Adapting to the New Normal with an Informed Cybersecurity Strategy
Credit to Author: Joseph Sykora| Date: Mon, 18 Sep 2017 12:50:00 +0000
As cyberattacks become more frequent and impactful, security teams and executives across industries are taking notice. With new strains of malware being constantly reported, organizations want to make sure that their security solutions, and the vendors that provide them, are adapting to defend against this new normal.
To ensure they have the capability to deal with these constantly evolving attacks, customers are turning to you, their solution providers, to answer their questions and ensure there is a structured strategy in place to deal with the influx of threats. They need to know that the technology they’ve purchased is prepared for the current threat landscape and that the features being employed by vendors are informed by actual analysis of recent attacks and trends.
Solution providers have to be able to reassure their customers of their strong cybersecurity strategy and infrastructure by articulating what the current threats are and how they are equipped to mitigate them.
To assist our Channel partners in answering the questions posed by their clients, we’ve outlined several of the specific cybersecurity challenges organizations are up against today based upon analysis of the tactics used in recent attacks such as WannaCry, Petya, and Mirai, as well as how Fortinet security products are uniquely positioned to eliminate these threats.
Key Trends in Security
Hot Exploits
One of the biggest discrepancies between real-life exploits and the conversations being had by security professionals is attack vectors. Protecting organizations from zero-day attacks has long been a popular topic of conversation in security circles. However, if you look at the most recent, most impactful cyberattacks, none of them used zero-day vulnerabilities to infiltrate the networks of their targets. Rather, these attacks were opportunistic in nature. Cybercriminals know that organizations often don’t have the time or resources to patch vulnerabilities. Therefore, as demonstrated by WannaCry and Petya, cybercriminals wait to exploit known vulnerabilities rather than coming up with new ways to access networks. In the meantime, they augment their malware with stealth mechanisms, worms, etc. to ensure a successful delivery and high impact.
Iterative Improvements
In this same vein, many new attacks are vamped up, more sophisticated iterations of past successful attacks. For example, Petya was a more sophisticated version of WannaCry, and even exploited the same Microsoft vulnerability. Similarly, an evolved version of Mirai, known as Hajime, uses the same mechanism to target IoT devices, but has several upgrades to include new multi-vector toolsets, as well as the ability to avoid detection by removing firewall rules that detect this type of malware.
Automated Malware
Security teams are increasingly running into automated malware. Automation makes threats like Hajime and Persirai more effective by allowing them to avoid detection, match toolkits to detected systems and vulnerabilities, simultaneously target broader industries and carry out micro attacks, steal passwords, and more. Additionally, this means that attacks will continue to be both faster and at scale to shrink the time between a breach and impact.
How Fortinet Solves These Problems
Above are three of the key trends that we have seen in recent cyberattacks that have fueled their effectiveness. When your customers ask if a solution can provide them with protection against threats like WannaCry, Petya, etc, whether they know it or not, they are asking if the solutions you’re offering address these threat features.
At Fortinet, we provide end-to-end integrated, collaborative, and automated protections that defend against these evolving threats, with a cybersecurity strategy that is informed by threat intelligence and analysis.
Visibility and Automation with the Security Fabric
The Fortinet Security Fabric is an integrated security system that provides integrated and collaborative protection under a single pane of glass, giving customers visibility across their network, cloud, and virtual environments. The Security Fabric is a system that ties security solutions into a single holistic framework, rather than relying on a series of isolated security platforms. When an event is detected, each element of the fabric communicates with each other to deploy proper defenses across the network, sharing actionable threat intelligence with one another in real-time and coordinating an effective and comprehensive response.
This architectural approach to cybersecurity is singularly equipped to automate threat intelligence, allowing your customers to automatically work against and adapt to automated malware.
Perimeter and Internal Defenses with Firewalls
Fortinet’s Next Generation Firewalls provide strong perimeter defenses. Upon detection of an event, NGFWs communicate with the Security Fabric to alert defense solutions across the network. Moreover, NGFWs are automatically and instantaneously updated with threat intelligence from FortiGuard Labs and machine learning, which ensures that known vulnerabilities and deviations are detected and denied access to customers’ networks.
Next Generation Firewalls also employ sandboxing. Sandboxing gives customers the ability to execute potentially dangerous code outside of the network in a virtual environment. FortiSandbox uses Compact Pattern Recognition Language (CPRL), a proactive signature detection technology that can detect and stop over 50,000 code variations of a malware family. In addition to detecting variations of malicious code, CPRL mitigates evasion technology through deep inspection to identify code that is searching for a sandbox environment.
Finally, these NGFW solutions come in a variety of form factors – appliances, virtual devices, and cloud-based solutions – that allow your customers’ perimeter security strategy to adapt to their constantly changing and highly elastic edge.
Internal Segmentation Firewalls are equally beneficial to your customers’ network hygiene, providing deep visibility into traffic moving laterally across the network. While perimeter security remains essential, the reality is that the expanded attack surface caused by new user and IoT endpoint devices, the proliferation of applications, and the hyperconnected nature of network resources, means that attacks are more likely than ever to breach the perimeter. Internal Segmentation Firewalls extend perimeter security from the edge to the core so if malware manages breaches the perimeter, it can be isolated to one segment of the network and affected devices can be quickly identified and quarantined.
This is especially important as more IoT devices request access to your customers’ networks. Many IoT devices have vulnerable code that can be exploited. The Mirai and Hajime ransomworms both leveraged IoT vulnerabilities to create massive IoT botnets. Customers can relegate vulnerable IoT devices to a segment of the network with ISFWs so even if an IoT device is compromised, it will not affect the rest of the network.
Final Thoughts
It’s important that organizations do not blindly implement security solutions as they hear of new threats. Rather, each solution must be informed by analysis of the latest threat landscape and the potential impact to the customer’s unique network and workflow environment. This is what Fortinet has done. By assessing the motivations and attack vectors of past cyberattacks, we have created a strategy that permeates our technology, and that can be adapted to even the most complex or robust enterprise environments. The benefits of this approach can be clearly articulated to the customers of our channel partners.
Let’s get a conversation going on Twitter! What cyberattack trends are your customers asking about?