Closing the Cloud Perimeter Gap with Fortinet NGFW + Stream

Security teams are spending far too much time untangling conflicting signals in the cloud, leading to unnecessary escalations, wasted effort, and missed threats. That’s why we built an integration between Fortinet FortiGate Next-Generation Firewalls (NGFW) and Stream.Security’s CDR (Cloud Detection and Response) platform.

The goal? To connect what’s happening at the perimeter with what’s actually happening in your cloud.

Why Cloud + Firewall Context Matters

Firewalls are designed to keep attackers out. But in the cloud, where resources spin up and down constantly and the perimeter is more of a concept than a location, it’s easy for visibility to fall apart. Security teams are often forced to operate on assumptions, especially when firewall logs and cloud infrastructure tell two different stories.

With this integration, Fortinet’s FortiGate NGFWs feed critical topology and enforcement data into Stream, including:

• Interface configurations
• Routing tables
• NAT rules
• Address and subnet mappings

Stream’s CloudTwin™ engine then maps that data into a real-time model of your cloud environment, creating an accurate, always-updated view of which resources are actually reachable from the outside - and which ones aren’t.

What You Can Do with Fortinet + Stream

• More clarity, fewer false alarms
  With Stream pulling in Fortinet’s firewall rules and routing data, your team doesn’t have to guess whether an alert is a real risk. If something’s already blocked at the edge, we’ll tell you up front, so you can focus on what actually matters.
• Faster triage without the ping-ponging
  Ever lose half a day chasing an alert, only to find out it was already mitigated by a perimeter control? With this integration, that back-and-forth disappears. Stream shows you exactly which cloud assets are reachable and which ones aren’t without jumping between tools.
• A clearer view of the real attack paths
  Firewall rules, NAT configurations, and routing behavior shape how attackers can (or can’t) move through your environment. Stream maps all of that live and overlays it with cloud identity, privilege, and config data. You’re not just seeing where the threat is; you’re seeing how far it could get.
• Less pressure to patch under fire
  Let’s say a critical CVE is disclosed and affects one of your production workloads. With FortiGate data integrated into Stream, your team can immediately see which workloads are exposed and assess whether they’re at real risk of breach.
• A way to scale visibility without scaling complexity
  Stream connects to multiple Fortinet NGFWs with a single deployment. That means less overhead for your team, and more time spent on real investigation and response.

‍

Real-World Example

Imagine your team receives an alert from your EDR about a suspicious command executed on an EC2 instance. Typically, determining whether that host is truly exploitable requires manual cross-tooling and coordination across teams—especially when third-party firewalls are involved.

But with FortiGate NGFW data flowing into Stream, your team can instantly see whether the affected instance is reachable from the internet—eliminating guesswork and accelerating response.

Designed for Modern SOC and SecOps Teams

This integration is part of our broader mission: to help SOC and SecOps teams investigate, prioritize, and respond to cloud-native threats with real-time precision rather than static alerts or stitched-together logs.

By unifying firewall and cloud context, we give your team the clarity needed to:

• Cut down on alert fatigue
• Shrink your mean-time-to-respond (MTTR)
• Improve patching workflows
• Understand which changes in the cloud actually matter

‍

Ready to bring perimeter awareness into your cloud response strategy?

‍
Reach out to our team and we’ll show you how Fortinet NGFW + Stream.Security keeps your team one step ahead.

‍