A medical based services company was predominately utilizing public cloud based SaaS applications & creating their own cloud applications from development to runtime. In the absence of true native cloud security they were using a traditional based network & application level SIEM solution to monitor security events & alerts.
The company was noticing a large increase in the volume and frequency of alerts and the reports generated could not adequately point to root causes since the cloud services security often shielded some of the inner workings or information required to correlate the events.
FortiCNAPP (ex Laceworks) provided extra cloud based monitoring & security services in a single unified platform based on CSPM (Cloud Security Posture Management), CWPP (Cloud Workload Protection Platform), ASPM (Application Security Posture Management) & CIEM (Cloud Infrastructure Entitlement Management) to improve dashboard visualization & reduce the number or alerts and make correlation and root cause analysis simpler (thereby reducing false positives) and improving detection & containment rates. FortiCNAPP also discovered many 1000s of high severity misconfigurations thereby allowing the companies cloud configuration & developer teams an opportunity to fix service and API/code configurations. FortiCNAPP’s AI capabilities also assisted in event triaging & provided context to the alerts as well as remove any duplication of security & configuration related issues.
FortiCNAPP found issues with misconfigured runtime application code, in DNS records as well as tracked suspicious traffic activity towards s3 buckets within the cloud hence improving the quality & security of the Apps. The product also enhanced the security of the customer by recommending multi-faction authentication (MFA) in weaker protected applications.
