FortiGuard CASB Service
Ensure Safe Access to SAAS ApplicationsContact Us
The FortiGuard CASB Service – a dual-mode cloud access security broker (CASB) solution – provides security, scalability, and performance across SaaS applications, usage and data, using both inline and API-based CASB capabilities. The FortiGuard CASB Service is part of FortiSASE and Fortinet Zero Trust Network Access (ZTNA) solutions, offering cloud-delivered security to managed and unmanaged devices and locations.
API-based CASB is a cloud-native cloud access security broker (CASB) service that provides visibility, compliance, data security, and threat protection for cloud applications. It enables deep inspection and policy management for data stored in SaaS and IaaS applications.
The FortiGate ZTNA access proxy can be configured to act as an inline CASB by providing access control to SaaS traffic using ZTNA access control rules.
FortiSASE uses application control and SSL deep inspection to act as an inline CASB.
Managed location: When workers are at the office, the user request is traversed through the gateway which applies the right cloud security policy for accessing the app using the inline CASB.
Unmanaged location: When users are remote, both the inline and API CASB will be used to give protection to SaaS apps.
Managed user: Users who have FortiClient as part of ZTNA leverage inline CASB for app security.
Unmanaged user: Users with BYOD or no ZTNA/FortiClient client leverage API-based CASB for app security.
The strength of Fortinet's platform-driven approach is to enable coordinated workflows including response while customers benefit from a globalized network effect across Fortinet’s worldwide install base. The FortiGuard CASB Service portfolio is integrated into the following Fabric solutions:
Evaluate application usage spikes to determine risk and ensure that corporate data is being handled safely.
Use reporting for frameworks such as SOX, GDPR, PCI DSS, HIPAA, NIST, and ISO 27001 to provide visibility into policy violations for eventual remediation.
Defend against data breaches with a highly customizable suite of data loss prevention (DLP) tools, plus leverage a set of predefined compliance reports.
Block malware from being uploaded or downloaded via SaaS applications and quarantine suspicious files.
Specify the list of tenants that users are permitted to access with tenant restrictions. This can be enforced from managed and unmanaged locations.
Provide administrators with usage information for all sanctioned and unsanctioned (shadow IT) cloud applications to help enforce policy-based access controls.