Blogs

With the rise of cloud adoption and the pace of technological change, building a holistic security architecture has never been more critical to protecting an organization’s assets in the cloud.   In this blog post, we will explore the top five security principles  for safeguarding your cloud applications, which we shared in the webinar “The Top 5 Principles for Successful Cloud Security”.   At Fortinet, we are committed to helping our customers stay up to date with a comprehensive security strategy and the right tools to ensure their hybrid environment remains secure. Image 1 illustrates the five cloud security principles designed to guide your current strategy and deepen your understanding of the rapidly evolving cloud risks.   Image 1 – 5 Cloud Security pillar   1. Identity and Access Management   In today's cloud-centric environment, identities have become the new security perimeter. When you register with a cloud provider, a username and password are t

An in-depth look at how Fortinet’s FortiSOAR automation framework performs comprehensive security validation for newly deployed virtual machines—integrating with FortiEDR, FortiSIEM, FortiEMS, FortiPAM, NetBox/IPAM for asset assurance, and Nessus for vulnerability and compliance verification—to enforce enterprise-grade security hygiene and visibility.   A. Introduction In modern cybersecurity operations, VM deployment is merely an initiation point. The critical focus is on enforcing defense-in-depth and zero trust principles ensuring every new asset is seamlessly onboarded into the enterprise's security control plane across EDR, SIEM, PAM, asset inventory, and vulnerability scanning.   Manual validation creates security drift, expands the attack surface, and weakens compliance posture. To mitigate this, I developed an automated post-onboarding security control validation pipeline using FortiSOAR, orchestrating cross-platform integration with FortiEDR, FortiSIEM, FortiEM

  While AWS provides a strong foundation of native security tools, organizations often seek additional layers of protection to meet specific compliance, visibility, or threat prevention needs. This is where  FortiGate and FortiWeb solutions come into play. FortiGate is Fortinet’s flagship Next-Generation Firewall (NGFW) solution, designed to provide comprehensive, intelligent, and high-performance security for network whether on-premises, in the cloud, or across hybrid environments like AWS, offers advanced threat protection, secure VPN access, and deep traffic inspection, making it ideal for securing VPCs and hybrid cloud environments, for this scenario securing network traffic to and from fargate tasks by inspecting traffic at the VPC level, enforcing segmentation, and blocking malicious activity through deep packet inspection and threat intelligence. Meanwhile, FortiWeb is a specialized web application firewall (WAF) designed to protect web applications such as Fargate-hos

As more organizations transition to cloud-native architectures and container-based deployments, maintaining strong security becomes a critical priority. The dynamic and distributed nature of these environments brings unique risks that demand a comprehensive and adaptive security approach. Fortinet delivers a robust portfolio of tools tailored to meet these challenges offering deep visibility, granular control, and end-to-end protection across your cloud ecosystem. In this article, we’ll highlight essential areas of cloud security, such as source code and container vulnerability scanning, security best practices for Oracle Kubernetes Engine (OKE), and advanced FortiCNAPP features for Kubernetes workloads. We’ll also examine the role of FortiGate in monitoring outbound traffic and how FortiWeb Ingress Controller safeguards external-facing services. By implementing these strategies and leveraging Fortinet’s integrated solutions, organizations can significantly improve the security and res

As organizations increasingly adopt cloud-native applications and containerized environments, ensuring robust security becomes paramount. The dynamic nature of these environments introduces unique challenges that require comprehensive security strategies. Fortinet offers a suite of solutions designed to address these challenges, providing visibility, control, and protection across your cloud infrastructure. In this article, we will explore key aspects of cloud security, including code and container scanning, best practices for Azure Kubernetes Service (AKS), and advanced capabilities of FortiCNAPP for Kubernetes. We will also delve into the importance of monitoring egress traffic with FortiGate and securing ingress traffic with FortiWeb. By following these guidelines and leveraging Fortinet's solutions, organizations can enhance the security and efficiency of their cloud-native applications.   AKS Benchmark Best Practices   Azure Kubernetes Service (AKS) provides a managed Ku

In an era where networks are growing more complex and downtime is costlier than ever, traditional monitoring tools are no longer enough. IT teams are overwhelmed—not just by alerts, but by the sheer scale of infrastructure, they are expected to manage. That’s why the release of FortiAIOps 3.0 marks a pivotal moment for IT operations.   Blending advanced machine learning, deeper real-time analytics and predictive intelligence, this new release goes further—it delivers true operational intelligence offering context-aware insights across wired, wireless and SD-WAN infrastructure. Whether you're troubleshooting intermittent performance issues or preventing outages before they occur, FortiAIOps 3.0 is built to help IT teams move from reactive to proactive, from monitoring to autonomous remediation.   Let’s dive into what makes this release a game-changer!   FortiAI agent – The virtual network expert.   FortiAIOps 3.0 introduces a powerful new feature: the FortiAI Agent—a

Background   We are migrating existing Lacework customers from our current Lacework support portal (Zendesk) to the FortiCare support portal to service all support requests for the Lacework FortiCNAPP product. This migration doesn’t change how you access the Lacework platform—it only affects how support tickets are submitted.   While the existing users of the Lacework support portal have been migrated to FortiCare, they remain inactive by default. To enable support access in FortiCare, the "Master Account Owner" must complete the steps outlined below.   A Master Account Owner account is the administrator for an organization in FortiCare. This account was created for all Lacework customers who had an existing Lacework instance as of February 15, 2025. The Master Account Owner’s email address was provided to Lacework when the subscription was activated.   An Identity & Access Management (IAM) User is an individual identity created within the organization that

Azure virtual network terminal access point (TAP) provides the capability to encapsulate and mirror traffic to a network interface of an appliance or a load balancer fronting an appliance. For workloads deployed in Azure, where traffic inspection via a stateful device like an NGFW (Next-Generation Firewall) isn’t in place or isn’t feasible, leveraging the virtual network TAP solution provides visibility into network traffic without the need to rearchitect or reroute production traffic.   Leveraging virtual network TAP with FortiGate VM enables the following use cases:   Network visibility into the traffic that is sent and received by your workloads in Azure. Leveraging the IDS (intrusion detection system) capability on FortiGate VM helps detect network-based attacks such as DoS, DDoS, and port scanning, as well as malware and virus detection, ransomware, and data exfiltration. The capability to send these traffic logs to a centralized place, like FortiAnalyzer, t

On May 3rd, 2025, when you log in to http://support.fortinet.com, you will be greeted by a redesigned landing page, crafted to streamline your access to essential support resources.   Welcome to Our New Support Page! We are excited to introduce a brand-new landing page designed with you in mind. After listening to your feedback, we have simplified and streamlined the experience so you can easily find everything you need - whether it’s troubleshooting tips, guides, or answers to common questions.  This page is focused purely on the resources that help you get the answers you need, faster. No more hunting around, we have organized everything for a smoother, more intuitive experience. Smarter Support for You When you need help, we have got your back. For some of you in the UK and France, you will see that we have revamped the ticket submission page so that when you open a ticket, you will be presented with relevant solutions right away. These suggestions can help

The Benefits of FortiClient for Educational Institutions   Web Filtering For primary educational institutions child safety is paramount, including on-line safety, with the necessity for managing and controlling the types of content accessible to students. FortiClient offers web filtering profiles that allow administrators to block or allow access to websites based on categories and keywords. The web filter profiles can be applied to student grades or age groups through integration with directory services from Microsoft and Google. This helps create a safer online environment and prevents students from accessing inappropriate or distracting content. Extensive reporting, analytics, and alerting are available through fabric-connected FortiAnalyzer. This allows administrators or educators to obtain reports on web content visited and blocked, as well as insight into possible student cyberbullying and the risk of self-harm.   Zero Trust Network Access In a school environment

FortiAIOps 500G: Boosting Network Performance with Cutting-Edge AI-Powered Insights     In the ever-evolving landscape of network management, the integration of Artificial Intelligence for IT Operations (AIOps) has become a pivotal strategy for organizations aiming to enhance operational efficiency and proactive issue resolution. Fortinet, a leader in cybersecurity solutions, has taken a significant leap forward with the introduction of the FortiAIOps 500G (FAO-500G) appliance. This on-premises hardware solution is engineered to deliver unparalleled performance, seamlessly integrating AI-driven analytics into your network infrastructure.   Unveiling the FortiAIOps 500G Hardware     The FAO-500G is a dedicated hardware appliance designed to enhance network operations by leveraging artificial intelligence and machine learning. This appliance offers comprehensive monitoring, robust troubleshooting tools, and AI-powered insights to ensure optimal network performanc

Overview One of Fortinet customers, a tele-communication (telco) company in the Spain, has a large fleet of EC2 instances across multiple regions in Europe to meet customers’ demands and GDPR regulation. The telco company deploys application in to auto-scaling EC2 spot instances to save on cloud cost which makes it challenging to deploy persistent workload protection tool. They also use FortiGate-VM on AWS to deliver advanced threat protection and secure connectivity for EC2 instances, including antivirus capabilities through FortiGuard. It provides features like application control, malware protection, web filtering, and IPS. FortiGate-VM forwarded events to AWS Security Hub via FortiGate API integration. The telco company’s FortiGate-VM detected a wave of attack by un-authorized users using Rhysida ransomware. FortiGate-VM was able to block all of the traffic with Rhysida ransomware.   Incident Summary Attack Vector: Ransomware attack Impact: Non-critical peer-to-peer appl

Overview One of Fortinet customers, a large fintech organization, leverages TeamCity to deploy auto-scaling EC2 workload in their AWS environment. The customer builds new resources by automatically starting and stopping cloud-hosted agents on-demand, depending on the current build queue workload. They also use FortiCNAPP (Lacework) to protect their cloud native applications and resources. During periodic scan, FortiCNAPP discovered 10% of the EC2 workload from certain AMI images expose to CVE-2023-42793 which has the score of 9.8 where attackers had already deployed the publicly available exploit without authentication supporting remote code execution on the victim server using a basic web request to any accessible web server hosting the vulnerable application.   Incident Summary Attack Vector: CVE exploitation on AWS workloads Impact: Remote code execution for unauthenticated users, enabling access to critical applications running on EC2 Initial Entry Point: Application accessed

Overview   One large cooperative bank is tackling modern cloud security challenges head-on through a comprehensive digital transformation, migrating workloads from on-premises data centers to AWS. The bank is reinventing its digital and customer experiences through innovative new services, while enabling its remote workforce to securely and efficiently access private applications.   During this transition, the bank experienced a security incident involving a Server-Side Request Forgery (SSRF) attack in its AWS environment. The breach highlighted the risks of cloud-native architectures when combined with misconfigurations and legacy service settings. To contain the incident and strengthen their security posture, the bank engaged the Fortinet Incident Response (IR) Team, which conducted a full investigation using the Fortinet FortiCNAPP platform and delivered a comprehensive cloud security remediation plan.   Incident Summary   Attack Vector: SSRF vulnerability in a

Author: @kcheung  DNS: Overview & Threats DNS (Domain Name System) is integral to enterprise IT infrastructure, providing services for name resolution. Without DNS, an IT infrastructure is unable to look up a domain’s IP address.   Since DNS is available in many IT infrastructures, its role makes it a target for malicious activity. Enterprises must adopt layered defenses and monitor DNS activity to mitigate threats effectively.   DNS C2 commands can appear like normal DNS requests and thus make DNS based threats difficult to detect. Enterprise with firewalls that typically allow DNS traffic (port 53), hence use of a multi layered detection and response systems (Ex: EDR, NDR) is crucial in identifying threats. FortiNDR Cloud offers multiple levels of network-based DNS threats detections and response.   This blog will go deeper into how you can leverage them to understand, respond and mitigate any such threats and secure your organization’s network.   DN

Secure Connectivity for Mobile Fleets: FortiExtender Vehicle 211F By @PatVita | Director of Product Marketing, FortiExtender   If you’re a close follower of Fortinet product news, chances are you’ve heard rumors of a mobility solution coming to the FortiExtender family. I’m happy to say the wait is over: FortiExtender Vehicle is here.   Secure Connectivity for Mobile Fleets    Many IT teams struggle to service mobile fleets. Whether it’s a public safety, transportation, logistics, or the travel industry fleet, vehicles are unique in that they require secure connectivity to cloud applications but cannot leverage wired broadband. Adding point solutions creates complexity and risk for organizations. Mobile fleets cannot become another silo for enterprise IT. Secure connectivity for must be delivered within a digital platform alongside other areas of IT, such as OT, IoT and wireless access,   Enter FortiExtender Vehicle 211F