SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Hybrid cloud security dashboard layers shields risk gauges modern
#
Firewalls
#
Data Protection
#
Hybrid Cloud

Fortinet boosts FortiCNAPP to sharpen cloud risk view

Wed, 28th Jan 2026
Author image
By Mark Tarre, News Chief

Fortinet has expanded its FortiCNAPP cloud risk management product with new features that add network security posture, data posture signals and runtime validation into its risk scoring and workflow.

The company said the changes target cloud risk prioritisation in hybrid and multi-cloud environments. Fortinet positioned the update as a response to growing operational complexity for cloud security teams.

"Cloud security teams aren't struggling because they lack data. They're struggling because growing complexity, limited resources, and skills gaps make it harder to manage risk across cloud environments," said Nirav Shah, Senior Vice President, Products and Solutions, Fortinet.

Network context

A central element of the update adds network enforcement context into workload risk evaluation. Fortinet said FortiCNAPP can detect FortiGate deployments along an internet-accessible path to a cloud workload. It then factors that information into risk scoring for the workload.

Fortinet said this approach reduces what it described as false urgency by treating protections already in place as part of the exposure assessment. It also said the change improves alignment between network and security teams by presenting a consistent view of exposure.

The network posture addition ties FortiCNAPP more closely to Fortinet's wider portfolio. FortiGate sits at the centre of many Fortinet network security deployments, particularly in perimeter and segmentation use cases across data centres, branch sites and cloud environments.

Data posture

Fortinet also added native Data Security Posture Management within FortiCNAPP. The company said the DSPM function identifies sensitive data, monitors access patterns and flags potential malware. It said the system does this in place and does not require customers to move or export data.

Fortinet said it uses data sensitivity to adjust risk prioritisation. It said risks affecting sensitive data receive higher priority in the workflow.

DSPM has become a growing area of focus for security teams as organisations expand data stores across cloud object storage, managed databases and data platforms. Many programmes struggle with incomplete inventories, inconsistent classifications and differing governance policies across business units and cloud providers.

Unified workflow

The update also adds runtime-informed prioritisation. Fortinet said FortiCNAPP can validate vulnerable code paths and distinguish theoretical findings from active, exploitable risk.

The company said FortiCNAPP consolidates signals from cloud posture management, infrastructure entitlement management, vulnerability findings, data posture and network security posture into a single view. It said this produces a unified workflow for cloud risk operations.

Fortinet cited its own research on the operational impact of tool sprawl. According to the Fortinet 2026 Cloud Security Report, nearly 70% of organisations cite tool sprawl and visibility gaps as the top barriers to effective cloud security.

"By unifying network enforcement, data sensitivity, and runtime validation within FortiCNAPP, we're enabling customers move from alert overload to clear, prioritized action based real-world exposure and business impact," said Shah.

Customer view

Monolithic Power Systems uses FortiCNAPP in its cloud security operations, according to Fortinet. The company's Head of Global IT Security & Infrastructure described how it applies the product across identity, configuration and vulnerability management.

"FortiCNAPP gives us clear visibility into our cloud environment, from identity permissions and workload configurations to operating systems and vulnerabilities, so we understand exactly where risk exists and how to address it," said Huy Ly, Head of Global IT Security & Infrastructure, Monolithic Power Systems.

"It acts like a continuous auditor, helping us assess the health of our cloud infrastructure at a glance, even without deep, hands-on cloud expertise. Combined with the Fortinet Security Fabric, FortiCNAPP helps us proactively protect our environment and reduce risk across our cloud operations," said Ly.

Fortinet said organisations increasingly need to weigh misconfigurations and vulnerabilities against protections already deployed, the data involved and likely real-world impact. The company said its latest FortiCNAPP enhancements place greater emphasis on correlating configuration issues, identity exposure, vulnerabilities, network reachability, data sensitivity and runtime behaviour in a single workflow.

Related stories
Virtual IT Group names Maurice McCarthy as chief executive
Mastercard tests first AI agent-led payments in NZ
The new rules of digital identity in ANZ: KYC & AML trends for 2026
Active exploitation seen in BeyondTrust access flaw
OpenAI unveils Lockdown Mode to counter prompt attacks

Top stories

Gallagher & M.C. Dean deepen global security pact
ExtraHop boosts agentic SOC with richer network insight
12Port adds AI session intelligence to agentless PAM
One Identity names Michael Henricks Finance & Ops Chief
QSIC boosts global in-store media reliability with Datadog