SOLUTION BRIEF

THE FORTINET SECURITY FABRIC FOR AZURE PROVIDES COMPREHENSIVE PROTECTION FOR MICROSOFT OFFICE 365

EXECUTIVE SUMMARY

Organizations that rely heavily on email for their business operation and see email as a key means of communication throughout the organization are aware of the possibility that email will spread malware and other threats throughout the Internet, as well as the risk the email threat vector imposes to organizations. Office 365 is a very popular email solution employed by organizations and offers a variety of email security functionality for deeper security The Fortinet Security Fabric for Azure provides broad, integrated, and automated protection across the organization—on-premises, across multiple clouds, and out to users and devices. For those using Microsoft Office 365, key Security Fabric elements should include a cloud access security broker (CASB) to extend on-network data security policies and enforcement to the cloud, a dedicated email security gateway to protect cloud-based email, and cloud-based sandboxing to prevent zero-day threats. Further, with a common user experience across security components, organizations are able to manage this added security with less effort.

The Fortinet Security Fabric, now available on the Microsoft Azure cloud, offers unprecedented visibility and protection from attacks targeting Office 365 email. Its detection of advanced threats by FortiSandbox, high-speed inspection of email traffic by using FortiMail, and its ability to control Office 365 at the API level using FortiCASB offer unrivaled protection for Office 365 mail systems. Built on the foundation of the flagship FortiGate Next-Generation Firewall (NGFW), which is also available to protect Azure cloud-based systems deployment, it is critical for today’s digital businesses to extend the insight and security of the Fortinet Security Fabric into cloud services like Microsoft Azure and Office 365.

LEVERAGE CASB FOR INTEGRATED PROTECTION

Office 365 provides API-based access to their SaaS application to enable CASBs to interact and support the management of security on SaaS applications. This allows FortiCASB to complement the built-in visibility of the Office 365 Admin Center, with additional options to assess and report on users, behaviors, and data stored in clouds like Office 365. More importantly, it also enables advanced FortiCASB functions to extend security policies and intelligence currently in use in other parts of the network—on-premises and across multiple clouds.

Specifically, with FortiCASB, Office 365 customers using OneDrive are able to:

nn Inspect content in transit or at rest for threats with the threat intelligence of FortiGuard Labs AV and FortiSandbox services

nn Monitor and ensure appropriate user behavior and entitlements

nn Identify and control authorized use of a wide range of sensitive data types, as defined by industry regulations or corporate policy

nn Discover and similarly control other cloud applications and infrastructure

nn Integrate with FortiGate, FortiAnalyzer, and FortiSIEM for a single view of security on-premises and in the cloud

ADD EXTRA PROTECTION FOR EXCHANGE ONLINE

Email is the delivery vehicle for 92.4% of all malware and 49% of successfully installed malware. Hence, ensuring that your organization’s email in Exchange Online is free of phishing, ransomware, business email compromise, and other threats is critical. At the same time, email can just as easily be used to improperly expose sensitive data. That’s where FortiMail running over Azure complements FortiCASB and the basic capabilities of Exchange Online Protection with:

nn Top-rated FortiGuard Labs security services including antispam, antivirus, sandboxing, content disarm and reconstruction, click protection, impersonation analysis, and more

nn Consistent data loss prevention technologies also available in FortiGate and FortiCASB

nn Robust, yet easy-to-use, identity-based email encryption technologies

nn Integration with FortiGate, FortiAnalyzer, and FortiSIEM for a single view of security

nn Open APIs for intelligence sharing across the Fortinet Security Fabric about multistage attacks that begin with an email

PROTECT FROM ZERO-DAY THREATS

Complement your established FortiMail and FortiGate defenses with the FortiSandbox two-step malware analysis approach. Suspicious and at-risk files are subjected to the first stage of analysis with Fortinet’s award-winning AV engine, FortiGuard global intelligence query*, and code emulation. Second stage analysis is

SOLUTION BRIEF: THE FORTINET SECURITY FABRIC FOR AZURE PROVIDES COMPREHENSIVE PROTECTION FOR MICROSOFT OFFICE 365

Mac:Users:susiehwang:Desktop:Egnyte:Egnyte:Shared:Creative Services:Team:Susie-Hwang:Egnyte:Shared:CREATIVE SERVICES:Team:Susie-Hwang:SB-Securing-Office-365-from-Azure:sb-securing-office-365-from-azure

Copyright © 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: +33.4.8987.0500

APAC SALES OFFICE8 Temasek Boulevard #12-01Suntec Tower ThreeSingapore 038988Tel: +65-6395-7899Fax: +65-6295-0015

LATIN AMERICA HEADQUARTERSSawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323Tel: +1.954.368.9990

September 13, 2018 8:52 AM

done in a contained environment to uncover the full attack life cycle using system activity and callback detection.

FortiSandbox works in conjunction with FortiMail as well as FortiCASB to fully automate protection against unknown threats delivered over email or via files residing in OneBox storage, respectively.FortiSandbox is a single, consolidated solution that integrates with firewall, web, client, and email deployments. The solution drives advanced threat protection (ATP) across the security architecture by serving as a zero-day intelligence hub. It instantly distributes zero-day threat intelligence to uncover known attack forms across all Security Fabric elements in the extended network—both on-premises and in the cloud. This real-time action enables automated defensive responses that shrink the windows of detection and containment.

WHY FORTINET?

There are plenty of third-party vendors to choose from, especially across multiple components like CASB, email security, and advanced

threat detection. There are three primary things that set Fortinet apart from the rest:

1. Only Fortinet delivers a consistent set of security controls across your on-premises network, email, and major cloud services. These include anti-malware and sandbox services to identify traditional and advanced threats, data loss prevention capabilities to secure sensitive information, and multi-factor authentication.

2. Those traditional and advanced threat protection capabilities have earned the most independent certifications and top ratings in the industry. Validated by Virus Bulletin, ICSA Labs, AV-Comparatives, NSS Labs, and more, Fortinet solutions provide the most rigorously tested security available, natively and via open API across your security infrastructure.

3. With a consistent user interface and administrative experience across all components, Fortinet reduces the time spent deploying, configuring, monitoring, and managing security for Office 365.

Recommendation Free Microsoft Component (E3 license) Value-Added Fortinet Components

Secure Content Office 365 Information Rights Management FortiGate, FortiMail, FortiCASB

Protect Against Threats Exchange Online Protection FortiGate, FortiMail, FortiCASB with FortiSandbox

Visibility, Control, and Protection Office 365 Admin Center FortiCASB

* Verizon, “2018 Data Breach Investigations Report,” April 2018.