As enterprises continue the process of digital transformation, they are facing the challenge of staying on top of an increasing number of cyberthreats. John Madisson, Senior Vice President – Products and Solutions at Fortinet, discusses why the new generation of security solutions should be able to leverage machine learning and AI for better visibility and greater automation in fighting the volume and sophistication of attacks.
Adapting to the new digital economy requires organisations to not just retool their networks but, in many cases, core business processes as well. The creation, exchange, and analysis of data – about customers, products and their usage – enables organisations to gain the insights they need to improve operational efficiency, business agility and the customer experience.
The three pillars of digital business are automation, agility and analytics. As the speed of business accelerates, critical processes need to occur at digital speeds which means that human beings, and human error, need to be removed from many of the basic operations that support the organisation. Automation allows critical personnel to be reassigned to higher-order projects that rely on real-time analysis of growing volumes of data in order to enable agile business.
This same data must also be protected as it moves across systems, applications, devices and the multi-cloud. It means that security needs to be able to seamlessly extend to the farthest reaches of the network and even to those elements that may not even be in the network yet. It must also be found at every point of data interaction, not just at the perimeters or to secure north-south traffic. This represents a fundamental change in how security must be approached. It’s no longer just about the placement of security in the different parts of the network. It goes far beyond that.
This is why security is recognised as one of the biggest obstacles to digital transformation today and it is highlighting the limitations of current security implementations to IT leaders. The security point-solutions they’ve bolted onto their network over the years are simply no longer sufficient to address the new security challenges posed by the adoption of digital technologies and their attendant issues of elasticity, scalability, speed and volume. Most importantly, that traditional approach doesn’t provide the proactive security platform they need to support the agility, automation and orchestration they now require.
To meet these new demands, security must undergo the same degree of transformation that is impacting the network and even then business itself. This requires things like appropriate protections and inspections being automatically deployed at every data interaction point across all digital technologies; dynamic adaptability to secure networked environments that are constantly in a state of flux; the ability to see, share and correlate threat intelligence in order to detect and respond to threats in real time; and the ability to impose constant threat assessments across the entire organisation.
To do this, organisations simply cannot continue adding independent and isolated devices and point product to resolve new problems or address new network segments, such as cloud deployments, as separate security projects. Instead, securing today’s networks requires full control, visibility and automation across the entire distributed network.
There are five major cybersecurity areas that are critical to address in order for organisations to successfully secure their digital transformation efforts.
First, security needs to protect data across the extended network of the organisation. This requires shifting from a fixed perimeter mindset to one where security is automatically applied wherever data is located.
This requires tying security to the dynamic nature of the network itself and utilising security tools that can be seamlessly stitched together. This allows specialised security technologies to be dynamically deployed where and when they are needed and then marshal the distributed power of the entire security infrastructure to respond to detected threats in a consistent and correlated fashion.
Second, OT networks are transitioning from traditionally isolated networks using proprietary protocols to IP and Windows based controllers that are connected to the IT network and even the Internet. This change is making critical, yet often inadequately protected infrastructure more vulnerable to cyberthreats. Those networks are also notoriously fragile and can be seriously impacted not only by new cyberattacks targeting things like ICS and SCADA systems but even by traditional network security devices themselves. Security controls not only need to be specifically chosen for their ability to secure OT environments but also for their ability to be woven seamlessly into the extended network security architecture.
Third, the transition to the cloud, especially the multi-cloud, amplifies the security challenge. The use of cloud-based infrastructure (IAAS) provides flexibility and scalability, especially when implementing a multi-cloud strategy. But these environments also tend to be discrete and isolated systems, which means they tend to be disconnected from the enterprise network security in place in all but the most superficial ways. Likewise, the use of SaaS applications and services adds value but can limit visibility and awareness, leaving critical security blind spots. Security solutions need to be chosen based on their ability to not only secure cloud environments but also be tied together to ensure a single point of visibility and control.
Fourth, with data becoming the fuel to digital business, there’s more regulatory pressure to protect data and privacy. As a result, beyond the protection of their IT infrastructure, organisations now need to understand their state of security, which now makes cybersecurity part of the broader risk management strategy of the enterprise. This requires constant assessment of the state of security across the network, especially as data becomes more mobile. It also requires new levels of automation that can automatically ensure compliance even as physical and virtual network devices, workflows and endpoints constantly change the potential attack surface.
Fifth, this challenge goes far beyond issues of scalability and performance. In order for new devices and applications to provide the data organisations require, they must be deeply interconnected. The growth of hyperconnectivity enables things like smart businesses, vehicles, buildings and even cities, and will continue to expand at the same rate as other changes affecting the network. They also compound the challenges around securing devices. Not only are perimeters disappearing but possible attack vectors are also constantly changing. This requires security that operates as a seamless, integrated fabric that sees and adapts as connections, devices and workflows change.
As the threat landscape continues to become more complex and more difficult to fight, it forces security to adapt to meet the demands of automation, agility and analytics. To meet these new demands, not only do devices need to be able to work as a single, holistic system but threat intelligence also needs to evolve and adapt quickly. Which is why the new generation of security solutions need to be able to leverage machine learning and AI for better visibility and greater automation in fighting the volume and sophistication of attacks targeting today’s networks.