At the AWS re:Inforce event, Fortinet today launched a cloud service that uses a risk scoring algorithm that enables security teams to prioritize risks in cloud computing environments.
Vince Hwang, senior director for cloud at Fortinet, said the FortiCNP service is based on the Resource Risks Insights technology developed by Fortinet to provide those insights.
The first incarnation of FortiCNP was tightly integrated with a wide range of AWS services, Hwang said. It automatically triggers remediations to block threats identified by the FortiCNP service that continuously scans and monitors changes in cloud data using threat intelligence and tools provided by Fortinet’s FortiGuard Labs arm.
FortiCNP is also integrated with the existing Fortinet Security Fabric, a security mesh platform developed by Fortinet to centralize security management in distributed computing environments as well as third-party IT management platforms from ServiceNow and Atlassian, said he.
The goal is to reduce the level of operational friction that cybersecurity teams currently face when securing cloud environments, Hwang said.
Automation is critical at a time when most cybersecurity teams are chronically understaffed, Hwang said. As the overall attack landscape continues to expand and more application workloads are deployed in the cloud, cybersecurity teams won’t be able to keep up unless more processes are automated, he added.
In general, cybersecurity teams are overwhelmed by issues—such as misconfiguration of cloud services—that all represent varying degrees of actual risk, Hwang said. Most cloud services are provided by developers who tend to have a limited amount of cybersecurity expertise. This often leads to cloud services being misconfigured. Cybercriminals, of course, have become very good at scanning for those misconfigurations. The FortiCNP service makes it easier for cybersecurity teams to identify which of those misconfigurations may represent a more critical threat than another based on the data exposed, Hwang said.
Although cloud platforms are generally more secure than on-premises IT environments, the processes used to provision and deploy applications are often flawed. In the name of developer productivity, cybersecurity professionals are often not asked to review deployments of cloud applications. This puts cybersecurity teams in the unenviable position of being asked to ensure the security of cloud applications after they are deployed.
The degree to which that approach will continue to deploy cloud applications is debatable. Following a series of high-profile security breaches, many organizations have embraced DevSecOps workflows to ensure the integrity of software supply chains, which typically include a cloud application security review before deployment an application.
However, as long as humans are involved in the process, the possibility of error is high. Cybersecurity teams will always need to assess the cloud’s security posture and fix vulnerabilities when necessary. The hope is that as application development becomes more secure, the number of cloud application security issues that may be encountered will decrease. Unfortunately, there are thousands of applications already deployed. Cybersecurity teams need to find a way to quickly solve them at scale on an ongoing basis.