Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home 26.2.0 Administration Guide

    DSPM

    DSPM

    PREVIEW FEATURE: This section describes functionality that is currently in preview.

    FortiCNAPP DSPM continuously discovers, classifies, and monitors sensitive data across your cloud environments to reduce data exposure risk.

    Using Data Security Posture Management (DSPM) you can scan your cloud accounts for:

    • Credit card information.

    • Bank account information including IBAN and SWIFT numbers.

    • Personally identifying information (PII) including social security numbers and their variations for different countries, email addresses, phone numbers, and date of birth information.

    FortiCNAPP DSPM uses architecture similar to Agentless Workload Scanning to search for sensitive information in files in your AWS cloud account S3 Buckets or Azure cloud account blob storage. DSPM scanning applies pre-configured Data Policies that contain search criteria. In this version of DSPM you cannot view data policy search criteria. You also cannot edit data policies or create new data policies.

    Setting up DSPM and getting results from DSPM scans:

    1. Apply the DSPM Terraform AWS module (lacework/terraform-aws-dspm) or DSPM Terraform Azure module (lacework/terraform-azure-dspm) to integrate DSPM with your AWS or Azure cloud account.

    2. From the FortiCNAPP console, go to Settings > DSPM to view the cloud accounts that have been integrated with DSPM.

    3. Complete DSPM setup for these cloud accounts to configure DSPM options such as the regions to scan, the scan frequency, max file size to scan, and the AWS buckets or Azure blobs to scan.

    4. FortiCNAPP DSPM scans content using Data policies. You can go to Policy Manager > Policies > Data to view the pre-configured data policies. Each data policy includes a policy category and policy name that indicates the kind of sensitive data the policy scans for. The policy itself contains search criteria designed to find the type of sensitive data.

    5. Once DSPM is set up for a cloud account, FortiCNAPP scans the account according to the scan frequency. For a cloud account, the first scan runs within an hour of completing the DSPM setup. Scan frequency timing is also based on the initial setup completion time. The first scan checks all files the same size as or smaller than the max file size. Subsequent scans just scan new or changed files.

    6. It can take from 3 to 24 hours for scan results to appear in the FortiCNAPP console. You can view DSPM scan results from Risk Center Insights, Explorer, and Resource inventory.

    FortiCNAPP DSPM does not retrieve and store sensitive data. For some types of sensitive data (for example credit card numbers), DSPM includes anonymized masked versions of the sensitive data.

    Previous
    Next

    DSPM

    DSPM

    PREVIEW FEATURE: This section describes functionality that is currently in preview.

    FortiCNAPP DSPM continuously discovers, classifies, and monitors sensitive data across your cloud environments to reduce data exposure risk.

    Using Data Security Posture Management (DSPM) you can scan your cloud accounts for:

    • Credit card information.

    • Bank account information including IBAN and SWIFT numbers.

    • Personally identifying information (PII) including social security numbers and their variations for different countries, email addresses, phone numbers, and date of birth information.

    FortiCNAPP DSPM uses architecture similar to Agentless Workload Scanning to search for sensitive information in files in your AWS cloud account S3 Buckets or Azure cloud account blob storage. DSPM scanning applies pre-configured Data Policies that contain search criteria. In this version of DSPM you cannot view data policy search criteria. You also cannot edit data policies or create new data policies.

    Setting up DSPM and getting results from DSPM scans:

    1. Apply the DSPM Terraform AWS module (lacework/terraform-aws-dspm) or DSPM Terraform Azure module (lacework/terraform-azure-dspm) to integrate DSPM with your AWS or Azure cloud account.

    2. From the FortiCNAPP console, go to Settings > DSPM to view the cloud accounts that have been integrated with DSPM.

    3. Complete DSPM setup for these cloud accounts to configure DSPM options such as the regions to scan, the scan frequency, max file size to scan, and the AWS buckets or Azure blobs to scan.

    4. FortiCNAPP DSPM scans content using Data policies. You can go to Policy Manager > Policies > Data to view the pre-configured data policies. Each data policy includes a policy category and policy name that indicates the kind of sensitive data the policy scans for. The policy itself contains search criteria designed to find the type of sensitive data.

    5. Once DSPM is set up for a cloud account, FortiCNAPP scans the account according to the scan frequency. For a cloud account, the first scan runs within an hour of completing the DSPM setup. Scan frequency timing is also based on the initial setup completion time. The first scan checks all files the same size as or smaller than the max file size. Subsequent scans just scan new or changed files.

    6. It can take from 3 to 24 hours for scan results to appear in the FortiCNAPP console. You can view DSPM scan results from Risk Center Insights, Explorer, and Resource inventory.

    FortiCNAPP DSPM does not retrieve and store sensitive data. For some types of sensitive data (for example credit card numbers), DSPM includes anonymized masked versions of the sensitive data.

    Previous
    Next