Partner POV | Simplify Cloud Security with the FortiGate Cloud-Native Firewall on AWS

Written and provided by: Vincent Hwang and Vinod Sundarraj, Fortinet

Over the last decade, as e-commerce and Web 2.0 companies became proficient in running large-scale businesses on the cloud, the importance of security and compliance grew. With that came the fear that robust security would block the agility of application delivery on the cloud. This agility was put to the test at the onset of the pandemic when nearly every enterprise rushed to the cloud to adapt to an entirely remote workforce. Now that workers are returning to the office and the work from anywhere phenomenon appears to be here to stay, many CIOs are embracing hybrid IT architectures that provide a consistent user experience without sacrificing security – both on-premises and in the cloud.

Although organizations have realized many of the business benefits of cloud technology, the majority still lack the resources and skills to deal with the security side of the equation themselves. In fact, according to the most recent Fortinet Cloud Security Report, 95% of respondents stated that they are concerned about cloud security.

Introducing the FortiGate Cloud-Native Firewall Service

Backed by a strong collaboration between Fortinet and Amazon Web Services (AWS), we are excited to announce Fortinet FortiGate CNF (Cloud-Native Firewall). This cloud-native firewall service removes complexity while improving security and supporting consistent security policies across different AWS environments. Fortinet continues to deliver on its vision of converging security natively in the cloud by bringing together network security (FortiGate CNF), application security (FortiWeb) and cloud platform security (FortiCNP) to help organizations better operationalize, simplify, and protect public and hybrid cloud deployments.

FortiGate CNF is a SaaS offering that delivers seamless scalability, implicit resiliency, streamlined workflows, and flexible consumption through deep cloud-native integrations with native AWS services such as AWS Gateway Load Balancer, AWS Firewall Manager, and AWS Marketplace. Fortinet and AWS bring together the best of both worlds – deep security expertise and leading edge cloud technology – in a simple-to-manage and easy-to-consume service.

Simplify and modernize network security on AWS

As a managed service, FortiGate CNF reduces the network security operations workload. Enterprises don't have to configure, provision, or maintain any firewall software infrastructure. In addition, they enjoy the following benefits:

• Enterprise-grade protection: FortiGate CNF supports the security inspection capabilities of a next-generation firewall, providing deep visibility into the application layer along with advanced detection and comprehensive protection powered by artificial intelligence (AI). It includes Geo-IP blocking, advanced filtering, and threat protection. With this level of traffic inspection, customers can reduce the risks of unauthorized events on AWS workloads caused by web-based threats, vulnerability exploits, and other external and internal threat vectors.
   
• Zero operations overhead: FortiGate CNF simplifies security delivery by using just one FortiGate CNF instance to secure an entire AWS region. It can protect multiple accounts, sub-nets, virtual private clouds (VPCs), and availability zones, consolidating security in a region. Cloud-native integration with AWS Gateway Load Balancer helps network security teams move at the speed and scale of applications teams. It eliminates do-it-yourself automation and helps easily secure Amazon Virtual Private Cloud (VPC) environments while improving high availability and scaling.
   
• Simplified management: Cloud-native organizations can use the lightweight user interface and intuitive wizards in the FortiGate CNF Console to easily create, deploy and manage security policies for their AWS environment. For hybrid cloud deployments, a centralized management tool like FortiManager can be used to define, deploy and manage advanced security policies, backed by the FortiGuard Global Threat Intelligence service, which operates consistently across hybrid environments – both on-premises and on AWS. Customers can secure elastic workloads where network address-based policies won't work, by using metadata-based policies on dynamic objects that abstract away network dependencies. Integration with AWS Firewall Manager can be used to streamline security workflows and automate security rollout, saving time and increasing efficiency.
   
• Lower costs: Because there is no security software infrastructure to build, deploy and operate, costs are reduced. Organizations also can save on the training and resourcing costs that would be necessary to deliver do-it-yourself security on AWS. Aggregating security across a region into a single CNF instance avoids the extra costs accrued by solutions that charge by cloud networks or availability zones. In addition, the FortiGate CNF service utilizes AWS Graviton instances to deliver better price performance.
   

Broadening the Fortinet cloud-native strategy with FortiGate CNF

Earlier this year, we introduced FortiCNP, a built-in-the-cloud solution that helps organizations correlate security findings and gain prioritized, actionable insights across their cloud environments. FortiGate CNF is the latest example of the Fortinet commitment to delivering solutions that extend enterprise-grade security with cloud-native integrations. These solutions along with FortiWeb Cloud, our web application firewall-as-a-service solution, are examples of how Fortinet is driving towards a converged future of security that works natively within the cloud rather than solutions that simply sit on top. This translates to reduced complexity, simplified cloud security operations, increased speed of response, and reduced costs, including less infrastructure and tools to deploy, maintain, and manage.

Fortinet FortiGate CNF brings deep network visibility and robust protection on AWS in a flexible consumption model. This managed cloud-native firewall service eliminates network security infrastructure overhead, simplifies security policy management, and integrates security into cloud workflows, which helps organizations improve agility and reduce costs.