Leveraging Fortinet solutions

for your MSSP advantage

Alexandru Talpeanu, Channel Systems Engineer
FortiWeb Cloud Service
Challenges of Web/API Security Management
Cyber threats take advantage of the disruption

Code Sophisticated Shadow and Alert

Vulnerabilities Threats Unknown APIs Fatigue

Multiple code modules (OSS, Endless stream of zero-day Organizations have limited Too many informational,
Custom code, IaC, attacks and application logic knowledge of their public contextless and false
Container), tool proliferation, attacks that do not have APIs even though API positive alerts
identifying risk and priority, signature protection traffic dominates
CI/CD integration

© Fortinet Inc. All Rights Reserved. 3

Consolidation of Protections

Web Protection
Machine Learning Powered OWASP Top 10 • Known Threats •
Zero day • Unknown Threats •
Web Application & API Security Sophisticated Attacks

Maximum Deployment Flexibility

SaaS-based, Appliance or VM

Minimize False Positives

Sophisticated techniques to
reduce false positives API Security BOT Mitigation
OWASP Top 10 • Injection Attacks • Account Takeover • Scraping
Excessive Data Exposure • Vulnerability Scanning •
Security Misconfig Known bots • Crawlers
Threat Analytics addresses alert fatigue
and speeds up alert security investigation

© Fortinet Inc. All Rights Reserved. 4

Seek Machine Learning to Target Anomalous Behavior
Traditional WAF Application Learning Detection

THREAT
DETECTION Known Issues/Limitations
• Blocking all anomalies leads
to high false positives
Application
All Anomalies
• Accuracy requires labor
Traffic intensive fine tuning
• Unobserved variations
trigger anomalies
BLOCKED
• Whitelisting characters used
✘ ✘ ✘ Blocked Request Traffic in attacks leads to threats
(with false positives) evading detection
Whitelist matching • Changes to application
= Normal Request using observed request
traffic during “learning require relearning
= Benign Anomaly windows”

= Threat

Allowed Request Traffic (with false negatives)

© Fortinet Inc. All Rights Reserved. 5

FortiWeb Employs Two Layers of Machine Learning

ANOMALY THREAT
DETECTION DETECTION

Application
Anomalies Threats
Traffic

BLOCKED

✘ ✘ ✘
Statistical probability Pattern analysis
= Normal Request analysis based on matching based on
observed application FortiGuard trained and
= Benign Anomaly traffic over time curated threat models

= Threat

Allowed Normal Request Traffic Normal and Benign Traffic

Reduce friction when deploying web applications!

© Fortinet Inc. All Rights Reserved. 6
Sophisticated Bots Use Human-like Behaviors

45% aren’t
confident they
can deal with
bots

© Fortinet Inc. All Rights Reserved. 7

Evolution of Bot Types

Simple Bots IP Agnostic Mimic Human Solve Captcha

Behavior

IP Reputation Threshold Detection Biometric Detection Artificial Intelligence

WAF
© Fortinet Inc. All Rights Reserved. 8
Advanced Bot Protection
API-Dependent Interconnected Services Create Blind Spots

42% of people
are not
confident they
know all of the
APIs in their org

© Fortinet Inc. All Rights Reserved. 9

API Security Use-Cases and FortiWeb Capabilities
API Discovery
and PII REST API
Catalog

Validate and
enforce
schemas and Anomaly Detection,
API endpoint limit HTTP methods
access

Preventing
data
exposure & Object Access Control, token security
MITM

Account
Takeover Advanced Bot Protection
and other bot
attacks

Mitigate
Denial of JSON/XML bombs
Service

© Fortinet Inc. All Rights Reserved. 10

Visibility and Threat Analytics

Simplify Threat Detection and Response

we
AI Po red

SOC

Speeds up WAF alerts Helps analysts Insights provide Ingests events from
security investigation focus on the most suggestions to harden across your entire hybrid
important threats - security based on findings cloud environments
alleviates alert fatigue

© Fortinet Inc. All Rights Reserved. 11

Powered by Cloud Delivered Threat Intelligence

FortiGuard Services

Web Application IP Reputation Sandbox Anti-botnet Antivirus Credential Stuffing

Security Defense

© Fortinet Inc. All Rights Reserved. 12

Unique Benefits of Fortinet’s Application Protection
Everybody wins – business value extends beyond security

Alleviate Operational Flexible Consumption, Part of the Holistic

Detection Accuracy
Workload Predictable Spend Security Fabric

(min. false positives)

© Fortinet Inc. All Rights Reserved. 13

FortiRecon
Know Your Weaknesses Before Your Adversaries Do
Challenges Facing Security Teams

Digital transformation Damages to brand

Attackers have Security teams
is expanding the perception impact
more resources are stretched
attack surface company value

• Threat actors constantly • Ever-growing IoT • Cybersecurity skills shortage • Market valuation
looking for ways into digital footprint • Firehose of information • Revenue and customer
your network • Dynamic cloud assets trust / loyalty
• New attack vectors
• Initial access sold to • Mergers & Acquisitions • Identity fraud prevention
ransomware gangs • New TTPs
• Business credibility

Urgent need to gain visibility of the entire attack surface and prioritize remediation

© Fortinet Inc. All Rights Reserved. 15

FortiRecon – Understanding Your Risk Posture

Digital Risk Prevention Service

Comprehensive view of all potential and
imminent internal / external risks for early,
actionable intel and fast response Pre-Attack Reconnaissance Weaponization Delivery Exploitation Installation Command Action on
& Control Objectives

Attack Surface Management

Internal & External
Continuous discovery and monitoring of Attack Surface Management
the internal & external attack surface

+
Brand Protection
Detect brand and identity impersonations, Brand Protection
website typosquatting, rogue applications

+
Adversary Centric Intelligence
Curated, actionable FortiGuard Labs Dark Web Monitoring
threat intelligence

© Fortinet Inc. All Rights Reserved. 16

 Internal and External ttack Surface Man
s A
Attack Surface Management inuou age
me
nt
nt
Co

Asset Discovery
Internal External

Avoid Blind Spots

in Security Monitoring
• Gain an adversarial view of your
complete attack surface Remediate Analyze &
Avoid Blind Spots in Security issues based FortiRecon Classify Assets
• External: Identify critical on
Monitoring
internet-facing issues which may prioritized recomme
ndations
be exploited for initial access
• Internal: Identify internal issues
Prioritize
which may be used for lateral remediation
movement and persistence based on active
threats
• Prioritize remediation according to
risk and exploitation status in the wild

© Fortinet Inc. All Rights Reserved. 17

FortiRecon External Attack Surface Management
Security Issues
Vulnerabilities /
Configuration Errors /
Exposed Services

Asset Discovery
Recommendations
Avoid Blind Spots in Security Comprehensive discovery of
i
assets, such as Domains / External Recommended
Monitoring IP / ASN / subdomains /
Attack Surface
actions
certificates
ç of the network Management
• Adversary view
• Identify critical issues
• Prioritize remediation
before exploitation
Change / Delta
Comparison
Comparison with previous
scanning results to identify
recent changes
© Fortinet Inc. All Rights Reserved. 18
Brand Protection (BP)

Brand Monitoring & Protection

Executive Domain Rogue Apps

Monitoring Threats Monitoring
Monitor high value targets’ Monitor domains for Track rogue
FortiRecon Brand personal information typosquatting, phishing, etc. mobile applications

Protection (BP)
detects web-based phishing
attacks, typosquatting, rogue
apps, credential leaks and brand
impersonation in social media,
Social Code Repo &
common techniques used by Media Phishing Storage Buckets
cyber threat actors. Monitor for malicious social Track phishing campaigns Identify cloud application
media accounts against brands misconfigurations & data leaks

© Fortinet Inc. All Rights Reserved. 19

Adversary Centric 1 Monitor & Collect

Intelligence (ACI) Darknet Pastebin / IM Social Media

Ransomware
Forums / Markets Technical IOCs
Activity

2 Assess 3 Actionable Intelligence

Executive Strategic
FortiRecon Adversary Management Decision Makers
Prioritize Analyze
Centric Intelligence (ACI)
provides contextual insights into
imminent threats to organizations Tactical GRC
and allow them to respond faster to Teams Teams
Validate Contextualize
incidents, better understand their
attackers and safeguard their assets.

4 Deliver
Delivered to customer through Flash Reports & Threat Reports via Customer Portal & Email

© Fortinet Inc. All Rights Reserved. 20

Security Fabric Integration

FortiGate FortiSOAR FortiSIEM FortiDAST Third-Party

Identify and control Response Enhanced visibility On-demand web app Asset and risk
exposed assets orchestration and fast analysis vulnerability scan discovery
(e.g., NAT) (e.g., PW reset) AWS
Azure
Google Cloud Platform
Rest API

© Fortinet Inc. All Rights Reserved. 21

 Do you understand what assets Do you have the resources to
you have exposed and what your actively track vulnerabilities
attack surface looks like? which may impact your business?

Do you have the Do you understand

resources to remediate the risks to organizations
issues that are identified? in your supply chain?
Why FortiRecon?

Do you have visibility Are you monitoring and

into how threat actors are attacking taking action against websites and
peers in your industry? applications spoofing your brand?

© Fortinet Inc. All Rights Reserved. 22

FortiMail Cloud
Email’s use as a primary threat vector…

BEC
36%↑ 15X ↑ 58%
10%↑
Percent of breaches Increased use of Percent of Business Email Percent of breaches
involving phishing, up from “Misrepresentation” in Social Compromise (BEC) attacks involving ransomware, up
25% YoY. Engineering-related that resulted in loss of from ~5% the prior year.*
incidents. money.

© Fortinet Inc. All Rights Reserved. 24

Introducing FortiMail

Comprehensive Protection

Cloud-based
Email
Validated Performance

Security Fabric Integration

On-premise
Advanced protection Exchange

against the full spectrum Powered by FortiGuard Labs

of email-borne threats.

Hybrid Email
Industry-Leading Cost to Performance

© Fortinet Inc. All Rights Reserved. 25

Comprehensive protection

SECURE INBOUND EMAILS SECURE OUTBOUND EMAILS DETECT BUILDING BLOCKS

Phishing/Spear/Whale Phishing Responses to malicious emails

Impersonation Intentional data exfiltration

Malicious Content
Business Email Compromise Data leak prevention

Advanced/Targeted Attacks Email encryption

Malicious Files
Email-based Ransomware Threats Man-in-the-middle attacks

Illicit/Adult Content
Malicious URLs
Spam

Deployment Types Operation Modes

API
Appliance VM FortiMail Cloud
Gateway Transparent Server O365 API

© Fortinet Inc. All Rights Reserved. 26

Operation modes
Gateway Mode (Cloud and Appliance)
Mail is delivered to FortiMail via MX, sanitized and forwarded to
destination mail server.

Microsoft 365 API Clawback (Cloud and Appliance)

FortiMail operates out-of-line, scans and claws back threats
directly from Microsoft 365 using the Graph API. Can also be
used in Gateway mode.

Server Mode (Cloud and Appliance)

FortiMail is deployed as a full mail server providing POP3,
IMAP, Webmail and calendaring in addition to security functions.

Transparent Mode (Appliance)

Physically located in the SMTP path. No configuration changes
required to the email infrastructure. Commonly used in the ISP
and Carrier environment.
© Fortinet Inc. All Rights Reserved. 27
FortiMail - inbound

Advanced multi-layer
security against:
• Known threats
• Suspected threats
Impersonation Analysis
• Unknown threats/Zero-days Cousin Domain Detection

• Impersonation attempts Click Protection

Outbreak Protection
• Business Email Compromise Behaviour Analysis
Content Disarm

SPF, DMARC, DKIM

Newsletter Greymail

FortiGuard URL Filtering

FortiGuard Anti-Spam
FortiGuard Antivirus

© Fortinet Inc. All Rights Reserved. 28

FortiMail - outbound

Advanced multi-layer
security against:
• Accidental disclosures
• Exfiltration
SIEM
• Man-in-the-Middle Attacks SOAR
Sandbox

Facilitate automated Dynamic Directory

and File
response workflows. Fingerprinting
Archival

Authentication
Privacy & Encryption
Anti-Virus
Content Disarm
Content Analysis

© Fortinet Inc. All Rights Reserved. 29

FortiMail Cloud
Manage it for us.
Cloud Gateway Premium with
Feature Cloud Gateway Cloud Gateway Premium
Microsoft 365 API Support
Managed Service (infrastructure) ● ● ●
99.999% Service availability ● ● ●
99.7% Spam detection rate ● ● ●
Advanced multi-layer malware detection ● ● ●
Inbound and outbound filtering ● ● ●
Integration with customer LDAP ● ● ●
Secure message delivery (TLS and DANE) ● ● ●
Message tracking ● ● ●
Virus Outbreak Service ● ● ●
Reporting ● ● ●
Content Disarm and Reconstruction ● ●
URL Click Protection ● ●
Impersonation Analysis ● ●
Cloud Sandboxing ● ●
Identity-Based Encryption (IBE) ● ●
Email Data Loss Prevention ● ●
Real-time scanning of Microsoft 365 mailboxes ●
Scheduled scanning of Microsoft 365 mailboxes ●
Post-delivery clawback of newly discovered email threats ● Inc. All Rights Reserved.
© Fortinet 30
Email continuity available with FortiMail Cloud

Email Continuity is designed to protect valuable productivity by providing emergency mailbox

services when organizations experience an outage in their email services.

Reduces recovery time to near zero

Mitigates the impacts of downtime Queues emails up to 30 days and is
as employees and users access
and keep end users productive available before or during an
queued email directly on FortiMail
during business outages. outage.
when email services are down.

© Fortinet Inc. All Rights Reserved. 31

Email continuity Productivity Cost = E x % x C x H

An outage of Microsoft 365 Exchange services affects three different organizations:

SMALL COMPANY MID-SIZED ENTERPRISE

E = # of Employees 250 2,500 10,000

% = 25% of their working productivity 25% 25% 25%
C = $75,000/2,080 hours = $36 per hour $36 $36 $36
H = 3 Hours 3 3 3

Productivity Cost (One Outage) -$6,750 -$67,500 -$270,000

Email Continuity Cost (List Price) $1,750 $17,500 $70,000

Email continuity is a fraction of the

Email continuity pays for itself Clear value for organizations using
cost associated with an outage of
within the first outage. Microsoft 365.
email services.

© Fortinet Inc. All Rights Reserved. 32

FortiSIEM Cloud
Customer Pain Points

Expanding Threat Landscape Lack of Visibility

▪ Multi-Vendor
▪ Understanding the IT Assets
▪ On and Off Prem environments
▪ Investigate new threats
▪ SaaS/IaaS
▪ Impacted Assets
▪ Remote Worker

Insider Threats Compliance

▪ What is normal for Users. ▪ Regulatory

▪ User Privileged Access to Data ▪ Internal
▪ Intentional or Unintentional ▪ Good Practice Adoption
exposing of information

© Fortinet Inc. All Rights Reserved. 34

 FortiSIEM

Real-Time Correlation
Threat Intel
Anomaly Detection Analytics Experience
UEBA, AI/ML Investigation

Detection Analyst Focus

Platform Context
Scalable Architecture Native CMDB
Software, Hardware, SaaS Operational & Security
Platform Multi-Tenancy Monitoring
Millions of EPS. Risk

© Fortinet Inc. All Rights Reserved. 35

Flexible Deployment Modes

FortiSIEM Cloud
FortiSIEM SaaS platform

Cloud (BYOL)
Full cloud deployment of FortiSIEM monitors
organizational assets from the cloud

Hybrid Cloud
FortiSIEM is deployed both on prem and in cloud to monitor onsite
and cloud assets

On Prem
FortiSIEM is deployed on prem to monitor onsite and cloud assets
© Fortinet Inc. All Rights Reserved. 36
 FortiSIEM Cloud Portal

Cloud Portal

Fully automated upgrade

Customizable
upgrade schedule

Configure IP ACL and

Certificates/DNS names

Add you own S3 external

storage

© Fortinet Inc. All Rights Reserved. 37

 FortiSIEM Cloud Architecture

On Premise

Supports hardware
Virtual Collector
and virtual Collectors
API Hardware
Collector
Deploy Collectors on
premise or in the Cloud
Virtual Collector API Virtual Collector
Collect logs from Cloud
Infrastructure Platforms
API
(AWS, Azure, GCP, OCI) FortiSIEM Cloud Roaming Users
with and without
Virtual Collector
Collectors*
API
FortiSIEM Agent – UEBA and Logs

*See FortiSIEM External System

Configuration Guide for details

© Fortinet Inc. All Rights Reserved. 38

 FortiSIEM Key Business Value

Scale-As-You-Grow Unified Platform Single Pane of Glass

• Scale Out Architecture • Reduce Complexity • Unify NOC & SOC functions
• Scale Licensing • Multi-Tenancy/MSSP • Comprehensive CMDB
• Virtual, HW and Cloud • Multi-Vendor Support • Performance and Security Monitoring

Improve Incident Detection Reduce Incident Impact Return-On-Investment

• Real-time Detection & UEBA • Reduce MTTR • Improve Analyst Efficiency

• Hunt Threats • Automate Responses • Reduce Risk & Impact
• Compliance Monitoring • Central Case management • Improve Compliance
© Fortinet Inc. All Rights Reserved. 39
 FortiSIEM Cloud
• Predictable licensing costs
Fortinet Cloud Service Customer

Online Archive External

Performance S3
Storage Storage Storage

▪ Size
for average EPS ▪ High Speed Storage ▪ Long term retention, ▪ Attach
your own AWS
and event size months or years S3 Storage
▪ Typically
for nearer
▪ Search Archive the ▪ FortiSIEMwill move
▪ Performance resources term queries. 30/60/90
same as Online without data from Archive to
are allocated by days. the need to restore your S3 Storage
Fortinet to ensure EPS data for querying
▪ Reduce cost for long
performance
▪ No extra charge for term storage
▪ Consistent experience queries
▪ Query data in Cold
▪ Burstable
within Storage via AWS
compute resources. Athena or 3rd party
solutions

© Fortinet Inc. All Rights Reserved. 40

 Key Integration Areas
Extensive Integration Across the Security Fabric

Threat External Security Fabric

External Devices Helpdesk FortiSOAR
Intelligence Authentication
FortiGate,
OT/IoT, Cloud, ServiceNow, Advanced Incident SAML, AD, FAC, FortiAnalyzer, FortiAP,
FortiGuard, FortiSOAR Application, Salesforce, Jira, Response 2FA(Duo), CyberArk FortiSwitch, FortiEDR,
TIM, VirusTotal, Vulnerability, ConnectWise, Orchestration FAC, Deceptor, ADC,
Anomali, Custom STIX Performance Custom FortiMail, NAC,
Sandbox, EMS, DDoS

© Fortinet Inc. All Rights Reserved. 41

Fortinet + Lacework:
Most Complete Cloud-Native
Application Protection Platform
(CNAPP)
THE INCONVENIENT TRUTH
50% of cloud identities are super admins, and cloud
workloads outnumber human users 10:1

Cloud has Source: Microsoft

Every 18-minutes a new CVE (common vulnerabilities and

broken the exposures) is published
Source: CVE.org

cybersecurity Ransomware will cost around $265 billion (USD)

annually by 2031, with a new attack every 2 seconds

status quo… Source: Cybersecurity Ventures

By 2027, 75% of employees will acquire, modify or create

technology outside IT’s visibility – up from 41% in 2022
Source: Gartner

68% of data breaches involve stolen credentials and

social engineering
Source: Verizon

© Fortinet Inc. All Rights Reserved. 43

CNAPP Market Drivers

Harden Security Posture

“By 2026, the combined market for infrastructure as a service (IaaS) and
platform as a service (PaaS) will reach around $550 billion, up from $180
billion in 2021.”

Secure Cloud-Native Applications

“By 2026, 40% of developers using AI code assistants will unknowingly allow
vulnerable code into the organizations’ software products.”

Continuously Detect Active Threats

By 2026, organizations prioritizing security investments via a continuous
threat exposure management (CTEM) program will suffer 67% fewer
breaches.

“By 2029, 60% of enterprises that do not deploy a unified CNAPP solution within their cloud architecture will lack
extensive visibility into the cloud attack surface and consequently fail to achieve their desired zero-trust goals.”

Gartner, Forecast Analysis, CSPM, Worldwide, 2023

Gartner, Cybersecurity Turbulence in 2024: 7 Forces That Will Threaten Your Organization’s Future
Gartner, Market Guide for Cloud-Native Application Protection Platforms, 2024
© Fortinet Inc. All Rights Reserved. 44
 On Premise v Public Cloud

On-Premise Public Cloud

Perimeter CLEAR, DEFINED NONEXISTENT

Change SLOW, STATIC FAST, DYNAMIC

ENDPOINTS, APIs,
Infrastructure PHYSCIAL SERVERS MICROSERVICES

SOLE RESPONSIBILITY, SHARED RESPONSIBILITY,

Security & Risk SECURITY DEVSECOPS

CONFINED TO DECENTRALIZED
Access LOGICAL NETWORK FROM ANYWHERE

© Fortinet Inc. All Rights Reserved. 45

 Evolution of Cloud and Security Challenges

IaC

Cloud Cloud
Services Kubernetes
Services

Virtual Cloud
Machines Services IaC
Virtual
Machines
Virtual
Machines
On-Prem
Services

Departmental Business Mission-Critical

Workloads Workloads Workloads

Early Adoption Advancing Hybrid/Multi Cloud Enterprise

Cloud Complexity applications, clouds, instances, permissions

Development Velocity code, commits, infrastructure, networks

Application Composition Open-source, complex ancestry

Code Responsibility Developers define containers, workloads, networks

© Fortinet Inc. All Rights Reserved. 46
 A Simple Cloud Deployment is Very Complex

Cloud
is Complex

• 200+ cloud services

(AWS only)

• Hundreds of sensitive
actions available

• Unlimited public IP space

• Services available to
non-expert developers

© Fortinet Inc. All Rights Reserved. 47

 Enter: Cloud-Native Application Protection Platform (CNAPP)
A Gartner coined term
API
Security

CDR CIEM
CNAPP:
"Cloud-native application Attack
protection platforms Surface
Mgmt
Serverless

(CNAPPs) are a unified and

tightly integrated set of
security and compliance Remediation CSPM

capabilities designed to
CNAPP
secure and protect cloud-
native applications across SCA
SAST Vulnerability
development and production." DAST

IaC
CWPP
Scanning
KSPM

© Fortinet Inc. All Rights Reserved. 48

 Lacework FortiCNAPP Core Capabilities
A unified platform for securing code-to-cloud

Code Deploy Run

• Scan code and APIs in • Assess cloud infrastructure • Continuously monitor for
development configuration exposures and sensitive data
• Address vulnerabilities, • Evaluate identities and their • Detect unusual behavior and
malware and misconfigurations permissions active threats
• Prevent deployment of • Prioritize risks with attack • Understand running processes
non-compliant applications path analysis and map network connections

Code security Cloud Configuration Runtime Protection

Static Cloud Cloud Cloud

Software Infrastructure Security
Application Vulnerability Infrastructure Workload Detection &
Composition as Code (IaC) Posture Mgmt
Security Testing Assessment Entitlement Protection Response
Analysis (SCA) Security (CSPM)
(SAST) Mgmt (CIEM) (CWP) (CDR)

© Fortinet Inc. All Rights Reserved. 49

 Effective Cloud-native Security Requires a Unified Approach
Lacework FortiCNAPP: Single platform that understands your environment from code to cloud

Ingest Resolve
Exploitable Risks Composite Risks
Comprehend
Attack Paths Risk Mitigation
Minimize and mitigate
Excessive
Users Misconfigs Entitlements Permissions risk with the least
amount of effort
Active
Vulnerability Secrets …
Vulnerability

Lacework Composite threats

Active Threats
FortiCNAPP
Compromised Threat
Credentials
Management
Cryptojacking Detect active threats
Connection Processes API Calls Automatically correlate data quickly and minimize
Baseline normal behaviors their impact
User Login Events … Ransomware
Identify deviations and anomalies

© Fortinet Inc. All Rights Reserved. 50

Creating Amazing Customer Outcomes

100:1 2 to 5 80%
Reduction in the Fewer cloud security Faster investigation of
number of daily alerts tools via consolidation incidents and alerts

90% 50% 0-Day

Reduction in manual Reduction in SIEM Detection of active
cloud security efforts data ingestion cost threats and attacks
© Fortinet Inc. All Rights Reserved. 51
 Discovery Questions

Prioritize and quickly Quickly find, investigate Operationalize better Achieve & Maintain
resolve risks and resolve threats security outcomes continuous compliance

“Tell me about the “How are you ensuring

“How are you gaining
“How do you detect biggest inefficiencies compliance with
visibility into cloud
unusual behaviors and that impact your cloud continually changing
resources and risks, and
active threats affecting security and security infrastructure and apps
prioritizing what teams
cloud workloads?” operations teams’ across your cloud
focus on first?”
effectiveness?” providers?”

© Fortinet Inc. All Rights Reserved. 52

Key CNAPP Tools & Terms
What? How? Why?
Monitors cloud-based systems for security risks and Customers need visibility to reduce
Security Posture Management : misconfigurations for Cloud infrastructure, Data, and Kubernetes. risks before they are exploited by
Cloud (CSPM), Data (DSPM), Kubernetes (KSPM) These once separate tools are now converging within CNAPPs. bad actors.

Cloud Workload Protection Continuous vulnerability assessment and threat detection Customers must quickly identify
for cloud workloads across hybrid and multi-cloud vulnerabilities and exploit attempts
Platform (CWPP) environments. on running workloads.

Infrastructure as Code (IaC) Automatically detects security and compliance misconfigurations Helps prevent cloud misconfigurations
for cloud infrastructure as code and can also automate the
Security / Policy as Code (PaC) remediation of non-compliant code.
from being deployed into production.

Static / Dynamic Application SAST analyzes source code in development to identify security Identifying security weaknesses before
weaknesses. DAST analyzes built and running apps to assess deployment prevents exploits and is the
Security Testing (SAST / DAST) how they react to various types of exploits. least costly method for improving security.

Software Composition Analysis (SCA) SCA addresses known vulnerabilities in third-party and open- Identifying known vulnerabilities at each
source code libraries. VA assesses libraries within container stage of the lifecycle is a fundamental
/ Vulnerability Assessment (VA) registries and VMs for known vulnerabilities. tenant of any security program.

Cloud Detection and Identifies and responds to anomalies and threats in cloud Identifying and mitigating threats in real-time,
environments with automated security measures and ensures security and compliance, and
Response (CDR) continuous monitoring. minimizes the impact to cloud environments.

Provides visibility of cloud identities and their permissions, Reduce risk of unauthorized access, limit
Cloud Infrastructure Entitlement identifies risky and dormant accounts, and automates identity the blast radius of compromised credentials,
Management (CIEM) policy changes for least privilege access. and comply with least privileged access.
© Fortinet Inc. All Rights Reserved. 53
Thank you!