Cloud security has long been facing a problem that adding more tools doesn’t fix: too many signals, too little context, and teams that end up prioritizing “what screams the loudest” rather than “what truly exposes the business.” With this in mind, Fortinet has announced new enhancements for FortiCNAPP, its cloud-native application protection platform (CNAPP), focused on correlating network, data, and runtime behavior into a single workflow.
The company’s message is straightforward: the challenge is no longer just “seeing” vulnerabilities or insecure configurations, but understanding which ones truly matter. To achieve this, Fortinet wants risk analysis to go beyond theory (a CVE, excessive permissions, or a misconfigured bucket) by incorporating the context that makes a difference in a hybrid and multi-cloud environment: Is the asset truly exposed to the Internet? What network controls are in place along the path? What types of data are involved? And is the risk practically exploitable?
A Fundamental Issue: The “Complexity Gap” in Cloud Security
The announcement aligns with a trend Fortinet has highlighted in its own market analysis: cloud growth outpaces the operational capacity of teams to secure it. In their 2026 Cloud Security Report, the firm notes that nearly 70% of organizations identify proliferation of tools and visibility gaps as top barriers to effective security. This dynamic results in a familiar scenario for many Security Operations Centers (SOCs): scattered alerts, shifting priorities, and a “manual correlation work” that consumes hours and doesn’t always reduce actual risk.
FortiCNAPP’s new capabilities are precisely presented as a response to this operational fatigue: instead of adding yet another console, the platform aims to unify signals (security posture, identities, vulnerabilities, network, data, and runtime) and translate them into actionable decisions.
Network Context: Scoring Risk as if the Network Matters
One of the most notable improvements is the explicit inclusion of network context in risk calculation. Many CNAPP approaches infer exposure from configuration and permissions alone, but fall short when it comes to answering basic production questions: Is this workload accessible from the Internet? Are there effective inspection or segmentation controls? Are there policies reducing the actual surface?
Fortinet claims that FortiCNAPP can detect the presence of FortiGate devices along the route to exposed cloud workloads and use that information as part of the asset’s “effective risk.” Practically, this aims to serve two purposes: reduce false alarms (vulnerabilities that seem critical but are mitigated by network controls) and align security and network teams with a shared understanding of risk.
In other words: if risk isn’t only about the CVE, but also about CVE plus exposure plus lack of controls, prioritization should reflect this sum… and not be the same across all cases.
Native DSPM: Prioritize Based on Data, Not Just Assets
The second key feature is native Data Security Posture Management (DSPM). The idea is clear: not all resources are equal, and not all incidents have the same impact.
Fortinet emphasizes that its integrated DSPM can identify sensitive data, access patterns, and potential malware indicators without moving or exporting data. From there, it can automatically elevate the priority when the risk affects critical information. This represents a significant practical shift: a misconfiguration in a service with “no relevant data” shouldn’t compete with a finding that risks personal, financial, or health data.
For teams, this brings technical language (misconfigurations, identities, vulnerabilities) closer to the language of the business (impact, exposure, sensitive data), often where many prioritization decisions stall.
Unified Workflow with Runtime Signals: Distinguishing Exploitable from Possible
The third component of the announcement centers on correlating signals and validating in runtime. In cloud security, the difference between “there’s a vulnerability” and “the vulnerability is exploitable in this context” is huge. Yet, often they are treated equally due to a lack of visibility.
Fortinet states that FortiCNAPP consolidates cloud posture signals, identity exposure, vulnerabilities, DSPM, network context, and adds runtime information to prioritize more accurately. The goal: differentiate mere findings from active or actually exploitable risks, accelerate response, and reduce reliance on disconnected tools.
Operationally, this points toward a common goal for many organizations: shift from “alert management” to “risk management,” with traceability and consistent criteria.
What Changes for a Security Team (If It Works as Promised)
If these enhancements translate well into daily operations, the benefits aren’t purely technical—they’re strategic. A SOC or cloud team can spend less time reconciling dashboards and more time on confident remediation. The “risk with context” approach reduces internal debates like “this is critical” vs. “this is mitigated” and speeds up decision-making—especially in multi-cloud environments where a shared view is often lacking.
There’s also an implicit message: in a world where cloud is continually fragmenting (vendors, accounts, regions, identities, managed services), a platform that better connects network, data, and action will have an advantage. Fortinet is betting on doing so within its own ecosystem, reinforcing the idea of unified security that minimizes tool sprawl and manual correlation work.
Frequently Asked Questions
What does FortiCNAPP add compared to a “classic” CNAPP in multi-cloud environments?
The key is prioritization with context: combining cloud posture, identities, vulnerabilities, network exposure, data sensitivity, and runtime signals to identify what risks are truly urgent.
What is DSPM and why does it matter for cloud risk prioritization?
DSPM (Data Security Posture Management) helps locate and classify sensitive data and assess its exposure. This enables automatic escalation of issues impacting critical information, ensuring they receive priority.
How does “network-aware risk scoring” help reduce false positives?
By incorporating network control context (e.g., enforcement mechanisms along the workload’s path), it avoids treating as equal a resource that’s theoretically exposed versus one that’s actually mitigated in practice.
Why is runtime context important in cloud vulnerability management?
Because it helps distinguish between “existing” vulnerabilities and “exploitable” or active vulnerabilities within a real environment, reducing noise and speeding up remediation where it matters most.
via: fortinet