Fortinet Expands FortiCNAPP Cloud Risk Management with Network, Data, and Unified Risk Context

SUNNYVALE, Calif., Jan. 27, 2026 (GLOBE NEWSWIRE) -- Fortinet^®, the global cybersecurity leader driving the convergence of networking and security, today announced new enhancements to that help organizations better understand and prioritize cloud risk beyond what is possible with many CNAPP solutions today. By correlating cloud configuration, identity exposure, vulnerabilities, network enforcement, data sensitivity, and runtime behavior in a single workflow, FortiCNAPP enables security teams to focus on the risks that matter most.

“Cloud security teams aren’t struggling because they lack data. They’re struggling because growing complexity, limited resources, and skills gaps make it harder to manage risk across cloud environments,” said Nirav Shah, Senior Vice President, Products and Solutions at Fortinet. “By unifying network enforcement, data sensitivity, and runtime validation within FortiCNAPP, we’re enabling customers move from alert overload to clear, prioritized action based real-world exposure and business impact.”

As organizations expand across hybrid and multi-cloud environments, security teams are often forced to piece together risk signals from disconnected tools, resulting in fragmented visibility and slower response. According to the Fortinet , nearly 70% of organizations cite tool sprawl and visibility gaps as the top barriers to effective cloud security. FortiCNAPP addresses this challenge by adding protection where it matters most for cloud security teams—across the network, data, and runtime layers of cloud environments.

Factoring Network Security Posture into Cloud Workload Risk

FortiCNAPP incorporates network-level protection context directly into risk evaluation, providing a more accurate picture of real exposure that many CNAPP solutions lack.

• Network-aware risk scoring: FortiCNAPP detects FortiGate solutions deployed along the internet-accessible path to cloud workloads and incorporates that protection directly into workload risk assessments, ensuring exposure is evaluated in the context of existing network enforcement.
• Reduced false urgency: Persistent protection context provides a more realistic view of risk and enables security and network teams to operate from a shared, consistent understanding of exposure.

Native Data Security Posture Management (DSPM) Adds Data Risk Context

FortiCNAPP enhances risk prioritization by directly incorporating data sensitivity and exposure, without requiring customers to move or export their data.

• In-place data risk visibility: Built-in DSPM identifies sensitive data, access patterns, and potential malware, while supporting privacy and data governance requirements.
• Business impact-driven prioritization: Risks affecting sensitive data are automatically elevated, helping teams focus remediation efforts on issues with the greatest potential impact.

Bringing Risk Signals together into a Unified Workflow

FortiCNAPP simplifies cloud risk operations by consolidating often siloed security signals into a single, actionable workflow.

• Unified risk management: Insights from cloud posture, infrastructure entitlement, vulnerabilities, DSPM, and network security posture into a single view.
• Runtime-informed prioritization: Validation of vulnerable code paths helps teams distinguish theoretical findings from active, exploitable risk.
• Faster remediation: Correlated context around configuration issues, identity exposure, vulnerabilities, network reachability, data sensitivity, and runtime behavior enables faster response with fewer tools.
  
  

Enabling More Context-Driven Cloud Security Operations

As cloud environments grow more complex, effective risk management requires understanding not just what is misconfigured or vulnerable, but whether protections are in place, what data is involved and the likelihood of real-world impact. With these enhancements, FortiCNAPP helps organizations reduce noise, improve decision-making, and align security efforts with actual exposure and available resources.

How Organizations Are Prioritizing Real-World Cloud Risk

Organizations are using FortiCNAPP to simplify cloud security operations and gain clearer visibility into risk across complex cloud environments by unifying network, data, and runtime context within a single platform.

“FortiCNAPP gives us visibility across identities, workloads, and vulnerabilities so we know exactly where risk exists and how to address it,” said Huy Ly, Head of Global IT Security & Infrastructure at Monolithic Power Systems. “It acts like a continuous auditor, helping us assess the health of our cloud environment at a glance, even without deep, hands-on cloud expertise. Combined with the Fortinet Security Fabric, FortiCNAPP helps us proactively reduce risk across our cloud operations.”

Additional Resources

• Read more about .
• Read more about the . 
• Learn more about the Fortinet .
• Visit  to learn about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.  
• Read about how  are securing their organizations. 
• Learn about , including its responsible product development and vulnerability disclosure approach and policies.
• Follow Fortinet on ,  , and . Subscribe to Fortinet on our  or .
  
  
  
  

About Fortinet

 (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The , one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with  from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. , Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at , the , and .

Copyright © 2026 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.