By John Maddison, EVP of products and solutions at Fortinet.
Over the past couple of decades, changes in the threat landscape have driven changes in how we design, implement, and manage security. Organizations have spent the last two decades updating their security gear to keep up with the latest threats and attack vectors. In the late 1990s, the creation of viruses and worms forced the development of anti-virus and IDS solutions. Spam and phishing drove the development of advanced email gateways. The list is long, with organizations adding things like Anti-DDoS, Secure Web Gateways, and Reputation filters to their security closets on an almost annual basis.
The thing these security tools tended to have in common is that they were all signature based. And because cybercriminals tend to be as invested in ROI and TCO as their victims, they learned that attacks that could be countered by a new signature were less profitable.
So they switched their tactics.
Advanced threats and ransomware began implementing advanced strategies—such as polymorphism, multi-stage attacks, fileless malware, and obfuscation techniques—that could detect and bypass signature-based solutions. The playing field tipped strong in favor of cyber adversaries and security developers invented behavioral analytics and ATP solutions to detect zero-day attacks and identify anomalous and malicious behaviors.
That was before digital transformation, where providing consistent and timely security is once again becoming increasingly difficult to accomplish. This is being driven by two elements of transformation—interconnectivity and performance—that are transforming how we create and interact with new digital environments.
Both of these also have serious implications for our ability to detect and respond to new threats, which means we need to make some radical changes to how we design and apply security.
Interconnectivity: Networks, devices, and applications now need to move seamlessly between platforms and environments. Unfortunately, most security solutions are unable to do the same, creating gaps in both visibility and control. Current challenges in securing traffic that moves from the multi-cloud to the edge are just the tip of the iceberg. Highly interconnected systems, such as smart cars, smart cities, and edge networks will require security to span dozens, hundreds, or even thousands of systems simultaneously.
Performance: New immersive and interactive applications and services require massive amounts of processing power. And because computing power always follows the data, endpoint and IoT devices are also becoming faster and smarter. This means that security not only needs to support and secure more throughput, it also has to deliver decisions in as close to real time as possible.
To meet the demands of interconnectivity and performance, networking capacity and functionality has had to grow exponentially. And in the process, it has outpaced the traditional security model of placing security devices in a particular location to monitor a controlled set of data while isolating them from other solutions—which frankly, in retrospect, seems to have been a pretty bad idea.
Addressing the needs of our new digital world is going to require us to transform how and where we deploy security. That will require four things to happen:
Networking and security will need to converge. Security cannot possibly hope to be everywhere it needs to be if it has to be overlaid across every new digital environment by hand. The edges of the network are exploding with new devices, applications, and workflows, replacing the traditional perimeter while creating literally billions of new potential attack vectors. At the same time, known environments such as clouds continue to be in constant flux, baffling the abilities of security teams to adequately deploy traditional security devices there as well.
Only by weaving security deep into the infrastructure itself can security be expected to be where it needs to be, when it needs to be there, and to automatically adapt as the network evolves. Achieving this will require collaboration between networking and security vendors that to this point has been severely lacking.
Security will need to be much, much faster. No one is going to tolerate slowdowns in their immersive application experience because a security component can't keep up while processing live streaming content. Keeping up will require deploying physical and virtual processors that can secure and process data at digital speeds.
Security will need to be interconnected. As data and workflows pass between devices, networks, and ecosystems, things like security policies, tags, and protocols will need to follow them across and between different networked environments, including operating natively across every major cloud platform and providing full support for new branch and 5G edges.
Finally, security will need to be smarter. Because new applications and services are becoming more interconnected (think smart cars and cities) and applications are less tolerant of latency issues (think VR/AR and immersive, interactive solutions), security cannot afford to wait for a decision on an event to make a round trip between the sensor and some security engine in the cloud. When your car hits a patch of ice at 60 miles per hour, you want your all-wheel drive technology to engage immediately. This requires solutions that can make local and autonomous decisions in real-time.
Advanced Security Solutions
For security to continue to not only be effective, but actually get out ahead of the fast-moving threat landscape, a new generation of tools, such as advanced behavioral analysis, intent-based segmentation, automation, machine learning, and artificial intelligence will need to be developed and incorporated into everyone's security strategy. This starts by automating not just detection and protection, but also predictive systems that empower prevention.
We also need to be able to teach machines to identify threats and respond in an appropriate manner. This starts with a predefined set of protocols and a preprogrammed decision tree—which is what most vendors mean when they claim to have embedded AI into their systems. But what we really need is the ability to correlate threat intelligence across a variety of tools such as analytics to identify a complex attack scenario, especially those made up of smaller attack events. This will also require the application of AI solutions to accelerate the process of discovering and responding to events—especially those never seen before.
Securing today's networks requires automating the identification, detection and remediation of malicious tactics—particularly those techniques designed to evade discovery. And even more challenging, the creation of new techniques for searching beyond patterns in code and malware behavior.
Again, Fortinet has led the way by being an early adopter of AI, which has enabled us to significantly improve the immediate detection and remediation of global threats with amazing accuracy—a task that previously required an entire team of trained researchers. And now, that advanced intelligence is being integrated into a growing suite of security devices alongside analytics and intent-based security solutions, for both physical and cloud deployments. This enables organizations to reallocate valuable human resources to other, higher-order tasks, while autonomous tools can detect, prevent, and even predict threats in order to short-circuit attacks before they can cause damage.
Out-Innovate Your Adversaries
Malicious actors will continue to evolve their attacks in order to successfully exploit the expanding attack surface. Gaining the upper hand requires more than playing catch-up with threat actors. It means developing broad, powerful, and automated solutions built around deeply integrated security tools designed not just for today's increasingly complex and distributed networks and network edge, but for the networking challenges of tomorrow. That requires combining real vision with years of experience monitoring and responding to evolving threat trends and techniques.
Artificial intelligence and machine learning, especially when combined with other advanced security solutions, will be tremendous aids in this process. But to be truly effective, the security solutions these strategies support also need to operate where the threats exist, adapt as the networks they are protecting change, interoperate between and across devices and networks, and operate at the digital speeds that tomorrow's networking solutions will require.
That requires a level of commitment to innovation that few vendors have consistently provided. But that will be the benchmark the entire industry will need to meet if we want to defend the emerging digital economy against the organized cybercriminal communities that want to disrupt and profit from the efforts of others.