Business & Technology
One of the top challenges affecting security teams today is solution sprawl resulting from rapid digital transformation. Nearly 60% of organizations have deployed 30 or more security tools across their organization, and almost a third have more than 50. This creates a logistical nightmare that can quickly overwhelm IT teams struggling to maintain an aggressive digital acceleration strategy. It's one of the reasons why, according to Gartner, 80% of organizations are executing or are focused on vendor and solution consolidation.
But while organizations may be actively trying to reduce complexity within their traditional security framework, the rapid adoption of cloud and the diversity in types of cloud workloads, inadvertently increases security complexity and friction within their cloud environments. Even when a version of an on-premises tool is deployed in the cloud, it often operates differently, reducing configuration and policy enforcement consistency. And when those tools aren’t cloud-native solutions, friction increases even further, adding complexity and overhead because the integration process requires cooperation from multiple stakeholders such as application developers, devops engineers and more.
While it is essential to deploy and manage network and application security products to protect cloud workloads, relying solely on these security controls may impact visibility as their security findings often lack context from the cloud control plane. Furthermore, the separate tools security teams have to manage can generate hundreds of alerts daily, which is effectively unmanageable. And a lack of context for these alerts makes them challenging to prioritize. As a consequence, security teams are forced to manually triage them, leading to alert fatigue and inaccurate prioritization. The result is cloud risks often accumulate faster than they can be resolved.
Because each cloud platform is unique, these issues are further compounded for organizations utilizing multiple cloud infrastructures. Every major cloud service provider (CSP) offers unique security services to help customers address their vulnerability management, threat detection, risk management, data security and audit needs. However, few security vendors offer solutions that integrate deeply with security services offered by different cloud providers. This makes it difficult for security teams to rationalize alerts, prioritize risks, and implement effective and timely remediation.
To address these challenges, Fortinet has launched a new cloud-native protection product, FortiCNP (Fortinet Cloud-native Protection), to provide customers with an effective tool to manage cloud security. FortiCNP gathers and correlates data across multiple cloud-native security services to pinpoint risks and recommend an effective mitigation plan.
By integrating with native security services offered by cloud platforms such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform alongside Fortinet Cloud security products such as FortiGate-VM and FortiWeb, FortiCNP collects, normalizes and correlates security findings from all these tools to create consistent security workflows across public clouds. Since FortiCNP is part of the Fortinet Security Fabric, customers can utilize cross-fabric capabilities such as FortiGuard Threat Intelligence and Fabric response workflows for stop-gap risk mitigation, and extend consistent security across on-prem and cloud environments.
Amazon Inspector, Amazon GuardDuty and AWS Security Hub provide customers the ability to easily and consistently enable vulnerability management, threat detection and security finding aggregation services across their entire AWS estate. Organizations can benefit from the ability of a tool like FortiCNP to consolidate and contextualize the wealth of security findings generated by these tools alongside the information generated by their virtual network firewalls and WAFs in order to focus their limited time on effective remediation activities. There is a clear opportunity to normalize and analyze the data produced by the various security tools used by organizations to protect their cloud workloads.
The ability to turn on AWS Enterprise Security Services like Amazon Inspector, GuardDuty and Security Hub across all AWS accounts in the customer’s organization with a click of a button provides customers the ability to gain deep security visibility across their entire AWS estate with minimal to no friction. This benefit is very unique as other tools that provide this level of visibility require agents to properly operate, and the implementation of agents is timely and creates a lot of friction between security and application teams.
FortiCNP has integrated with the newly launched Amazon GuardDuty Malware Protection service to help customers with malware protection without the need to deploy agents across their workloads. GuardDuty Malware Protection is another capability to help customers streamline security operations by making informed decision based on deep security visibility.
Despite security teams being required to handle large volumes of security data coming from multiple cloud security tools, they are not always experts in each and every tool. As a result, security teams often choose to forego implementing complete security coverage across their workloads. The ability of FortiCNP to consolidate information without compromising the depth and breadth of coverage is unique in the industry, and a tool that puts teams in a position where they never have to choose between security coverage and efficient operations.
FortiCNP supports the AWS Security Finding Format (ASFF) to normalize information generated by AWS Security Services and enhances the data structure of ASFF to further enrich information with findings from Fortinet security products. Following the ingestion, normalization, enrichment, correlation and scoring performed by FortiCNP, it provides customers with context-rich actionable insights that help secure cloud environments more effectively. FortiCNP calculates risk based on security findings generated by cloud-native and Fortinet security sources and then factors in customer-specific parameters that can indicate the importance of the specific workload. This produces a normalized risk score to prioritize high-risk resources. Together with context-rich actionable insights, security teams effectively mitigate risk by addressing highest-risk resources first. And at the same time, integrations with digital workflow solutions help automate and manage the mitigation and remediation process.
With consistent security workflows enabled across multiple environments, security teams no longer have to attempt to master the intricacies of each cloud security service to improve productivity; instead, they can now work more efficiently through security backlog across even the most complex multi-cloud environments. By scaling security from on-prem to the cloud, improving security coverage, productivity and risk mitigation, organizations quantifiably improve cloud security over time.
FortiCNP enables organizations to enjoy the benefits of quickly deploying cloud-native security tools across their entire cloud estate, while blending the visibility from these tools with the visibility from their Fortinet security tools for the cloud – all this without producing an overwhelming volume of data – but rather actionable insights. By using FortiCNP, organizations are empowered to maximize the value of their investments as they can now establish consistent, unified visibility and control while operationalizing their cloud security lifecycle across all their public cloud platforms. And as FortiCNP naturally expands the volume of data points it can leverage, it will continually improve its ability to analyze risk and provide deeper actionable insights to improve mitigation, reduce friction, and accelerate cloud adoption.
Get a free trial of FortiCNP at AWS Marketplace.