Considering a Career in Cybersecurity? Don’t Let Misconceptions Hold You Back

While some industries have seen a decline in job prospects over the last 18 months, there’s one sector where job opportunities abound: cybersecurity. According to research from Deloitte, the demand for cybersecurity professionals grows by seven per cent every year. After all, almost every company has proprietary data to protect and, given the rapid increase in the number and severity of cyber attacks brought on by the widespread adoption of working and learning from home during the pandemic, the need for skilled professionals is now greater than ever.

I recently completed my Master’s of Computer Science in the Faculty of Engineering at the University of Ottawa. From the start, I was eager to move into cybersecurity. This spring, I landed a job working in a software quality assurance and developer role at Fortinet, but with a significant presence in many parts of Canada. It’s exciting work that requires creative thinking and problem solving to ensure we consistently deliver a great customer experience, fast performance, and best-in-class security.

Because cybersecurity is a growing field, I get a lot of questions from other job seekers who are curious about this industry but never truly considered it due to their belief that a lack of technical skills will prevent them from pursuing a career in the field. From these conversations, I’ve found that there are many misconceptions about cybersecurity and what background you need to pursue a successful career in this space.

Common Misconceptions About Careers in Cybersecurity

1. You Need A Specialized Degree

There’s a pervasive idea that it’s “hard” to get into cybersecurity, even for people with a technical background. I heard this a lot and even believed it when I started looking at cybersecurity as a career path. I was working toward my computer engineering degree, and even I thought it might be hard without special courses or training programs.

The fact is, the most important factor to success is a passion for the work. I myself did not even take a cybersecurity course until mid-way through my undergraduate degree. And, while I found that the training was great, having a passion for cybersecurity is what truly propelled me forward.

The higher your level of interest in the topic, the more you will immerse yourself and your technical skills will come along naturally. This doesn’t have to involve a formal education as there are many free resources available for those with the drive to pursue them, including the library of free cybersecurity training courses available through Fortinet’s NSE Training Institute.

2. Cybersecurity Is Very Niche

People often tell me they think cybersecurity is prohibitively specialized, but I disagree. Cybersecurity is everywhere. There are over 27 billion connected devices globally, including your mobile phone, laptop, TV, speakers, and even doorbell or fridge. Anywhere we keep a password or scan our face or fingerprint, we are interacting with cybersecurity.

From these everyday devices cybersecurity expands into a huge market. Once you understand this, it’s easy to start moving down the path and educating yourself about the industry and the very real threats facing us in today’s connected world.

3. You Need A Really Technical Skillset

While a technical skill set is certainly an asset, I’ve learned that the most valuable skill is curiosity. My path to a career in cybersecurity was curiosity-driven. I wondered how security was maintained and where my data was going every time I logged into a device. People don’t often think about that – we just log in, and that’s that. But I needed to know what was happening beneath the surface and this drove my success.

This trait is personal – you have it, or you don’t. I encourage people to take courses, watch videos, talk to experts, but, most of all, to be curious. Thinking outside of the box will teach you more about cybersecurity than you can imagine.

4. Girls Just Aren’t That Into Cybersecurity?

Even in 2021, there are still many gender biases and a lack of female representation in the tech sector. It should go without saying, but gender does not determine if you will be good at cybersecurity. As a woman in computer engineering, I’ve faced some dated perceptions. I remember during my undergraduate degree signing up for bug bounties, where individuals are compensated by organizations or developers for reporting bugs, and having my male classmates suggest I couldn’t find them – and that my time was better spent on social or beauty apps.

It was a learning moment no doubt, not just for me but for my classmates as well, because you can bet I went ahead and found those bugs. Now, I have my Master’s degree in Computer Science, and I’m employed in the cybersecurity field. Game, set and match.

Now that I’ve dispelled some of the myths about working in cybersecurity, I hope your curiosity is peaked. If you have a curious nature and passion for problem solving, this may be the path for you too. The field is vast and offers countless opportunities for people from all backgrounds and with researchers predicting more job openings than qualified applicants, now is the perfect time to begin your own journey in cybersecurity.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification ProgramSecurity Academy Program and Veterans Program, are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

Sourced from Fortinet

2022 Cybersecurity Trends: A Q&A with Fortinet CISOs

CISO on CISO Perspectives

From AI and automation to ransomware and cybersecurity mesh architectures, two Fortinet Field CISOs give a glimpse into some of the priorities they are hearing from customers and partners. Alain Sanchez and Joe Robertson share their perspective about some of the biggest trends they are seeing going into 2022. 

Cybersecurity Trends

What is the biggest cybersecurity trend going into 2022?

Alain: I don’t anticipate big changes at least in the first months of 2022, but more of an acceleration of the trends that we saw at the end of 2021.

Joe: I agree. For example, ransomware isn’t going away, and the fallout of the Log4J exploit is going to go on for a long time. I also think there will be more and more attacks on different types of targets, not just typical IT targets. For example, operational technology (OT) will be targeted more frequently because when production is attacked, companies will likely pay the ransom. Not only is down-time costly, but the machines themselves are expensive and could be damaged. And of course, there are the threats to human and environmental safety as well.

Alain: Whether it’s an enterprise or a telecommunications company, we’re seeing more adoption of integrated platforms. The convergence of networking and security coupled with integrated cyber security platforms is the biggest upcoming trend I’m seeing. People don’t have time to integrate disparate security products anymore. So, integration is part of the selection process and why platforms are so important.

Joe: Point or “best of breed” products don’t really cut it anymore for two reasons. The first is that no product is “best” for very long. If something is good, everyone in the business has some version of it. And the other even more important reason is that if you have a variety of different security and networking devices, it’s complicated to manage and control. And because you’re not able to track multiple vendors devices in a single place, it’s less secure. You’re actually leaving a lot of gaps in between the devices. And attackers know that; they’re going to try to slip through those cracks. Point products that are specific to a narrow niche aren’t sufficient, particularly if you can use a broader product that covers the same area as several point products.

Why is work-from-anywhere a challenge?

Joe: I think it’s important to realize that remote work has changed from work-from-home to work-from-anywhere (WFA). It’s not the same thing. WFA includes both the home and the office, not to mention airports, cafés, trains, and other places. Organizations are rethinking their buildings. They’re looking at having fewer fixed offices, more hot desking, and especially more collaboration and conference spaces. The implications of working from anywhere are, first, denser infrastructure of Wi-Fi in the office and more security for the Wi-Fi. And secondly, an increased need to positively identify users and grant them access only to the applications they need using zero trust principles.

Alain: I’d add that WFA isn’t just about people. It’s also about the Internet of Things (IoT), and even more importantly, from our point of view, the Industrial Internet of Things (IIoT). The IIoT includes devices that are suddenly using wireless connectivity and can literally be anywhere–even at sea or in space.

Why are visibility, reducing complexity, simplifying operations, and continuing integration still being talked about?

Alain: At this point, network visibility is a must have. Without it, you can completely go off track, both from a networking and security perspective. No human brain is fast enough, and no human memory is big enough to integrate zillions of parameters in real time. You need automation and you need to simplify, so your security team can focus on what a human brain does best, instead of getting bogged down in tasks like correlating logs from different solutions.

Joe: I’d add that complexity compromises security. With the growing number and types of threats today we have to do everything we can to enhance rather than compromise security. Integrating the information flows of various cybersecurity tools gives you broader look at the threat environment. Now attackers are using artificial intelligence (AI) to develop malware that never looks the same twice, so you need to take advantage of behavioral approaches and your own AI.

Why is a mesh cybersecurity architecture approach critical now?

Alain: The security-driven networking and pre-integration of a mesh architecture provide an immense service to cybersecurity officers because it addresses the networking and security issues as one.

Joe: Different cybersecurity tools and devices exist for a reason. They each try to catch an attacker at different points during the sequence of activities an attacker uses to get in and get around an organization’s IT environment. If each of these devices works independently, you have a lot of work to do managing and analyzing different management consoles and analysis tools. At the same time, attackers are looking to slip in through the cracks between devices. With a mesh architecture, all the devices are talking to each other and sharing information with common management and analysis tools. You can then close those gaps and make it a lot tougher on the bad guys – hopefully tough enough that they’ll give up and look for an easier target.

Cybersecurity mesh platform: Read more about how the Fortinet Security Fabric is the industry’s highest-performing cybersecurity mesh platform.

 

Sourced from Fortinet

Weaponizing the Edge with Cyber Threats

Networks have more edges than ever. The traditional network perimeter has been replaced with multiple edge environments that include WAN, multi-cloud, data center, Internet of Things (IoT), and home and other remote workspaces. All of these edges are interconnected, which has improved performance, but often at the expense of centralized visibility and unified control. Each edge has unique risks that are offering new opportunities for cybercriminals to get a foothold. In fact, reports indicate that home networks used by remote workers are 3.5x more likely to have at least one family of malware, and 7.5x more likely to have five or more.

The lack of security on these networks means it’s inevitable that more corporate network attacks will be launched from a remote worker network located at the edge.

Cyber Threats at the Edge

The rise in remote work is exposing corporate networks to threats that plague residential networks. Malware that affects IoT devices, like printers, have been prevalent in botnet attacks. If a botnet infects hundreds of thousands of devices, it can be used in distributed denial of service (DDoS) attacks. Using these small IoT devices is a widespread threat today and will evolve over time.

Although end-users and their home resources are already targets for cybercriminals, sophisticated attackers can use home-based resources as a springboard for other more serious attacks. Edge access trojans (EATs) can perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands. Along the same lines, a remote access trojan (RAT) is a type of malware that gives the attacker full control of a user’s computer. The cybercriminal maintains access to the device through a remote network connection, which they use to steal information or spy on a user.

When cybercriminals combine voice-enabled “smart” devices from a home network with a RAT, you end up with a trojan that is capable of collecting and listening to data, and then acting on it. What this means is that smart devices or other home-based systems that interact with users, will no longer simply be targets for attacks, but will also be conduits for deeper attacks. Cybercriminals can take advantage of important contextual information about users including daily routines, habits, or financial information to improve the success rate of their social engineering-based attacks. These smarter attacks could lead to much more than turning off security systems, disabling cameras, or hijacking smart appliances. They could enable the ransoming and extortion of additional data or stealth credential attacks.

Another edge-based “living off the land” threat allows malware to use existing toolsets and capabilities within compromised environments so attacks and data exfiltration look like normal system activity. Because nothing seems out of the ordinary and the attacker is using legitimate tools to carry out the nefarious activity, these types of attacks can be extremely effective. The combination of living off the land attacks with EATs is likely to mean new attacks will be designed to live off the edge, not just the land. As edge devices become more powerful with more native capabilities and more privilege, edge-based malware could monitor edge activities and data and then steal, hijack, or even ransom critical systems, applications and information while avoiding being detected.

Defending Against Cyber Threats at the Edge

As more of these edge attacks turn into a reality, it’s only a matter of time before the malware is commoditized and available as a darknet service or as part of open-source toolkits. It will take a combination of technology, people, training, and partnerships to protect users from these types of attacks at the edge. Unfortunately, even as the network perimeter becomes more fragmented and more organizations transition to a multi-cloud or hybrid networking model, cybersecurity teams continue to operate in silos. As they add on more edges and cloud-based access into their networks, many organizations attempt to “bolt on” security tools to protect a given function or segment of the network in isolation. But doing so makes maintaining organization-wide visibility and consistent policy enforcement virtually impossible. As attacks become more sophisticated and complex, organizations struggling with security gaps are increasingly vulnerable.

Organizations need to take advantage of artificial intelligence (AI) and machine learning (ML) to speed threat prevention, detection, and response. Advanced endpoint technologies like endpoint detection and response (EDR) can help to identify malicious threats based on behavior. Also, zero-trust network access (ZTNA) is critical for secure application access to extend protections to mobile workers and learners, while Secure SD-WAN is important to protect evolving WAN edges. Segmentation is another foundational strategy that can be used to restrict lateral movement inside a network and confine breaches to a smaller portion of the network. Actionable and integrated threat intelligence can improve an organization’s real-time defenses as the speed of attacks continues to increase. Rather than trying to add on more products in each of these areas, a better approach is to use a cybersecurity mesh architecture that integrates security controls into, and across, widely distributed networks and assets. 

Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.

 

Sourced from Fortinet

Three Advantages of Integrated Security at the LAN Edge

The LAN edge presents a broad and potentially vulnerable target for cyber criminals, and many LAN solutions lack built-in security, so they end up being secured with add-on solutions that add cost and complexity. Even solutions that have security often aren’t integrated with the LAN edge, which can lead to opportunities for configurations to drift and cybercriminals to slip through the gaps. When it comes to managing the LAN edge, IT organizations face a number of challenges:

  • Keeping different configurations in sync
  • Gaining visibility across the network
  • Managing differing levels of access
  • Dealing with high total cost of ownership (TCO)

Although users want fast Ethernet and Wi-Fi connections, IT staff needs secure solutions that reduce complexity and overhead so they can focus their time on strategic initiatives rather than spending time managing common network issues.

Attacks are increasing with threats like ransomware on the rise (more than 1100% from June 2020 to July 2021). Lack of qualified personnel and network complexity are leading to security gaps and increased risk. A recent IBM survey suggests organizations have an average of 45 security tools deployed and each incident requires coordination across 19 different tools. The dwell time for security breaches is now measured in months with costs exceeding $8.6 million per breach.

To address these challenges and to better manage a secure network, more organizations are considering integrated platform approaches or a meshed cybersecurity architecture. Solutions that combine management for wired, wireless, and security functions are becoming more common as organizations attempt to streamline their operations.

The convergence of networking and security breaks down silos and centralizes data from users and the network that can be used to improve security and performance. By putting a next-generation firewall (NGFW) at the heart of the network, the network is secure by design from the ground up. This type of integrated platform approach that converges networking and security offers three key advantages.

Three Advantages of Converging Networking and Security

1. Simpler Configuration

In large sprawling networks, making even one small change can have a ripple effect and disrupt other areas of the network. IT staff need to be able to be sure that any additions, changes, or updates can be tracked and managed, so that all areas of the network remain in sync and operational. Network deployment at remote sites can have the potential for configuration problems as well. The work required to install and oversee a common standard across many remote locations and disparate branch topologies can quickly drain IT resources. Integrated security-driven networking solutions are easier to scale and extend without sacrificing security.

2. Better Visibility for Easier Management

Today’s networks are constantly changing with devices from employees, contractors, and guests joining and leaving the network all the time. Typical LAN edge visibility can provide details about device connections, but may be missing upper-layer device context such as the level of user authentication and associated resource access limits. The ever-increasing number of Internet of things (IoT) devices are a particular challenge in terms of visibility because as they appear on the network, the applications they represent must be enabled without putting the overall security of the network at risk. In locations without on-site IT staff, dealing with IoT devices can be even more challenging because the information in the access layer interface is the only information provided. Good LAN edge solutions are able to deal with all types of devices and users as they connect without constant involvement from IT staff.

3. Lower Total Cost of Ownership

Even if solutions can provide the visibility and management an organization needs, the cumulative costs for licensing, enabling, and subscribing to capabilities on a piecemeal basis can add up. Organizations must carefully track how many systems and solutions need to be purchased to get everything to work across the entire organization. They need to determine how many licenses they need and if various features require recurring subscriptions. Calculating the cost of ownership also needs to take staff time into account. The time required for deployment and maintenance of operations can also vary quite a bit among solutions, so it’s important to understand how complicated a given solution is to manage and if it needs additional products to function properly. Consolidating solutions with a high-performance mesh platform approach can dramatically simplify licensing and reduce costs.

Integrated Security That Reduces Complexity

Wired and wireless LAN networks are the backbone of an organization and require a significant investment of both time and money. But building, securing and managing local area networks doesn’t have to be challenging, time consuming and expensive. For the best possible protection, these networks should be built and maintained with security top of mind, not as an afterthought.

Integrated solutions make it possible to streamline the architecture and can alleviate configuration and management burdens for IT staff. This applies not only to the LAN, but to SD-WAN and ZTNA as well. By implementing an adaptive and integrated platform, organizations can eliminate appliance, configuration, and licensing sprawl. This type of platform approach saves both time and money so organizations can deliver on their business objectives while keeping day- to-day network management simple.

Read more about why the Fortinet Security Fabric is the industry’s highest-performing cybersecurity mesh platform.

Sourced from Fortinet

Are You Prepared for More OT Threats?

For years, Operational Technology (OT) systems have been working to control everything from factories to transportation networks to utilities. The reality is most citizens don’t think about these systems until there’s a problem. That’s why the the attack against Colonial Pipeline in May 2021 was so startling. The attack on a segment of the enterprise transcended IT and resulted in a temporary but severe disruption of the OT based fuel supplies and led the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to issue an advisory urging critical infrastructure (CI) asset owners and operators to take on a heightened state of awareness.

Unfortunately, the attack against Colonial Pipeline isn’t the first or last time an adversarial cyberattack on an OT target will make headlines. Malicious cyberattacks are likely to increase given the opportunities for mission impact, social anxiety, and profit that disrupting systems and stealing intellectual property from OT and IT systems represent. If there’s any silver lining to this high-profile attack it’s that it has put a renewed focus on securing critical OT assets.

OT cyber events also have demonstrated the consequence of failing to invest and commit proportionally to a cybersecurity strategy. For years OT system owners relied on the “air gap” that separated OT systems from IT to protect them. But as more and more OT organizations digitally connect OT infrastructure such as supervisory control and data acquisition (SCADA) systems with IT networks, the resulting evaporation of the air gap has dramatically increased the level of risk. Given this situation, it’s not a surprise that in the “2021 State of Operational Technology and Cybersecurity Report” 9 out of 10 OT organizations experienced at least one intrusion in the past year and 63% had three or more intrusions.

To protect cyber physical assets, OT organizations need to commit toa proactive cybersecurity strategy, paying particular attention to visibility, control, and behavior analysis. It’s critical to protect every point of connection to the outside world to proactively safeguard OT.

OT Is No Longer a Niche Exploit

In the past, exploits against SCADA or industrial control systems (ICS) were viewed as an infrequent subset of highly structured and often nation-state sponsored targeted attacks. But the OT market is expected to continue to grow through 2027 at a CAGR of 6.40%. Relying on obscurity as a defense strategy doesn’t work anymore; it’s practically an invitation to cybercriminals to penetrate and ultimately compromise OT systems. Although IT-related exploits are still more prevalent, according to the Global Threat Landscape Report from FortiGuard Labs, a growing number of  exploits are targeting OT. The long-held perception that ICS exploits are an obscure niche of the cyber threat landscape is simply no longer the case.

Why Now?

In the past, OT attacks were the domain of specialized threat actors who knew how to exploit ICS and SCADA systems. But now, many of those tools are now being packaged as attack kits on the dark web, so they are available to a much broader set of less technical attackers. The motivations behind the attacks range from gaining a profit through extortion, stealing intellectual property, to simply testing infrastructure resilience. The attacks offer a side benefit in that they create a climate of uncertainty and can force actions by executives in the government and commercial sector. The headlines generated from a successful attack on OT infrastructure only serve to amplify these effects. Attacks on large enterprise businesses in energy and manufacturing and even smaller more discrete intrusions at the municipal utilities level are all newsworthy. The alarming cybersecurity news in 2021 reinforces the fact that OT infrastructures require attention to reduce the attack vectors, tactics, and techniques that focus on industrial environments.

The Need for Better Visibility

The rapid expansion in the threat landscape and the increase in attacks demonstrate the increased need for integration between enterprise solutions and operational infrastructure. In most cases, security considerations need to extend to on-premise systems and extend to the Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices. It’s also important to have an infrastructure control strategy that restricts and contains suspicious activity and behavior. At a minimum, organizations should implement zero-trust network access (ZTNA), which limits user or device access to only those resources required to perform a specific role or function. ZTNA also strictly limits the range and level of engagement, which serves to restrict activity if a system is compromised. 

OT organizations that put comprehensive security policies in place give themselves an advantage over threat actors and can limit the impact of a breach. OT infrastructure is no longer benefiting from obscurity and the adoption of near-universal convergence of IT and OT networks implies traditionally isolated environments are no longer safe. Organizations must take proactive steps to harden OT environments, including integrating tools and practices designed to protect, detect, and respond to threats in real-time. Although attacks are inevitable, they don’t have to be successful.

 

Learn how Fortinet secures the convergence of OT and IT. By designing security into complex infrastructure via the Fortinet Security Fabric, organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant. 

Read these customer use cases to find out how Houston County Electric Cooperative used Fortinet’s OT Security Solutions to protect their distributed networks and critical infrastructure.

Sourced from Fortinet

OT Threats Are on the Rise. Are You Prepared?

For years, operational technology (OT) systems have been working to control everything from factories to transportation networks to utilities. But the reality is that most citizens don’t think about these systems until there’s a problem. 

That’s why the attack against Colonial Pipeline in May 2021 was so startling. The attack on a segment of the enterprise transcended IT and resulted in a temporary but severe disruption of the OT based fuel supplies. This led the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to issue an advisory urging critical infrastructure (CI) asset owners and operators to take on a heightened state of awareness.

Unfortunately, the attack against Colonial Pipeline isn’t the first or last time an adversarial cyberattack on an OT target will make headlines. Malicious cyberattacks are likely to increase given the opportunities for mission impact, social anxiety, and profit that disrupting systems and stealing intellectual property from OT and IT systems represent. If there’s any silver lining to this high-profile attack it’s that it has put a renewed focus on securing critical OT assets.

Common Challenges When Securing OT Systems

OT cyber events also have demonstrated the consequence of failing to invest and commit proportionally to a cybersecurity strategy. For years, OT system owners relied on the “air gap” that separated OT systems from IT to protect them. But as more and more OT organizations digitally connect OT infrastructure such as supervisory control and data acquisition (SCADA) systems with IT networks, the resulting evaporation of the air gap has dramatically increased the level of risk. Given this situation, it’s not a surprise that in the “2021 State of Operational Technology and Cybersecurity Report,” 9 out of 10 OT organizations experienced at least one intrusion in the past year and 63% had three or more intrusions.

In the past, exploits against SCADA or industrial control systems (ICS) were viewed as an infrequent subset of highly structured and often nation-state-sponsored targeted attacks. But the OT market is expected to continue to grow through 2027 at a CAGR of 6.40%. Relying on obscurity as a defense strategy doesn’t work anymore; it’s practically an invitation to cybercriminals to penetrate and ultimately compromise OT systems. Although IT-related exploits are still more prevalent, according to the Global Threat Landscape Report from FortiGuard Labs, a growing number of exploits are targeting OT. The long-held perception that ICS exploits are an obscure niche of the cyber threat landscape is simply no longer the case.

To protect cyber-physical assets, OT organizations must commit to a proactive cybersecurity strategy, paying particular attention to visibility, control, and behavior analysis. It’s critical to protect every point of connection to the outside world to proactively safeguard OT.

Why Are OT Threats Becoming More Common?

In the past, OT attacks were the domain of specialized threat actors who knew how to exploit ICS and SCADA systems. But now, many of those tools are now being packaged as attack kits on the dark web, so they are available to a much broader set of less technical attackers. 

The motivations behind the attacks range from gaining a profit through extortion, stealing intellectual property, to simply testing infrastructure resilience. The attacks offer a side benefit in that they create a climate of uncertainty and can force actions by executives in the government and commercial sector. The headlines generated from a successful attack on OT infrastructure only serve to amplify these effects. Attacks on large enterprise businesses in energy and manufacturing and even smaller more discrete intrusions at the municipal utilities level are all newsworthy. The alarming cybersecurity news in 2021 reinforces the fact that OT infrastructures require attention to reduce the attack vectors, tactics, and techniques that focus on industrial environments.

Overcoming OT Threats with Better Visibility

The rapid expansion in the threat landscape and the increase in attacks demonstrate the increased need for integration between enterprise solutions and operational infrastructure. In most cases, security considerations need to extend to on-premise systems and extend to the Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices. It’s also important to have an infrastructure control strategy that restricts and contains suspicious activity and behavior. At a minimum, organizations should implement zero-trust network access (ZTNA), which limits user or device access to only those resources required to perform a specific role or function. ZTNA also strictly limits the range and level of engagement, which serves to restrict activity if a system is compromised. 

OT organizations that put comprehensive security policies in place give themselves an advantage over threat actors and can limit the impact of a breach. OT infrastructure is no longer benefiting from obscurity and the adoption of near-universal convergence of IT and OT networks implies traditionally isolated environments are no longer safe. Organizations must take proactive steps to harden OT environments, including integrating tools and practices designed to protect, detect, and respond to threats in real-time. Although attacks are inevitable, they don’t have to be successful.

 

Learn how Fortinet secures the convergence of OT and IT. By designing security into complex infrastructure via the Fortinet Security Fabric, organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant. 

Read these customer use cases to find out how Houston County Electric Cooperative used Fortinet’s OT Security Solutions to protect their distributed networks and critical infrastructure.

Sourced from Fortinet

Companies Ask White House to Work With Them on Infrastructure Act Cybersecurity

On November 15, President Biden signed the $1.2 trillion bipartisan infrastructure plan into law. Officially known as the “Infrastructure Investment and Jobs Act,” the law invests billions into transportation, broadband, and utilities. Unlike previous grant programs, the Act specifically recognizes the need for cybersecurity and includes funds to secure new infrastructure. 

Building and maintaining much of this infrastructure will fall to the private sector, and as such government should leverage the insight and expertise of private industry in the planning process, since systems are usually more secure and reliable when security is built in rather than bolted on as an afterthought. To that end, Fortinet is leading an effort with a number of cybersecurity companies expressing their support for thoughtful security-focused implementation. A letter signed by 10 leaders in the cybersecurity industry asks that the White House convene a forum with the private sector to help ensure that the departments and agencies of the U.S. government implementing the infrastructure plan benefit from the insight and expertise of industry.

The Relationship Between Infrastructure and Cybersecurity

The digital nature of upgraded infrastructure brings not only opportunity, but also the potential for significant security risks.  Although cybersecurity is not traditionally associated with infrastructure like roads and bridges, digital networked technology is everywhere. Today’s roads and bridges have traffic and stress sensors to improve performance and safety; public transportation, rail, and airports incorporate automation to keep everything running smoothly and safely; and water, power and other public utilities depend on countless networked control systems to keep the lights on and the water flowing.

Failing to consider the cybersecurity ramifications of these infrastructure improvements may increase vulnerability and the potential impact of failure. The threat isn’t theoretical; many public utilities have already been exploited by malicious cyber actors.   

The companies that signed the letter to the White House are ready to work with the government to implement the Act because they believe that this law presents a once in a lifetime opportunity to improve the safety and security of our nation’s infrastructure.

Partnering to Protect Infrastructure

Creating the secure infrastructure of tomorrow will require extensive planning, coordination, and a comprehensive approach to managing cyber risk. It is an opportunity for public and private sector partners to work together to incorporate security from the start of the planning process through the building and operation of the new infrastructure.

Improving the nation’s infrastructure is a massive undertaking, Fortinet and other signatories of the letter are committed to a smarter, more secure national infrastructure.  The infrastructure that our nation relies on needs to be both modernized and better protected. The coordinated, public-private approach to cybersecurity these companies are proposing will bring a comprehensive approach to ensuring this infrastructure supports our nation’s needs and has the flexible cybersecurity it will need to meet current and future threats.

Read the full: “Infrastructure Investment and Jobs Act White House Letter

From securing network security challenges to combating the increasing threat of ransomware, organizations need a broad and automated cybersecurity mesh platform. Learn how to reduce complexity and simplify operations with Fortinet’s Security Fabric platform.

Sourced from Fortinet

Fortinet NSE Training: Delivering Real-World Knowledge and Technical Skills

If you pull back the covers on the Fortinet Network Security Expert (NSE) Certification program, you’ll see that it is much more than just training on Fortinet products. The professional content developers who work on these courses, structure them so that they provide foundational and advanced cybersecurity knowledge that can be applied across various vendor solutions. The role-based structure of the courses provides guidance and best practices to individuals on how to set up specific security solutions as well as what the process is to defend against potential cyber-attacks.

The first three levels of Fortinet certification are a great entry point for anyone who wants to learn about cybersecurity fundamentals and the threat landscape. Levels 4–6 dive deeper into technical aspects of cybersecurity covering configuration, monitoring and troubleshooting as well as central management, analytics and products beyond the firewall. These levels are geared towards Network and System Administrators, Cybersecurity Analysts, Technical Support Engineers and System Engineers. NSE 7 covers advanced design, administration and support of specific security solutions that integrate multiple security products. The NSE 8 Fortinet Network Security Expert designation recognizes comprehensive knowledge of network security design, configuration, and troubleshooting for complex networks.

Role-Based Course Design

The process we use to create our courses is role-based and task led. First, we identify the roles in cybersecurity—such as administrator, analyst, architect—then we identify the tasks that people need to master in those roles. The identified job tasks become our training objectives and course content. Therefore, our courses teach real-life skills and tasks that professionals actually need to learn and master in different cybersecurity roles. We always look to identify the audience of our courses first. For example, in the case of NSE 4, the main audience or the role for those courses is firewall administrators. So, the NSE 4 content covers skills and tasks that firewall administrators need to do in their daily job. The content we create for our courses is role-based and led by the industry needs. In other words, we are training the individual to become an expert in their field. In the end, our training is about job performance. You’re learning daily routines and activities that will improve your job performance and that apply to many different vendors. 

The best takeaway about our role-based training is that the real-life skills you learn translate across the industry. For example, you learn how to administrate a FortiSIEM in one of our NSE 5 courses, and that translates well to administrating any vendor SIEM. Some elements of the technology might vary between vendors, but most of the concepts remain the same. It’s hands-on learning that you can take with you anywhere. It’s like any other skill. Say you get certified in copyediting, and the material is centered on healthcare. You can take the skills and procedures that you learn and use them in any vertical. It’s really about learning how to do job tasks well. You will walk away with a foundational understanding that’s applicable across the board.

Testing the Content

Before releasing an NSE course, it goes through a long QA process. Each time we create a piece of content, it first goes through a subject matter expert (SME) who reviews the accuracy of the technical concepts. After that, each piece of content goes through copyediting. This team ensures the quality of the content, and that it follows our style guides. They also make sure that the content is easily consumable by our global learners. 

As a final test, we do what is called a ‘beta class.’ During that beta class, we deliver and teach the content to an audience simulating a classroom environment. Among the audience we have people who are new to the content as well as additional SMEs who conduct a final review.

Doing Our Part to Close the Cyber Skills Gap

Fortinet’s commitment to training and certification goes well beyond a focus on our products. As a company, we are dedicated to closing the cybersecurity workforce gap. This measurement, which sits at 2.72 million professionals according to the 2021 ISC2 Cybersecurity Workforce Study, is down from 3.12 million in 2020. ISC2 describes the workforce gap as “the number of additional professionals that organizations need to adequately defend their critical assets”. It was formerly referred to as the skills gap.

By developing our training in a role-based and task-led process, we are ensuring that not only will those who take Fortinet’s NSE training and certifications are able to best serve our customers and partners, but that they will be learning industry skills that will service them in any capacity and position along their career paths. Accumulating a breadth of security, cloud, and networking knowledge will help IT and security professionals perform well in their current role, help them advance in their careers, and, for those entering the cyber industry, it will provide a good foundation for wherever their career may take them. 

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification ProgramSecurity Academy Program and Veterans Program, are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

Sourced from Fortinet

Fortinet NSE Institute: Real-World Cybersecurity Training Program

If you pull back the covers on the Fortinet Network Security Expert (NSE) Certification program, you’ll see that it is much more than just training on Fortinet products. The professional content developers who work on these courses structure them in a way that provides foundational and advanced cybersecurity knowledge that can be applied across various vendor solutions. The role-based structure of the cyber training courses provides guidance and best practices to individuals on how to set up specific security solutions as well as what the process is to defend against potential cyberattacks.

The first three levels of Fortinet certification are a great entry point for anyone who wants to learn about cybersecurity fundamentals and the threat landscape. Levels 4–6 dive deeper into technical aspects of cybersecurity covering configuration, monitoring and troubleshooting as well as central management, analytics and products beyond the firewall. These levels are geared towards Network and System Administrators, Cybersecurity Analysts, Technical Support Engineers and System Engineers. NSE 7 covers advanced design, administration and support of specific security solutions that integrate multiple security products. The NSE 8 Fortinet Network Security Expert designation recognizes comprehensive knowledge of network security design, configuration, and troubleshooting for complex networks.

Fortinet NSE Cybersecurity Training: Role-Based Course Design

The process we use to create our courses is role-based and task led. First, we identify the roles in cybersecurity—such as administrator, analyst, architect. From there, we identify the tasks that people need to master in those roles. The identified job tasks become our training objectives and course content. Therefore, our courses teach real-life skills and tasks that professionals actually need to learn and master in different cybersecurity roles. 

We always look to identify the audience of our courses first. For example, in the case of NSE 4, the main audience or the role for those courses is firewall administrators. So, the NSE 4 content covers skills and tasks that firewall administrators need to do in their daily job. The content we create for our courses is role-based and led by the industry needs. In other words, we are training the individual to become an expert in their field. 

In the end, our training is about job performance. You’re learning daily routines and activities that will improve your job performance and that apply to many different vendors. 

The best takeaway about our role-based cyber training is that the real-life skills you learn translate across the industry. For example, you learn how to administrate a FortiSIEM in one of our NSE 5 courses, which translates well to administrating any vendor SIEM. Some elements of the technology might vary between vendors, but most of the concepts remain the same. It’s hands-on learning that you can take with you anywhere. It’s like any other skill. Say you get certified in copyediting, and the material is centered on healthcare. You can take the skills and procedures that you learn and use them in any vertical. It’s really about learning how to do job tasks well. You will walk away with a foundational understanding that’s applicable across the board.

Testing the Content

Before releasing an NSE course, it goes through a long QA process. Each time we create a piece of content, it first goes through a subject matter expert (SME) who reviews the accuracy of the technical concepts. After that, each piece of content goes through copyediting. This team ensures the quality of the content, and that it follows our style guides. They also make sure that the content is easily consumable by our global learners. 

As a final test, we do what is called a ‘beta class.’ During that beta class, we deliver and teach the content to an audience simulating a classroom environment. Among the audience we have people who are new to the content as well as additional SMEs who conduct a final review.

Doing Our Part to Close the Cybersecurity Skills Gap With Free Training

Fortinet’s commitment to training and certification goes well beyond a focus on our products. As a company, we are dedicated to closing the cybersecurity workforce gap. This measurement, which sits at 2.72 million professionals according to the 2021 ISC2 Cybersecurity Workforce Study, is down from 3.12 million in 2020. ISC2 describes the workforce gap as “the number of additional professionals that organizations need to adequately defend their critical assets”. It was formerly referred to as the skills gap.

By developing our training in a role-based and task-led process, we are ensuring that not only will those who take Fortinet’s NSE training and certifications are able to best serve our customers and partners, but that they will be learning industry skills that will service them in any capacity and position along their career paths. Accumulating a breadth of security, cloud, and networking knowledge will help IT and security professionals perform well in their current role, provide career development opportunities, and, for those entering the cyber industry, it will provide a good foundation for wherever their career may take them. 

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification ProgramSecurity Academy Program and Veterans Program, are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

Sourced from Fortinet

Understanding the Attack Chain Helps to Counter Threats

Security teams are struggling to keep pace with the changes in their networks. Hybrid work, multi-cloud, the explosion of IoT and BYOD devices, and 5G. Meanwhile, cybercriminals have been undergoing their own digital transformation. Machine learning and agile development, new sophisticated attacks, combined with Dark Web crime-as-a-service offerings mean that attacks are faster, harder to detect, and better at finding and exploiting vulnerabilities. In fact, a recent FortiGuard Labs threat report demonstrated that ransomware increased tenfold in the last year.

Understanding the MITRE Attack Chain

Effectively defending against cyberattacks today requires security teams to work smarter rather than harder. Cybercriminal strategies target every link in an attack chain, from gathering information and gaining access, to moving laterally across the network to discover resources to target, to evading detection while exfiltrating data. Traditional security strategies, however, tend to only focus on a handful of attack components, which gives criminals a significant advantage.

To address today’s challenges, security teams need a combination of tools, strategy, automation, and skilled professionals to monitor the entire attack chain and automate as much of the process as possible so that human resources can be focused on higher order analysis and response. Choosing such tools, however, requires understanding the entire length of the attack chain and how vulnerabilities in each of its links can compromise the security of your network.

To assist with this, MITRE has mapped the attack chain into Fourteen discrete links, along with examples of the types of attacks that target each link in that chain. To effectively counter today’s advanced threats, security teams need to familiarize themselves with each link in the chain and map them directly to functional areas and tools within their own networks.

Reconnaissance: This is the adversary’s planning phase for future attacks.  The activities focus on information gathering which could be performed actively or passively depending on the requirement. Specifically, the actor is looking to learn more about the organization including its infrastructure and employees.  The more information the adversary knows about the target the better chance of a successful attack.  

Resource Development: Before an attacker can start their cyber mission, they need to make sure they have the right resources to execute the mission.  The attacker will need to determine of they will create, purchase, steal or compromise the right resources to support the mission. Examples could be things like domains, web services, VPNs, infrastructure, accounts/emails, malware and exploits. 

Initial Access: Exploiting known vulnerabilities in servers, compromising websites or applications, or taking advantage of successful spearphishing attacks allow attackers to wedge a foothold into the edge of the network.

Execution: This is the point where an attacker executes a binary, command, or script to begin their network reconnaissance and exploitation process.

Persistence: Once an attacker has established a foothold, the next goal is to avoid detection. Creating or manipulating accounts, applying rootkits, using run keys or exploiting tools like application shimming enable attackers to persist in place while the explore the network for potential targets.

Privilege Escalation: Basic access does not allow an attacker much opportunity to explore the network. To move around the network and access resources worth stealing, an attacker needs higher network privileges.

Defense Evasion: To move through a network undetected, especially when exfiltrating data, attacks need to avoid detection by things like behavioral analytics and IPS tools. Techniques such as clearing files, learning and mimicking normal traffic behaviors, or disabling security tools are just a few of the full range of tools available to today’s hackers.

Credential Access: In many organizations, critical data and other resources are protected behind a wall of security that require appropriate credentials for access. Unfortunately, gaining access to credentials isn’t always that difficult. They are stored in files or in a registry that attackers can exploit, techniques like hooking allow cybercriminals to intercept traffic to uncover credentials, and account manipulation can involve things like adding or modifying the permissions to the account being used to access the network.

Discovery and Lateral Movement: Not all data exists in the segment of the network that was broken into. Many of the same techniques used to this point are used again to determine where valuable resources exist and to then allow an attacker to move laterally between network segments, whether they are local to the breach or at some remote physical or virtual data center.

Collection and Exfiltration: Once an attacker has identified a payload, they need to collect that data needs and extract it from the network without being detected. This is often the trickiest part of the process, as this may involve massive amounts of data. But if a cybercriminal has carefully crafted each attack element to this point, they are often able to remain inside a compromised network for months, slowly moving data to other resources that are under less scrutiny, and eventually out of the network.

Command and Control: The final step is for attackers to cover their tracks completely. Multi-hop proxies, data obfuscation, and multi-stage exfiltration are just a few of the techniques cybercriminals use to ensure that stolen data cannot be tracked and traced back to them.

Impact: This link in the chain helps understand the overall impact the attacker will create if the attack is successful.  The adversary could be trying to manipulate or destroy your data and or systems.  They could also try to interrupt your business processes.  

Working Smarter by Understanding the MITRE Attack Chain

Addressing the entire attack chain needs to be combined with understanding how the network functions, including the impact that future business requirements will have on the network. Mapping those functions to the attack chain allows security teams to think comprehensively about security threats.

Breaking security down into the fourteen MITRE attack chain links has two goals.

The first is to engineer as much risk out of the network as possible by addressing weaknesses inherent in each link of the attack chain before an attack occurs. This may include hardening protocols to prevent their exploitation, turning off unused ports, and baselining all known traffic so that new applications or escalating privileges can be identified. Each of these activities can be mapped to multiple attack chain links. So can behavioral analytics, which can identify when a device begins behaving strangely, such as FTPing data out of the network. Even activities such as patching or replacing vulnerable devices, and subscribing to threat intelligence feeds so you are tuned to current attack methodologies and malware can be mapped to multiple links in the attack chain.

The second goal is to apply security strategically so that fewer security tools can address more challenges. This allows you to keep the number of management and orchestration consoles you need to monitor under control. It also enhances your ability to implement AI and machine learning such as Endpoint detection and Response technologies to address challenges at digital speeds. Tools like Network Access Control and zero trust network access ensure that you are aware of every device on your network, while SIEM devices ensure that threat intelligence is dynamically collected and correlated from every devices deployed in every corner of your network. Keep in mind that once you have chosen the right technologies and have the proper configurations and logging its equally as important to you have the right people and processes in place to ensure the return on investment with those technologies.  Remember a strong cyber defense is comprised of People, Processes and Technologies.  

At the same time, consistency in security policy implementation and enforcement across different network ecosystems is critical. For example, you should deploy the same NGFW solution in every part of your network, whether physical or virtual. This ensures that security protocols and enforcement are applied consistently and that you can monitor and manage your systems through a single central console.

Approaching Security Strategically 

Of course, this strategic approach may require radically rethinking your security deployment. Tools have to be fully integrated so that the network can identify and address security threats as a unified system. A self-healing network requires security devices to share and correlate threat intelligence to identify and monitor every device, track applications, detect malware, isolate infected devices, and coordinate responses across a wide variety of network ecosystems, —from multi-cloud infrastructures, platforms, and applications, to remote workers and IoT devices, to next-gen branch offices connected to cloud and physical resources through Secure SD-WAN. Threat intelligence and response also needs to be driven into each link in the MITRE attack chain. And where possible, AI and machine learning need to be applied so that your integrated security fabric can respond to threats at digital speeds and human resources can provide critical supervision.

The MITRE Attack Chain to Shift Proactive Thinking

A breach resulting in the loss of data can occur in minutes or hours. And yet, it can take weeks or months for most security breaches to be detected. By that time, the perpetrators and your data are long gone. The only way to get out in front of this challenge is to change from a traditional tactical approach that relies on isolated legacy security tools to an integrated strategy that enables you to see and control your entire networked environment, link by link, to identify anomalous behavior and automatically thwart attackers before they have managed to escalate themselves up the attack chain.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio.  

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet NSE Training programSecurity Academy program, and Veterans program.

Sourced from Fortinet