Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, on 27th July 2022 announced FortiCNP, a new built-in-the-cloud offering that correlates security findings from across an organisation’s cloud footprint to facilitate friction-free cloud security operations. FortiCNP’s patented Resource Risk Insights (RRI) technology produces context-rich, actionable insights that help teams prioritise the remediation and mitigation of risks with the highest potential impact on cloud workload security without slowing down the business.
Also, it announced that Fortinet is an Amazon Web Services (AWS) Launch Partner for Amazon Guard Duty Malware Protection, which provides agentless malware detection capabilities across AWS data stores, disk volumes, and workload images. FortiCNP supports Amazon Guard Duty Malware Protection, delivering near-real-time threat protection with zero-permission capabilities to actively scan running workloads with no impact or delays to operations.
The rapid pace of cloud adoption as part of a hybrid IT architecture allows organisations to achieve faster time to market and increased responsiveness to customer needs. However, the cloud can increase overall security risk, which is often addressed by adding new security solutions to an organisation’s existing infrastructure. Each of these solutions comes with a litany of alerts that often require manual analysis and can quickly compound across an organisation’s cloud deployment.
“Without the proper tools, security professionals must manually sift through hundreds, if not thousands, of security alerts on a daily basis,” said Doug Cahill, Vice President, Analyst Services and Senior Analyst at Enterprise Strategy Group (ESG). “Inundated with alerts, teams can face decreased productivity, inefficient workflows, and security risks accumulating faster than they can be addressed. FortiCNP helps cut through the noise, pointing teams to the security alerts that matter most.”
Customers are already experiencing the benefits of FortiCNP’s approach to cloud-native risk management.
“FortiCNP gives us comprehensive cloud visibility with an intuitive dashboard that allows us to easily track risk management over time,” said Caio Hyppolito, Chief Technology Officer (CTO) at BK Bank. “Most importantly, it enables our team to focus on securing high-priority resources instead of spending time working through long lists of security findings. Integrations with the products we already have allow us to get even more value out of our deployment and allow broader visibility and easier, more proactive cloud security management.”
Partners are also leveraging FortiCNP to enhance their offerings.
“As an AWS Level 1 MSSP Competency Partner, Observian is dedicated to ensuring our service offerings support customers in building scalable, secure cloud deployments. Observian is thrilled to deliver a new service featuring Fortinet’s new Cloud-Native Protection solution, FortiCNP, with Observian’s trusted and proven managed detection and response services,” said Scott Plamondon, Co-Founder and VP of Architecture at Observian. “FortiCNP allows customers to easily integrate, more quickly operationalise, and immediately benefit from AWS’s native-cloud security services with more targeted and actionable alerts tuned to their needs and less noise. Our customers that rely on Observian’s Security Operations team will benefit from our ability to even better triage and report on those alerts 24/7.”
A defining feature of FortiCNP is integration with AWS security products and services, and the Fortinet Security Fabric, which helps organisations more effectively secure their cloud environments and maximise their cloud security investments.
“At AWS, we provide our customers with smarter tools to easily take action and mitigate risk faster,” said Jon Ramsey, Vice President (VP) AWS Security. “Security Partners like Fortinet with their FortiCNP offering built on AWS and integrated with our security services like Amazon Guard Duty give customers a choice to simplify and accelerate their cloud journey with cloud-native security services.”
FortiCNP delivers the following features that allow security teams to effectively manage risk in the cloud:
- FortiCNP Resource Risk Insights (RRI) leverages a patented risk score algorithm to contextualise security findings from Fortinet Cloud Security solutions and AWS products and services to provide teams with prioritised, context-rich, and actionable insights about resources that present the highest risk and need immediate attention.
- By analysing, correlating, and contextualising security findings from AWS cloud security services with FortiCNP, customers maximise the value and benefit from easy deployment capabilities offered by Amazon Guard Duty Malware Protection, Amazon Inspector, AWS Security Hub, AWS CloudTrail, and AWS Organisations.
- Integrations with Amazon Guard Duty Malware Protection leverage a zero-permission, agentless approach for detecting malware throughout the data supply chain by scanning cloud data stores, disk volumes, and workload images.
- Integrations with digital workflow solutions turn FortiCNP RRIs into intuitively actionable workflow tasks as part of the cloud infrastructure lifecycle.
- For customers utilising Fortinet Cloud Security solutions such as FortiGate-VM and FortiWeb, RRIs will be able to trigger stop-gap remediations to block high-impact threats.
- FortiCNP continuously scans and monitors changes to cloud data with industry-leading threat intelligence and content scanning powered by FortiGuard Labs.
FortiCNP will be continually expanded to ingest more types of cloud security findings to provide broader context across more cloud workloads. Enabling consistent workflows that scale security across the public cloud helps teams improve security coverage, productivity, and risk mitigation—at the speed of the cloud. Cloud-native integrations facilitate reduced friction from deployment through operations. With consistent workflows utilising cloud-native services across multiple clouds, security teams will no longer be required to master the intricacies of each cloud platform’s security service operational model. This will help security teams increase productivity by effectively working through cloud security backlog, mitigating risk, and quantifiably improving cloud security over time.
“FortiCNP is the latest example of Fortinet’s commitment to delivering Fabric solutions that extend enterprise security with cloud-native integrations,” said Vishak Raman, Vice President of Sales, India, SAARC and Southeast Asia at Fortinet. “We’re pleased to continue to deliver solutions that allow security professionals to transition from time-consuming triage and manual analysis processes to proactively securing their cloud workloads and easily understand their cloud security risk.”
Today’s announcement builds on Fortinet and AWS’ relationship to support customers in accelerating their journey to AWS. Fortinet has also been named an AWS Security Competency Partner, with FortiCNP serving as the latest example of Fortinet’s commitment to delivering purpose-built cloud security solutions that integrate with AWS products and solutions. Fortinet delivers one of the broadest sets of use cases with comprehensive security for AWS workloads including firewall, security gateway, intrusion prevention, and web application security. With flexible procurement options in AWS Marketplace, including contract and consumption offerings, and a range of available form factors, including Software-as-a-Service (SaaS), virtual machine (VM), container, and application programming interface (API) based protection, customers can address a broad variety of AWS security and procurement requirements to protect their AWS workloads.