According to a global survey conducted by Gartner at the beginning of 2016, public cloud will be the prime delivery model for more than 60 percent of all security applications by the end of this year, 2017.
This is a logical progression given the rate of data center consolidation and migration to public cloud platforms.
With the Fortinet Security Fabric cloud solution combined with flexible Bring-Your-Own-License (BYOL) and Pay-As-You-Go (PAYG) licensing options in AWS, the complete solutions portfolio includes:
FortiGate for Next Generation Firewall
FortiWeb for Web Application Firewall
FortiMail for Secure Email Gateway
FortiSIEM for Security Incident and Event Management
FortiAnalyzer for Log Analytics
FortiManager for Centralized Management
Now, organizations have the option of adding the first cloud-based sandbox product in AWS marketplace, FortiSandbox, to their cloud security infrastructure, allowing businesses to operate a complete security practice entirely in the cloud. Fortinet’s Security Fabric solutions for the cloud offer the ability to leverage security controls that are delivered, updated, and managed entirely through the cloud environment.
Significant Value For Born in the Cloud Enterprises
One of the biggest challenges organizations face is identifying and responding to zero-day threats, such as new ransomware for which there is currently no anti-virus signature available. If this event should occur within your AWS environment, the simple solutions is to forward a sample file to an instance of FortiSandbox running on a VM for deep analysis to decrypt, detonate, and catalog both new and existing malware The firewall then checks the sample hash against malware signatures to determine if FortiSandbox has previously analyzed the file. If the sample is identified as malware, or if it exhibits all the characteristics of malware, it is blocked and the behavior is logged.
Automatic Resource Scaling in FortiSandbox
FortiSandbox in AWS can also monitor and adapt to traffic patterns in order to automate analysis operations, makes horizontal scaling more practical and cost-efficient.
This unique FortiSandbox logic is able to be used within the AWS public cloud without using AWS Auto Scaling. FortiSandbox is designed to scale horizontally by default, based on queued-up analysis request patterns. FortiSandbox can spin up at peak times, or spin down after an analysis is completed while keeping full control of all instances all of the time.
In this blog post, we will describe a number of use cases where you can leverage the new FortiSandbox solution for AWS by looking at some of its purpose-built capabilities that make zero-day threat blocking so successful.
Use Case #1
Instantaneous Sharing of IOC (Indicators of Compromise) Intelligence Across the Multi-Cloud
In hybrid or multi-cloud environments, it’s critical to receive first hand IOC intelligence as quickly as possible to maintain effective zero-day malware protection. FortiSandbox instantly shares session information and IOCs related to malware behavior. If there are multiple FortiSandbox instances (physical, virtualized, or cloud), you can establish synchronization rules to manage and control threat intelligence updates.
Use Case # 2
Fabric-Based Deep Analysis for Zero Day Malware Detection
FortiSandbox on AWS introduces elasticity to enable on-demand sandbox resources to ensure they are available when they are needed. Similar functionality can be very costly in traditional on-premise settings. When working with other Fortinet products like FortiGate, FortiWeb, or FortiMail, FortiSandbox is a powerful public cloud solution to detect and block malware for which no prior signature exists. If the firewall does not find a malicious profile for unknown applications found in HTTP or Web traffic, it then submits and queues up the file sample in FortiSandbox on AWS for in-depth analysis.
Adaptive Notification and Remediation
This intelligence is then automatically shared across the Fabric. Every signature and IoC that FortiSandbox generates is automatically propagated across all Fortinet firewall and FortiClient endpoints for immediate blocking or quarantine in order to avoid further damage.
Dynamic scalability makes FortiSandbox a critical solution even in high traffic, high volume environments. And once the volume of traffic returns to normal it automatically releases any unneeded AWS compute resources.
Use Case #3
Automated FortiSandbox Cloud Scan
Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. As EFS is often used in cloud migrations such as dataset migration, on-demand backup, or cloud bursting scenarios, you can mount your Amazon EFS file systems on your on-premises datacenter servers when connected to your Amazon VPC with AWS Direct Connect, or through a FortiGate site-to-site secured connection. This allows you to insert FortiSandbox on premise or in AWS. Or you can perform malware analysis in an EFS-to-EFS backup solution to ensure clean file backup.
FortiSandbox can work directly through AWS Storage Gateway sync-ing data in S3 through NFS mount. By mounting a file share and mapping it to an Amazon S3 bucket using the AWS Storage Gateway, you can configure AWS S3 as the NFS or SMB network share for FortiSandbox malware analysis. In conjunction with the use of the Amazon S3 event notification feature, it also enables you to receive notifications when certain file events happen in the bucket and then to use the AWS Lambda function to queue the file sample to FortiSandbox for malware analysis.
There are some additional corner cases – such as preventing malware penetration in closed / Isolated networks – that can also be considered. Without an external malware signature, FortiSandbox is critical for its ability to perform zero day malware analysis.
This goal of this blog has been to highlight some of the possibilities available through the deployment of FortiSandbox within AWS, but it is not limited to just these options. FortiSandbox is a highly useful and flexible malware detection solution that allows you to extend advanced malware detection into your AWS environment for a single, unified view across your entire disributed network, from the core to the multi-cloud.
Special thanks to Hari, Jason, Damien and Scott for contributing the use case ideas.
For more information about FortiSandbox product offerings, please click here.
Explore all Fortinet-AWS solutions here.