Secure SD-WAN Has an Important Role to Play in Financial Services

Industry Perspectives

This is a summary of an article written for Global Banking & Finance Review by Renee Tarun, Deputy CISO at Fortinet. The entire article can be accessed here

Financial services organizations have long dealt with the challenge of providing secure, robust, and cost-effective connectivity to their branch offices, which are often spread out across cities, states, and even countries. But as more employees began to work from home as a result of the pandemic, this issue only grew more complicated due to an increase in the number of remote users requiring access to the corporate network. Unsurprisingly, this has led to increased bandwidth requirements and more applications moving to the cloud. At the same time, traditional Multiprotocol Label Switching (MPLS) connections have proven ineffective, sometimes inhibiting – or even prohibiting – visibility, security, and performance amid the proliferation of new locations. 

How Secure SD-WAN Supports Evolving Business Requirements

Pandemic-related restrictions and shutdowns have led financial services organizations to adopt various business applications to stay afloat. In one scenario, an organization with more than 500 employees and branches across Africa and the Middle East found that the single MPLS and internet link they had at each location hindered their business-critical video and voice applications. Not only did this connectivity issue negatively impact employee collaboration, but it also hurt customer interactions. 

Ultimately, this organization required secure and reliable access to the corporate network from all of its individual locations. With this in mind, the search began for a software-defined networking (SD-WAN) solution that offered application steering with service-level agreement (SLA) performance while still supporting numerous wide area network (WAN) connections for various remote offices. The company also sought a feature-rich SD-WAN solution that could support their evolving business needs for years to come. 

Considering the Value of Secure SD-WAN 

Ongoing pressure to reduce costs across their IT environment heavily impacted this company’s decision-making process when searching for the right solution, as is often the case with most financial services organizations. And while data security was also considered a top priority, it could not come at the expense of strong network performance. When putting these factors into consideration upon evaluating several solutions, the company determined that a security-driven networking approach to SD-WAN checked off all the boxes. Not only would a secure SD-WAN solution provide them with all the tools they needed, but it would also enable them to control costs and optimize operational efficiency at the same time. 

The combination of networking and security in a single solution would provide high-speed performance, as well as built-in next-generation firewall (NGFW) functionality. It also enabled simplified scalability and management, both of which were crucial as new offices began to open in the future. 

Highlighting the Benefits of Secure SD-WAN 

With the right secure SD-WAN solution in place, organizations can enjoy the combined benefits of NGFW, WAN optimization, automation, and traffic shaping, among others. Upon the implementation of their solution, the company in question improved its operations thanks to the following: 

  • Centralized Management and Reporting: This financial services organization has been able to deploy secure SD-WAN at their remote branch locations easily and quickly, thereby reducing the need for additional IT staff. In addition, they achieved improved visibility and control across their entire network infrastructure. 
  • Intelligent Application Steering: The chosen secure SD-WAN solution has the ability to intelligently identify applications to determine the best path to be taken as a means to enhance performance, even during brown out or black conditions.
  • Integrated NGFW Functionality: At the top of the list of requirements for this company was a solution that offered integrated NGFW functionality, including deep SSL inspection capabilities. The secure SD-WAN solution they chose was able to deliver this service without hindering performance. 

Finding the Right Solution to Meet Business Needs with Secure SD-WAN

As financial services organizations add more remote workers and branch offices while simultaneously adopting new cloud applications and infrastructure, they need secure connectivity solutions that can provide fast, compliant, and secure access to these cloud-based applications and the core network. And while SD-WAN is often named the solution that can address these needs, it is important to note that not all solutions are built the same, especially in regard to security. When looking for a solution, organizations must carefully consider everything they require not just for current plans, but also those of the future.

Discover how Fortinet secures financial services institutions from advanced threats while optimizing for cost and efficiency. 

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Sourced from Fortinet

Healthcare, Cybersecurity, and the COVID-19 Vaccine Supply Chain

Industry Perspectives

This is a summary of an article written for Health IT Answers by Troy Ament, Healthcare Field CISO at Fortinet. The entire article can be accessed here

Cyber criminals are well known for taking advantage of any opportunity. The largest vaccine rollout in U.S. history is no exception, with hackers now finding ways to target the supply chain. Understanding why the COVID-19 vaccine supply chain  being targeted and how to protect against such attacks is vital for IT leaders who understand that healthcare and cybersecurity must now go hand in hand. 

Understanding the Impact of the COVID-19 Vaccine Supply Chain on Healthcare Cybersecurity

The healthcare sector underwent several significant shifts during the pandemic. These shifts included a move toward offering telehealth services on a large scale, setting up remote, temporary COVID-19 testing and vaccination sites, and large-scale development, manufacturing, and distribution of vaccines. Throughout all of these shifts, security teams were responsible for maintaining compliance on top of cybersecurity. For many organizations, this meant revamping security infrastructure to support remote users and stay one step ahead of cyber criminals and hackers who seek to target vulnerabilities in the COVID-19 vaccine supply chain.

And while compliance requirements such as HIPAA have long been the primary drivers of healthcare cybersecurity strategies, additional considerations are quickly moving into a more prominent position. The threat landscape, for example, experienced significant acceleration during the pandemic and continues to grow more sophisticated. Integration of Internet of Things (IoT), Industrial Internet of Things (IIoT), and Internet of Medical Things (IoMT) devices now fuel a convergence of OT and IT. This is in addition to connected medicine, telehealth, cloud migrations, and a surge in remote work, all of which have contributed to the ever-growing attack surface.

Hackers Capitalize on COVID-19

Exploit vulnerabilities have risen in parallel with the rise of remote work. And like many other sectors, the healthcare industry has seen a significant increase in ransomware attacks. Analysts with Black Book Research are even forecasting such attacks in this sector to triple in 2021. Similarly, FortiGuard Labs’ research suggests that web browsers and IoT devices, in particular, will continue to be popular targets. 

Attackers have also targeted the technology that facilitates vaccine rollout, scheduling platforms that include personal information. When cyber criminals threaten the healthcare space, including the vaccine supply chain, not only does it lead to financial losses, but it puts patient safety at risk as hackers often leak information online. 

Managing Risks Associated with the COVID-19 Vaccine Supply Chain

A strong security foundation becomes increasingly important as networks grow in complexity and volatility. Though CISOs can’t always control the actions of their vendors’ vendors, they are still responsible for security, including scrutinizing the supply chain’s policies and protocols.

The first step is to develop a supply chain risk management plan that identifies and catalogs the risks across the system development life cycle, including design, manufacturing, production, distribution, acquisition, installation, operations, maintenance, and decommissioning. For each identified risk, solutions must be developed, and alternatives must be created for every link in the chain. 

Integration of networking and security strategies is key for healthcare cybersecurity leaders to achieve consistency and predictability in the face of the unprecedented demands now placed on their organizations. These leaders are charged with meeting the increased safety needs that come with a massive surge in IoMT device usage, cloud services, and network demands. Effective solutions include SASE and SD-WAN to enable integration and reduce complexity.

Healthcare and Cybersecurity: A Critical Pairing for the COVID-19 Vaccine Supply Chain

As healthcare and digital transformation collide in the throes of a pandemic, the potential fallout in terms of human health and safety from COVID-19 vaccine supply chain attacks requires serious consideration and risk mitigation. Healthcare security professionals are now charged with the safekeeping of critical health supplies and equipment. As a result, cybersecurity solutions require careful supply chain examination, risk management plan creation, and consistent and diligent implementation.

Keep up with the latest advances in patient care while protecting against cyberattacks with Fortinet’s healthcare cybersecurity solutions.

Read these customer case studies to see how Enzo Biochem and Bridgeway Senior Healthcare are using Fortinet’s Security Fabric to improve patient care and secure critical data. 

Sourced from Fortinet

The Need for Adaptive Cloud Security to Protect All Environments

Today’s enterprise networks are increasingly distributed with more unique operational and compliance requirements than ever before. This creates many challenges in applying consistent policy enforcement, cross platform visibility, and unified prevention, detection and response. Organizations of all sizes are seeing the rapid introduction of new network edges as they implement remote working, hybrid cloud solutions, edge computing and a host of other digital transformation initiatives. As a result of highly distributed networks, a growing and very real issue is gaps in visibility of these network edges and increased management complexity. To prevent these issues, adaptive cloud security solutions must be able to readily adapt to address the changing business requirements and the growing demand for greater agility, innovation and user experience.

Top Consideration for Achieving End-to-End Adaptive Cloud Security  

Networks and security have always followed the compute which was previously centered on mainframes and then servers in enterprise data centers. Today, the compute is highly distributed across hybrid networks, spanning private and shared infrastructures from homes, branch offices, and enterprise data centers to multiple service provider clouds. Organizations need to ensure their network is application aware and highly adaptive – allowing users to access cloud resources without having to be routed back to central data centers. SD-WAN adoption is driven by the growth of hybrid cloud solutions and the new reality of highly distributed networks and remote working. Likewise, security needs to shift to securing all network edges – at speed and scale, on demand.

Going forward, cloud security solutions need to support Zero Trust principles and operate as integrated solutions with flexible form factors and consumption models. Security needs to be end-to-end, following data and applications wherever they may be located rather than tied to a traditional perimeter that defines trust based on whether something is “inside” or “outside” of a network perimeter.

Edge computing is driving enterprises and service providers to deploy more distributed and more localized, regional clouds close to where the end-user or device leveraging the applications and data reside. Locating the processing and storage close to where the data is being used delivers a number of benefits, including better network performance and lower cost as less traffic has to be routed to core clouds. However, this can introduce complexities that negatively affect operations and security. To prevent this from occurring, enterprises need solutions that can provide security for these new edges and facilitate seamless network performance, which means integrated Secure SD-WAN and Secure Access Service Edge (SASE).

Additionally, cloud security systems must also include artificial intelligence and machine learning solutions that can gather and analyze large amounts of data to identify threats before or the moment they occur. Solutions must also be automated to make processes faster and more accurate, ensuring the maximum level of response by all relevant resources.

Securing All Network Edges with Integrated Security

Delivering better outcomes and experiences require integrated security on all network edges – including the LAN, WAN and cloud edges. It requires the network, security and compute function to work as an integrated solution rather than traditionally siloed operations. Driving outcomes and experiences requires the application awareness of Secure SD-WAN to ensure optimized WAN access to cloud resources along with a best-in-class next generation firewall security stack. In addition, this must be natively integrated with cloud platforms to ensure a secure, seamless interaction. Single transactions can span many systems and applications, involving possibly multiple network edges, which all need to be protected. Security needs to be consistently applied on all network edges and it needs to be done in an automated, adaptive manner that meets changing requirements across networking, security and compute.

Cloud security also needs to be capable of adapting to changing customer needs and digital innovation strategies as they evolve their security networks. Organizations are increasingly replacing traditional router-based, hub and spoke networks that back-haul traffic back to the data center with application aware Secure SD-WAN solutions to optimize network performance, lower costs and drive better end user experiences while implementing integrated security. Secure SD-WAN consolidates technologies and reduces complexity, while ensuring edge-to-edge security visibility and control.

In addition to issues of compatibility, a comprehensive and integrated security strategy also has challenges in terms of speed and scale. The volume, velocity and variety of new data generated will be greater than ever before – especially as edge compute ramps up using 5G networks generating more data than central clouds and stretching the limits of traditional security solutions. Cloud security solutions will need to support new, high-speed connections and hyper-scale operations. 5G, with its ultra-high speeds and highly reliable connections, is rolling out globally, and most network security solutions, especially cloud-based ones, will struggle to keep pace. Security solutions not designed for highly encrypted, high-speed networks will create serious roadblocks for organizations.

Protecting All Environments with Adaptive Cloud Security

An adaptive cloud security strategy enables security that follows application and data, as well as can be adapted to any cloud, deployment, and consumption model. As organizations increase their cloud maturity and expand their networks, there’s a need for solutions that can grow and adapt with changing technologies and business requirements. Organizations are realizing the importance of converging security, network, and computing, breaking down disparate operational siloes to truly reap the benefits of the cloud without compromising security and user experience.

Learn how Fortinet’s adaptive cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Sourced from Fortinet

An Integrated Active Defense Strategy – Deception

From the mid-5th century to the early 13th century, Constantinople was the largest and wealthiest city in Europe and represented the Roman Empire as the most secure and powerful city in the world. Its security architecture was one of the most modern the world had seen to that point, with multiple defensive layers of walls, water canals, and more. Twenty-three attempts made to penetrate the city over hundreds of years all failed. Even the Ottoman army struggled to breach its active defenses. But in the end, all it took was thinking outside of the box to finding a single hole to exploit. 

Their boats were unable to break through the great chains and Greek fire boats protecting the city’s Golden Horn harbor. So, instead, they cut and greased hundreds of logs from the nearby forest. Then, while they distracted the city’s defenders with a relentless barrage of cannon fire, they rolled their war boats across the logs, creating a pathway behind Galata—located directly across the harbor from Constantinople—and out of sight of the city. Then, having successfully bypassed the city’s primary water defenses, the Ottomans then relaunched their boats directly into the seaport. Constantinople fell, and all it took was finding and exploiting one tiny chink in the city’s famed defenses.

The point is, attackers have always had a distinct advantage over defenders. In a modern comparison, cyber attackers also seem to have some advantages. They choose the time, place, and manner of engagement. And while defenders must successfully cover every inch of the potential attack surface and repel every attack, attackers can search and search until they find a single weak link in the security chain to exploit.

The Value of Active Defense

One way to level the playing field is through a concept known as Active Defense. The U.S. Department of Defense defines active defense as “the employment of limited offensive action and counterattacks to deny a contested area or position to the enemy.” From a cybersecurity perspective, this can include a number of strategies, from dynamic data movement and distribution to make it harder to steal, to deception techniques that flood the network with false traffic and servers that lure attackers into tripping alarms and alerting defenders to their presence, to active adversary engagement operations. The strategic combination of these and similar defenses allows an organization to not only counter current attacks but to also learn more about an adversary and better prepare for future attacks.

To help with this strategic approach to security, the MITRE Corporation—a not-for-profit research and development center focused on addressing the cybersecurity challenges directed at the safety, stability, and well-being of the nation—recently released a new active defense knowledge base called MITRE Shield. MITRE Shield is an active defense knowledge base gathered from over 10 years of active defense and adversary engagement experience. It is designed to provide clear guidance to organizations looking to adopt an active defense strategy. Its information spans a wide range of cybersecurity professionals, from high level, CISO/IT Director-ready considerations of opportunities and objectives, to practitioner-friendly discussions of the TTP’s available to defenders.

Within the MITRE Shield knowledge base, information about active defense ranges from basic cyber defensive capabilities to cyber deception and adversary engagement operations. MITRE Shield is a significant milestone in cyber defense strategies, and provides well-deserved recognition of the value of deception technology. It also documents the rapid adoption of deception technology by organizations around the world—from Enterprises to SMBs—to improve threat detection by identifying the TTP’s used by adversaries.

I highly recommend taking a quick look at the MITRE Shield matrix. You will find that many of the tactics defined in Shield can be achieved using deception technology, such as decoy systems, decoy credentials, decoy networks, decoy content, decoy processes, network manipulation, and more. There are a number of deception technologies on the market today. FortiDeceptor, for example, has the ability to create a fabricated network of decoys and lures across both IT and OT segments, enabling the detection of external and internal threat actors across a broad surface, allowing to cover a big part of the MITRE Shield Tactics & Techniques. 

Besides the direct coverage of the MITRE Shield Tactics and Techniques provided by FortiDeceptor, the integration between FortiDeceptor and the Fortinet Fabric allows it to be seamlessly integrated into a comprehensive security platform designed to provide consistent prevention, detection, and response across the distributed network. This broad integration allows it to not only detect a threat, but also automatically trigger a policy action with in-line security controls so containment of the threat is undertaken as part of the threat hunting and response sequence, thereby ensuring complete MITRE Shield Tactics and Techniques coverage.

The benefits of using high-end, full-spectrum deception in the context of today’s threat detection challenges include:

  • Producing custom threat intelligence relevant to your organization’s unique risks
  • Avoiding alert fatigue as nothing should ever touch the pseudo network without a reason
  • Plugging the gaps in your defense system by mitigating specific system risks where traditional controls often fail (OT, IoT and IIoT, M&A, etc.)

Defense and the Ottomans

FortiDeceptor plays a critical role in any Security Fabric strategy. Rather than functioning as an independent overlay solution, like most deception technologies, it directly integrates with tools like FortiSIEM, FortiSOAR, FortiNAC, FortiAnalyzer, FortiGate, and third-party security tools to improve threat detection and automate threat response. This ensures that any defensive strategy not only spans the network end-to-end, but also provides consistent security at every step along the attack chain.

Find out how Fortinet integrates AI and machine learning capabilities across our Security Fabric to detect, identify, and respond to threats at machine speed.

Sourced from Fortinet

For Retailers, Cybersecurity and Digital Transformation Must Go Hand in Hand

Industry Perspectives

This is a summary of an article written for Total Retail by Courtney Radke, CISO of National Retail at Fortinet. The entire article can be accessed here.

The evolving nature of technology and changing consumer expectations is a constant — something retailers quite simply must embrace or avoid falling behind. For businesses to survive in this new era, they must adapt and accept that their success ultimately hinges on how well they can utilize digital technology in its many forms. These range from those focused on improving efficiencies in the supply chain to to those that offer customers a a more consistent and connected omnichannel experience. In other words, if retailers want to keep up, they must be prepared to transform everything from product development and marketing to production and operations strategies. But while these changes can and often do bring positive results, there is an aspect of this shift that often gets overlooked: retail cybersecurity. 

The Pertinency of Retail Cybersecurity

The more complex retail networks become, the more risk is presented to these businesses.This issue quickly becomes compounded as the speed of technology to support the customer experience often outpaces security controls. As retailers expand their digital infrastructures to improve the user experience (i.e., moving to the cloud and bringing on more devices), they’re also expanding their potential attack surface. While this can be stated for any vertical market, there are distinct challenges that make retail cybersecurity a much more complicated matter.

One of these complexities may seem obvious but it lies in the fact that retail centers on selling products to consumers. Now, more than ever, this means creating connected experiences to build and enhance the value chain. Each transaction –be it swipe, click, or tap — introduces new data to the network, including customer demographics and sensitive financial data, among others. These data points are captured through point-of-sale (POS) systems, mobile applications, and e-commerce platforms, to name a few. Each being attractive targets for cyber criminals who hope to steal this valuable information for financial gain – but this may only be the tip of the spear when it comes to impact to the business.

In fact, when faced with a cyberattack, retailers may feel the effects in more ways than one. In a study conducted by Fortinet, it was found that 42% of retailers experienced brand degradation, 40% experienced an operational outage that impacted revenue, 33% experienced an operational outage that put physical safety at risk, and 30% lost critical business data. What this demonstrates is that the impacts of a cyberattack can be long-lasting and hinder retail operations for an extended period of time.

It is a given that retailers must continue to create omnichannel experiences for their customers. This is how they attract and retain their customers who are continually seeking out ways to enhance their overall user experience. These can range from something as simple as checking online inventory and managing store loyalty accounts to more complex tasks such as utilizing mobile applications, IoT devices, or processing payments using contactless commerce technologies. It is true that meeting these evolving consumer demands is critical for retailers concerned about the bottom line; and rightfully so. But at the same time, this focus on digitalization comes with several risks. Every connected display, every Wi-Fi beacon, every mobile and IoT device added – not to mention all of the technology under the umbrella of a multi-cloud environment – makes it difficult for IT teams to deploy security that covers every possible avenue of attack. Retailers need to plan for success when it comes to secure digital transformation.

Establishing an Effective Retail Cybersecurity Plan

Retail cybersecurity should be considered just as critical to the survival of businesses as digital transformation. Large-scale data breaches can quickly damage reputations, and in a time when trust and brand loyalty are seen as major determinants of success, a single breach can steal away any credibility that a retailer had previously secured for its brand. With this in mind, retailers can no longer leave security as an afterthought in their transformation strategy. 

For retailers to achieve security proficiency, maintain PCI compliance, and stay up to date with ever-changing data privacy regulations, their IT teams require extensive visibility and control across environments. Considering the number of devices and POS systems dispersed across store locations, it can be easy for security teams to lose track of what they’re meant to protect – this is why end-to-end visibility must be achieved early on, and continuously maintained, in any retail cybersecurity plan. This requires an integrated security fabric that establishes consistent enforcement across the entire attack surface; it should also enable centralized and consolidated management and control, even when it comes to the largest distributed retail networks.

In addition to achieving this level of visibility, security teams must also be able to monitor and respond to a quickly evolving threat landscape. For this to happen, they need to rapidly identify threats, have consistent policy enforcement, and streamline alerting and reporting – and it cannot be manual. By combining proactive threat intelligence that leverages machine learning with unified management and the automation of manual tasks, IT teams can quickly respond to known and unknown threats while also keeping costs under control. 

One of the best ways for ways for retailers to accomplish this is by deploying a Secure SD-Branch solution. Doing so provides security and enables increased performance via Secure SD-WAN at the WAN edge while also ensuring secure connectivity –and protection for east/west traffic – on the LAN edge. When SD-Branch functions are consolidated into a single platform, it can be one of the most cost-effective and immediately impactful investments a retailer can make.

Embracing the Retail Cybersecurity Revolution

Retailers have been quick to embrace digital transformation as a means of improving operations and the user experience, but many are just starting to understand the role of cybersecurity in this process. To get the most out of the investment they have made – and will continue to make – into digital transformation, they must security is purposefully and planfully built into their overall strategy – and not an afterthought. This starts by gaining an awareness of the threats that may impact the business, and the industry, and utilizing a platform approach to cybersecurity that will set them on the path to better security and risk-management for their brand, their business, and their customers.

Find out more about how Fortinet offers retailers a broad set of network and security technologies that are seamlessly integrated and automated to help retailers secure digital transformation initiatives.

Sourced from Fortinet

A Discussion on Zero-Trust Access

CISO on CISO Perspectives

With an ever-expanding digital infrastructure, an increasingly sophisticated cyber threat landscape, and a growing cybersecurity skills gap, IT and OT leaders are facing pressure daily to establish and maintain trust in their networks. Furthermore, the situation has become even more challenging in recent months with the need to secure remote work around the world. Zero-trust Access (ZTA) addresses these concerns by providing full visibility and dynamic control over devices on the network.

To find out more about the challenges of securing network access, we met digitally with two of Fortinet’s Field CISOs: Alain Sanchez and Courtney Radke. We discussed the need for implementing Zero-trust Access in today’s evolving networks and expanding cyber threat landscape. 

Q: Can you share some perspective on why Zero-Trust Access is more critical than ever? 

Alain – The sophistication of the cyber threat landscape has extended to new classes of attacks that aim to inflict damage while remaining silent. They are targeting IT and OT devices, and the industrial systems that manage production in segments such as manufacturing, energy, and pharmaceuticals. And the COVID-19 pandemic accelerated the need for full automation of production.

As production relies more and more on sophisticated regulation, no sensor, application, or user should by default be allowed to influence the running of any critical infrastructure or process. Due to the precision and speed of production required, any malicious order or fake value sent into the process can have devastating effects.

Network access can be compared to the physical access to a controlled building. The default state of all entry doors needs to be set to “closed,” and not “open.” Access rules need to be dynamically refreshed with real-time authentication systems. An individual’s credentials should not just be established at the exterior door, but throughout the building. And the overall behavior of that individual while inside the building should be monitored against a machine-learning baseline profile so that if an individual begins behaving badly, actions can be taken. 

This holistic vision of a trust that is continuously earned rather than granted once for all access requires a full integration of the entire security ecosystem. The moment you have a subcomponent that can’t be pinged and dynamically compared to a model of how it is supposed to behave, you’re in danger of breaking the security chain. As CISOs discover these types of weak links within their controlled systems, they have to make hard decisions about who is allowed to do what. The best solution is to opt for a scalable security system that can establish and monitor a zero-trust access model.

Q: The growth of devices is key to the need for Zero-Trust Access. Can you share some best practices for managing this exponential growth in terms of security?  

Alain – Act quickly, never hastily. ZTA is about knowing and controlling who and what is on your network. Exponential growth should not be a reason for trading security for speed. Of course, the CISO must be the guardian of this principle. Even if enterprises have to catch up on months of production and backorders, security must remain a priority. 

The second ally of the security team is automation. Automation is an outgrowth of proper planning and can save precious time in detecting and responding to cyber threats. Once a zero-trust model has been designed and adapted to the level of risk that your business is comfortable with, the deployment then needs to be orchestrated to reach the level of scalability required in large infrastructures.

Q: What are the areas or technologies that provide the most “bang for your buck” with regards to securing organizations’ network access using the zero-trust model?

Courtney – Maintaining a strong perimeter is a key to success, although most would have you believe the perimeter no longer matters or is too undefinable to control. Has it expanded and grown more complicated? Absolutely. But it is by no means uncontrollable, nor should it be ignored. Aligning to the zero-trust model means implementing a least access policy that grants the user the minimum level of network access required for their role and removing any ability to access or see other parts of the network. The sharing of information and the building of context and baselines of your users, devices, and networks becomes pivotal to the success of a zero-trust model. It also allows for easier implementation of multifactor authentication (MFA), which is another key technology. MFA is the basis for Network Behavior Analytics (NBA) and User and Environment Behavior Analytics (UEBA) technologies, both of which are designed to protect a network from harm and allow for quicker identification and remediation once harm has been done.

Let me give a retail example. Retail is something we all understand since we all experience retail on a daily basis. As a tangible example, given the nature of retail today where omnichannel is the norm, implementing a zero-trust model is more challenging than ever. 

For those unfamiliar with the term, omnichannel is a cross-channel content strategy that organizations use to improve user experience and drive better relationships with their customers across multiple points of contact. The purpose of providing omnichannel experiences is to unlock doors to the consumers and remove barriers wherever possible. It enables retailers to expand to new demographics and open up new revenue streams through technology, which is now required to remain competitive in today’s market. Unfortunately, however, every door you open to better enable customer engagement also provides new opportunities and new attack vectors for threat actors to compromise your business. Protecting these solutions requires carefully controlling who and what has access to internal systems, data, and devices.

Q: Is there anything about Zero-trust Access that some CISOs may not have considered? 

Alain – The zero-trust model is a strong concept that moves security away from implied trust that is based on network location.. It’s a necessary approach as more and more business-critical and life-critical processes become fully digital. However, for people not versed in cybersecurity, the word might carry negative connotations. Wrongly interpreted, it might resonate as if the network, the PC, the applications, or in fact the entire digital ecosystem will stop recognizing its users. It can be seen as a barrier to productivity. 

But nothing could be further from the truth. ZTA is a foundational pillar of any effective security strategy. It actually enables the right person to have immediate access to the resources they need to do their job, while also eliminating the risks and downtime that can result from unauthorized access. However, to advocate for the adoption of necessary security solutions such as this, especially as the cyber threat landscape continues to evolve, CISOs need to do more communication and education. They will find themselves not only needing to explain what needs to change and why, but more importantly, how these changes will benefit the organization. This communication is particularly important to those teams that have until now been managing user network access based on a legacy notion of implicit trust.

Q: How does Zero-trust Access relate to VPNs and the increase in remote work?

Alain – The rise in remote working has put a spotlight on the limitations of VPNs that take a perimeter-based approach to security. Users connect through the VPN client, but once they’re inside the perimeter they often have broad access to the network, which exposes it to threats. 

Unlike a traditional VPN-based approach, which assumes that anyone or anything that passes network perimeter controls can be trusted, the zero-trust model takes the opposite approach: no user or device can be trusted to access anything until proven otherwise. A zero-trust network access (ZTNA) solution allows organizations to extend the zero-trust model beyond the network. The terms zero trust access (ZTA) and zero trust network access (ZTNA) are often used interchangeably, however, there is a difference. Whereas ZTA focuses on role-based access control to the network, ZTNA relates to brokered access for users to applications. 

Unlike a traditional VPN tunnel that provides unrestricted access to the network and applications, ZTNA connections are granted to individual applications per-session. Access is granted only after both the device and user have been verified. Because location is no longer a reliable indicator for access as it is with a VPN, ZTNA policy is applied whether users are on or off the network.

Discover how Fortinet’s Zero-Trust Access framework allows organizations to identify, authenticate, and monitor users and devices on and off the network.

Sourced from Fortinet

The Convergence of Networks and Security For Evolving Infrastructures

A popular misquote attributed to Mark Twain states, “The reports of my death have been greatly exaggerated.” Although he never said exactly that, Twain was widely rumored to have died in 1897 when, in fact, he was very much alive. This is relevant to the convergence of networks and security today.

In the technology realm, we’re experiencing the same thing when it comes to networks. There are some cloud vendors that are proclaiming the traditional network to be all but dead. In effect, they’re saying, “don’t worry about the network; just move everything to the cloud.” But like Mark Twain, the reports of the demise of networks are greatly exaggerated. In fact, networking (albeit hybrid) remains crucial. And ensuring consistent security across the network is more critical than ever, particularly in terms of extending the enterprise-grade protections enjoyed in the traditional core network to all of the new edges being deployed.

Whether for business purposes, compliance issues, centralized control, cost savings, availability, or security, the reality is that there are many reasons why most organizations still don’t have cloud-only deployments and instead have hybrid networks. Of course, few have only a traditional data center network, either. The fact is, today’s networks are evolving and converging, to include the transition to virtualization and the cloud, the rapid adoption and integration of IoT, and the reliance on applications as a central pillar of modern business. And as big data, hyperscale architectures, SD-WAN5G, edge networking, and smart systems such as integrated buildings and infrastructures become mainstream, networks will be forced to change even further.

But the network as we know it is still far from dead. However, today’s highly distributed networks are more complex than ever. Critical resources and applications are now spread across datacenters, distributed branch and home offices, and multi-cloud environments. Users may need access to resources that are on premises, in a virtual cloud, or public cloud. What is dead, or, at least, no longer viable, is the legacy approach to security that we have been relying on to secure our evolving networks.

The Convergence of Networks and Security

Traditionally, security solutions could be easily deployed after a network was designed and deployed because all that was needed was to secure fixed perimeters and monitor the predictable traffic and workflows moving between static network servers and known, external devices. But new demands have put increasing pressure on this model. Today, all components of the network, regardless of how widely distributed, need to function as a single integrated system. And at the same time, most of those elements also need to be seen as a discrete edge to the network. As a result, interoperability between dynamic network elements is essential. But so is protecting transactions, applications, and workflows moving from anywhere to anywhere. So what needs to happen at the network level is that connectivity and network functionality needs to be seamlessly coupled with security. That way, when data moves from one place to another, across and between devices that are constantly in motion, it needs to be integrated with the inspection, encryption, and policy enforcement that is just as agile.

Because networks now have many edges, it’s impossible to create the sort of single defensible boundary most legacy security tools were designed to defend. Instead, applications and workflows now may span multiple environments in a single transaction, which means security needs to be applied consistently on the LAN, WAN, cloud, and remote user edges. And the dynamic connections between these environments also need to be both reliable and secure. No matter what device is being used, any user of any edge must be able to securely connect to any other edge or collection of edges at any time from any location.

The challenge is, when you look at the cybersecurity marketplace, most networking vendors still only provide that bolt on security. And far too many still haven’t quite figured out modern networking. As a result, wiring closets (both physical and virtual) are now filled with an array of single-point solutions that address only a specific area without considering the overall threat landscape.

The Need for a Security-Driven Networking Strategy

A better way to think about networking is as a holistic converged solution, where networking and cybersecurity work together as a unified system. Instead of focusing on networking or security separately, organizations need to develop a security-driven networking strategy that tightly integrates the organization’s network infrastructure and security architecture. This allows the network to scale and change and adapt without ever compromising security. To effectively defend today’s highly dynamic environments, organizations need consistent enforcement that can span and adapt to flexible network perimeters. To do this, security needs to be woven deeply into the network itself.

Rather than relying on a series of discrete security components, a modern security strategy needs to start with a unified security platform that encompasses the entire network development and deployment life cycle. This approach helps ensure that security functions as the central consideration for all business-driven infrastructure decisions. With security at the core, networks can evolve, expand, and adapt without concerns that an expanded attack surface or security gap could compromise the organization. This type of security-driven networking enables organizations to address five critical elements:

  1. Design and planning. A security-driven networking strategy enables teams to begin weaving security into a new strategy during the planning stages, so everyone can agree on an approach to new infrastructures and applications and devices that meets and supports a pre-defined central security policy.
  2. Access control and segmentation. When new devices are added to the network, they should be automatically identified, and rules related to accessing network resources be applied. Dynamically tying access to network segmentation ensures these devices are automatically assigned to secured network segments that have been enhanced with authentication for increased control and flexibility. These network segments can then be monitored to prevent and detect unauthorized behaviors, inspect applications, and secure workflows. And because security and networking are tied together, changes to the network infrastructure automatically include changes to security.
  3. Consistent protection. Because data collected from across the network needs to be shared, cross-referenced, mined, and processed, security-driven networking must protect data, applications, and workflows along their entire data path. Protection needs to consistently cover different network segments, dynamic multi-cloud environments, data centers, and devices.
  4. The network perimeter. As organizations embrace new devices, new network platforms, and new compute and application models, the network perimeter necessarily fragments while expanding outward. But the perimeter is also expanding inside the network through the adoption of connected IoT devices, the extension of the network across multiple network environments, and the interconnection of networks to support smart systems. A security-driven network approach provides consistent visibility across the entire perimeter, both inside and out, as the network adapts and changes.
  5. Branch offices and secure SD-WAN: Traditional MPLS connections limit application performance and dynamic communications. By combining NGFW appliances with advanced SD-WAN networking capabilities, organizations can eliminate MPLS-required traffic backhauling, prioritize business-critical applications, and improve overall user experience without ever compromising on security.

Securing Evolving Infrastructures

The network may not be dead, but it is certainly evolving at an unprecedented rate with the convergence of networks and security. And security-driven networking is an essential strategy to secure today’s dynamic digital infrastructures. With an integrated security platform in place, organizations can embrace digital innovation and expand their digital footprint without exposing critical resources and new attack surfaces to new risks. Instead, the platform offers the flexibility needed to expand and adapt policy and enforcement in tune with the network, while enabling better visibility and control than traditional approaches relying on point solutions can ever provide.

Find out how the Fortinet Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.

Sourced from Fortinet

Radio Access Network (RAN) Security for 4G and 5G Explained

Radio Access Network Evolution: The Cornerstone for Growth

In the evolution from 4G to 5G, 5G New Radio was the 1st step completed by the standards and the 1st to be deployed by mobile operators in 5G Non Stand Alone (NSA) architectures. This is no surprise as 5G Radio Access Network (RAN) is a fundamental component in MNOs’ ability to deliver upon the promise of 5G and growth. It is fundamental for 5G’s cornerstone capabilities: high bandwidth (eMBB), massive scale (mMTC), high reliability and low latency (uRLLC). 

Today 5G public networks are delivering enhanced mobile broadband to a growing number of consumers and enterprises, and are serving a growing number of connected devices. As edge computing site evolve, 5G SA is deployed and standards continue to evolve, the full promise of 5G can be delivered. 

To meet the hyper-scalability, high performance and low latency required by future 5G use cases, 5G NR is distributed, virtualized, shared and is architecturally more complex than ever. Alongside clear benefits these capabilities bring, new security risk and challenges are introduced and amplified. These risk must be addressed through appropriate security controls designed to support and protect the delivery of business and industry use cases across 5G NR and elsewhere in the telco cloud.

The Growing Need for 5G New Radio Access Network (RAN) Security

5G NR and overall LTE evolution, current and future target market segments and use cases, all have a strong impact on the growing need for RAN security:

Big, Bigger, Biggest

To enable the growing scalability delivered by LTE-A, and especially 5G, the deployment of a growing network of small cells is required. Many of these femtocells, picocells, and microcells eNobeBs (eNB) and gNodeBs (gNB) will be located in the public domain and in other non-secure locations. These will also be, in most cases, connected to the MNO network via an untrusted backhaul. These factors represent a growing risk, contributing to an increase in the overall attack surface as well as risk for traffic tampering, misuse, and manipulation.

5G Radio Access Network (RAN) Sharing

5G RAN sharing is an increasingly popular method used by 5g operators to cost-effectively increase their coverage. It involves sharing 5G RAN between two (or more) mobile operators—mutually offering access to each other’s’ resources to better serve customers and reduce costs associated with 5G NR deployments. This is specifically attractive in 5G higher frequencies, especially in the mmWave bands with a more limited reach, where the cost implications of deploying more base stations is significant.

To ensure user and control plane separation, privacy and security between the sharing operators, the appropriate security tools must be deployed.

Growing Importance and Scale of User Plane Traffic

The ongoing evolution of 4G, and the introduction of 5G, are gradually enabling the implementation of business and vertical use cases that provide value beyond plain wireless connectivity. However, they also place a growing importance on the integrity and continuity of user plane traffic in the RAN, as well as onto the core. This user plane has now become one of the primary components of the MNOs’ ability to provide value added services (VAS) such as infotainment, IoT services, and AR services, to name a few.

This, in turn, drives the need for greater security, integrity, and continuity of user plane data which is also likely to experience significant growth.

Diversified Radio Access Network (RAN) Architectures at Place

The need for better and higher RAN performance, agility, scalability, flexibility, and cost-effectiveness have led to its gradual evolution in LTE, and ultimately, onto 5G NR. As a result, MNOs will be operating a hybrid RAN environment composed of different centralized, distributed, and virtualized/cloud eNB/gNB architectures. 

These architectures will also depend on specific use case requirements per market segment or network slice. In such a hybrid environment, maintaining security, integrity, and visibility for control, user planes, and O&M requires using a common set of security tools flexible enough to adapt to the RAN’s different architectures, requirements, and constraints.   

Mobile Infrastructure Critical Use Cases

LTE-A and mostly 5G provide the ability to support critical use cases and innovation in different industries, including healthcare, energy, and transportation. Unlike the previous mobile generation, mobile infrastructure technology “standardization” and the growing reliance on its services for some critical use cases will increase the cybercrime community’s interest in the mobile infrastructure as an attack vector and target, and will further drive the growing need for RAN security.  

Lurking Threats in the Radio Access Network (RAN)

These are some of the main forces driving MNOs to modernize and strengthen their existing RAN security. Failure to provide confidentiality, integrity, and service continuity for all communication planes (control, user, and O&M) may result in different types of attacks:

  • Introduction of rogue eNBs and gNBs as a launch point for attacks against the core infrastructure
  • Man in the middle (MIM) attack for intercepting control and user plane traffic
  • Distributed/Denial of Service (DDoS/DoS)
  • Injection of malicious traffic (malware) to attack and manipulate core elements
  • Misconfiguration or failed software updates within the RAN

Any one of the above attacks has the potential to disrupt the RAN, the core network, and overall service continuity. They can also expose and modify user data, impacting both customers and telco cloud applications and services, and overall jeopardize the MNO’s ability to comply with data privacy and security regulation.  

Fortinet’s Radio Access Network (RAN) Security Infrastructure

The Fortinet solution for RAN security utilizes the FortiGate platform in different form factors (physical and virtual network functions – PNF and VNF) to provide advanced Secure Gateway (SecGW) and a state-of-the-art Next Generation Firewall (NGFW) capabilities. These are designed to meet the security needs of different LTE and 5G NR architectures. The FortiGate provides three key security functions for the RAN:

  • Confidentiality – FortiGate ensures the protection of user traffic throughout the RAN and into the distributed Core in the central DC or multi-access edge compute (MEC) locations. 
  • Integrity – FortiGate protects against unlawful changes of user data, due to things like malware injections or rogue traffic.
  • Availability and Continuity – FortiGate protects against attacks that can lead to the misuse of RAN and Core elements, causing service degradation or interruption.

This unique combination of form factors and functionalities delivers a powerful tool with a rich set of versatile capabilities suitable for the largest Tier-1 5G RAN deployments:

  • Massive single tunnel throughput performance – up to 110 Gbps
  • Ultra-low, µs-level latency
  • “Re-ordering avoidance” technology
  • Comprehensive QoS Support
  • X2/Xn Traffic mirroring
  • Horizontally Scalable Cluster Options and Geo-redundancy
  • QKD (Quantum key distribution) support
  • Hitless site failover and in-service software upgrade
  • Highly Energy efficient and compact form-factor

5G Radio Access Network (RAN) Security Requires an Innovative Approach

5G will address new market segments and enable industry transformation and innovation, with 5G NR serving as the foundations for delivering these capabilities. As such, securing the 5G RAN has never been more important. Such a scalable, complex, distributed and dynamic RAN mandates a new kind of security infrastructure, one is the agile and hybrid, and yet capable of supporting the mixed architectures and different performance, scalability and QoS requirements 5G brings to bear. The Fortinet Security Fabric for 5G delivers security visibility, automation and control, primarily via the FortiGate SecGW, totruly secure LTE-A and 5G NR infrastructure without compromising performance, scalability and ultra-low latency, enabling mobile network operators to securely deliver current and new services and use cases.

Learn more about Fortinet’s LTE and 5G new radio security solutions.

Download Whitepaper to explore considerations and requirements for 4G and 5G Radio Access Network (RAN) Security.

Sourced from Fortinet

Adaptive Cloud Security for OT and Industrial Control Systems

Industry Perspectives

The cyber physical world around us is becoming more digitized and as a result, organizations have been forced to adopt new operational processes to stay afloat. From web-enabled sensors that collect data to the use of cloud-based applications, the execution of innovative strategies are shifting the way business is accomplished across industries, including operational technology (OT) environments. The increased  transformation attention and appetite for more data is only expected to grow, as will the volume of relevant and timely actionable intelligence. All of this leads to an increased need for meaningful automated awareness that can address the scale of potential threats associated with the rise in connected cloud security environments within OT. 

Challenges Impacting How Operational Environments Leverage Cloud Security

The speed of technology driven innovation is arguably faster than ever, which makes it difficult to continuously enforce security controls. When executing solution strategy to secure OT cloud environments, security teams must be able to address the following challenges: 

  • Broad attack surface: Amid the convergence of information technology (IT) and OT networks, as well as increased cloud adoption, the attack surface continues to proportionally broaden. In the past, OT systems remained on-premises, locked behind corporate networks. Now, relatively insecure OT devices can introduce weaknesses in the organization’s cloud IT infrastructure. 
  • Cloud misconfigurations: Building on the broadened attack surface, misconfigured cloud-based resources leave critical OT environments at risk. Malicious actors targeting a misconfiguration when moving laterally within the OT infrastructure can wreak havoc. With cyber and physical systems interconnected, companies risk physical harm to employees, as well as data exfiltration. 
  • Legacy IT: Industrial Control Systems (ICS) have been the heart OT cyber physical infrastructure since early in the 20th century. On the other hand, the notion of connecting ICS to the cloud is a relatively new consideration. Moving legacy hardware and software, which are often decades old, to the cloud means potentially introducing a range of vulnerabilities to infrastructure that is less resilient that its IT counterpart. This presents cyber criminals with an opportunity to leverage historical tradecraft to gain access and perform reconnaissance before employing more sophisticated techniques once they have achieved their target.

Establishing an Adaptive Cloud Security Approach

Proactively protecting ICS is a crucial aspect of successfully mitigating risk as part of the Fourth Industrial Revolution. Amid the digitization of operations, organizations must be able to protect data as it moves back and forth between OT and IT infrastructures. Firstly, this requires organizations to weave security into their initial plans as they build out their new hybrid infrastructures. Best practices for managing OT and cybersecurity by design should include:

  • Centralized network security: Centralizing network visibility and monitoring across the IT and OT environments with a network operations center (NOC).
  • Application security: Tracking and reporting on software vulnerabilities. 
  • Platform security: Deploying security as part of the foundation rather than as an afterthought.

In addition, securing the business edge requires an adaptive approach to cloud security that spans across on-premise, multi-cloud, and hybrid infrastructures. As part of this, organizations can take a four-pillar approach to their adaptive cloud security strategy to yield continuous earned trust: 

  • Zero Trust: Using intent-based segmentation that interprets business and security requirements, then automatically converts them into a segmentation policy, can help isolate workflows and applications.
  • Security-driven networking: Integrating network infrastructure with security architecture using an integrated security platform to enable access control and segmentation.
  • Adaptive cloud security: Connecting resources to protect from multiple threat vectors while leveraging consistent models and integrating with third-party applications.
  • Artificial Intelligence-driven security operations: Deploying technologies like artificial intelligence (AI) and machine learning (ML) coupled with automated processes can detect and neutralize threats at the speed of business. 

Securing Converged IT/OT Environments

Like any infrastructure expansion, the benefits of moving OT to the cloud can outweigh the risks. At the same time, however, organizations must implement a robust security strategy to mitigate these potential risks. One example of this is leveraging automation to improve processes, enhance analytic accuracy, and reduce errors. To secure these IT/OT interconnected layers, organizations must view them as systems within systems, with the whole more complex than the sum of its parts. Vigilance across the OT architecture must extend from the plant floor all the way up through to the cloud. Foundationally, visibility remains a primary problem to address as organizations move toward a digitally transformed IT/OT environment. 

These transformational challenges associated with migrating to the cloud can be addressed with the adoption of Fortinet’s Security Fabric. This ecosystem delivers on cyber best practices, managing the detection of suspicious activities and putting into play a containment and mitigation strategy to ensure safe and continuous operations. The Security Fabric enables organizations to build security by design with the broadest set of offerings to maintain the same level of security across their IT and OT network environments. The centralized management system enables OT businesses to configure, manage, and monitor all components, to eliminate silos and provide greater visibility. The integrated security architecture minimizes threat detection and response times while also enabling users to coordinate automated incident response for enhanced threat remediation across the extended network. 

All of these security solution components work together to ensure safe, sustained operations – a concept that is top of mind across OT and embodies the ICS infrastructure upon which they are built. By identifying and adopting services that provide sustained situational awareness, OT leaders can achieve a sense of omnipresence to protect the transactions of their new cloud businesses.

Learn how Fortinet can help you extend security and maintain compliance in any ICS/SCADA-connected environment.

Learn how Fortinet’s adaptive cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Sourced from Fortinet

Ensuring Mission Continuity Through Federal Agencies Cybersecurity

Industry Perspectives 

Federal agencies are faced with a number of unique challenges when it comes to securing their sprawling IT networks—particularly because they protect some of the most sensitive data and face severe consequences around national security. Given the nature of this information, nation-state actors and cybercriminals are constantly seeking new avenues to infiltrate systems and gain access to this data. And with remote work and constantly evolving cyber adversaries cybersecurity is as top of mind as ever.

To learn more about the cybersecurity challenges facing Federal agencies, we asked Fortinet Federal’s Bob Fortna and Jim Richberg as well as Aamir Lakhani from Fortinet’s FortiGuard Labs threat intelligence team to share their perspective on how these organizations can effectively protect their critical data and infrastructure against advanced cyber threats.

Q: What are the most significant cybersecurity trends top of mind for Federal agencies now, from both a technology and threat perspective?

Bob – I have worked in the Federal sector for years and some concerns persist but of course new concerns appear as cyber threats evolve. With a sophisticated threat landscape, an expanding attack surface, continuous government mandates, and a growing cyber skills gap, cybersecurity is top of mind. Some specific topics that come up frequently are: persistent attacks from nation-state actors, protecting mission and agency data, ensuring security in a work from home environment, maintaining and upskilling a cybersecurity skilled labor force, secure cloud migration, and of course supply chain security. 

Jim – One of the biggest issues that is top of mind for agencies right now is not unique to only Federal agencies—that is securing against the hybrid threat they face today. Cyber adversaries are using sophisticated techniques and at the same time remote work creates new risks they must secure against. Where this challenge becomes unique to Federal agencies is that they have to follow requirements such as TIC 3.0 standards for cloud access and CISA’s guidance on remote telework. Some agencies, especially those with a significant geographically distributed presence, are finding greater efficiencies with security-driven networking approaches such as – SD-WAN and SD-Branch. These capabilities have enjoyed dramatic growth in the private sector because of their cost and performance advantages, along with greater operational flexibility.

Aamir – One of the top priorities for Federal agencies has been their cloud strategy. Cloud has always had a byproduct of enabling flexibility of work from a remote workforce. However, enabling remote access has become a much bigger priority during the COVID-19 pandemic and will continue as work patters adjust for the long-term. The challenge is that cyber adversaries are looking to take advantage of the expanding digital attack surface. Our threat reports last year show consistent data demonstrating how cyber  adversaries leverage timely developments consistently.

Q: Can you talk about risk and what it means for Federal agencies? How does it differ from industry concerns around risk?

Bob – Because the Federal government provides safety and security to the country, the stakes are much higher for Federal agencies. Most companies weigh the risk/benefit cost and make decisions based on that. The government cannot diminish risk when referring to national defense, healthcare, financial systems etc. That said, resources are not endless and they face fixed budgets, skilled labor availability, and competing priorities. Federal agencies must make very different and complex decisions vs the private sector.

Q: There are lots of mandates and guidance put out in the Federal sector for agencies to follow, how do you counsel your contacts in terms of managing these changes successfully?

Bob – We encourage agencies to simplify their operations by consolidating, integrating and automating their security architectures. By doing so, they will reduce dependencies on human touch at every step in the security stack, and reduce cost with less training, licenses, footprint, but with faster diagnosis or response time. There are lots of mandates but first and foremost we make sure agencies are following NIST (National Institute of Standards and Technology) and STIG (Security Technical Implementation Guides).

Jim – Agencies have to make choices in how they address IT modernization and cybersecurity, especially since the lengthy procurement cycle most agencies face makes it difficult for them to be on the cutting edge of technology. Regardless, there are many technologies that can address their needs and maximize ROI. For example, some agencies are finding SD-WAN can offer superior networking and strong security if integrated together. In addition, because many Federal agencies face even greater challenges in recruiting and retaining a cyber-workforce than the private sector, I counsel Federal decision makers to look for solutions that offer integration and automation as ‘force multipliers’ for their staff and as ways of freeing personnel to focus on tasks requiring human judgment and skill.

Q: Is it possible to sum up the threat landscape for Federal agencies in a few sentences? 

Jim – While the private sector and state or local government may be targeted occasionally by nation-state adversaries, Federal agencies are consistently targeted by these actors, including sophisticated Advanced Persistent Threats (APT). Moreover, while the private sector is often the victim of financially-motivated crime, Federal agencies are typically targeted for theft of data—intellectual property and national security information—which is often harder to detect. Government is also responsible for unique services such as running elections which combine complex technical challenges with issues of perception and public confidence. 

Aamir – Cloud attacks and application attacks are much more prevalent for Federal agencies. In other industries we are starting to see an increase in IoT attacks, but overall Federal agencies have implemented strong network access controls, but most attackers understand that Federal agencies have many web apps and other cloud-based access. Attackers seem to be focused on phishing and it is possible more sophisticated attackers have done reconnaissance and have targeted their phishing attacks to valuable targets. In addition, since attackers could use reverse shells and other attack methods, Federal agencies are starting to invest in cyber detection products such as deception based products, user and entity behavior analytics, and other network anomaly based systems.

Q: What is the one thing that makes Fortinet Federal different for Federal Agencies?

Bob – Fortinet has been a trusted business partner of the U.S. Federal government for years for many reasons. Fortinet has been a leader in performance, integration and automation which is key. In addition, Fortinet by design provides for security simplification by consolidating functions, reducing footprint, and lowering costs. We provide integrated solutions across the entire security stack from zero trust endpoints, to data center segmentation, to seamless hybrid cloud solutions. We are not just one product or one offering and that is value for agencies. Another aspect that is important is our commitment to third-party validation and testing. Testing of security products and solutions plays such a critical role in thwarting cybercriminals. We have the most when compared to our competitors and that matters to customers.

Jim – The cyberattack surface is growing in breadth, and Fortinet is the only vendor with strong capabilities across the breadth of this expanding and complex environment—from network edge to core to cloud. The fact that all of Fortinet’s products and capabilities are integrated makes the effectiveness of the whole greater than the sum of the parts—and this has been demonstrated by independent third-party testing. Cybersecurity is a complex and interdisciplinary field, and Fortinet excels in disciplines as distinct as cutting edge engineering to global threat analysis and path-breaking AI development. All of these capabilities are available to Federal partners in a range of form factors—from physical devices to virtual services—and in consumption models ranging from zero-touch ‘plug and play’ to manual use by an agency’s security and network operations teams.

Aamir – A true differentiator of Fortinet Federal is that it is backed by FortiGuard Labs’ actionable threat intelligence. We are not just products. Our mission is to provide our customers the industry’s best threat intelligence to protect them from malicious cyberattacks. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats.

Another aspect that I am passionate about as well is our commitment to cybersecurity training. The Fortinet Network Security Expert (NSE) Program is an 8-level training and assessment program designed for customers, partners, and employees. Fortinet has opened up our entire self-paced catalogue of advanced NSE training courses. 

Learn more about how Fortinet Federal helps Federal agencies efficiently protect U.S. government data and critical infrastructure against advanced nation-state threats.

Sourced from Fortinet