Digital Transformation has introduced new risks as the once well-defined network perimeter and the security protections associated with it have dissolved. Alain Sanchez, Senior CISO Evangelist at Fortinet, tells us why CISOs need to reassess their approach to network security to ensure their organisations are future-proof.
How would you describe the current threat landscape?
The volume and velocity of threats continues to explode. There are many reasons for this explosive growth, starting with the fact that the bar for accessing malware is lower than ever due to the availability of Malware-as-a-Service (MaaS) and other on demand services on the Dark Net.
Advanced threats are becoming more sophisticated at the same time. Many are now multi-vector, concurrently targeting different points on the expanded attack surface in coordination.
All at once, an attack can blitz an organisation from a central data centre out to the network edge, targeting a full spectrum of endpoint devices and applications across on-premises and cloud environments. These advancements are also making it more difficult to detect and respond to breaches.
How have Digital Transformation initiatives impacted the attack surface?
Driven by the desire to move faster at global scale and to transform customer experiences, companies are reconsidering how they run their businesses – and Digital Transformation (DX) is at the forefront. Despite the wide-ranging business advantages DX offers, it also comes with new challenges.
Specifically, as DX touches a myriad of technological aspects and extends from the data centre and enterprise campus to the edges of the network and cloud, the network perimeter essentially dissolves, exposing additional risks while ratcheting up the complexity of an already-complex security architecture.
Sensitive data can now reside across multiple clouds and is within reach of a growing array of deployed IoT devices. Traffic moves across the public Internet instead of private networks and extends to the edges of the network – from mobile devices and wireless access points to operational technology (OT).
This expanded, dynamic attack surface dissolves the once well-defined network perimeter and the security protections associated with it.
Seeking to address the new vulnerabilities posed by this new network reality, many organisations have deployed an array of largely disaggregated point security products. This de facto security architecture is disconnected, engendering multiple security and compliance gaps and inefficiencies that, ironically, diminish holistic protection.
Disaggregated security also wastes staff resources by requiring manual workflows and administration. Worst of all, this increases risk to organisations and security teams find themselves in a perpetual reactive mode with regard to current threats, which leaves them unable to plan and anticipate the attacks to come in the near future.
Why do CISOs need to reassess how they are approaching the security of their networks?
The job scope of the CISO is becoming multi-dimensional; she or he needs to be a business enabler, an agent of change and a human leader. In addition, the CISO needs to talk the language of the business. And since managing a business is primarily managing risk, the CISO needs to factor traditional network and security indicators into the risk curve of his company.
Instead of being Mr No: ‘We cannot have this collaborative application, we can’t have people bringing in their own devices, we need to forbid social networks’, the CISO of 2020 and beyond would say: ‘These are the three possible scenarios regarding the use of social media inside our company, each of which is associated to a risk level. The best ratio/performance/risk is the second one that reduces the probability of GDPR infringement by 80% while enabling each employee to connect to LinkedIn, Twitter and Office 365’.
This new approach will make the CISO part of the C-level suite, turning his cybersecurity knowledge into strategic recommendations based on business risk.
What are the key elements of Fortinet’s network security solutions?
DX is an opportunity for nearly every organisation to achieve more flexibility and cost efficiency for itself and better experiences for its customers. At the same time, DX increases the digital attack surface, gives hackers innovative ways to generate increasingly sophisticated attacks and contributes to a growing complexity of regulations and security solutions.
This will not stop emerging leaders – the ones who build a foundation for managing risk that enables their organisations to move faster than competitors in leveraging DX.
The Fortinet Security Fabric is that foundation. It unifies security solutions behind a single pane of glass, makes the growing digital attack surface visible, integrates AI-driven breach prevention and automates operations, orchestration and response. In summary, it enables organisations to create new value with DX without compromising security for business agility, performance and simplicity.
How do Fortinet’s solutions enable visibility and reduce complexity?
The influx and speed of DX projects makes it harder for organisations to protect against advanced threats. Add new and evolving regulations and the adoption of security standards, along with the fact that threats are faster and more advanced than ever, and the complexity of security expands exponentially.
Automated workflows and orchestration – from detection, to protection, to response – becomes a requirement for any enterprise seeking to succeed in this complex world of security management. This is where the Security Fabric delivers tangible dividends.
Automation of network operations helps DevOps teams to focus on time to market, improves operational efficiencies through zero-touch provisioning and generates real-time insights around branch network performance around issues such as spikes, scaling and priority routing of traffic. Automation of security operations reduces risk through proactive threat detection, threat correlation, intelligence-sharing alerts and threat research and analysis.
Integration of IT service management (ITSM) tools unlocks automation of event analysis and responses. This reduces response times from days to minutes or even seconds.
The Security Fabric also uses automation to transform compliance audits, tracking and ongoing reporting across industry regulations and security standards. The latter includes dashboards for the CISO, CIO, CEO and even the board of directors. This saves security teams myriad hours in manual log aggregation and correlation, a task that is particularly onerous with a disaggregated security architecture lacking transparent visibility and centralised controls
Why do organisations require a broad, integrated solution?
The volume and velocity of malicious attacks, coupled with their increasing sophistication, makes it difficult for cybersecurity defences to keep pace. Blocking known threats is not enough today. Artificial intelligence (AI) and Machine Learning (ML) offer organisations the means stay ahead of cybercriminals. Unfortunately, only slightly more than one-third of security vendors use AI and ML capabilities in their solutions.
Fortinet recognised the importance of doing so years ago in its development of FortiGuard AI. Specifically, FortiGuard Labs uses AI-driven capabilities, including ML, that leverage 4.4 million sensors around the world and partnerships with over 200 global organisations. This AI/ML-driven threat intelligence uses five billion nodes to identify unique malicious or clean features for both known and unknown threats.
In all, FortiGuard Labs processes more than 100 billion web queries every day and blocks 2,600 malicious URLs every second. Fortinet AI/ML capabilities are also integrated into FortiWeb and FortiInsight, enabling organisations to dramatically reduce false positives in the case of FortiWeb and to use forensics analysis at the user, system and network layers to detect and prevent insider threats in the case of FortiInsight.
Other capabilities such as sandboxing and the use of decoys also play a critical role in stopping advanced threats before they impact operations or result in a data breach. Specifically, both FortiSandbox and FortiDeceptor are fully integrated into the Security Fabric, enabling them to automatically share their threat intelligence in real time across all of the security elements.
How does Fortinet ensure an organisation is future-proof?
From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure. We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. The Fortinet Security Fabric combines security processors, an intuitive operating system, and applied threat intelligence to give organisations proven security, exceptional performance and better visibility and control, while providing easier administration.
The Fortinet Security Fabric delivers a unified approach that is broad, integrated and automated. Reduce and manage the attack surface through integrated broad visibility, stop advanced threats through integrated AI-driven breach prevention and reduce complexity through automated operations and orchestration.
Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment and provides a broad array of next-generation security and networking functions. Complementary products can be deployed with a FortiGate to enable a simplified, end-to-end security infrastructure covering:
- Network security – Protect the entire attack surface from headquarters to branch offices with advanced security
- Multi-cloud security – Complete visibility and control across the cloud that enables secure applications and connectivity
- Secure access – Deliver secure application, device access and management without compromising performance and speed
- Security operations – Implement advanced threat intelligence to detect, prevent and respond to sophisticated malware and improve security awareness
- Network operations – Leverage a smart security strategy that prioritises automation-driven network operations that spots and prevents network breaches
- Endpoint and device protection – Proactive protection, visibility and control for all endpoints and devices across the network
- Application security – Protect critical business web applications with an integrated set of products to thwart advanced threats
Our market position and solution effectiveness have been widely validated by industry analysts, independent testing labs, business organisations and media outlets worldwide. We are proud to count the majority of Fortune 500 companies among our satisfied customers.
What best practice approach should organisations take to ensure their networks are robustly secured?
To effectively manage and mitigate the cyber-risks organisations face today, it is essential that today’s security leaders monitor threat intelligence from a variety of sources and then prioritise those risks that map to their unique network environment.
That approach needs to be coupled with a security strategy designed to see and stop, or at the least, strategically limit the impact of an attack coming from an unexpected quarter. That starts with an integrated security approach that incorporates every security element deployed anywhere across the distributed network into a single security fabric.
That strategy then needs to be augmented with intent-based segmentation, consistent and relentless best security practices, and automation combined with Machine Learning. AI is also increasingly essential as it can take over tedious tasks such as patching, as well as find and respond to threats at digital speeds.
Any security strategy that does not include all of these essential elements will be unable to achieve the degree of visibility and control that today’s networks require. This, in turn, will unnecessarily expose the network to the efforts of today’s determined cybercriminal organisations.