Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide

    Graph examples

    Graph examples

    Lateral movement example

    The following example illustrates a graph for an EC2 instance with the potential risk of lateral movement.

    In this example, FortiCNAPP detects potential lateral movement when an SSH secret (on the original internet-exposed instance) can be used by an attacker to access additional instances.

    Region 1

    This region shows the IP address of the host with internet exposure.

    Region 2

    This region shows the following:

    • EC2 instance that can be accessed from the internet.
    • Number of vulnerabilities detected on the instance.
    • Number of compliance issues detected on the instance.
    • Number of alerts on the instance.

    Region 3

    This region shows the following:

    • An SSH secret on the original instance.
    • Other instances that can be accessed using the SSH secret on the internet-exposed instance.

    The information in this region highlights the potential lateral movement risk and the SSH key that could be used.

    Blast radius example

    The following example illustrates a graph for an EC2 instance with a potential compromise blast radius that includes high value storage assets.

    In this example, FortiCNAPP detects that an exposed EC2 instance can assume a role that can potentially be used to access Amazon S3, additional IAM roles, and AWS KMS.

    Region 1

    This region shows the load balancer and the IP address of the host with internet exposure.

    Region 2

    This region shows the following:

    • EC2 instance that can be accessed from the internet.
    • Number of vulnerabilities detected on the instance.
    • Number of compliance issues detected on the instance.
    • Number of alerts on the instance.

    Region 3

    This region shows the following:

    • The IAM role that the EC2 instance assumes to access the storage assets.
    • Amazon S3 buckets that can be accessed using the IAM role.
    • KMS secrets that can be accessed using the original IAM role.
    • Additional IAM roles that can be accessed using the original IAM role.

    The information in this region provides visibility into the blast radius of potential compromise and summarizes all of the high value assets that could be at risk.

    Previous
    Next

    Graph examples

    Graph examples

    Lateral movement example

    The following example illustrates a graph for an EC2 instance with the potential risk of lateral movement.

    In this example, FortiCNAPP detects potential lateral movement when an SSH secret (on the original internet-exposed instance) can be used by an attacker to access additional instances.

    Region 1

    This region shows the IP address of the host with internet exposure.

    Region 2

    This region shows the following:

    • EC2 instance that can be accessed from the internet.
    • Number of vulnerabilities detected on the instance.
    • Number of compliance issues detected on the instance.
    • Number of alerts on the instance.

    Region 3

    This region shows the following:

    • An SSH secret on the original instance.
    • Other instances that can be accessed using the SSH secret on the internet-exposed instance.

    The information in this region highlights the potential lateral movement risk and the SSH key that could be used.

    Blast radius example

    The following example illustrates a graph for an EC2 instance with a potential compromise blast radius that includes high value storage assets.

    In this example, FortiCNAPP detects that an exposed EC2 instance can assume a role that can potentially be used to access Amazon S3, additional IAM roles, and AWS KMS.

    Region 1

    This region shows the load balancer and the IP address of the host with internet exposure.

    Region 2

    This region shows the following:

    • EC2 instance that can be accessed from the internet.
    • Number of vulnerabilities detected on the instance.
    • Number of compliance issues detected on the instance.
    • Number of alerts on the instance.

    Region 3

    This region shows the following:

    • The IAM role that the EC2 instance assumes to access the storage assets.
    • Amazon S3 buckets that can be accessed using the IAM role.
    • KMS secrets that can be accessed using the original IAM role.
    • Additional IAM roles that can be accessed using the original IAM role.

    The information in this region provides visibility into the blast radius of potential compromise and summarizes all of the high value assets that could be at risk.

    Previous
    Next