RSA 2017 Roundup
Credit to Author: Bill McGee| Date: Thu, 16 Feb 2017 16:03:03 -0800
RSA 2017 is a wrap. The final sessions are being recorded, the coat check area is filled with luggage, and the smell of propane is filling the show floors as forklifts begin to deliver packing crates to this year’s crop of security vendors.
As expected, the hottest security topics and offerings were related to IoT and the cloud. Threat intelligence and SOCs were also top of mind as companies try to get a handle on the deluge of data and devices flooding their networks.
In spite of the veneer of innovation, however, for far too many vendors their solutions still have the same challenge. Solutions for cloud and IoT challenges, more often than not, involve deploying yet another device or platform or delivering another threat feed into an already overcrowded network security environment, leaving IT teams to figure out how to correlate data between isolated components in order to detect an increasingly sophisticated security threat needle in their larger and larger network haystack.
Which may explain why the Fortinet booth was filled to capacity, not just with customers, but also with vendors and fabric-ready partners promoting the advantages of an integrated and automated security fabric architecture. The truth is, the influx of data and new devices is not going to slow down. The only way to get ahead of the problem is to redesign your security strategy as much as you are redesigning your networks.
Fortinet has raised the bar on network security innovation by continuing to deliver on the vision and promise of the Fortinet Security Fabric. Lots of vendors offer detection tools. The hard part is integration, cross-correlation, synchronization, automation, and performance that span your entire network ecosystem – all things that Fortinet delivered and showcased at this year’s event.
But that’s only part of the story. Fortinet also played a critical role in two important events at this year’s event. Here is a recap:
Fortinet’s New CISO Calls for Public/Private Partnership to Address Critical Infrastructure Security Challenges
Fortinet CISO Phil Quade, fresh from his tenure as the director of the NSA’s cyber task force, has targeted the risks to critical infrastructure as a challenge that needs to be addressed.
In his RSA session, Quade made a compelling case that governments are paralyzed to solve the problem of protecting increasingly connected and interconnected critical infrastructure. Because so many of these industries are privately owned, we don’t want or need a new government authority to solve this problem. Instead, he called for the creation of a new public-private partnership. To succeed, we need an organization to oversee the process, like NASA was for the moonshot. Sharing information and setting standards without clear end goals or a purpose in mind is not sustainable.
Such an approach will help nations sustain economic competitiveness, enhance national security, secure privacy and civil liberties, ensure public safety, and enable the pursuit of happiness. To meet these goals, Quade outlined three key objectives:
1. We have to start with sharing information. This includes information sharing across sectors (energy, chemical, water, transportation, etc.), within a sector, such as energy (electrical, oil and gas, nuclear, etc.), and within a niche, such as electrical power (generation, distribution, transmission, etc.)
2. Next, we need to foster and insist upon consequence-based engineering. Sectors need to identify and document the risks we are trying to avoid, and engineer those bad consequences out. We then need to constantly work to identify vulnerabilities, gaps, and resource requirements for what is left over, develop solutions, and share them across the appropriate critical infrastructure segments.
3. We need to address the growing skills gap in the critical infrastructure workforce. Quade proposed a model based on the old guild system, which includes apprentices, journeymen, and masters. When he was in government, Quade helped influence the development of an apprentice level by encouraging the development and delivery of new curriculum in colleges, certifications, and degrees. We need the security industry to step up and help deliver this. We need to identify the skills required for all three levels, and develop the resources that can move practitioners from one level to the next. This training also needs to span IT, OT, ICS, IoT, and Cloud. Siloed training will not advance our ability to identify interdependencies and solve for them.
Fortinet’s announcement that we are making the first three levels of our Fortinet Network Security Expert certification training available online free of charge by the end of Q2 is evidence that we are committed to stepping up to the challenge of education.
Finally, we need to change our entire approach to security, with the ultimate goal of getting end users out of the way. Humans simply don't move fast enough. To achieve speed and scale, organizations must implement automation and integration, which requires security and infrastructure to share and correlate information to identify threats, and work together to synchronize an automated response.
CTA Announcement Enhances Critical Threat Intelligence Sharing
As a founding member of the Cyber Threat Alliance, Fortinet was proud to announce the formal incorporation of CTA as an independent, not for profit organization headed by the former White House Cybersecurity leader Michael Daniel. In addition, two new members were added to the founding members board, along with a number of new affiliate members.
CTA’s mission is to share reliable and usable threat information between member organizations and their customers. And in addition to raw data, each CTA member also contributes unique threat insights and context to increase the usefulness and value of threat information. This enhanced intelligence allows participants to create a more comprehensive picture of threats that can be inserted directly into product updates and feeds, and that can be easily converted into consumable and actionable intelligence.
As part of a panel discussion on sharing threat intelligence, Fortinet’s Global Security Strategist, Derek Manky emphasized the critical need for consumable and context-rich threat intelligence, and why direct market competitors have teamed together to address this challenge.