Credit to Author: Ken Xie| Date: Thu, 30 Nov 2017 15:50:59 +0000
The world around us is changing, and many of the “traditional” ways of securing IT and networks just don’t easily apply to today’s new, distributed networks. The challenge we are facing is that the Internet has been using the same protocols and infrastructure for decades. Which means that 95% of today’s data and applications no longer fit with what the original Internet was designed for. And at the same time, the volume of data has increased 40X in just the past decade, with much of that occurring during just the last couple of years driven by digital transformation.
This has created huge challenges with cybercrime. To respond to increasingly sophisticated threats, the security industry has had to evolve through several generations.
The first generation of network security started 25 years ago and was all about securing connections to the network. Firewalls were used to control who and what could connect to the network, and was then combined with VPN to encrypt its traffic. Tools like IDS and IPS soon followed to better monitor the traffic coming through those connections.
The second evolution started 17 years ago when Fortinet was founded. The rise of content and applications led to a need to secure the various types of data, applications, and content inside the connection. This required several different types of tools to work together to inspect and secure transactions. Fortinet pioneered and led this second generation of network security with the first UTM and NGFW security devices.
Today, things like mobility, IoT, and cloud computing are requiring us to develop a new, third generation of security. Data and applications travel between a variety of users and devices and span multiple borderless networks, making visibility and control more difficult. For example, we need to make sure that endpoints and IoT devices don’t become a way to inject malware into the cloud. We need to be able to secure the growing number of vulnerable IoT and endpoint devices touching the network. Networks themselves have become highly elastic and distributed. Security needs to be able to dynamically scale and respond to shifting network resources.
Today, the majority of data no longer stays inside company networks where it can be protected by edge firewalls. Instead, network security needs to extend out to wherever the data is. And we also need to be able to see and secure all infrastructures and devices, whether virtual or physical, or even temporary, simultaneously, from endpoints to on-premise systems, and out to complex multi-cloud ecosystems. To do that, security needs to be broad, powerful, and automated.
Securing the entire distributed infrastructure using single set of integrated security protocols and complementary policies require a Security Fabric approach built around interconnected security tools. Such an integrated fabric is able to span the entire network, and then dynamically adapt as network infrastructures adjust to meet changing data and workload needs. And it needs to do all of this at the speed of digital business.
To start, a fabric needs to be built around a neural network of interconnected devices that are designed to integrate, communicate, share information, and collaborate at speed and scale. It also needs to be informed by real-time global threat intelligence.
It also needs to include automation so security can move beyond signatures to behavior-based analytics. Combining modeling and automation allows the network to predict risks, shorten the time between detection and response, and implement and integrate new approaches suited to an organization’s unique profile without human intervention. Finally, a fabric needs to be able to implement “auto-resiliency” to detect threats in cyber-relevant time, automatically isolate key assets, and dynamically map security to changing network infrastructures, whether local or in the cloud.
Because the fabric is built around deep interoperability between devices using open standards and common operating systems, it can be continually enhanced with more and more sophisticated automation and AI. With self-learning capabilities, the Security Fabric will not only be able to see but even anticipate threats. As a result, it will be able to serve as a framework for Intent-Based Network Security, which can be self-provisioning, self-operating, self-learning, and self-correcting. This will also enable the dynamic sharing of real-time threat intelligence with other systems. Anticipating and responding to threats before they can impact the network or its data will be key to successfully defending ourselves against the next generation of cyberthreats that are being developed.
For more information, download our guide and learn about the top threats that enterprise security leaders are being forced to address and the security approaches to evalutate to protect against them.
Join us at Accelerate, our global customer and partner event!
This byline originally appeared in CSO.