The first day of the Fortinet Security Summit was held on Tuesday, September 14, at the Silverado Resort and Spa in Napa, California, as part of the PGA TOUR’s Fortinet Championship event. It included practical insights, strategies, and enlightening panel discussions around today’s top cybersecurity challenges from nearly two dozen industry leaders.
Cybersecurity’s Top Leaders Discuss the Future of Security at Security Summit
Twenty thought leaders in ten sessions shared insights and solutions on the latest evolutions of cybersecurity. Glenn Katz, SVP & General Manager, Comcast Business Enterprise Solutions, highlighted the need for innovation, which was the informal theme of the event, when he said, “The perimeter is now everywhere. We can’t trust anything anymore.”
New network strategies and expanding attack surfaces require new paradigms, such as automating security policy. According to Ruvi Kitov, Chairman, CEO, and Co-Founder at Tufin, organizations need to “increase agility and streamline collaboration to maximize security.” Speakers also emphasized that organizations need to understand the importance of the shared responsibility model, incorporate security into the foundation of every infrastructure, create comprehensive security strategies, and remember that basic cyber hygiene is still—and always will be—relevant.
Common Fortinet Security Summit Themes
Some of the key topics discussed during Tuesday’s summit included:
Automating security policy: New paradigms are needed in security management policy to ensure automation, compliance, and complete visibility. Organizations need to minimize the impact of human error making by automating everything, leveraging comprehensive encryption to thwart data theft and ransomware, practicing incident response, and using security metrics to drive strategy.
Understanding the shared responsibility model for cloud security: Organizations moving to the cloud need to understand their security responsibilities. While organizations should rely on cloud providers to protect the security “of” the cloud—the storage, network, and compute layers—they are responsible for security “in” the cloud, including everything built, deployed, or stored in the public cloud. Solutions must also be flexible enough to support security functionality within a specific cloud environment, between clouds, and across the larger distributed network.
Making security foundational: Organizations need to pivot their security strategy from deploying it as an afterthought to including it in the foundation of their infrastructures, a concept known as security-driven networking. According to Rupesh Chokshi, VP, AT&T Cybersecurity and Edge Solutions, “The convergence of security and networking is happening every day and will continue,” helping to drive home the point that these fundamental systems can no longer be managed in isolation.
Security across all edges, clouds, extended networks: Organizations running a distributed environment need to know who and what is on the network at any given moment. Security platforms designed to be deployed at any edge are best suited to protect workloads and business applications that span multiple edges. Security policies also need to follow the data, protecting and following applications everywhere they go. And solutions and policies need to be orchestrated using a single, centralized management console to ensure consistent distribution and enforcement.
Ransomware is Top of Mind
Ransomware was the hottest topic of the day and a common theme for many speakers. Interestingly, not a single hand went up when audience members were asked if anyone had a solid ransomware strategy in place. This was no surprise, as Fortinet’s FortiGuard Labs reported a more than 10X increase in ransomware activity in the last year. Mike McGlynn, VP, Global Security Solutions at WWT, drove the point home. “Resiliency and response are key. The industry average is 21 days to get basic business functionality up and running. You could lose $1M a day in revenue if taken off the grid. And it takes 9 months to fully recover from a ransomware attack.”
Speakers shared four critical steps for any ransomware strategy.
- Defend: Starting with an access identity management program, including multifactor authentication, to know who and what is on your network is essential. Organizations should also compartmentalize access and use segmentation to slow and isolate. And basic IT hygiene, such as patching, needs to be prioritized.
- Effective strategies start from the top down: Company executives, legal, corporate communications, and HR should all be involved in the planning and executing of a crisis-management strategy. And it needs to be in place before an attack.
- Triage: Slow the attack, slow the attacker. Limiting privilege access, segmenting the network, and maintaining good cyber hygiene can buy critical time to execute crisis management strategies and protect other systems.
- Recovery: Disaster recovery is not enough. Prevention tactics should also be included in recovery plans, such as quickly pivoting to the cloud to ensure business continuity and creating a “clean room” that replicates infrastructure to ensure faster recovery times.
Security is Everyone’s Responsibility
One big challenge facing many organizations is getting leadership teams to make cybersecurity a priority. Security needs to be front and center, or as Marianne Bailey, Cybersecurity Solutions Leader at Guidehouse, put it, “Security is everyone’s responsibility.”
One suggested approach was to distribute corporate cybersecurity spend across teams, so one department is not burdened with the cost. But such an approach must be paired with a cross-functional team comprised of cyber experts, legal, IT, DevOps, and leadership team members to avoid a fractured security implementation. By sharing goals, functions, concerns, and priorities, organizations can implement an effective, unified strategy where everyone has a stake in the organization’s security, not just IT.
Technology Vendor Expo
The Security Summit was also complemented with a Technology Vendor Expo featuring more than 35 partners, such as AT&T, CDW, Comcast Business, Tufin, WWT, and more. Together, Fortinet and partners showcased the latest evolutions of cybersecurity, including new and emerging technologies, including ZTNA, extending enterprise SD-WAN from Cloud to Branch, and SASE, to name a few.
Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.