Fortinet Unfurls Cloud Security Risk Prioritization Service
At the AWS re:Inforce event, Fortinet today launched a cloud service that leverages a risk scoring algorithm that enables security teams to prioritize risks to cloud computing environments.
Vince Hwang, senior director for cloud at Fortinet, said the FortiCNP service is based on the Resource Risks Insights technology that Fortinet developed to surface those insights.
The first incarnation of FortiCNP is tightly integrated with a wide range of AWS services, said Hwang. It automatically triggers remediations to block threats identified by the FortiCNP service that continuously scans and monitors changes to cloud data using threat intelligence and tools provided by the FortiGuard Labs arm of Fortinet.
FortiCNP is also integrated with the existing Fortinet Security Fabric, a security mesh platform that Fortinet developed to centralize security management across distributed computing environments as well as third-party IT management platforms from ServiceNow and Atlassian, he noted.
The goal is to reduce the level of operational friction that cybersecurity teams currently encounter when securing cloud environments, said Hwang.
Automation is critical at a time when most cybersecurity teams are chronically understaffed, said Hwang. As the overall attack surface continues to expand and more application workloads are deployed in the cloud, cybersecurity teams will not be able to keep pace unless more processes are automated, he added.
In general, cybersecurity teams are being overwhelmed by issues—such as misconfiguration of cloud services—that all represent different levels of actual risk, noted Hwang. Most cloud services are provisioned by developers that tend to have a limited amount of cybersecurity expertise. That often leads to cloud services being misconfigured. Cybercriminals, of course, have become very adept at scanning for those misconfigurations. The FortiCNP service makes it easier for cybersecurity teams to identify which of those misconfigurations might represent a more critical threat than another based on the data exposed, said Hwang.
While cloud platforms are generally more secure than on-premises IT environments, the processes used to provision and deploy applications are frequently flawed. In the name of developer productivity, cybersecurity professionals often are not asked to review deployments of cloud applications. That puts cybersecurity teams in the unenviable position of being asked to ensure the security of cloud applications after they have already been deployed.
The degree to which that approach to deploying cloud applications will continue is debatable. In the wake of a series of high-profile security breaches, many organizations are embracing DevSecOps workflows to ensure the integrity of software supply chains, which typically includes a review of cloud application security before an application is deployed.
However, as long as humans are involved in the process, the odds are high that mistakes will be made. Cybersecurity teams will always need to review cloud security posture and remediate vulnerabilities whenever required. The hope is that as application development becomes more secure, the number of cloud application security issues that might be encountered will decline. Unfortunately, there are thousands of applications that have already been deployed. Cybersecurity teams are going to have to find a way to quickly remediate them at scale on an ongoing basis.
