Web Application and API Protection
FortiWeb is a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations. Using machine learning to model each application, FortiWeb defends applications from known vulnerabilities and from zeroday threats. High performance physical, virtual appliances and containers deploy on-site or in the public cloud to serve any size of the organization from small businesses to service providers, carriers, and large enterprises.
- Web Application Protection
Multi layer protection against the OWASP Top 10 application attacks including machine learning to defend against known and unknown attacks.
- API Protection
Protect your APIs from malicious actors by automatically enforcing positive and negative security policies. Seamlessly integrate API security into your CI/CD pipeline.
- Bot Mitigation
Protect websites, mobile applications, and APIs from automated attacks with advanced bot mitigation that accurately differentiates between good bot traffic and malicious bots. FortiWeb Bot Mitigation provides the visibility and control you need without slowing down your users with unnecessary captchas or challenges.
- Machine learning that detects and blocks threats while minimizing false positives
- Advanced Bot Mitigation effectively protect web assets without imposing friction on legitimate users
- Protection for APIs, including those used to support mobile applications
- Enhanced protection with Fortinet Security Fabric integration
- Visual analytics tools for advanced threat insights
- Third-party integration and virtual patching
Comprehensive Web Application Security
Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your web-based applications from the OWASP Top 10 and many other threats. FortiWeb’s first layer of defense uses traditional WAF detection engines (e.g. attack signatures, IP address reputation, protocol validation, and more) to identify and block malicious traffic, powered by intelligence from Fortinet’s industry leading security research from FortiGuard Labs. FortiWeb’s machine learning detection engine then examines traffic that passes this first layer, using a continuously updated model of your application to identify malicious anomalies and block them as well.
Fueling the digital transformation APIs have become increasingly popular, providing the backbone for mobile applications, automated business to business operations and ease of management across applications. However, with their popularity they also increase the attack surface with additional exposed application surfaces that organizations must secure. Fortinet’s FortiWeb web application firewall provides the right tools to address threats to APIs. FortiWeb integrates out of the box policies together with an automatically generated positive security model policy that is based on your organization’s schema specification (OpenAPI, XML and generic JSON are supported schemas) to protect against API exploits. FortiWeb schema validation can be integrated into the CI/CD pipeline, automatically generating an updated positive security model policy once the API is updated.
FortiWeb protects against automated bots, webs scrapers, crawlers, data harvesting, credential stuffing and other automated attacks to protect your web assets, mobile APIs, applications, users and sensitive data. Combining machine learning with policies such as threshold based detection, Bot deception and Biometrics based detection with superior good bot identification FortiWeb is able to block malicious bot attacks while reducing friction on legitimate users. With advanced tracking techniques FortiWeb can differentiate between humans, automated requests and repeat offenders, track behavior over time to better identify humans from bots and enforce CAPTCHA challenges when required. Together with FortiView, FortiWeb’s graphical analysis dashboard organizations can quickly identify attacks and differentiate from good bots and legitimate users.
Machine Learning Improves Detection and Drives Operational Efficiency
FortiWeb License multi-layer approach provides two key benefits: superior threat detection and improved operational efficiency. FortiWeb’s ability to detect anomalous behavior relative to the specific application being protected enables the solution to block unknown, never-before-seen exploits, providing your best protection against zero-day attacks targeting your application. Operationally, FortiWeb machine learning relieves you of time-consuming tasks such as remediating false positives or manually tuning WAF rules. FortiWeb continually updates the model as your application evolves, so there is no need to manually update rules every time you update your application.
FortiWeb’s machine learning accurately detects anomalies and identifies which are threats. Unlike prevailing auto-learning detection models used by other WAF vendors that treat every anomaly as a threat, FortiWeb’s precision nearly eliminates false positive detections and catches attack types that others cannot.