Fortinet Acquires Endpoint Security Innovator enSilo

The Endpoint Security Challenge

Digital innovation continues to transform corporate and public networks at an unprecedented pace. And some of the most dramatic areas of innovation are happening at the ever-expanding edges of the network. The number of endpoint and edge devices connected to corporate resources continues to grow exponentially, while remote access to data from these devices is faster and easier than ever. And with the advent of true 5G just around the corner, edge computing is only going to become a larger component of today’s expanding networks.

At the same time, new advanced threats targeting endpoint devices, including file-less malware that executes directly in the memory space and increasingly targeted ransomware, are exposing organizations to increasing risk through their endpoint devices. According to the Verizon Data Breach Investigations Report for 2019, the time from an attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes. However, 56% or breaches took months to discover.

The response by too many organizations, however, has been to deploy multiple, siloed security products, the bulk of which is focused on prevention. But the truth is, 100% prevention is not possible. The result is a fragmented, complicated security architecture that can actually make detection and response more difficult. Because disparate security solutions do not actively participate in centrally coordinated threat activities – including triage, threat intelligence sharing, remediation, and forensic analysis – they can actually delay an organization’s ability to detect and respond to threats. The result is not just a slower, less effective endpoint threat response, but a less secure network overall.

What’s needed is the ability to quickly detect a threat quickly, and contain and remediate it, and share that intelligence across the entire distributed network so systems can all get back to normal as fast as possible.

Fortinet Adds EnSilo to its Security Portfolio

To address this growing security challenge, Fortinet today announced it has completed the acquisition of enSilo, a privately-held advanced endpoint security company headquartered in San Francisco, California. enSilo uses a robust set of endpoint security tools to deny attackers from achieving their ultimate goals, while stopping the damage by automatically contain a threat, stopping data exfiltration, and preventing ransomware data tempering.

According to Ken Xie, Founder, Chairman of the Board, and CEO of Fortinet, “As businesses become more networked and operations extend from the cloud to the edge and Internet-of-Things, the digital attack surface has expanded exponentially and has become more complex to secure. Manual or point security solutions are ineffective when managing or securing these new environments. Instead, security and the network need to be integrated to enable advanced threat detection at network speeds. In acquiring enSilo, we add automated, real-time detection and response enhancements to our Fortinet Security Fabric to further protect endpoints and corresponding edge data.”

The enSilo suite of endpoint security solutions not only includes automated detection and response, but the ability to be seamlessly integrated into the larger Fortinet Security Fabric framework, further enhancing visibility while driving corporate security policies deeper into endpoint devices. enSilo capabilities include:

·       Automated protection against advanced threats, coupled with incident response services provided by a team of cyberthreat experts.

·       Patented code-tracing technologies not only thwart attacks, but also prevent data exfiltration and ransomware. This also helps ensure PCI,         HIPAA, and GDPR compliance.

·       Lightweight agent (less than 60mb) provides protection parity across multiple operating systems, including Linux, Windows, and macOS.

·       Unique coordinated security for the Internet of Things (IoT) through integrated access control and endpoint security functionality.

·       Flexible on-premise and cloud deployment with multi-tenancy and the ability to scale to hundreds of thousands of endpoints, whether on or off         the network.

Integrated Endpoint Protection Provides Better Network Security

Dave Gruber, senior analyst at the Enterprise Strategy Group (ESG), remarked, “According to ESG research, 76% of organizations find threat detection and response more difficult today than two years ago. Vendors like Fortinet are tackling this problem by constructing an integrated security platform across endpoints, network and cloud infrastructure. The move to natively add enSilo’s automated EDR capabilities to the Fortinet platform should improve and accelerate alert correlation, leading to faster threat detection and incident response.”

Prior to this acquisition, enSilo was already a fully integrated member of the Fortinet Security Fabric-Ready Partner Program. Its endpoint detection and response (EDR) technology was already being used to complement FortiGate Next-Generation Firewalls, FortiSandbox, and the FortiClient Fabric Agent by providing an additional detection and enforcement layer to reduce the time to detect, investigate, and remediate malicious attacks.

Through this acquisition, Fortinet will now extend eSilo’s effectiveness even further through additional integration with Fortinet’s FortiSIEM solution, FortiInsight UEBA (user entity behavior analytics) features, and the FortiNAC access control solution. As a result, enterprises will gain superior endpoint visibility and tightly coordinated, dynamic control of network, user, and host activity, extending security seamlessly across their entire distributed network, from their endpoints out to the multi-cloud, their core network, and their branch and other remote edge locations.

MSSPs will also be able to extract the full value of this new addition to the Fortinet Security Fabric to deliver a comprehensive and efficient Managed Detection and Response (MDR) service that can complement other services, especially those leveraging tools integrated together through the Fortinet Security Fabric.

Fully Integrated Edge Security is Essential for Today’s Networks

The hallmark of the modern network is the rapid expansion of the network edge. New IoT and endpoint devices, bolstered by high performance, robust functionality and new business applications, have expanded the potential attack surface.  This in turn has raised the bar for having a fully integrated security solution that no longer operates in isolation and can extend visibility out to these emerging edges.  The integration of enSilo further strengthens Fortinet’s integrated security portfolio with broader EPP and EDR capabilities that protect the customer’s network edge.

Read the announcement news release.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.  

Find out how Echoenergia and New Zealand Red Cross used Fortinet’s Security Fabric for end-to-end network protection. 

Sourced from Fortinet

Educating Employees About Mobile Cyber Threats

While nearly 9 in 10 companies not only allow, but actually rely on their employees to access critical business apps using their personal devices, according to a recent Fortinet Threat Landscape Report, Android-based malware now represents 14% of all cyberthreats. And in addition to direct attacks, the number of compromised web sites, email phishing campaigns, and malicious access points continue to grow exponentially, infecting unsuspecting users – regardless of their devices –with spyware, malware, compromised applications, and even ransomware.

And whenever a personal device of any of your employees becomes compromised, they can represent an increased risk to your organization as well. In addition to deploying mobile device management software and security clients to your employees, it is critical that you establish a cybersecurity awareness program that provides critical insights into how they can avoid these risks.

Here are five critical elements that ought to be part of any cyber security awareness program.

1. Beware of Public Wi-Fi

While most public Wi-Fi access points are perfectly safe, that’s not always true. Criminals will often broadcast their device as a public access point, especially in public locations like food courts or at large events. Then, when a user connects to the Internet through them, the criminal is able to intercept all the data moving between the victim and their online shopping site, bank, or wherever else they browse to.

Many smart devices will also automatically search for known connection points, like your home Wi-Fi. Newer attacks watch for this behavior and simply ask the device what SSID they are looking for. When the phone tells them it is looking for its ‘home’ router, the attack replies with, “I’m your home router,” and the phone goes ahead and connects. Smart devices will do the same thing with Bluetooth connections, automatically connecting to available access points.

To combat this issues, it’s a good practice for users to turn off Wi-Fi and Bluetooth until they are needed. In the case of wireless access, they should verify the SSID of a location, often by simply asking an establishment for the name of their Wi-Fi access point before connecting. Users should also consider installing VPN software so they can ensure they only make secure, encrypted connections to known services.

2. Use Better Passwords

Another mistake users make is using the exact same password for all their online accounts, usually because remembering a unique password for each site they have an account on may be impossible. But if a criminal manages to intercept that password, they now have access to all of the user’s accounts, including banking and shopping sites.

The best option is to use a password vault that stores the username and password for each account, so all that needs to be remembered is the password for the vault. Of course, extra care must be taken to ensure that the vault password is especially strong and easily remembered. one trick for creating a strong passwords is to use the first letters of a sentence, song lyric, or phrase, insert capital letters, numbers, and special characters, and you’ve got a pretty secure password.

To be even more secure, consider adding two-factor authentication for any location where sensitive data is stored. It’s an extra step in the login process, but will significantly increase the security of their account and data.

3. Recognize Phishing

You’ve probably repeated to your users to never click on links in advertisements sent to their email or posted on web sites unless they check them first. There are a lot of tells, such as poor writing or grammar, complex or misspelled URLs, and poor layout that can be a key giveaway that an email is malicious.

But it turns out that there will always be someone who can’t resist opening an email, launching an attachment from someone they don’t know, or clicking on a link on a website – especially when it includes an enticing subject line. Which is why any educational efforts need to be supplemented with effective Email Security Gateway and Web Application Firewall solutions that can detect spam and phishing, validate links, and run executable files in a sandbox – even for personal email – to ensure that malicious traps simply do not get through to an end user.

4. Update Devices and Use Security Software

Users should have a corporate-approved security agent or MDM solution installed on any device that has access to corporate resources. This software also needs to be kept updated, and device scans should be run regularly.

Similarly, endpoint devices need to be regularly updated and patched. Network Access Controls should be able to detect whether security and OS software is current, and if not, users should be either redirected to a remediation server to perform necessary updates or alerted as to the unsecure status of their device.

5. Monitor Social Media

Criminals will often personalize an attack to make it more likely that a victim will click on a link. And the most common place for them to get that personal information is from social media sites. The easiest way to prevent that is to simply set up strict privacy controls that only allow pre-selected people to see your page. Individuals wanting an open social media profile need to carefully select who they will friend. If you don’t know someone, or if anything on their personal site seems odd, dismiss their request. And even if the person is someone you know, first check to see if he or she is already a friend. If so, there’s a significant possibility that their account has been hijacked or duplicated.

Keep Training Messages Short, Clear, and Regular

It is essential that you develop a comprehensive and effective security strategy for your users who have personal endpoint devices connected to your network. But don’t make the mistake of burying them in information. Break information down into easily digestible chunks. Provide a daily security tip. Post messages around the company, such as in the hallways or break room. Get the executive team to mention it in staff meetings. And provide checks, such as your own phishing emails, to help identify users that might need additional attention.

Learn more about Fortinet’s NSE Institute programs, including the Network Security Expert programNetwork Security Academy program and FortiVets program.

Sourced from Fortinet