SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Story 297872
#
Firewalls
#
Data Protection
#
Hybrid Cloud

Fortinet enhances FortiCNAPP for unified cloud risk

Wed, 28th Jan 2026
Author image
By Mark Tarre, News Chief

Fortinet has expanded its FortiCNAPP cloud risk management product with new features that add network security posture, data security posture management, and runtime validation into a single risk workflow.

The company said the update correlates cloud configuration, identity exposure, vulnerabilities, network enforcement, data sensitivity, and runtime behaviour. It said this approach gives security teams a way to prioritise issues based on real-world exposure.

Fortinet positioned the changes as a response to the operational challenge of managing security across hybrid and multi-cloud environments. The company said security teams often use multiple tools to assess cloud risk. It said this approach creates gaps in visibility and slows down response.

Fortinet cited findings from its Fortinet 2026 Cloud Security Report. It said nearly 70 per cent of organisations identify tool sprawl and visibility gaps as the top barriers to effective cloud security.

"Cloud security teams aren't struggling because they lack data. They're struggling because growing complexity, limited resources, and skills gaps make it harder to manage risk across cloud environments. By unifying network enforcement, data sensitivity, and runtime validation within FortiCNAPP, we're enabling customers move from alert overload to clear, prioritised action based real-world exposure and business impact," said Nirav Shah, Senior Vice President, Products and Solutions, Fortinet.

Network context

Fortinet said FortiCNAPP now factors network security posture into its evaluation of cloud workload risk. The company said this aims to reflect whether network protections already exist on the path between the internet and a workload.

Fortinet said FortiCNAPP detects FortiGate products deployed along internet-accessible paths to cloud workloads. It said FortiCNAPP then incorporates that information into workload risk assessment.

The company also described what it called a "reduced false urgency" outcome. It said persistent protection context gives security and network teams a shared view of exposure.

Data posture

Fortinet also added native data security posture management features to FortiCNAPP. The company said the update incorporates data sensitivity and exposure in risk prioritisation. It said the system does not require customers to move or export their data.

Fortinet said the built-in DSPM function identifies sensitive data, access patterns, and potential malware. It said it supports privacy and data governance requirements.

It also said FortiCNAPP elevates risks that affect sensitive data. It said this approach changes how teams rank remediation work, based on potential impact.

Unified workflow

Fortinet said it has consolidated multiple security signals into one workflow in FortiCNAPP. It said the system now combines insights from cloud posture, infrastructure entitlement, vulnerabilities, DSPM, and network security posture.

Fortinet also highlighted runtime-informed prioritisation. It said the system validates vulnerable code paths. It said this process distinguishes theoretical findings from active, exploitable risk.

The company said the unified workflow correlates configuration issues, identity exposure, vulnerabilities, network reachability, data sensitivity, and runtime behaviour. It said this reduces the need for separate tools during investigation and response.

Customer view

Monolithic Power Systems uses FortiCNAPP in its cloud security operations, according to Fortinet.

"FortiCNAPP gives us clear visibility into our cloud environment, from identity permissions and workload configurations to operating systems and vulnerabilities, so we understand exactly where risk exists and how to address it. It acts like a continuous auditor, helping us assess the health of our cloud infrastructure at a glance, even without deep, hands-on cloud expertise. Combined with the Fortinet Security Fabric, FortiCNAPP helps us proactively protect our environment and reduce risk across our cloud operations," said Huy Ly, Head of Global IT Security & Infrastructure, Monolithic Power Systems.

Fortinet said the FortiCNAPP updates reflect a broader shift in cloud security operations towards risk prioritisation based on exposure context. The company said effective risk management requires understanding misconfiguration and vulnerability, and also whether protections exist and what data sits in the affected environment.

Fortinet said organisations using FortiCNAPP can expect more context in risk assessment across network, data and runtime layers in cloud environments.

Related stories
Arctic Wolf unveils Aurora managed endpoint tools for MSPs
Gartner warns misconfigured AI could halt G20 power
Okta warns of North Korean fraud in remote tech hiring
CBA warns young Aussies of fake job and dating scam losses
McAfee warns Australians of AI-fuelled Valentine scams

Top stories

Securing the digital classroom: A layered cybersecurity approach for K-12 schools
D-Link taps Dicker Data to grow converged security reach
LummaStealer returns post-takedown with ClickFix ruse
Proofpoint buys Acuvity to secure AI agents at work
Okta unveils tools to detect & govern shadow AI risks