Fortinet’s FortiAppSec Delivers Simpler Protection Across Environments
Application security today is anything but simple. From securing APIs to stopping bot attacks and staying compliant, organizations are juggling too many tools and not getting the visibility they need. Fortinet created FortiAppSec Cloud to solve that. In this conversation, Ben Zilberman explains how the solution brings these capabilities together and why it is a strong fit for partners.
Sydney: Let’s start with the basics. What is FortiAppSec Cloud, and how is it built to handle the complexity that comes with securing today’s modern applications?
Ben: FortiAppSec Cloud is a unified platform of application security services that we brought together to simplify operations and address the challenges customers and managed security partners face when protecting sensitive or business-critical web applications and the data they handle. It consolidates protections like a web application firewall, bot protection and DDoS mitigation, and it also provides operational benefits, including CDN and global server load balancing. Everything is under one roof with a single management interface, which makes it easier for customers and partners to stay in control of potential threats to their web applications.
Sydney: We know web apps and APIs are a major attack target. How is this solution helping customers stay secure without requiring a lot of extra tools?
Ben: Web applications and APIs are a common target because anyone can access them—a human being, a system or a device. From there, attackers can reach the sensitive data the application uses or stores, and if they want, move laterally into the organization’s network.
Think about your mobile banking app or a favorite shopping site. Those are prime targets because of the type of information they hold. Add to that the fast pace of the application development lifecycle, changes in application architecture like microservices and the fact that applications are spread across multiple environments. All of that adds complexity and blind spots. FortiAppSec Cloud provides the visibility and observability organizations and managed security providers need to stay on top of these potential threats.
Sydney: Let’s shift to the partner side for a moment. For MSPs and others helping customers navigate cloud security, why is FortiAppSec a strong opportunity, not just technically but from a business standpoint?
Ben: If I were a managed security service provider, I would want something that is easy to sell, easy to explain and easy to operate. If we, as the partner, carry the operational cost and have to provide professional services, it should be simple for us to adopt and simple to price so the customer understands what they are paying for and why.
FortiAppSec is consolidated, it covers the attack surface end to end, and the partner does not need to operate it themselves because Fortinet operates it around the clock. Pricing is straightforward—based on the number of applications and bandwidth.
We also have the FortiFlex licensing program, which gives customers flexible licensing. They can buy the credits they want and use them based on utilization, which helps optimize operational costs.
Sydney: You’ve talked about the opportunity this creates for partners. What are some of the real-world challenges this solution is helping them solve right now?
Ben: Customers expect managed security providers to deliver a high quality of service, but what does that really mean? They expect end-to-end protection for web applications and APIs. They expect coverage across malicious bots and attacks. FortiAppSec helps partners discover blind spots, shadow APIs, and make sure those are protected.
Second, compliance. We have the certifications customers need, and we help them prepare for audits and meet regulatory requirements.
Lastly, the SLA is important. If something happens, partners need to respond quickly and help customers work through the situation. With FortiAI now integrated into the tool, managed security providers can accelerate detection and response, understand the business context of an event and prioritize remediation and mitigation based on severity. All in all, it is a simple and effective tool for managed security providers to work with.
To learn more about how FortiAppSec can help you expand your security offerings and deliver more value to customers, visit Fortinet.com/products/fortiappsec.