Securing the Digital World, Part I

Credit to Author: Ken Xie| Date: Wed, 12 Jul 2017 12:58:00 +0000

Today’s digital economy is driving a technology revolution. Networks now include on-demand infrastructure, cloud-based services, software defined perimeters, and the growth of smart devices and IoT. Networks and infrastructures are also increasingly hyperconnected.

What’s been missing is a security strategy to protect these new environments.

The Internet was first begun as a point-to-point networking solution 50 years ago. The first generation of security was connection-oriented because it was primarily a firewall and VPN that simply protected network gateway connections.

As devices became more sophisticated, application traffic began to grow, and a new generation of security began. This second generation was focused on content. Security tools had to look inside permitted connections and applications to find malicious content. This drove the development of tools like the Next-Generation Firewall, which is where most security stands today.

However, we are now at the beginning of the third generation, which requires intent-based security. Data no longer just sits inside the network. It's pretty much everywhere, so securing the entire infrastructure is starting to become very important. We need to protect data whether it's in the cloud, or on a mobile or IoT device, or inside the network. In addition, security also needs to look at a variety of behavioral analytics to determine the intent of an attacker. Anticipating the behavior of a user, device, or applications allows us to shorten the detection and response cycle. It then needs to coordinate the resources of security tools deployed across the infrastructure to counter that malicious intent. Next-Generation Firewall devices and platforms were simply never designed to do this.

That’s why we created the Fortinet Security Fabric. Its integrated approach provides the comprehensive protection today’s networks need. The core of the Security Fabric is simple. Security tools are integrated deep into the network, while also operating seamlessly across a variety of environments, from IoT to the cloud. They are then woven together into a single, fabric-based framework that allows them collect, share, and correlate threat intelligence between security and network devices, centrally manage and orchestrate policies, automatically synchronize resources to enforce policies, and coordinate a response to threats detected anywhere across the extended network.

This is really the only way to effectively defend today’s complex networks from the sophisticated threats being aimed at them. To accomplish this, we have had to address all five stages of security.

  1. Detection. Finding bad actors, devices, and applications is the critical first step for any security solution. About 97 percent of companies are competing at this first level. But, detection isn't enough. You also need to get to stage two.
  2. Prevention. Detection doesn't have to be in-line, but in order to stop bad traffic while making sure good applications can get through, prevention does. Only about 5 to 10 percent of security companies are operating at this second stage, where they can see a threat and then do something more than send out an alert.
  3. Integration. This is where different devices across the entire distributed network are able to share and correlate intelligence and work together to coordinate a response to a threat. Only a handful of companies, with development capabilities in house, are able to operate at this stage. Fortinet is one of them. In addition to the native integration built into our security and networking solutions, the Fortinet Security Fabric is built around Open APIs and standards, making it the only truly open platform – where we even compete with some of our partners.
  4. Performance. This seems self explanatory, but it really isn’t. Today’s security needs to look deep inside content, including unstructured data and encrypted traffic, to look for malware and other threats. It also needs to correlate that information with other data to uncover sophisticated attacks or determine things like intent. And it needs to do it that in an environment with growing data and device demands without ever compromising digital business speeds.
  5. Lowering costs. Achieving the first four stages of security requires massive amounts of processing power and sophisticated software. Which is why most security solutions are so expensive. But with high cost you also prevent a lot of organizations from deploying the security they need. Which is why we began developing chip-based security processors over 15 years ago. They allow us to provide the fastest security devices on the market, including the first TB performance firewall that we launched this past year, at the lowest price/performance available.

These accomplishments truly set us apart from the competition. And we’re not alone in believing this. We are very proud of all of the industry recognition we have received this year. The FortiGate firewall has been moved into the leader’s quadrant of the Gartner Enterprise Firewall MQ. All of our fabric-enabled Fortinet security solutions have received Recommended certification from NSS Labs. And CRN has recognized the Fortinet Security Fabric as the Product of the Year. We are in a position to provide the next generation of security required to secure today’s distributed, hybrid, and highly elastic networks, from endpoint and IoT devices to the cloud.

https://blog.fortinet.com/feed