New Fortinet Cloud Security Offerings for Microsoft Azure

Today, Fortinet announced the expansion of our cloud security integration with Microsoft Azure with three new or updated offerings being featured at this week’s Microsoft Ignite event in Orlando. In this blog we will take a look at each of these. But first, let’s step back and look at the bigger picture.

The Fortinet Security Portfolio of Microsoft Azure

Fortinet now has 12 different security products designed for Microsoft Azure. This represents a breadth of security solutions that is unmatched.

The list includes:

Even more impressive, most of these solutions also work across multiple clouds, virtual networks, and physical and virtual datacenters. This enables organizations to uniquely build and deploy a fully integrated and powerful cloud security fabric that can span even the most distributed network environments.

The Need for a Robust Cloud Security Portfolio

Of course, some may ask, “why do we need so many security solutions for Azure, since Microsoft (like all cloud vendors) has a security story all of its own?” But the answer lies in the shared security responsibility model which I have written about previously. According to this model, Microsoft is only responsible for securing its own elements, such as physical access to the Azure datacenters, infrastructure security, and the like. The cloud customer is still responsible for securing all other elements of their cloud environment.

However, this question also reflects the fact that security is a specialty field requiring highly-evolved technology – such as the AI and machine learning used by FortiWeb and FortiSandBox – that are only offered by a organization like Fortinet that specializes in security. And at the same time, truly effective security also requires tools that work together across datacenters and clouds to deliver seamless and consistent protection and management across multiple network ecosystems, not just the cloud. The truth is, security is hard, relying on isolated point or platform-specific security solutions makes it even harder.

Fortinet’s Three Azure Announcements

  • FortiGate Secure SD-WAN now integrates with Azure Virtual WAN to accelerate cloud on-ramp by improving customer QoE and security. This is done through product integration and automation that simplifies connectivity to the Azure Virtual WAN using Fortinet’s Secure SD-WAN offering. This integration automates the creation and tear down of branches connected to Azure Virtual WAN, and provides centralized management of connected clouds across offices and regions. The FortiGate Secure SD-WAN’s integration with the Azure Virtual WAN also ensures optimal performance and security at the branch for customers accessing applications on Azure.
  • Fortinet is also delivering FortiWeb Cloud WAF-as-a-Service through the Microsoft Azure Marketplace. Organizations protecting their web applications are struggling to find a working balance between operational overhead and security effectiveness. FortiWeb WAF-as-a-Service offers the ideal combination by exposing pertinent configuration parameters for ease of management, while automating the provisioning of protection resources and fine-tuning security policies. Customers can now activate Fortinet’s Cloud WAF solution instantaneously, enabling the Software-as-a-Service (SaaS) solution to automatically provision resources directly through the Azure marketplace. Fortinet’s Cloud WAF SaaS solution does not require administrators to possess specific web application security skills, thereby enabling rapid application deployment.
  • Fortinet FortiCWP’s (cloud workload protection) integration with Azure provides customers with increased visibility into and protection for their cloud workload activities and configurations. It also provides the ability to conduct deep analysis of data stored in Microsoft Azure blobs. By leveraging deep integration with Azure combined with utilizing FortiGuard-based threat intelligence, customers get comprehensive and up-to-date protection of their cloud data and workloads. FortiCWP works across clouds and leverages cloud providers’ APIs to gain a comprehensive view across workloads in any cloud region, enabling customers to detect threats and subsequently deploy necessary protection to mitigate these risks.

Essential Cloud Workload Protection with FortCWP

FortiCWP is a relatively new solution, so it warrants a closer look. FortiCWP is a cloud workload protection solution that hunts for and resolves security issues (misconfigurations, anomalous behavior, malicious content, etc.) in cloud-based workloads – not just in Azure, but in the AWS and Google Cloud Platforms as well. It also can scan for sensitive data and malware in places like cloud storage environments to check for compliance with common regulatory frameworks such as HIPAA, SOX/COBIT, and PCI/DSS. FortiCWP is designed specifically for infrastructure as a service (IaaS) deployments. Fortinet’s sister solution, FortiCASB, monitors SaaS applications such as Office365 and Salesforce to provide complete cloud-based application protections and secure the network from things like shadow IT.

One of the key ways FortiCWP performs its magic is through deep integration with the Azure Security Center. FortiCWP uses Azure-specific APIs to interrogate Azure Network Watcher, NSG Flow Events, Activity logs, and more to gain insight into security configuration and events as well as into data on user behaviors and traffic flows.  For this to happen, you do need an Azure account with the proper rights. Make sure your role is “Global Administrator” and that you have the AzureAD “Premium P2” license. Without the AzureAD “Premium P2” license, FortiCWP’s Discovery feature cannot see user entitlements. A Storage account with blog log monitoring enabled will also be required.

This API level integration provides FortiCWP with the data it needs to monitor user activity, check configurations, and scan data blobs. FortiCWP also monitors user activity over time for risk assessment. This technique, called, “User Entity Behavior Analytics,” is a security process that monitors the normal actions of users and other entities combined with risk scoring techniques and advanced algorithms to detect anomalies over time.

The Fortinet Security Fabric Seamlessly Extends Your Network Security Strategy

Enabling comprehensive security with a cloud infrastructure environment like Microsoft Azure can be challenging. It is even more so when that security strategy needs to be extended across a multi-cloud network or span extended physical, virtual, and cloud environments. Fortinet provides the widest array of security solutions in the market, designed to operate natively within all major cloud environments, and function seamlessly across and between a variety of networked ecosystems. Rather than complicating an organization’s security footprint through vendor and solutions sprawl, this approach enables organizations to build, deploy, manage, and optimize a single, integrated security fabric that can operate consistently and seamlessly across even the most dynamic and highly distributed network environments.

Learn more about how Fortinet’s dynamic cloud security solutions give organizations the confidence to deploy any application on any cloud infrastructure. 

Read these customer case studies to see how Cuebiq and Steelcase implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud.

Sourced from Fortinet

The Power of Custom Security Processing

The Universal Quest for Speed

Business innovation has always been key to the success of organizations, especially for those willing to adopt new solutions. From the first abacus and the invention of double entry bookkeeping to the introduction of the ticker tape to copy machine, technology has one thing in common – it has always enable the business to function faster and more efficiently, saving money and increasing productivity.

Today’s digital innovation is no different. Applications and device functionality continue to accelerate business. And underlying those functions is the need for performance. Organizations literally spend trillions of dollars upgrading their networks and devices to generate more computing capacity to accommodate evolving business solutions. As a result, a single end user device today has more processing power, generates more data, and requires access to more digital resources than existed in the entire world just a handful of decades ago.

The majority of technology spend in an organization is dedicated to finding and replacing devices that create system bottlenecks. For example, WAN routers and MPLS connections, once the hallmark of high-performance branch connectivity just a few years ago, are now being replaced with new SD-WAN solutions that can adapt to today’s more dynamic and distributed networks while supporting high-performance business-critical applications.

Security is Becoming a Business Bottleneck

As networks demand more performance, one of the most critical areas lagging behind is network security. Unless organizations are willing to pay outrageous costs, security devices function at a fraction of the speed as the rest of the network. The limited ability to purchase and deploy adequate security solutions impacts network design, business growth, and user access to critical data. Part of the challenge is that a firewall, for example, requires massive amounts of computing power to inspect data looking for malicious content – far more than any router or switch. And according to a recent report by Fortinet, 87% of all web traffic at the start of 2019 was encrypted, with the volume growing daily, which has an even greater impact on security performance.

The fact is, inspecting encrypted data takes such a significant toll on firewall performance that most manufacturers won’t even publish their performance numbers. And the reason is easy to see once you pop open a box and look inside. Even the most expensive firewalls are filled with off-the-shelf CPUs that were never designed to perform the security tasks they are assigned. Instead, software engineers have to write complex code to accommodate hardware limitations, looking for ways to overcome the physical limitations of the processors they have to work with. And because decrypting traffic is so labor-intensive, it’s simply not possible to compensate for the performance impact using software design tricks.

All Performance Innovation Starts with the CPU. Why Not for Security?

We wouldn’t put up with this in any other technology. Smartphone manufacturers develop their own processors, like Apple’s new A13 Bionic chip that was purpose-built to generate more performance to deliver the best graphics and user experience to consumers. And Tesla’s new self-driving chip is a 260 square millimeter piece of silicon, with 6 billion transistors, that offers 21 times the performance of the Nvidia chips it was using before. Other organizations committed to providing cutting-edge performance, such as Google, Amazon, and Facebook, also build their own silicon chips for their data centers and other infrastructures.

Of all the places that could benefit from custom-designed processors, security certainly seems to be at the top of the list. However, Fortinet is still the only security manufacturer to have developed our own security processors (SPUs), engineered from the ground up to perform those specific tasks required to inspect and secure traffic. And the results speak for themselves. We recently calculated the average performance across security devices from leading manufacturers to then calculate something we call a Security Compute Rating that compares the performance of our new SOC4 security ASIC with devices that rely on traditional chips to process security data. 

The Power of Custom Security Processing

Across the board, the use of these purpose-built chips dwarfs that of solutions that rely on off-the-shelf technology, and at a fraction of the cost. Here is a small data sample comparing our desktop SD-WAN NGFW solution with similar solutions from other manufacturers that utilize generic CPUs for networking and security capabilities, all positioned to address the same business requirement: 

As you can see, using a purpose-built security processor enables 4 to 47 times better performance than the industry average. Interestingly, this performance advantage also translates to virtual environments that don’t rely on custom chips, while not quite as dramatic. That’s because engineers have the ability to build significantly more efficient code because they don’t have to work around the limitations of the hardware it runs on. But when other security solutions get ported to a virtual environment, all of the inefficiencies in their development due to their inherent hardware limitations go with them. And even if they should redesign their solution to take better advantage of the virtual systems it is being moved to, they then lose critical interoperability between the various versions of their solution. 

Security Manufacturers Need to Step Up

Digital innovation is essential to the ongoing acceleration of the growing digital marketplace and expanding digital economy. However, we have reached a point where security is likely to become a serious roadblock to that growth. And it is happening just when the security industry is also facing a serious and growing skills gap resulting in an inadequate pool of cybersecurity professionals to manage and secure the expanding attack surface of today’s businesses. 

If security manufacturers want to provide essential protections for digital innovation, while remaining affordable enough for organizations to deploy security devices everywhere they are needed, they will have to change their development strategy. Like every other major manufacturer in the world, they will have to invest in the creation of custom hardware that can keep pace with the exponentially growing performance requirements of today’s digital businesses. If they don’t, they run the same risk as those organizations that have failed to adopt an aggressive digital transformation strategy. They will get left behind.

Learn more about Fortinet’s new FortiGate 60F, a full-featured SD-WAN and NGFW solution powered by the new SCO4 security processor to accelerate and enhance cloud and WAN connectivity.

Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.

Sourced from Fortinet