FortiCWP
Cloud Security Analytics and Posture Management

Overview:

Organizations are embracing multiple public cloud platforms, resulting in increased complexity of management which impacts security and risk. Additionally, the built-in security tools that come with various cloud platforms are unique to each, compounding the challenge of consistently managing risk across all clouds in a multi-cloud world. This challenge renders security operations time consuming and ineffective. As the attack surface expands, organizations need to protect from not only from risks of configuration and management of the application elements themselves, but also from risks originating via cloud application programming interfaces (APIs) and UIs.

FortiCWP offers security administrators and DevOps teams the ability to evaluate their cloud configuration security posture, detect potential threats originating from misconfiguration of cloud resources, analyze traffic across cloud resources (in and out of the cloud), and evaluate cloud configuration against best practices. It enables the ability to manage risk throughout multi-cloud infrastructures, provides regulatory compliance reporting, and integrates remediation into the cloud infrastructure lifecycle automation framework.

Visibility and Insight for IaaS Workloads and Storage

FortiCWP is Fortinet’s cloud-native Cloud Workload Protect (CWP) service. FortiCWP hooks into the APIs provided by cloud vendors including AWS, Azure and Google Cloud Platform to monitor and track all security components, including configurations, user activity, and traffic flow logs. FortiCWP will also scan cloud scan data stores for sensitive or malicious content and it will produce reports on your environment’s compliance with common regulatory standards.

Equipped with predefined security policies out-of-the-box FortiCWP monitors the following security risks:

• Malicious Traffic
• Sensitive Data & Malware
• Suspicious User Activity
• Compliance Violations
• Vulnerabilities and Misconfigurations

FortiCWP Product Details

• Risk management enables security teams to focus on high priority issues and take quick remediation actions  
• Data security provides configuration assessments and analyzes documents inside cloud storage repositories
• Traffic analysis and investigation ensures visibility into all cloud resources to identify and monitor application traffic
• Threat detection and response delivers continuous threat monitoring across the entire security infrastructure
• Gain compliance reports for standards such as PCI, HIPPA, SOX, GDPR, ISO 27001, and NIST

Feature Highlights:

Using an API-based approach, FortiCWP is tightly integrated with leading IaaS providers to access usage and data stored in various clouds. FortiCWP gives IT security professionals the ability to scan provisioned cloud resource configurations, data and usage for potential threats, misconfigurations and compliance violations. This approach also ensures that all users of the organization’s IaaS resources are monitored and protected by FortiCWP no matter where they are or what device they are using.

Built from the “Fabric-up”, FortiCWP is designed for deep integration into the Fortinet Security Fabric to provide consolidated cloud usage management and reporting.

Central Visibility

FortiCWP provides central visibility and reporting for multi-cloud environments. FortiCWP provides dashboards, logs, and reports that make it easy to understand your security status at a glance. User activity, cloud resources, files and data, policies and much more can be centrally viewed. User activities can be displayed as a list or on a map. Relationships between resources are graphically displayed so administrators to quickly understand infrastructures of all monitored cloud accounts and so that the relationship between cloud resource instances and services can easily be understood.

On-Demand Data Scanning

Unlike a proxy-based service or hardware device, FortiCWP directly connects to the cloud provider to access data and files stored in an organization’s accounts. New information is validated against data leakage policies and scanned for threats. Existing information or “data at rest” is also scanned to ensure it meets business policies. If a business policy is updated, it can be easily applied to data stored in the cloud by the administrator.

User Insights and Policies

FortiCWP offers many tools to provide insights into user behaviors and their activities on cloud-based applications. Administrators can monitor usage as needed and have the ability to view user entitlements, dormant users, and conduct detailed configuration assessments.

Compliance and DLP

FortiCWP offers a highly customizable suite of data loss prevention tools that defend against data breaches and provides a set of predefined compliance reports. Using industry-standard regular expressions, FortiCWP can be configured for nearly any policy to meet data protection needs and provide tailored reports on DLP activities. For organizations that must meet compliance standards, FortiCWP offers predefined reports for standards including PCI, HIPPA, SOX, GDPR, ISO 27001, and NIST which allows organizations to generate compliance reports instantly for auditing teams, so policy violations can be identified remediated.

Threat Protection and Response

FortiCWP uses User Entity Behavior Analytics (UEBA) to look for suspicious or irregular user behavior. It also sends out alerts for malicious behavior. User and entity behavior analytics is a security process that monitors the normal actions of users. FortiCWP uses risk scoring techniques and advanced algorithms to detect anomalies over time.

Risk Assessment and Account Scores

FortiCWP’s deep risk assessment and continuous analysis solution enables security teams to focus on the highest priority issues, take quick remediation as well as utilizing auto fixing option to effectively manage and address risk. Actionable alerts enable organizations to prioritize response based on the severity of issues. To help assess risks, FortiCWP generates a security risk score.

FortiGuard Integration for Advanced Threat Detection

FortiCWP automatically includes award-winning FortiGuard antivirus services to scan files stored in the cloud. This service is at no extra cost to FortiCWP subscribers.

Configuration Assessments and Compliance Reports

FortiCWP performs hundreds of IaaS configuration assessments across the organization's global IaaS deployment on AWS, Azure, and GCP. FortiCWP identifies risks associated with the unsecure provisioning and configuration of cloud resources. Using the information that is gathered by continuously evaluating existing cloud configurations, FortiCWP generates compliance reports that list gaps from regulation requirements of supported reports. FortiCWP provides out-of-the-box policies for standards such as PCI, HIPPA, SOX, GDPR, ISO 27001, and NIST.

Features and Benefits:

Use Cases:

Screenshots:

FortiCWP continuously monitors and tracks all security components, including configurations, user activities, traffic flow logs, and data storage uses in public cloud environments. Combining with out-of-the-box predefined policies, FortiCWP detects potential risk factors such as malicious traffic, suspicious user activities, configurations that contain vulnerabilities, sensitive data transmission (potential data leakage), and malware infections.

Documentation:

Download the Fortinet FortiCWP Datasheet (.PDF)