial as font (the titles were Segoe) Update fuzzy logos Why are these boxes purple and the ones on 1 gray… (his last note said “endpoint protection uses our brand's purple color scheme, so for this diagram set I asked to switch some colors to align to that.”