Prerequisites
- Licensing: FSPM is an add-on. Contact your Customer Success Manager for activation.
- Permissions: Requires one of the following roles: Owner, Admin, Non-Signing Admin, or Security Auditor.
Overview
Fireblocks Security Posture Management (FSPM) is the first security posture management solution purpose-built for digital assets. It acts as a dedicated security advisor, continuously monitoring configurations and providing clear guidance to fix issues before they become incidents. FSPM provides continuous and comprehensive visibility into risky configurations, excessive permissions, and other security vulnerabilities that could compromise the integrity of your workspace.
Nearly all digital asset theft incidents stem from actions taken that were technically authorized by weak policies. FSPM is designed to uncover these risks using an Agentic Policy Analyzer, which is an AI-based attack simulator that analyzes your policies through a three-step process:
- Weakest link detection: Identifies API or workspace users that can unilaterally initiate, approve, and sign a transaction without further oversight.
- High-value targeting: Prioritizes analysis of your most valuable accounts to determine if they are potentially reachable by an attacker.
- Autonomous drain simulation: Utilizing an Autonomous ReAct (Reasoning and Acting) loop, the analyzer simulates a full attack path to external addresses. It iteratively observes how your policy logic responds to simulated actions and adapts its strategy to uncover exploitable vulnerabilities via:
- Single hop: A direct transfer from an internal account to an external destination.
- Lateral movement: A sequence of transfers between a series of internal accounts before reaching an exit point.
For terms and conditions that apply to the use of FSPM, read here.
Monitoring scope
FSPM continuously monitors crucial security configurations across the following areas:
-
Over-permissive and stale policies
Identifies transaction policies that grant excessive permissions and governance settings that have not been reviewed in months, placing your business at risk. -
Unused users and access gaps
Monitors inactive users, missing API IP allowlists, and authentication gaps that create unauthorized access points or operational blind spots. -
Weak approval group thresholds
Detects approval groups set to single-user thresholds or configurations that allow API-only approvals without human verification. -
Risky unused workspace settings
Surfaces unused capabilities like raw signing, one-time addresses, or whitelisted addresses that expand your attack surface without serving any business needs. -
Risky token allowances
Detects unused token allowances that could be exploited for unauthorized withdrawals. -
Outdated security software
Tracks version-drift across the mobile app to ensure you are protected by the latest security patches and features.
Using the dashboard
The FSPM dashboard consists of a list of open security findings. Each entry includes a description of the finding, its severity level, category, and the date it was detected. This allows you to easily identify and prioritize the most critical security risks for remediation.
When you select a security finding from the list, a side panel opens displaying detailed information about why the issue is a risk and the steps required to address it. The panel also provides guidance on where in your Console you can resolve the finding, or you can choose to accept the associated risk.
The side panel also identifies Compliance standards violations (e.g., SOC2). This allows you to see exactly which cyber security compliance requirements are affected by a specific finding. This helps teams demonstrate security maturity to clients, auditors, and regulators.
The dashboard automatically tracks the status of each security finding, categorizing them as either Accepted or Resolved based on whether the finding is remediated or the risk is accepted. Each finding is further grouped under its relevant filter section, such as Policies, Workspace settings, and Users.
Getting started
To manage security findings in your Fireblocks Console:
- In the left-hand navigation panel, select Security posture. The dashboard opens by default to the Open tab, displaying a list of all security findings that require attention.
- Select a security finding to open its side panel and view detailed information about the issue, including risk assessment and required steps to resolve it.
- Follow the provided resolution instructions, or select Accept risk if the issue is understood and acknowledged as a security risk but must remain unresolved as part of your organization’s operations.
- Once an action is taken, the security finding is automatically moved to either the Accepted or Resolved tab at the top of the screen, based on your selection. To return a previously “accepted” security finding to the Open tab, select Reopen to allow for further review and action.
For assistance or questions, submit a ticket to Fireblocks Support.
General AI policy and scope
What is Fireblocks’ stance on AI usage?
Fireblocks responsibly integrates AI to improve product usability and operational efficiency, with security, privacy, and compliance as guiding principles.
Which technologies power the FSPM agentic policy analyzer?
The FSPM agentic policy analyzer leverages a set of agents powered by a private deployment of Google's Gemini model to orchestrate the policy analysis and attack simulation process. As such, Gemini’s Generative AI Prohibited Use Policy also applies to the customer’s use of this feature. See here for additional information.
Security & data privacy
How do these AI models interact with our sensitive customer data?
Customer data remains protected under Fireblocks’ security and privacy framework. The data submitted to Gemini includes only workspace policy information and masked technical user IDs and is processed in accordance with the DPA available here and the Fireblocks Privacy Policy, available here. The AI agents are stateless and do not retain or learn from data between sessions.
How do you prevent AI models from "learning" or "leaking" our sensitive information?
- No fine-tuning with customer data
- Strict data access controls
- Session-level isolation
- Regular auditing and monitoring for data leakage risks
What measures are in place to secure AI outputs?
Every potential attack generated by the AI agent is validated via the Fireblocks policy engine to completely avoid false positive results.
Can the AI tool make any changes to our policies automatically?
No. The AI tool does not have permission to modify your policies or any other workspace configurations.
Responsible AI and future development
What is Fireblocks' philosophy on responsible AI?
Fireblocks prioritizes accuracy, transparency, fairness, and accountability. All AI deployments undergo internal reviews for security, compliance, and business alignment before release.
Can we disable the FSPM agentic policy analyzer?
Although strongly not recommended, it can be done. In order to disable the FSPM agentic policy analyzer, please reach out to Fireblocks Support.
How can we provide feedback or raise concerns?
Feedback or concerns can be provided via Fireblocks’ standard support channels.