Leveraging FortiSIEM 6.1 with UEBA Analytics to Monitor Remote Endpoints

If you are in the management chain of your organization’s security operations, you may be wondering why your risk management or compliance teams have been especially interested in your approach to mitigating insider threats in recent months. And you may have even found yourself stepping through the list of controls you have in place, such as least-privilege access, deep packet inspection, or even physically disabled USB ports. 

The reason they are asking is because, according to the 2020 Verizon Data Breach Investigations Report, errors are cited as the second-highest breach enabling action, tied with social engineering, and now even more common than malware. And yet, if those same teams had asked how likely it is that your next breach investigation will be due to the carelessness, negligence, or even honest mistakes of one or more of your users (however unknowingly), which created the vulnerability that was exploited by the external attacker, your response may have been more affirming—you know full well that mistakes and misconfigurations often create the vulnerabilities that allow breaches to occur. 

It’s a classic problem. We tend to see the problem as “out there.” As a result, reframing the insider threat problem to also include those actions born of accidents, ignorance, and arrogance—regardless of the intent of the internal actor—is a step that many organizations overlook. But those organizations that make double-checking and monitoring for user errors and device misbehaviors part of their security routine actually lower their risk because their risk management and compliance teams are able to build more robust insider threat mitigation programs. 

Most employees have become accustomed to cyber-hygiene awareness programs and required employee cybersecurity (“think before you click”) trainings. Managing errors is no different. The next natural evolution of an effective insider threat mitigation program is the monitoring and enforcement of user behavior, whether end users, executives, or systems administrators. However, until the recent advances of user and entity behavior analytics (UEBA) and the widespread adoption of machine learning (ML), monitoring the behavior of everyone on (or off) the network would have been a nearly impossible task. Attempting to apply a rules-based approach to catching all of the strange things that users might do that could introduce vulnerabilities into the system could quickly become an overwhelming task rife with noise and false positives. 

Introducing FortiSIEM 6.1 with “FortiInsight Inside”

FortiSIEM 6.1 includes the same powerful UEBA analytics engine used by FortiInsight, Fortinet’s market leading stand-alone UEBA solution. Leveraging machine learning and statistical methodologies to baseline normal behavior and incorporate real-time actionable insights, FortiSIEM UEBA monitors for anomalous user behavior that may be indicative of a threat. By combining telemetry pulled from endpoint sensors, network device flows, server and application logs, and cloud APIs, FortiSIEM is able to build comprehensive profiles of users, peer groups, endpoints, applications, files, and networks. FortiSIEM UEBA behavioral anomaly detection is a low-overhead but high-fidelity way to gain visibility into end-to-end activity, from endpoints to on-premises servers and network activity to cloud applications. 

The shift to cloud-based applications has made comprehensive security operations monitoring even more complex, which was exacerbated even further by the massive shift to remote work due to COVID-19. The new corporate network edge is the remote worker’s home network. And historically, this is beyond the scope of security teams to monitor. But now, by employing FortiSIEM UEBA telemetry agents on remote endpoints, end-user devices can serve as early warning systems should the remote worker’s user accounts or devices come under attack and start to exhibit anomalous behaviors. 

Even when not connected to the corporate network, the FortiSIEM UEBA telemetry agent still monitors for unusual usage, including interactions with cloud-based applications. It can then send that telemetry data to a cloud-based collector or simply store it for the next time the user connects in.

Learn more about the types of insider threats in our eBook, “Recognizing the Many Faces of Insider Threats.”

Find out more about FortiSIEM 6.1 and its new UEBA capabilities.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Bridging the Cybersecurity Skills Gap with Robust Training Programs

By now, the majority of industry professionals are aware of the cybersecurity skills gap and its impact on organizations’ abilities to consistently protect their data and networks. The coronavirus pandemic has only amplified the issue, manifesting the economic strain that has forced many business leaders to make budget cuts and furlough, or even lay off, critical employees. Meanwhile, cyber criminals saw the pandemic as an excellent opportunity to execute attacks on vulnerable networks as more employees shifted to remote work. The Fortinet NSE Training Institute’s programs enable IT professionals, students, veterans and more to learn new cybersecurity skills, reskill or upskill as a way to address the growing talent shortage our industry faces.   

The Cybersecurity Skills Gap: Implications for 2021 and Beyond

In a recent survey of industry leaders, it was found that 68% of responding organizations struggled with recruiting, hiring, and retaining cybersecurity talent. For such a critical branch of business, it’s an alarming statistic. Perhaps even more troubling was the discovery that 73% of surveyed organizations had experienced at least one intrusion over the past year that could be partially or wholly attributed to the cybersecurity skills gap. 

When organizations lack a large enough team of qualified, experienced cybersecurity professionals, their networks, customer data, and even operational technology are far more vulnerable to threats. At the same time, the number – and level of sophistication – of cyberattacks on commercial businesses is steadily climbing. When successful, such attacks can be debilitating, costing hundreds of thousands of dollars in downtime or reparations. To help address this risk, organizations must shift their mindset away from traditional hiring and work to implement new, agile solutions that leverage untapped resources, without burning out their employees. Organizations should invest in reskilling and upskilling current employees, which can effectively help bridge the skills gap

Identifying the Right Individuals for the Job

One of the biggest issues in cybersecurity hiring has to do with the sets of skills and attributes hiring managers believe are mandatory in a “qualified” individual. All too often, these wish lists grow much longer than what any individual could have possibly attained over the course of a 5-, 7-, or even 10-year career in the industry. Worse, hiring according to a set list of qualifications tends to rule out some of the most talented and capable recent graduates – those who are eager to learn and most excited about the profession. 

By restructuring the hiring model to prioritize innate strengths over “X years of experience,” organizations will end up with employees who are happier to do their jobs and fit in more seamlessly with the rest of the team. Interviewing for, say, communication skills and leadership ability, analytic sharpness, level of comfort with abstract ideas, mathematical and modeling skills, independence and autonomy, and other such “soft” skills may reveal much more about a candidate’s chances for long-term success than his or her resume alone.   

Then, organizations must put programs in place for on-post training, whereby talented and new hires pick up the technical, hands-on skills they need to monitor networks and mitigate threats. But this should not be the sole focus of these cybersecurity training programs. Even tenured employees appreciate and benefit greatly from opportunities for continued education, whether via in-person or online courses, seminars, or conferences. Many organizations have found some of their best cybersecurity professionals by looking elsewhere in their IT departments, encouraging individuals who may no longer be stimulated in their current roles to move laterally into a cybersecurity position by completing training programs and/or certifications. These workers bring a new, fresh perspective, benefiting the organization in more ways than one – this alone demonstrates why upskilling and reskilling should be considered essential when looking to build out security teams. 

Bridging the Skills Gap

Fortinet is committed to helping close the cybersecurity skills gap through its technology, the NSE Training Institute programs and Corporate Social Responsibility initiatives. Employers and aspiring network security professionals alike should be able to access the resources needed to close the skills gap – whether via training and certifications, professional networking opportunities, or mentorship.  

The Fortinet NSE Training Institute programs provide IT professionals, students, veterans and more the opportunity to expand and learn new security skillsets. The NSE Training Institute’s flagship NSE Certification Program, which has issued more than 500,000 certifications worldwide, has eight levels of certifications, ranging from cybersecurity fundamental education courses to advanced solution-based training. Additionally, Fortinet has made its entire catalog of self-paced NSE courses available free of charge for anybody interested in learning new skills or upskilling. Through the Information Security Awareness Training service, Fortinet also provides organizations with free training for their employees to be cyber aware to identify and prevent threats. 

By implementing cybersecurity training programs for all employees and diversifying the overall hiring strategy, companies across industries will see a marked improvement in their overall security program’s fortitude, as well as a greater degree of employee satisfaction and far less turnover.

Find out more about Fortinet’s NSE Training Institute programs, including the Certification ProgramSecurity Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

Engage in our Fortinet user community (Fuse) to learn more about Fortinet’s cybersecurity training initiatives and NSE Training Institute programs. Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

The FortiGuard Labs Team Discusses Threat Intelligence, Global Partnerships and More

FortiGuard Labs Perspectives

Good information is a critical element of protecting against cyber threats, as cybersecurity defenses are only as good as the threat intelligence which feeds them. FortiGuard Labs is the global threat intelligence and research organization at Fortinet. To give some perspective about the global team and also how the organization has been instrumental in developing the concepts of threat sharing and collaboration in the threat intelligence industry over the years, my teammates Derek Manky and Aamir Lakhani share their thoughts with me digitally.

Q: Derek as our team lead, why FortiGuard Labs? Can you give us a short overview about the threat intelligence team? 

Derek – When asked this by partners or CISOs I meet, I often reply with talking about how FortiGuard Labs has brought together some of the brightest and most knowledgeable threat hunters, researchers, analysts, tool developers, and data scientists in the industry, located in research labs around the world. But that’s just the start. FortiGuard Labs has also designed, trained, and delivered one of the most advanced artificial intelligence and machine learning platforms in the industry to augment the efforts of the FortiGuard Labs team. Combined, our primary mission is to provide Fortinet customers with the industry’s best threat intelligence designed to protect them from malicious cyberattacks. 

Q: From a threat landscape and research point of view, what should be known about FortiGuard Labs?

Aamir – One of the most important items is that our telemetry is gathered from Fortinet’s millions of sensors which helps the FortiGuard Labs team identify the real-world threats our customers face. These include threats discovered on network, endpoint, and IoT devices, as well as those embedded in emails, applications, and on the web. But there is more. FortiGuard Labs also has a successful zero-day detection and research operation. Our researchers study threat actors and cybercriminals in order to understand their motives, techniques, and patterns and use that knowledge to help protect our customers. Researchers are involved in studying breaches and attacks within organizations to determine how the attackers exploited systems and applications in order to understand their attack patterns. 

Jonas – Great points, I speak to many of these as well. I have to say, your points highlight well combining seasoned security professionals with cutting edge technology is a requirement in a connected world. where every device that communicates with the Internet is a target, to stay ahead of the curve and secure your environments. Let’s dive a bit deeper into relationships with other security companies and law enforcement.

Q: Partnerships seem to be a big part of threat intelligence today, how is FortiGuard Labs leading in this important area?

Derek – This is a huge focus to go beyond our own research to lead, interact, share, and foster the sharing of actionable threat intelligence. For example, Fortinet co-founded the Cyber Threat Alliance (CTA). Today, the CTA organization has grown from four Founding Members to actively bring threat researchers, security vendors and alliance partners together to share threat information and improve defenses against advanced cyber adversaries across member organizations and their customers. Fortinet is also a founding member of and is supporting multiple initiatives for the WEF Centre for Cybersecurity holding one of only two permanent seats on this international council. The Centre for Cybersecurity was designed to shape the future of cybersecurity and digital trust around the world, to safeguard innovation, to protect institutions, businesses, and individuals, and to secure our growing reliance on the digital economy. Fortinet is actively engaged with, and has bi-directional threat intelligence feed relationships with more than 200 partners. These partnerships are key to providing increased visibility to FortiGuard Labs operations and include threat intelligence peers, national CERT/CSIRT teams, government agencies, international law enforcement organizations including NATO and Interpol, and critical partners such as KISA, OASIS and MITRE.

Q: Can you share an example of how some of these relationships work in action?

Derek – We belong to INTERPOL ICGEG (Global Expert Group), and we regularly work with organizations such as NATO and the FBI to help counter cybercrime and cyber-terrorism. For example, Fortinet was one of several private sector companies that provided support to an INTERPOL-led operation targeting cybercrime across the ASEAN region, resulting in the identification of nearly 9,000 command-and-control (C2) servers as well as hundreds of compromised websites, including government portals. We also assisted a cyber investigation coordinated by INTERPOL, providing threat intelligence and analysis to help uncover a group of online fraudsters behind a BEC (business email compromise) scam totaling more than $60 million in thefts and involving hundreds of victims worldwide. 

Q: What impact do these relationships and this information sharing have on threat intelligence?

Aamir – Today there are a massive amount of security challenges researchers need to be aware of and proficient in to protect against attacks. Different threat actors specialize in network attacks, software attacks, cloud-based attacks, container-based attacks, attacks against critical infrastructure, IoT devices, and many other types of threats. Attackers need to only be proficient in one type of threat, while defenders need to understand a large variety of attack surfaces.  Effectively defending against cyberattacks today requires security teams to work smarter rather than harder. 

Security teams need a combination of knowledge, experience, tools, strategy, automation, and skilled professionals to monitor the entire attack chain and automate as much of the process as possible so that human resources can be focused on higher order analysis and response. Threat Intelligence sharing gives researchers and defenders an opportunity to better understand the entire length of the attack chain and how vulnerabilities in each of its links can compromise the security of your network.

Jonas – Something I would add is that security is everyone’s job, not just the CISO and the security team. All employees inside a company need to be aware of ongoing threats and why everyone needs to be cautious. Non-security professionals sometimes see security as an inhibitor when thinking about security. Raising awareness and educating people can be a crucial differentiator of how people think about security. Prioritizing it from the beginning is important. 

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolioSign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert programNetwork Security Academy program, and FortiVet program.

Sourced from Fortinet

Building a Human Firewall to Address Insider Threats

During the first half of 2020, the FortiGuard Labs team found that evolving work environments and a greater reliance on personal devices presented new opportunities for cyber criminals to exploit enterprise networks. One method that threat actors have heavily relied on as of late is the creation of legitimate-looking phishing emails that can be used to tailor and launch attacks with ease. While this is not a new tactic by any means, these types of social engineering attacks have only grown more sophisticated and damaging as employees continue to work remotely and remain isolated from their teams. 

The Need to Mitigate Insider Threat Risk

Whether they know it or not, employees can pose a significant risk to the security of enterprise networks and the data they hold. Considering that 68% of organizations feel moderate to extremely vulnerable to insider attacks, as noted in a recent study, it’s clear just how significant this issue is. In addition to those that are considered malicious insiders, these threats can also be attributed to the group known as the “accidental insiders.” According to this same study, security teams view falling victim to phishing attacks (38%) as the top cause for accidental insider threats, followed by spear phishing (21%), poor passwords (16%), and browsing of suspicious websites (7%). In other words, opening the door for cyber criminals can be as simple as clicking on a link or downloading a file without taking the time to determine whether or not it is legitimate.   

Careless and negligent behaviors can have a lasting effect on organizations, especially in the case of a data breach. And with more employees working from home, unable to walk over to a coworker’s desk to get their thoughts on a suspicious-looking email, these individuals are more likely to be susceptible to social engineering attacks. With this in mind, it is more important than ever that CISOs prioritize their employees’ cybersecurity awareness to help them understand the role they play in keeping networks secure, and reducing the insider threat risk.  

Creating a Human Firewall Through a Culture of Security

Considering employees can be the best line of defense, it is crucial that CISOs protect their organizations by including employee education and awareness in their cybersecurity strategy. By embracing this technique, leaders can ensure the workforce is prepared to face the various threats. 

Regardless of job titles or roles, all employees should understand the repercussions of a security event and how it could affect the organization and them personally. The importance of this enterprise-wide strategic approach was highlighted in a 2019 Forbes Insights survey of over 200 CISOs. When asked which security initiatives they plan to prioritize in terms of funding over the next five years, 16% of respondents noted the creation of a culture of security. 

While this is a step in the right direction, establishing a baseline for good cyber hygiene must begin with CISOs helping their employees take cybersecurity seriously. This can be achieved in the following ways:

Prioritize Cyber Awareness Training 

Social engineering attacks are extremely prevalent across organizations simply because they work. In fact, Verizon’s 2019 Data Breach Investigations Report (DBIR) found that approximately one-third of all data breaches involved phishing in one way or another. To combat this risk, CISOs must educate their employees about common attacks that could appear in the form of phishing, spear phishing, smishing, or other tech support scams. Whether these lessons are provided through online meeting spaces, video chat, or email, they should be prioritized. Understanding these threats and their associated red flags will be critical in helping employees avoid falling victim to fake emails or malicious websites.

In addition to teaching about common indicators of cyber scams (i.e., the promotion of “free” deals), these training offerings should also feature simulated phishing exercises designed to test knowledge and determine which employees might need more assistance. Through tactics such as these, employees will be better equipped to know when they are the target of a social engineering attack and can, therefore, act accordingly. Fortinet’s NSE Training Institute offers a free Information Security Awareness training service to educate employees about the increasing risks of cyberattacks and how to identify threats. 

Create a Partnership Between the Security Team and Other Departments

Cybersecurity cannot fall on the shoulders of the security and IT teams alone, especially as cyber threats continue to grow more sophisticated and challenging to detect. In addition to ensuring that employees can identify phishing attacks, leaders should also encourage collaboration between the security team and other departments. This means helping both sides understand expectations. While the security team will be the expert in terms of determining the risk and threats, other departments will be critical in helping to develop user-friendly policies that are easy to follow both in the office and in remote work environments, even for those who are not entirely cyber aware. 

Through collaborative efforts, CISOs can ensure that all individuals across the organization are not only aware of security policies but also understand the impact their actions can have on the organization as a whole. Helping employees understand safe cybersecurity practices and the ramifications their actions can have should lead to improvements in how these individuals respond when confronted with a suspicious email or website, even while working from home.  

When employees know what is expected and feel like they are a part of the team, they are more encouraged to follow best practices and help chip away at the behaviors that cause accidental insider issues, such as forgetting to change default passwords or neglecting to use strong passwords. And as more employees follow suit, the human firewall acting as the first line of defense to the organization will only grow stronger. 

Establish Straightforward Best Practices

Even once employees are made aware of what to look for in the case of a social engineering attack, they may still need some guidance when it comes to next steps. While it is easy to ignore or delete a suspicious-looking email, what about those that appear normal that the receiver is still unsure about? In this scenario, CISOs should encourage employees to ask themselves certain questions to help make the right judgment call: Do I know the sender? Was I expecting this email? Is this email invoking a strong emotion like excitement or fear? Am I being told to act with urgency?

While these questions should help clear up any confusion in regards to whether the email is malicious, the receiver should still take extra steps to protect themselves and their organization. This includes hovering over links to see if they are legitimate before clicking, not opening unexpected attachments, calling the sender to verify they actually sent the email, and reporting all suspicious emails to the IT or security team. By explaining these steps to their employees from the beginning, CISOs can avoid negative repercussions down the line.

Final Thoughts on Insider Threats

The ability to be cyber aware is a critical piece of the puzzle when it comes to keeping organizations secure. Whether employees realize it or not, their actions could open the door for cyber criminals to access sensitive information, meaning passivity towards security is no longer acceptable. 

By prioritizing training and collaboration between departments and the security team, CISOs can lay the groundwork for a strong culture of security. Identifying suspicious behaviors, keeping devices up to date, and practicing safe cyber behavior should be built into the fabric of all job roles to ensure that the human firewall continues to stand firm.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolioSign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert programNetwork Security Academy program, and FortiVet program.

Sourced from Fortinet

Key Insights From a Retail Industry Cybersecurity Survey Trends Report

Industry Perspectives

As we’ve already seen, the short- and long-term effects of COVID-19 on the retail industry are, and will continue, to be very challenging to many companies. The ability to adapt by investing in technology to support new workforce, partner, and operations needs will determine which retail brands survive the pandemic. But switching to new ways of doing business isn’t enough; a security-first mindset to secure these new approaches is also needed. 

Fortinet surveyed retailers on current business changes, challenges, and investment plans including: telework, new technologies and integrations, compliance, the cybersecurity skills shortage, cloud security, and SD-WAN.

Top Changes and Challenges in the Retail Industry

Overall, the research shows that retailers are adding new services and technologies to adapt to the new ways employees must work and consumers are shopping. For example, not surprisingly, 88% of retailers have added or expanded telework and 43% have added or expanded eCommerce. In addition, 42% have added the ability to perform contactless transactions.

Telework

When retail companies around the globe suddenly shifted to telework due to the 2020 pandemic, a myriad of new attack vectors were opened up to security threats. Remote users created additional security requirements and presented different challenges than onsite workers. For industries such as retail, which have typically not had as many employees working remote, implementing secure IT infrastructures for a remote workforce was a unique, but necessary task. 

New Technologies/Integrations

In addition, adding or expanding eCommerce and new technologies such as contactless transactions, kiosks, and tablets also come with security and compliance challenges. Retailers have had to fast-track plans to integrate web and mobile applications, order delivery solutions, and other services with their point-of-sale networks.  

For example, contactless transactions had the biggest surge in deployments and mobile applications had the next highest increase as a way to serve customers during COVID-19, while kiosks and tablets are primarily being used to provide customer self-service options to make social distancing easier. 

Compliance and Security Skills Shortage

Payment Card Industry Data Security Standard (PCI DSS) is one of the challenges businesses face as they figure out how to run transactions. Strict requirements are set in place for protecting customer credit card information that must still be adhered to regardless of any new approaches. Also, the challenges of manually achieving network-wide visibility and enforcing required security controls increase as the network becomes more complex or evolves as new devices are added. Further, demonstrating compliance also becomes more time-consuming, especially as the shortage of skilled IT workers continues. 

In fact, 44% of survey respondents indicated staffing was one of their biggest security challenges during COVID-19. Nevertheless, according to the survey retail organizations are using a wide range of approaches to address the cybersecurity skills shortage. Using professional services (34.3%) and automating security functions (31.4%) are the top methods retailers have chosen to mitigate the impact of the global skills gap on organizations. 

To manage multiple locations with limited IT staff, retailers must operate with a high level of automation, save time with zero-touch deployment, and gain network wide visibility and control from a single pane of glass.

Cloud Security 

Retailers are also taking advantage of the agility and cost-savings of cloud deployments. It makes sense, given retailers operate large networks of geographically distributed branch locations that all need access to the same applications and services. However, network infrastructure that sprawls over private clouds, public clouds, and on-premises data centers often create a very siloed environment that is difficult to secure.

According to the survey, retailers are running into a number of cloud-management challenges. The biggest challenge cited was complexity of administration (43%), followed by cost (41%), with secure access and compliance tied for third (40%).

Another survey finding is that more than half of retailers do not know who is responsible for public cloud security. In fact, 55% of respondents did not fully understand that cloud security is a shared responsibility between provider and user. 

SD-WAN

Retailers also need fast and scalable connectivity to enable seamless transactions to support sales, inventory, purchasing, and other activities. Replacing traditional (MPLS) connections with SD-WAN offers a more flexible approach to connectivity with faster performance and a lower total cost of ownership (TCO), increasing efficiency, and bolstering the customer experience.

74% of respondents surveyed rated security as an important or very important reason for deciding to deploy an SD-WAN solution. The challenge facing retailers is that not every SD-WAN offering includes security integrated into the solution. A Secure SD-WAN, that offers a full suite of integrated security services as opposed to an overlay or purely external security offering, is necessary to efficiently and effectively mitigate risk, provide business continuity, and allow for the greatest ROI.

To find out how retailers are responding to the “new normal” brought on by COVID-19 in other areas such as cybersecurity investment plans, confidence in PCI-DSS compliance, and reasons for considering SD-WAN, read the full report.

Find out more about how Fortinet offers retailers a broad set of network and security technologies that are seamlessly integrated and automated to help retailers secure digital transformation initiatives.

Sourced from Fortinet

Securing the Future with AI-Driven Security Operations

CISO on CISO Perspectives

As a result of continued digital innovation initiatives, new remote work realities, and the introduction of 5G, organizations across sectors are facing an increasingly complex and ever-evolving threat landscape. This is further exacerbated by a growing cybersecurity skills gap, which has resulted in a lack of skilled professionals to help secure networks against advanced threats. 

We were joined virtually by Fortinet’s Retail CISO Courtney Radke, Deputy CISO Renee Tarun, and Healthcare CISO Troy Ament for a discussion on how, with AI-driven Security Operations, CISOs are better equipped to protect their entire digital attack surface and meet the needs of today’s digital businesses.

Q: AI seems to be a buzzword across industries right now, including cybersecurity. How can CISOs cut through the hype to understand whether an AI-based solution is right for them, and if so, which one to select? 

Courtney – In the cybersecurity world, AI has been a buzzword for some time now and will continue to be for a long time to come. In my opinion, what has changed significantly over the last several years is two-fold: The wealth of threat intelligence and actionable data to fuel AI-based technology implementations, and the availability of real-world and valuable applications that can leverage AI within an organization. 

AI in its original cybersecurity context was used as a way for organizations to cut through the noise by automating event correlation events, alerting appropriately, and reducing alert fatigue. While this is still very much a key use-case, AI has also evolved to include augmented intelligence and machine learning used to increase the efficiency and efficacy of solutions deployed within an organization, making real-time, proactive security more attainable. More to the point, AI solutions are already being integrated with regularity into cybersecurity applications like email security, IDS/IPS, botnet detection, identity management, and many others. So, it is not necessarily a matter of whether an AI-based solution is right for you, as the answer is always yes, with few exceptions. It is more a matter of ensuring the company behind the solution has access to actionable threat intelligence, and also has the knowledge, expertise, and ability to operationalize it across the environment. Today, everyone says they have AI or are AI-driven, but few companies have the ability to back up these claims or implement it effectively in their networks. 

Renee – And recently, we have seen cyber adversaries leveraging AI and machine learning to their advantage. They are building platforms to deliver malicious payloads at unprecedented speeds and scale. And no industry or organization is immune to these attacks. To combat this, CISOs need to be leveraging AI-driven/machine learning security solutions to fight fire with fire. Organizations need to have a strategic, proactive approach that relies on having accurate, timely, and actionable threat intelligence. Actionable strategic and tactical information gleaned from a global threat intelligence network—and analyzed with AI/ML and sandboxing techniques—enables an organization to move into a proactive security posture. To achieve this, organizations should look for solutions that train their systems using all three learning modes of ML—supervised, unsupervised, and reinforcement learning—as such systems will become more and more accurate over time. 

Q: As AI-driven security solutions get smarter, faster, and more effective, we see AI-driven cyberattacks do the same. In this cyber arms race, how can CISOs come out on top? 

Courtney – The CISO, always mindful of the areas that are most impactful to the business if attacked, must also keep a watchful eye on those areas most susceptible TO attack, which is their people. While there is a myriad of AI-driven technologies focused on protecting different areas within an organization, ensuring there is a keen focus on user-centric technology is key. Protecting email and file-sharing, as well as employing user and behavior analysis techniques, may prove to be one of the most worthwhile AI investments a CISO can make, and is most likely to enable them to stay ahead of cyber-attackers. 

Renee – Threat intelligence is also less effective if it is not available in real time by all the security tools in the network. An integrated and automated security architecture helps organizations thwart today’s advanced persistent threats designed to move at machine speed. CISOs should look at AI-driven security operations for protection, detection, and response. Breaches can occur in mere seconds, so it is imperative that organizations look to reduce manual processes and leverage automation to do things at speed and scale.

Troy – Emerging threats have always taken advantage of the expanding attack surface and poor security posture. When security teams develop orchestrated and automated security responses utilizing AI technologies, bad actors will respond with new and enhanced attack techniques in a process that could be compared to a cyber arms race. As a result, CISOs should continually evaluate which AI-Driven Security operations technologies can increase the effectiveness and efficiency of their security operations center teams, especially those tools designed to increase in maturity and sophistication to combat new threats from bad actors. AI-driven solutions that continue to grow more advanced can solve new security challenges or eliminate redundant manual processes and allow information security professionals to work on higher value initiatives.

Q: How are you seeing CISOs leverage AI-driven Security Operations to mitigate resource challenges and close the cybersecurity skills gap? How impactful has this been on the overall security of these organizations? 

Courtney – Most organizations agree that a key factor in maintaining a competitive advantage is continued investment in digital innovation. This means a continued and rapid influx of technology is necessary, both in new technology and in the scaling of existing technology. This should also mean an in-kind expansion of these resources used to support them. Unfortunately, as most of us know, this is usually not the case. Luckily, CISOs can now augment their existing teams and create an AI-driven SOC with greater ease and effectiveness than ever before. This approach has allowed many organizations to confidently deploy technologies at speed and scale without overwhelming their existing IT staff—which has been crucial over the last several months. 

Troy –Technologies that leverage AI-driven security operations or automate tasks allow CISOs to hire a broad range of cybersecurity professionals while reducing the learning curve needed for new or junior staff to become highly effective in the security operations center. Traditional cybersecurity tools have generally been very complex, siloed, and require senior level technical expertise. This challenge has been compounded due to high staff attrition, and senior level staff spending significant time developing and training new and junior staff. And the complexity widens further as organizations expand the number of siloed system interfaces that need to be managed. Leveraging next-generation cybersecurity technologies allow for integrated, enhanced user interfaces that take advantage of the automation of tasks—enabling new and junior staff to be effective sooner, thereby reducing the need for senior level staff oversight. Further, these technologies can help fill holes left by the cybersecurity skills gap. This provides for more meaningful and high-value work across the range of cyber professionals and can also increase staff retention. 

Renee – To keep pace with emerging threats and new risk exposures, the average enterprise now deploys 47 different security solutions and technologies. All of these separate tools—especially when they have individual management consoles and operate largely in isolation—make it difficult to correlate events and execute a consistent, coordinated response to threats.  And at the same time, security teams have been stretched thinner and thinner, with 65% of organizations saying they lack the skilled staff, especially as tool-specific proficiencies become harder to maintain. Not to mention, in today’s environment there is a lot more data and far more alerts that SOC analysts must review, in part due to the sudden increase of traffic from outside the network due to remote access. The increase in traffic, and resulting log files, increases the chances of an alert falling through the cracks. Because of the proliferation of advanced attacks, today’s compromises can occur in a matter of seconds, which means that relying on manual human intervention to perform incident response is no longer a viable security strategy. By leveraging the right AI-driven solutions, however, especially those that include high degrees of automation and integration built in, organizations can establish and maintain more effective and efficient security operations, all while reducing their overall total cost of ownership.

Find out how Fortinet integrates AI and machine learning capabilities across our Security Fabric to detect, identify, and respond to threats at machine speed. 

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and Infosec Partners are using AI to efficiently collect, analyze, and classify cyber threats to keep their networks protected from evolving threats. 

Sourced from Fortinet

Achieving NSE 8 Certification Through Fortinet’s NSE Training Institute Program

Matthew Watkinson is the chief security architect at Secure Sense, an IT security provider based in Canada. He has achieved Level 8 certification through Fortinet’s Network Security Expert (NSE) Training Institute’s Certification Program. He is skilled in the technical aspects of unified threat/next-generation firewall operations and design, web application security, and SIEM operations and deployment. He’s also knowledgeable in offensive security assessments including penetration testing and social engineering. We spoke with Matthew recently about how he got into the cybersecurity industry, why he sought Fortinet’s NSE 8 Certification and what the process was like.

What drew you to a career in cybersecurity? 

I fell into cybersecurity accidentally. I went to school for something completely unrelated, and then I got laid off and needed a job. A local company was hiring a Linux admin; I had previously done some server administration and was hired. So, I started there, learned on the job and worked my way up.

What enabled you to advance in your career?

I already had an interest in cybersecurity, and just learning how everything worked. At the time, where I was employed, nobody was filling the cybersecurity skills gap. So, I took it upon myself to learn when I saw the opportunity in this high-demand field. That’s actually when I started working with Fortinet appliances.

What led you to get NSE certifications and become part of the program?

I was looking for a larger challenge and looking for more exposure into the security space. I was an end user of the Fortinet appliances, so a mutual contact put me in touch with my current boss, Peter Humphries. Peter had just begun a small startup called Secure Sense and hired me to be his presales engineer for Fortinet appliances among other things. That got me started on the certifications path, helping me keep my skills and knowledge up to date alongside my career growth

What did you enjoy most about the NSE 8 program?

One of the things I really like about it is the wide scope. For the NSE 8, basically anything that’s Fortinet-branded is fair game. It’s definitely a challenging process and a challenging exam. Because of that, there’s a lot of credibility that goes along with it. When I’m speaking to existing and prospective customers, I can say, “Look, this is the process that we had to go through to get NSE certified.” So, when we’re talking about certain architectures or implementing certain specific features, prospects know we’ve done it in production and have been assessed by Fortinet, demonstrating our competency.

Does your Fortinet NSE certification come up in customer conversations?

It definitely comes up. As a managed service provider, we pride ourselves in our technical excellence. Our founder was a sales engineer before he started Secure Sense. His vision for Secure Sense was very technically focused because he felt that would be a key to our success. And it’s been a successful strategy.

So, when we talk to our customers about managed services, we can say, “More than 50% of our organization is actually hands-on technical people. And they’ve all been trained by someone who is at the upper echelons of Fortinet certifications. So, you know that the people who are actually doing the hands-on work in your environment know what they’re doing. They’ve been trained and they’re very competent.”

Are there any other benefits that come to mind when you think specifically of the NSE level 8 certification?

Absolutely. It’s the breadth of skillset. I know a lot of people who are really good at networking, and I know a lot of people who are really good at firewalls or malware analysis or authentication; I don’t know a lot of people who are really good at all of them. And with the breadth of requirements for NSE 8, you need to know what you are doing on FortiGate, on the switches, on the wireless, on the authenticator, email, the web – everything comes together in that exam. So, you need to be good at all of it – not just really good at one thing – to be able to get you through an exam.

Do you have any advice for those who are preparing right now for the higher-level certifications?

Honestly, it’s experience. The NSE 8 is absolutely experienced-based because there’s no real list of things to study – if it starts with “Forti,” it’s fair game. It’s just making sure that you’ve worked on the entire product portfolio – they’re all great products in their own right – and being able to leverage them in customer production environments is an important aspect of the test. That’s definitely what helped me through it. That’s really the best advice I can give: get your hands on Fortinet solutions and start playing around with them. Experience in a multiple number of platforms is essential to success when preparing for the exam. People are doing themselves a disservice by pigeonholing or only focusing in one area – whether they are preparing for the exam or not.

I found the actual exam process to be really enjoyable – the practical exam, that is. There is something really fun about that challenge of having to work through these problems, getting from point A to point D. It was two days of pure problem-solving and technical hands-on.

What is your professional observation about the cyber skills gap?

I think we’re still in need, but it’s not because there are fewer people in security. It’s just that the demand for security has outpaced the number of people entering the security space. Especially within the last five years, with the high-profile breaches that have been made public, a lot of businesses are now seeing the cost of having no security or at least poorly thought-out security strategies. And because of that, more companies are specifically hiring security-focused and security-trained individuals. It’s no longer “You’re the person who’s the best at networking? Congratulations – you’re now the security person!” Now that everyone has a security person, the security specialists are spread thinner even though there are more of them in the market.

So, there’s still a security gap. We’re always trying to hire qualified security people who have that breadth of knowledge in all of the individual technical subcomponents of security as well as understanding security frameworks at a larger scale. It’s become problematic for us. Demand is definitely outpacing the supply of security people.

Find out more about Fortinet’s NSE Training Institute programs, including the Certification ProgramSecurity Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

Sourced from Fortinet

Six Key Considerations for a Flexible Secure SD-WAN Deployment

SD-WAN was initially designed as a more flexible and cost-effective solution for connecting branch offices to cloud resources and the core network. And that is still the primary way it is deployed. Replacing static and costly MPLS connections and edge routers with a system that can manage and optimize connections and application performance has helped millions of organizations deploy a more robust and adaptable WAN strategy.

The right SD-WAN solution can do so much more. But far too many vendors have failed to realize the true potential of SD-WAN, or have over-promised on the flexibility of their solutions. It is not uncommon to find SD-WAN solutions, even from major vendors, that are unable to scale beyond 100 sites, provide overly complex management systems, or don’t provide solutions appropriate to meet the unique needs of essential verticals, such as retail. This failure on the part of the vendors limits the possibilities for the organizations that deploy them.

Defining True Flexibility for SD-WAN

If you are in the market for an SD-WAN solution or are looking to upgrade or expand an existing SD-WAN deployment, there are some key considerations that should be included in the selection process. Flexibility is one of those critical considerations, and far too many legacy SD-WAN solutions were not designed with the sort of flexibility in mind that many businesses require. This is what you should look for:

  1. Scalability. Not every remote environment is the same size. Branch offices can vary widely, and an SD-WAN needs to meet the demands of any sized office and support thousands of distributed locations. But new considerations, such as a greatly expanded remote workforce, means that some super users could benefit from the performance and functionality that a traditional VPN connection can’t provide. Look for an SD-WAN solution that comes in a variety of footprints, such as built-in LTE/5G to enable high-speed failover should the local connections become unreliable or unstable. Details like this ensure that you can support everything from the largest branch offices to thousands of remote users desktops.
  2. Security. The lack of integrated security in most SD-WAN solutions means that IT teams have to create an overlay security solution to compensate for losing the traditional stack of security provided at the head end by eliminating the MPLS connection. And because it is not integrated with the SD-WAN’s networking and connectivity functions, it simply cannot adapt to the rapid changes that many dynamic connections require. Security not only becomes a performance bottleneck but a barrier to flexibility as well. A truly flexible SD-WAN solution should be able to provide consistent security that is fully integrated into an on-premise device, as well as a cloud-native security service that can function as part of a SASE solution.
  3. SD-Branch. Most branch offices also include a LAN that needs protecting, and the loss of its permanent connection to the headend means that they now have to rely on a local security platform of some sort. That means IT headaches for rollout, configuration, monitoring, and management. Organizations should look for an SD-WAN solution that includes integrated connectivity and application security and security functionality that can be easily extended into the branch LAN. SD-Branch enables organizations to protect things like wired and wireless access points, establish and maintain network access control, and secure data and workflows passing through internal devices as well as the SD-WAN connection.
  4. Multi-Cloud. The fact is, WANs exist in many places besides branch offices. A virtual SD-WAN solution can provide secure and reliable connectivity between public clouds, between public and private clouds, and between any cloud and the data center. This requires looking for SD-WAN solutions that can run natively in any public or private cloud environment. And all of these SD-WAN deployments need to be configured and orchestrated using a central management system that integrates all networking, connectivity, and security functionality into a single console.
  5. Self-Healing. If an SD-WAN solution has to be reconfigured or requires manual intervention every time there’s an internet connectivity issue, many of the other SD-WAN benefits become negligible. Similarly, there should never be a lag in protection while security scrambles to reconfigure itself whenever a connection changes. Instead, organizations need to insist on an SD-WAN solution designed to automatically bridge gaps in internet reliability to maintain exceptional application performance. Self-healing functionality should do things like switch to an alternative transport model when an outage or disruption impacts connectivity, or dynamically adjust security policies and configurations with every connectivity changes—even when switching to another transport model.
  6. Low-Touch. And all of this needs to be done as seamlessly and as low touch as possible. Deployment needs to be quick, interconnections between SD-WAN systems need to be easily configured and managed, SLAs and other policies need to be universally applied, and a unified security policy needs to dynamically and automatically adapt to changes in traffic, connections, applications, and workflows.

This boils down to looking for an organically developed solution that consolidates advanced routing, self-healing SD-WAN capabilities, and intuitive orchestration with flexible security options via a fully integrated next-generation firewall or SASE-based cloud-delivered security solution. It also needs to be able to be deployed across the entire range of home, branch, campus, and multi-cloud network environments. This approach will help the organization realize numerous significant benefits, including: 

Better user experience: To maintain optimal user experience, an SD-WAN system needs to dynamically learn and overcome WAN impairments at all edges using comprehensive self-healing SD-WAN capabilities. It also needs to leverage purpose-built ASICs for maximized performance. And the addition of AI and ML-powered application learning provides additional visibility and control to ensure the best application performance possible without compromising security.

Reduced costs and complexity: By converging networking and security into a unified Secure SD-WAN solution and then adding centralized orchestration, an organization can reduce the number of point products they need to manage. This helps them keep operational complexity in check while achieving the best possible total cost of ownership (TCO). 

The Goals of Today’s SD-WAN Deployments are Clear

There are four goals for effective SD-WAN deployment. First, provide seamless, reliable access to any resource, from any device, in any location. Second, ensure consistent user experience through continuously optimized connections and applications. Third, protect all applications, workflows, and transactions using enterprise-class security solutions designed to provide encryption and inspection at business speeds. And fourth, everything needs to be able to adapt to network changes, digital innovation requirements, and evolving cyber threats as a single system.

Achieving this requires a level of flexibility that few SD-WAN solutions can deliver. But finding and deploying a solution that can grow and adapt as your business and network requirements evolve is well worth the effort.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how De Heus and Burger King Brazil implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Sourced from Fortinet

From Botnets to Phishing: A Discussion on the 2020 Threat Landscape

An unforeseeable shift in network structures and attack strategies was dropped on the cybersecurity industry in 2020. As the COVID-19 pandemic continues to take its toll on organizations and individuals around the globe, we are now dealing with a threat landscape that’s become more intense, complex, and saturated than ever before. And many organizations are finding it challenging to allot sufficient resources towards managing and mitigating these growing and evolving threats, having already faced operational setbacks prompted by the sudden transition to a fully remote workplace.  

Considering the ever-evolving nature of today’s cyber threats, business leaders must continually familiarize themselves with up-to-date threat intelligence and invest in the resources necessary to protect what is now – and will remain indefinitely – a larger, more fluid attack surface. This time, the changes happening across the cyber threat landscape are more dramatic, and the risks due to recent network changes are greater than ever. This makes accurate and actionable threat intelligence even more crucial. The following threat summary highlights the cyber criminal community’s ability to adapt and take advantage of low-hanging fruit to achieve their goals.

Leveraging At-Home Technology as a Gateway to the Enterprise

In the past, security teams were primarily focused on protecting users from application and networking threats, and hardening connected resources safely tucked inside the network perimeter. But this is no longer the case. During the pandemic, there has been an exponential rise in IoT usage and a reliance on home networks and consumer grade devices, such as home routers and modems – something which cyber criminals were quick to take notice of. The surge in remote work has also focused considerable attention on the security of personal devices being used to connect to the corporate network, including smartphones, tablets, laptops, and PCs. For attackers, this shift has presented a unique opportunity to exploit these devices and gain a foothold in enterprise networks (or, at least, on the devices used to access those networks). Such devices are easily compromised, and researchers are seeing the formation of large botnets that can be used to launch DDoS attacks or distribute malware aimed at the enterprise.

Over time, cyber criminals have not only grown to understand technology better but also have access to more sophisticated resources than they had in the past, making the task of protecting distributed resources more challenging than ever. Through the use of AI and machine learning tools, for example, cybercriminals are taking full advantage of the expanding attack surface and successfully bypassing traditional safeguards. Because of these advances in attack methods and technologies, IT teams are now struggling to stay ahead of things like updated ransomware and phishing threats that are being leveraged to compromise at-home IoT devices.

Ransomware Attacks Becoming More Sophisticated

Ransomware attacks have always been a significant concern for businesses. But over the past several months they’ve become more prevalent and costlier – both in terms of downtime and damages. Why has this threat not only persisted for so long, but recently become even more challenging? Because ransomware is even more readily available to attackers via DarkNet marketplaces. New ransomware technologies, including ransomware-as-a-service is inexpensive and is relatively simple to deploy. 

Ransomware has been discovered hidden in messages, attachments, and documents related to COVID-19. And these threats continue to grow more sophisticated, helping cybercriminals to stay ahead of the curve. Three specific ransomware samples fell into this category: NetWalker, Ransomware-GVZ, and CoViper. Of the three, CoViper was especially concerning, having been found to rewrite the computer’s master boot record (MBR) before encrypting data. While our team has observed several attacks in the past where adversaries have used MBR wipers combined with ransomware to effectively cripple targeted PCs, this is an unusually aggressive strategy. 

Toward the end of the first half of the year, there were also several reports of potentially state-backed threat groups attacking organizations involved in COVID-19-related research in the U.S. and other countries. In addition, attackers have taken to moving critical data to public servers and threatening to release it publicly unless ransom demands are met – a way to circumvent the decision of victims to recover their systems themselves rather than give in to demands.

As these threats evolve, security teams must ensure they have access to real-time threat intelligence in order to stay up-to-date with the latest attack trends and methods. This includes keeping abreast of the tools being used by cyber criminals as a means of maximizing the impact of their attacks, including social media and Darknet search engines. And it also means modifying current strategies. Organizations are now advised to keep all data encrypted, whether in motion or at rest, to thwart recent attack strategies.

Phishing Evolves via Machine Learning

Many of the phishing attacks of the past have been unsophisticated and easily prevented, only posing a serious risk to the gullible. These scams generally employ social engineering tactics to steal credentials from unsuspecting users, often via email. In other cases, a compelling message is used to convince a victim to follow a link that installs malware or exposes sensitive data. 

But increasingly, these attacks are being used to set the stage for both on-premises and cloud service attacks. Recent phishing tactics are far more sophisticated and have evolved to target the weak links found at the edges of business networks. While employees at most organizations are now better educated about the dangers of email phishing, and take greater precautions when encountering a suspicious-looking link, hackers have begun to alter their approach. For example, cyber criminals are targeting unsecured home networks and novice teleworkers who lack essential cybersecurity training to steal personal information and launch attacks against the business networks to which they are connected. 

Many are also using machine learning to rapidly craft, test, and distribute messages with increasingly realistic visual content that triggers emotional distress in recipients. They can actually analyze different versions of attacks and modify their methods to ensure maximum effectiveness. Emerging phishing attacks include scams claiming to help targets deposit their stimulus checks, provide access to hard to find medical supplies or personal protective equipment, or offer helpdesk support for remote workers

The majority of these phishing attacks contain malicious payloads – including ransomware, viruses, and remote access trojans (RATs) designed to provide criminals with remote access to endpoint systems, enabling them to perform remote desktop protocol (RDP) exploits. 

Our team also documented a significant spike in web-based phishing, beginning with the HTML/Phishing cyber threat family back in January and February of 2020 and that held true through the end of May. Similar HTML cousins – /ScrInject (browser script injection attacks) and /REDIR (browser redirection schemes) – have also contributed to the increase in phishing attempts this year. Web-based malware tends to override or bypass most common antivirus programs, giving it a greater chance of survival and successful infection. 

Security professionals should take note: The browser has been a key delivery vector for malware thus far in 2020, and this trend will likely continue into the next year. This corresponds to the documented drop in corporate web traffic, which was generally inspected and sanitized, and the rise in home-based web traffic due to the transition to a remote workforce strategy. This shift reinforces the point that cyber criminals have intentionally changed their attack methodologies by targeting the traffic that is now flooding lesser-secured networks. For this reason, organizations must not only provide remote workers with the knowledge and training necessary to secure their own personal networks and the connected business network, but also provide additional resources, such as new endpoint detection and response (EDR) solutions that can detect and stop advanced threats.

Looking Ahead of the Threat Landscape

The COVID-19 pandemic has reinforced what many industry professionals have recognized and championed for quite some time: That effective cybersecurity requires constant vigilance and the ability to adapt to changing threat strategies. While security should have been a top priority all along, now may be the time to consider investing in broader, more advanced, and more adaptable solutions – especially as cyber criminals modify their attack methods to leverage personal devices as a springboard to enterprise networks. With this in mind, shoring up remote systems and networks should make the top of the to-do list. 

Regardless of the state of the world around us, the best way to protect against ever-evolving malicious activity is to take a comprehensive, integrated approach to cybersecurity. A vital component of this is continuous access to up-to-date threat intelligence and cybersecurity training. Fortinet is committed to addressing this need by providing leading-edge insights into the cybersecurity threat landscape through our FortiGuard Labs global threat research team, advanced threat detection technologies, and, in-depth reporting on advancing threat trends.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolioSign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert programNetwork Security Academy program, and FortiVet program.

Sourced from Fortinet

Security Must Be Built into the Fabric of SD-Branch

This is a summary of an article written for Forbes by Michael Xie, Founder, President, & CTO at Fortinet. The entire article can be accessed here

Software-defined products and solutions have flooded the market, making it difficult for C-suite leaders to differentiate between the array of acronym-heavy technologies vying for their budget dollars. One of the most potentially disruptive solutions is SD-branch, a technology set that stands out when it comes to the promise of digital connectivity and branch functionality. The challenge SD-branch aims to address is to ensure that every user within an organization has full access to their entire range of business-critical applications, and to do so without compromising user experience. Ensuring this in a world of multi-cloud services and often unreliable public network bandwidth is intense, complicated, and critical to global business success.

To address these challenges, a slew of vendors have entered the SD-branch market promising flexible, dynamic, and adaptable solutions. However, decision makers must take care not to be swayed by marketing claims alone. Without proper implementation, or true integration between components, organizations may find that they are not investing in software-defined branches, but instead increasing their software-defined risk.

Today’s Digital Branch Environment

Security is at the top of the list of vendor promises that do not map to reality. Real-time global collaboration and the delivery of business results are increasingly important in our digitally driven world. But what good is connecting offices and workers across locations if security is not top of mind? Secure connectivity is critical, especially at the branch level, where branch office networks are now interconnected to the rest of the distributed network. And because cybercriminals are always willing to find and compromise the weakest chain in the link, the branch must provide the same level of security being delivered at the central network.

The era of the traditionally siloed and physically disconnected branch offices is a thing of the past. Today, branches are not just connected in name and spirit. Like those of an actual tree, these branches are all interconnected across a broader framework. In other words, while branch offices may be remote, they must still function as a fundamental extension of the core network. This means that the entire network is only as secure as the branch office with the most vulnerabilities.

Compounding the usual vulnerabilities of any branch LAN is the expansion of the local branch network via IoT and mobile access – technologies such as these transform a branch from just one vulnerability point into a cluster of hundreds, if not thousands, of potential points of compromise. Multiply this to encompass an entire network of branch offices and the potential for security issues increases exponentially. This is because the more efficiently that branches lack adequate security are connected together, the more effectively they will lead threat actors directly to the network’s most mission-critical data. 

The Importance of Security in Branch Environments

When branch offices lack proper security controls, they can become prime conduits for routing breaches and cybercrime right to the core of your network. And as a result, they can also become ineffective channels for getting work done. A traditional SD-WAN solution only resolves connection problems. It does nothing to ensure the security or integrity of the connections that the organization relies on, or the LAN behind the SD-WAN device. The challenge is that overlaying security as an afterthought to secure a constantly changing infrastructure, which is what most SD-WAN vendors require organizations to do, is extremely expensive and rarely effective. And worse, a branch’s internal LAN is exceptionally vulnerable because it does not fall under the umbrella of protection from the organization’s centralized security services. And worse, they are not only on their own when it comes to security, they also only have a fraction of the budget necessary to provide the same level of protection that is provided at the core network.

What these remote offices need is an SD-branch solution that also provides fully integrated next-generation firewall capabilities. This approach enables the securing of both wired and wireless connections, provides full branch network security access controls, and allows administrators – both local and remote – to see and monitor all devices integrated into the branch LAN. And better, it ensures that constant change – from dynamic connectivity to the addition of new IoT devices – is automatically protected because security and the network now function as a single, integrated system. 

Unfortunately, most organizations don’t come to this realization that this is something that they need until after they have already invested in a solution that lacks the requisite comprehensive security. And even after adding security components from different vendors, they still have to deal with a cumbersome collection of solutions not designed to interoperate as a single security system. This not only can overwhelm limited IT staff by creating unsafe levels of complexity, but critical security gaps will still be created as security solutions that are not integrated into the underlying network struggle to keep up with dynamic connectivity changes required to maintain consistent access to critical applications and other resources.

This is why a security-first approach to SD-branch is critical. Via this method, CISOs can address the primary issues of security, productivity, and agility in a coordinated way that reduces cost and complexity without putting the network at risk. Balancing ease of access against robust security is a challenge, however, especially with IT resources already stretched thin due to a heavy focus on business continuity. Solutions that provide better adaptability, flexibility, and reach without compromising security through seamless integration between all elements of the network become crucial in these circumstances.

Functioning as a Single System With Secure SD-Branch

Simplicity of design, such as only using solutions that share open APIs and common standards, is just the first step in developing a secure SD-Branch. While it is important that network processes, remote connectivity, and security function as a single system, it is even more critical that security drives this functionality. This requires a single, integrated platform that blends security, network functionality, and SD-WAN into a single solution to ensure an open, adaptive, and flexible system that can easily adapt to changing business requirements at the branch without ever sacrificing protections. At the end of the day, once an organization truly understands what is at stake, the number of solutions that can meet this raised bar, such as Fortinet’s SD-Branch solution, is dramatically reduced. 

Once a fully integrated and adaptive solution is in place – one that integrates networking, connectivity, and security into a single, fully integrated system – organizations can invest in greater reach and ability, ensuring workers can be productive and remain competitive while still creating secure paths forward. The reality is, business systems will only become more interconnected in the future, and organizations need to put security top of mind now, during the planning and development stages, to ensure that the adoption of new applications and services can resolve the business issues of tomorrow without putting the entire business at risk.

Consolidate your branch services while delivering security, agility, and performance with Fortinet SD-Branch.

Sourced from Fortinet