Data Sheet

FortiAppSec Cloud
Web and API Security, Availability, and Performance

Highlights

• Comprehensive
Application Security:
Advanced protection
against OWASP Top 10
Comprehensive application security and
and bot-based attacks performance optimization across environments
using advanced AI/ML
techniques
• Application Delivery:
Accelerates content The Fortinet FortiAppSec Cloud platform combines
and enhances user
experience with full CDN advanced web application firewall (WAF), API security,
and advanced GSLB
capabilities Advanced Bot Protection, Global Server Load
• Threat Analytics:
Balancing (GSLB), and Threat Analytics into a single,
Addresses alert fatigue
and speeds up alert unified platform. This all-in-one solution delivers
security investigation
• Unified Management: robust application security, enhanced performance,
Manage security, traffic,
and insights from a single, and operational simplicity for web applications,
intuitive dashboard
• Visibility 360: Gain
ensuring seamless protection, visibility, and
complete application optimization under a unified management interface.
security and monitoring
insights for proactive
threat response

1
 FortiAppSec Cloud Data Sheet

Challenges
Key Benefits The shift to multi-cloud and hybrid cloud environments has created new challenges for
organizations. As businesses expand their online presence, using more of web applications and
APIs, the attack surface grows, increasing the complexity of managing consistent application
security. Sophisticated cyber threats, such as OWASP Top-10 vulnerabilities, zero-day attacks
(some of which are generated by LLM), and bot-driven fraud, target critical web assets,
Lower TCO
exposing organizations to data breaches and service disruptions.

Traditional security measures often struggle to keep up with these evolving threats, leaving
gaps that cybercriminals eagerly exploit. Compounding the issue, traffic management across
global data centers and hybrid cloud environments adds another layer of complexity, with
Operational Efficiency organizations needing to ensure both optimal performance and security for users across
diverse regions. This fragmented approach results in inconsistent security policies, reduced
visibility, and greater operational complexity.

Optimization The Fortinet FortiAppSec Cloud

Platform addresses these
challenges by providing an
integrated solution that ensures
that organizations can not only
Traffic Shaping
protect their applications from
modern threats but also gain real-
time insights into security events
and performance metrics, enabling
proactive risk management
Threat Detection
and Response across hybrid and multi-cloud
environments.

The Need for Solution Consolidation

Web applications and APIs are integral to modern business, but they also introduce new
security risks that cybercriminals can exploit. As organizations scale their applications
across hybrid and multi-cloud environments, more applications and APIs are being deployed,
complicating the ability to consistently secure data in transit or at rest. Consequently, security
gaps emerge, and organizations are exhausted by the growing number of security solutions
they need to not only master but also synchronize. The increasing difficulty in protecting
sensitive data and delivering optimal user experiences pushes them toward unified platforms.

Delivered as SaaS, the Fortinet FortiAppSec Cloud Platform consolidates essential application
delivery and security services, simplifying management, delivering robust protection, and
allowing centralized visibility, consistent security policies, and optimized traffic management
across distributed environments. This integrated approach reduces the complexity of
managing multiple solutions while strengthening security and improving the performance of
applications and APIs globally.

2
FortiAppSec Cloud Data Sheet

Use Cases
Comprehensive Web and API Security, Including Advanced Bot Protection
FortiAppSec Cloud offers robust Web Application Firewall (WAF) and API security,
complemented by Advanced Bot Protection, which detects and blocks sophisticated bot
behaviors to different legitimate users from automated attacks. This use case is ideal for
organizations looking to secure web applications and APIs while preventing bot-driven fraud
and abuse.

Optimized Global Traffic Management with Enhanced Security

The FortiAppSec Cloud Platform uses Global Server Load Balancing (GSLB) to dynamically
route traffic across multiple data centers, ensuring high availability and optimized performance,
while WAF and API security protect the application layer from vulnerabilities. This solution is
especially effective for organizations needing to deliver secure and optimized content globally
with integrated protection.

Multi-Cloud and Hybrid Application Deployment

FortiAppSec Cloud ensures consistent security policies across all environments, with
global load balancing to distribute traffic efficiently between clouds and data centers. This
deployment is particularly useful for ensuring high availability and failover, guaranteeing
application uptime even during outages or regional disruptions.

API Protection for Microservices Architectures

FortiAppSec Cloud ensures that API traffic is protected against common threats, such as
injection attacks or API-specific vulnerabilities, with advanced security measures like deep
packet inspection. API discovery helps identify and catalog APIs across environments to ensure
comprehensive protection. Combined with bot protection, this solution safeguards APIs from
being exploited by automated attacks, ensuring business continuity and integrity in modern
application designs.

Proactive Threat Monitoring and Analytics

With Threat Analytics, organizations gain real-time visibility into potential threats, anomalies,
and incidents across their cloud infrastructure. By integrating threat intelligence and security
event monitoring into the FortiAppSec Cloud platform, customers can proactively respond to
emerging threats and mitigate risks before they impact critical applications.

3
FortiAppSec Cloud Data Sheet

Features and Capabilities

Web Application Firewall (WAF) and API Security
• Zero day attack protection: dual machine learning to detect and eliminate emerging threats
and AI-generated exploits
• Eliminate False Positives: Traffic is analyzed and scrubbed of threats before reaching your
applications, ensuring only safe traffic is delivered
• OWASP top 10 Security Risks: Shield your web applications and APIs from attacks targeting
the OWASP Top-10 risks to web applications and secure any vulnerabilities
• Automated Updates: Integrated with FortiGuard Labs for real-time threat intelligence,
ensuring the latest protection against evolving threats
• Simplified Configuration: Configure and manage WAF policies through a user-friendly
interface with minimal resource investment

Advanced Bot Protection

• Behavioral-Based Detection: Biometric and behavioral analysis to detect sophisticated,
human-like bot behaviors, ensuring real users can access your applications without
disruption
• Device Fingerprinting: IP-agnostic profiling of user devices with advanced fingerprinting
techniques to block bot attacks using browser or IP rotation
• Crawler Detection: Identify and block unwanted web crawlers, scrapers, and other
automated threats compromising sensitive data
• Historical and Real-Time Analytics: Access real-time and historical traffic monitoring and
bot-related insights for enhanced decision-making
Please refer to the relevant datasheet for more information:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiguard-ad-bot-protect.pdf

4
FortiAppSec Cloud Data Sheet

Global Server Load Balancing (GSLB)

• DNS-Based Load Balancing: Distributes application traffic across multiple data centers and
server pools, enhancing availability and resilience
• Geographic Traffic Distribution: Use Geo-IP and server health metrics to dynamically route
traffic to the nearest or best-performing data center
• One-Click Integration: Easy integration with FortiWeb Cloud, ensuring that both security and
load balancing are managed within the same platform
• High Availability: Ensure continuous application availability even during regional outages or
spikes in demand
Please refer to the relevant datasheet for more information:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigslb.pdf

5
FortiAppSec Cloud Data Sheet

Threat Analytics
• Identify Hidden Attack Patterns: AI-based event-correlation and analysis of attack patterns
to reveal adversarial campaigns that are likely to go under the radar
• Real-Time Visibility Across the Application Infrastructure: Monitor security events in real-
time across all applications and infrastructure, providing actionable insights into potential
attacks and vulnerabilities
• Proactive Incident Response: threat intelligence and automated response workflows to
quickly mitigate risks before they impact operations
• Centralized Dashboard: Consolidate security data and performance metrics in a single view,
simplifying monitoring and decision-making across hybrid and multi-cloud environments
• Reduce Alert Fatigue: Let Threat Analytics AI compile multiple alerts into a handful of
meaningful incidents, helping organizations prioritize and respond to threats more efficiently
Please refer to the relevant datasheet for more information:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortinet-threat-analytics.pdf

6
 FortiAppSec Cloud Data Sheet

License Options
Standard Package: Includes core WAF and API security features to protect against common threats.

Premium Package: Offers advanced WAF features, expanded bot protection capabilities, and GSLB for enhanced load balancing
and security.

Feature Category Standard Premium Feature Category Standard Premium

Web Application Protection Application Delivery
Signature based Protection   SSL Certificates - Automatic and Custom  
IP Threat Intelligence   Client Authentication\Mutual TLS 
GEO-IP Intelligence   Content Delivery Network (CDN)  
Custom Security Rules   Limited GEO CDN  
HTTP Compliance   Load Balancing and Server Health Monitoring  
URL, Parameter and CORS Protection   Origin Server Content Routing 
Cookie Protection   Waiting Room 
Information Leakage   Global Server LB
AV for File Uploads   DNS Load Balancing Available Available
Sandboxing for File Uploads  Separately Separately

Zero Day Attack Protection - Machine Learning  DNS Services + DNSSEC Available Available
based Anomaly Detection Separately Separately
Health Check (Synthetic Testing) Available Available
API Security
Separately Separately
Schema Enforcement (OpenAPI, XML, JSON)  
DAST Scanning
API Gateway 
Vulnerability Assessment Available Available
Mobile API Protection  Separately Separately
Machine Learning based - Discovery, PII  API Scanning Available Available
Catalog, Protection Separately Separately
Client Security Reporting and Analytics
HTTP Header Protection   Attack Logs  
CSRF and MiTB Protection   Alert Notifications  
Bot Defense SIEM Integration  
Signature, Threshold, Biometric and Deception   Log Sensitive Data Masking  
Machine Learning based Bot Defense  FortiView - Realtime and historical log Analysis  
Advanced Bot Protection Available Available Dashboards and Reports  
Separately Separately
Traffic Logs 
Account Takeover
Threat Analytics AI 
User Tracking 
Management
Session Fixation Protection 
Role Based Access Control  
Credential Stuffing Defense 
Single-Sign-On Support  
DDoS Protection
API Support  
Layer 3-4 DDoS Mitigation  
Services
Layer 7 DDoS Mitigation  
24x7 Support  
SOCaaS Available Available
Separately Separately

7
 FortiAppSec Cloud Data Sheet

Ordering Information
The service requires a FortiCloud Premium subscription as described in the FortiCloud service description, along with the
following product-specific license.

SOLUTION SKU DESCRIPTION

FortiAppSec Cloud WAF
Bandwidth FC1-10-UCAPF-1114-02-DD FortiAppSec Cloud. Cloud WAF, 25 Mbps Standard Plan (Use seat 1). Includes FortiCare premium support.
FC2-10-UCAPF-1114-02-DD FortiAppSec Cloud. Cloud WAF, 50-99 Mbps Standard Plan (25Mbps/seat). Includes FortiCare premium support.
FC3-10-UCAPF-1114-02-DD FortiAppSec Cloud. Cloud WAF, 100+ Mbps Standard Plan (25Mbps/seat). Includes FortiCare premium support.
FC1-10-UCAPF-1115-02-DD FortiAppSec Cloud. Cloud WAF, 25 Mbps Premium Plan (Use seat 1). Includes FortiCare premium support.
FC2-10-UCAPF-1115-02-DD FortiAppSec Cloud. Cloud WAF, 50-99 Mbps Premium Plan (25Mbps/seat). Includes FortiCare premium support.
FC3-10-UCAPF-1115-02-DD FortiAppSec Cloud. Cloud WAF, 100+ Mbps Premium Plan (25Mbps/seat). Includes FortiCare premium support.
Applications FC1-10-UCAPF-1116-02-DD FortiAppSec Cloud. Cloud WAF, 1-4 Applications, Standard Plan. Must be combined with a Bandwidth Standard
plan. Includes FortiCare premium support.
FC2-10-UCAPF-1116-02-DD FortiAppSec Cloud. Cloud WAF, 5-24 Applications, Standard Plan. Must be combined with a Bandwidth Standard
plan. Includes FortiCare premium support.
FC3-10-UCAPF-1116-02-DD FortiAppSec Cloud. Cloud WAF, 25+ Applications, Standard Plan. Must be combined with a Bandwidth Standard
plan. Includes FortiCare premium support.
FC1-10-UCAPF-1117-02-DD FortiAppSec Cloud. Cloud WAF, 1-4 Applications, Premium Plan. Must be combined with a Bandwidth Premium
plan. Includes FortiCare premium support.
FC2-10-UCAPF-1117-02-DD FortiAppSec Cloud. Cloud WAF, 5-24 Applications, Premium Plan. Must be combined with a Bandwidth Premium
plan. Includes FortiCare premium support.
FC3-10-UCAPF-1117-02-DD FortiAppSec Cloud. Cloud WAF, 25+ Applications, Premium Plan. Must be combined with a Bandwidth Premium
plan. Includes FortiCare premium support.
FortiAppSec Cloud Add-ons
DAST FC1-10-UCAPF-216-02-DD FortiAppSec Cloud. Vulnerability Scanning Service, 10 IP/FQDN. Must purchase Cloud WAF as well.
SOCaaS FC1-10-UCAPF-464-02-DD 24x7 cloud-based managed log monitoring, incident triage and SOC escalation service for Cloud WAF. 1-4
applications (seats), price per application. Must purchase for all applications in account.
FC2-10-UCAPF-464-02-DD 24x7 cloud-based managed log monitoring, incident triage, and SOC escalation service for Cloud WAF. 5+
applications (seats), price per application. Must purchase for all applications in account.
FortiAppSec Cloud Standalone Services
GSLB FC1-10-UCAPF-330-02-DD FortiAppSec Cloud. Global Server Load Balancing, 100 QPS (queries per second). Includes FortiCare premium
support.
FC1-10-UCAPF-332-02-DD FortiAppSec Cloud. Global Server Load Balancing, 10 Health Checks. Includes FortiCare premium support.
Advanced Bot Protection FC1-10-UCAPF-726-02-DD FortiAppSec Cloud. Advanced Bot Protection, 1M Trans/Month. Includes FortiCare premium support.

Licensing and Availability

The Service is available as a subscription via the FortiCloud portal. Customers can choose between the Standard and Premium
packages, with options to add Advanced Bot Protection, GSLB, or Threat Analytics as standalone services, if necessary.

For more information, please visit fortinet.com or contact your Fortinet sales representative.

Visit https://www.fortinet.com/resources/ordering-guides for related ordering guides.

8
Fortinet Corporate Social Responsibility Policy
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and
ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you
will not use Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including
those involving illegal censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required
to comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the Fortinet
Whistleblower Policy.

www.fortinet.com

Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s SVP Legal and above, with a
purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute
clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer,
or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

December 11, 2024

FAS-CL-DAT-R02-20241211