Field CISO Q&A: Alain Sanchez

We regularly do Q&A pieces with our executives to share key insights and leadership perspectives at Fortinet. Read below for an interview with Alain Sanchez, Field CISO at Fortinet, that touches on common challenges that C-level executives face, the future of cybersecurity, and advice for CISOs.

You talk to a lot of C-level executives. What are a few common themes that come up as concerns — across industries, enterprise sizes, etc.? What are some of the common pain points?

In a world of change, C-level executives need to be inspirational leaders. Their role is not to master disciplines that are continually evolving but to create an atmosphere that values innovation and inspires continuous progress.

Are there any disconnects between CISOs and other business leaders within their organization that may be surprising to the security organization?

At first glance, the disconnect may be due to the differences in culture; technical versus business. But as the CISO transitions from becoming Ms. or Mr. “No” to becoming an active enabler of secure innovation, the other business leaders – the CMO, CFO, and CEO – perceive their value in a better light. Deploying SD-WAN, for example, empowers remote sites, reduces the overhead of costly MPLS traffic, AND reinforces security. It’s a strategic solution where everyone wins.

What does the future of security look like? 

Security becomes the necessary condition for the 4th Industrial Revolution to succeed. Without securing the exchanges, our hyperconnected world may never cash in on the benefits of the merger between the three worlds: the Physical, the Biological, and IT.

How does a security fabric approach protect customers in the future of security?

A security fabric creates a holistic vision across security solutions because it is natively designed for pure integration. When the sandbox talks to the anti-virus solution that is deeply integrated into the secure email gateway; when the wireless network complies with the same, unique policy as any wireline segment; when the analyzer procures a high-level view of the degree of compromise across the entire distributed network; and when reports highlight critical indicators of compliance, the whole of security is greater than the sum of its parts. It enables a Broad, Integrated, and Automated approach to security, where Broad expands and deepens visibility, Integrated ensures holistic protection, and Automated accelerates response times while enabling humans to focus on more strategic activities.  

How does that intertwine with security-driven networking?

Security-Driven Networking characterizes the latest generation of protection where critical networking functions – such as segmentation, SD-WAN, and virtualization – are processed in parallel with security functions without degradation of performance. When operating as a single, coherent system, there is never any compromise between security and performance because securing the data and optimizing the network are executed in parallel.

Is there any specific advice that you find yourself sharing most often in your discussions with other CISOs and CSOs?

The CISOs of tomorrow have to be business partners or they will cease to be relevant. By explaining in business terms what superior security enables, you become an enabler of change, and that will empower you to enlist the entire C-Level suite to your efforts. 

Learn more about the challenges CISOs face in the modern era.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds. 

Sourced from Fortinet

Securing Branch Office IoT

This is a summary of an article written for IoT Agenda by Fortinet’s Senior Director of Products and Solutions – IoT and OT, Peter Newton. The article appeared on June 26, 0219, and can be accessed here.

Branch offices and remote retail locations are all being transformed by the addition of IoT devices. Physical security systems such as cameras and badge readers ensure secure access to remote facilities. IoT sensors simplify the monitoring of critical systems such as temperature gauges in refrigerators or food service trays or pressure gauges in fuel tanks. IoT tags help prevent theft and monitor inventories. Retailers use IoT devices to better connect with customers and to personalize their shopping experience. And facility managers use IoT sensors to automatically turn off lights and devices, adjust the temperature of unused rooms, or boot up systems in a conference room before a meeting starts.

IoT Also Adds Risk

However, in addition to these benefits, IoT devices can also introduce risks that need to be planned for. Half of the top 12 global exploits identified and ranked by FortiGuard Labs in a recent threat report, for example, targeted IoT devices. IoT devices not only expand the potential attack surface of the network, they are also often insecure due to things like limited CPU and memory, built-in backdoors, and notoriously poor code. As a result, cybercriminals are increasingly targeting IoT devices to build botnets, launch malware, hijack CPU, and steal data.

The problem is that remote locations rarely have qualified IT staff onsite to troubleshoot IoT security incidents. Dozens of devices from multiple vendors, each with their own management consoles and complicated interfaces, complicates the challenge even further.

Leveraging SD-Branch to Secure Remote IoT

While organizations have been rapidly adopting SD-WAN to enhance communication between their remote locations, corporate headquarters, and the cloud, many have quickly discovered that trying to add security after the fact can be difficult. Secure SD-WAN is quickly become a the new requirement, where intelligent WAN network functions are augmented with integrated security designed to also inspect and secure traffic and applications.

SD-Branch is the next logical step in the process. By extended the native security built into their Secure SD-WAN deep into the local branch network, organizations can provide additional security for this like access control, networked systems, and IoT devices. An SD-Branch solution needs to include three key elements:

  • Network edge protection: A next-generation firewall (NGFW) needs to extend security from the SD-WAN connection to wired and wireless access controllers to ensure that all inbound and outbound IoT traffic is secured.
  • Access edge protection: Secure access points also need to secure IoT traffic moving laterally across the branch network.
  • Device edge protection: Security must also identify, segment, and apply policy to all IoT devices using an integrated network access control (NAC) solution. It should also continuously scan network traffic to detect anomalous device behavior and then dynamically isolate those devices for quarantine and remediation.

Rethinking IoT Security at the Branch

IoT devices are essential drivers of today’s digital innovation. Extending them into branch office and retail locations provides benefits that include increases productivity, reduces overhead, and the ability to continually refine remote services. However, IoT devices also expand the potential attack surface of the network.

Reaping the benefits of IoT while eliminating their risks requires a security-driven branch network strategy. SD-Branch provides an integrated security system that reduces risk by seeing all devices, intentionally segmenting IoT devices, monitoring and managing device traffic, and quickly adapting to security events to eliminate threats before they can impact the organization.

This is a summary of an article written for IoT Agenda by Fortinet’s Senior Director of Products and Solutions – IoT and OT, Peter Newton. The article appeared on June 26, 0219, and can be accessed here.

Read more about how to consolidate branch services, while delivering, security, agility, and performance with Fortinet’s Security Fabric. 

Sourced from Fortinet