Securing a cloud-based system isn’t easy, especially if you don’t have dedicated security teams to support your operations. Just like any other system, prevention is key when it comes to safety.
Fortinet Cloud Native Protection (FortiCNP) simplifies cloud security operations and empowers security teams to take impactful, timely actions by utilizing deep integrations with a broad range of cloud security products, services, and technologies.
FortiCNP continuously monitors and tracks all security components, including configurations, user activities, traffic flow logs, and data storage uses in public cloud environments. Combining with out-of-the-box predefined policies, FortiCNP detects potential risk factors such as malicious traffic, suspicious user activities, configurations that contain vulnerabilities, sensitive data transmission (potential data leakage), and malware infections.
What makes FortiCNP so special is its agentless setup on your cloud-based system, providing a deeper look into your vulnerabilities from day one. FortiCNP’s patented Resource Risk Insight (RRI) enables security teams to focus on high-priority issues and take quick remediation actions.
Feature Highlights
1. Data Protection
2. RRI
3. Traffic Analysis
4. Event Driven Architecture
1. Data Protection
FortiCNP not only provides comprehensive configuration assessment to ensure security of data storage, but it also analyzes documents inside the storage objects to identify and monitor sensitive data and malware. Security admins can monitor and analyze sensitive data activity by drilling down document profiles from generated alerts to investigate data leakage in the environment.
You can see in the image below a S3 bucket with sensitive data and infected files.
2. Resource Risk Insight (RRI)
RRI brings context-based security alerts, correlates and normalize security alerts and findings from cloud native security controls and Fortinet security products to provide actionable insights, that help Security teams prioritize and manage their cloud workload risks.
You can see in the image below each resource has a Risk Score indicator.
You can drill down into details of each resource to see Configuration Risk, Threats, and Vulnerabilities tabs.
3. Traffic Analysis
FortiCNP continuously monitors and analyzes traffic flow, integrates with FortiGuard Indicators of Compromise (IOC) and Anti Botnet databases to detect compromised instances and malicious incoming traffic. In return it provides traffic flow in graphical view for quick investigation on network attack and analyzes traffic flow overtime.
FortiCNP integrates with VPC flow logs in AWS to have visibility of communication for deployed resources.
4. Event-Driven Architecture
FortiCNP uses a modern event-driven microservices architecture to trigger and communicate between services. When security events occur, producers publish them with messages. At the same time, FortiCNP consumes them through event listeners. Thus, the main benefits are scalability and increase performance.
AWS Services
According to the AWS Security Reference Architecture (SRA) it is recommended to turn on Services such as Amazon GuardDuty, Amazon Inspector and AWS Security Hub on all accounts across an AWS Organization. Not turning on these services across the entire organization is analogous to not having smoke detectors in some rooms in a house and security is always as good as your weakest link. Beyond turning on the services, the AWS SRA defines an architecture to aggregate security information across the entirety of an AWS organization and defines relevant concepts such as delegated administrators, security monitoring accounts, and finding aggregation regions. This document has a quick reference guide on how to enable the relevant services and establish security best practices in your organization.
The procedure below will guide you on how to enable GuardDuty across your organization.
1. Open AWS console and make sure you login with your admin organization account.
2. Open GuardDuty console at https://console.aws.amazon.com/guardduty/ or search for GuardDuty on search engine
3. Click on Get Started button.
4. Now you will be able to start the configuration of GuardDuty for your organization as you can see in the picture below.
5. To Enable GuardDuty inside your organization you will need have to delegated administrator account, this account will manage GuardDuty policy in your organization.
Copy the account ID of the delegated administrator in blank field, then click the Delegate button.
6. Make sure you get the confirmation at the bottom of the page.
7. You can now click on Enable GuardDuty button, to enable GuardDuty and you will see the configuration page below.
At this point you have defined a delegated GuardDuty administrator account and enable GuardDuty for this account.
Now, you will have to enable GuardDuty across your organization and add the existing accounts from your organization.
8. Click on Accounts link on the navigation pane.
9. You will see a very similar page to the one shown in the picture below.
10. Click on Enable button on the top to enable GuardDuty for your organization.
11. Click on Enable on to confirm it.
12. Congratulations. You have enabled GuardDuty for all the accounts inside your organization.
The procedure below will guide you on how to enable Inspector across your organization.
1. Open AWS console and make sure you login with your admin organization account.
2. Open Inspector console at https://console.aws.amazon.com/Inspector/ or search for Inspector on search engine
3. Click on Get Started button.
4. Now you will be able to start the configuration of Inspector for your organization as you can see in the picture below.
5. To Enable Inspector inside your organization you will need delegated administrator account, this account will administer Inspector in your organization. Copy the account id of the delegated administrator in blank field, then click on Delegate button.
6. Click on Delegate to confirm it.
7. You will have the confirmation at the top of the page that Inspector is enable.
At this point you have defined a delegated Inspector administrator account and enable Inspector for this account.
Now you will have to enable Inspector across your organization and add the existing accounts from your organization.
8. Click on the Account Management link on the navigation pane.
9. You will see very similar page as shown in the picture below.
10. Toggle Automatically Enable Inspector for new account, then click Save. Select all the existing account you want Inspector to be activated and click on Enable (all Scanning).
11. Congratulations. You have enabled Inspector across your organization.
The procedure below will guide you on how to enable Security Hub across your organization.
1. Open AWS console and make sure you login with your admin organization account.
2. Open Security Hub Service console at https://console.aws.amazon.com/securityhub/ or search for Security Hub on search engine.
3. Click on the Go to Security Hub button on the top right of your screen as you can see below.
4. Now, you will be able to start the configuration of Security Hub for your organization.
5. To enable Security Hub inside your organization you must delegate administrator for your sub account. These accounts will have Security Hub enabled and assigned to administer Security Hub for your organization.
6. Copy the account ID of the delegated administrator into the blank field, then click the Delegate button, as shown in the picture below.
7. Make sure you get the confirmation at the bottom of the page.
8. You can now click on Enable Security Hub button, and you will get the Security Hub configuration page.
9. On the top of the page you will receive 2 messages for enabling Security Hub for your organization and managing the findings from a single region.
10. Click on the Settings button and click Enable to activate Security Hub for all your organization.
11. Click on Enable to confirm it.
12. Now, you have to enable Security Hub across your organization.
13. Click on the Configure finding aggregation button on the top of the page.
15. Select US-WEST-2 for Global(US) or EU-WEST-1 for EU as the region of aggregation, and select all regions below.
15. Scroll down and click Link future Regions, and click Save.
16. Congratulations you have enabled Security Hub inside your organization.
Link References
FortiCNP Administration Guide
