Data Driven Security – James Cabe’s Interview with Intel Chip Chat

The following is an excerpt from an Intel^® Chip Chat interview with James Cabe, Global Alliances Manager at Fortinet. Chip Chat is a podcast series of informal interviews with some of the brightest minds in the industry, hosted by Intel employee Allyson Klein. James joined the podcast to discuss virtualization and how the transition to software-defined networking (SDN) and network function virtualization (NFV) changes the game for security in the network.

Q. (Allyson Klein): How has the move to software-defined networks and network function virtualization changed the game for security in the network?

A. (James Cabe): It can be a positive or a negative, depending on how it’s handled. First, when you’re deploying something that is truly a new way of doing things, like a software-defined network, you don’t know what you don’t know. With virtualization, public cloud consumption, things like that, the game is changing all the time, and your attack surface is always changing. And that attack surface changes both on the endpoint side and on the infrastructure side. One of the things that doesn't work right now is that the security layer doesn't always adapt real well along with your changing attack surface. That’s something people have been struggling with. This is where automation, with a little machine learning added in, can make a big difference.

And you need to become data driven, which means more than just pulling back logs. You've got this boilerplate security, and then you add this adaptive layer that goes and auto-creates signatures for you and pushes them in an automated fashion down to your security measures. You may have multiple security products from multiple vendors, so they should be able to share threat intelligence, and they should be able to share some of the mitigating actions to deal with threats. When you get to that level of automation, which is definitely the future for most people at this point, your IT people go from being button pushers to becoming data scientists. It transforms your environment.

The big problem with a lot of IT in the past has been that other parts of the organization have spent the money to become data driven, whereas IT has not. Enterprise Resource Planning software, CRM, all of that is data driven. Until the whole organization becomes data-driven, there is no intent and no wisdom built into the way we do operations. We can't marry what we're doing on the business side with the IT side. Once you get both sides data driven, then you can apply some intelligent thinking and some human curation to your entire environment, based on intent and business needs.

Q. So what is Fortinet’s strategy for delivering solutions that will meet the challenge of merging those areas, and how has the customer base responded to those so far?

A. Earlier this year, we announced the Fortinet Security Fabric. Security needs to be built in and integrated across the network at a highly effective level, so what we've created is not a platform but a fabric that interweaves into what you're already doing with your content delivery platforms. We also introduced our fabric-ready partners – independent software vendors (ISVs) like Carbon Black, VeriSign, Cisco, and others – that have effective complimentary solutions in the security market. The fabric allows us to tie together our other ISV partners at a very deep level.

We've also got different ways of doing this. We can now actually aggregate everybody's data into a big data platform, and even push that to other SIM partners. We also have an Open API architecture, combined with with a developer operations kit to abstract that API to facilitate integration. Finally, we created a new kind of telemetry interconnection that does a lot of the automation for us, called the cooperative security fabric. Right now, our own solutions have it built in, so I can plug in our mail appliance, our web application firewall, or our next-generation firewall and they all just automatically talk to each other and begin to trade threat intelligence in an automated fashion. That goes back to the idea that it has to be easy to set up. And that's just the beginning.

Q. Fortinet recently joined the Intel Network Builders program. Can you tell me a little about why you made that decision?

A. Fortinet already worked heavily with Intel, because we believe Intel is a key component to where we see the future going. We also work with Amazon Web Services, Microsoft Azure, and Google. A lot of that is built on virtualization, and most virtualization is built on Intel. They have enabled a lot of this virtualization to happen by creating virtualization extensions inside their processors and coming up with brand new things, allow some of this stuff to move faster and react quicker. Where it's really going is the amplification of the consumption of data to create that human wisdom. Intel has done a lot of the thought leadership to make that happen, and we want to be there at the forefront of what they're doing.

Listen to the full interview here.