This is a summary of a byline written by Fortinet’s Nirav Shah, Senior Director of Product Marketing, for Network Computing, entitled “Moving to a Security-Driven Networking Strategy”
Security-driven networking is designed to address the challenges of the expanding attack surface, from mobility to multi-cloud adoption, where traditional security strategies struggle to keep up. The need for this new approach to security is becoming all too clear.
Securing a new network environment after it has already been created is one of the most difficult challenges faced by security teams, especially when those environments are highly elastic and in a state on constant flux. These challenges include mapping security functionality to networking requirements, maintaining network performance, and integrating into existing management tools to avoid adding overhead to an already overburdened security team.
This approach also introduces security gaps and blind spots. Overlay security solutions are forced to adapt to rapid network changes that impact policy, access, and enforcement. Rather than being on top of the problem, security becomes slow and reactive, and either bottlenecks these new environments, or more often, leaves critical resources exposed to risk.
Start with a Security Fabric
Instead, organizations need to start by integrating their security solutions into a single, integrated whole that can be extended out to every possible network permutation – branch offices, multi-cloud networks, remote users, and new edge networks. This approach provides automatic adaptability and scalability, consistent enforcement, seamless communications and event correlation, and integrated management.
The Security-Driven Network
But that’s not enough. That security fabric also needs to be woven directly into the network fabric. This enables security to dynamically adapt to network changes in real time, see and manage risks across the network, and extend that integrated security strategy to every new network edge.
This approach enables networks to safely undergo continuous transformation because security is already fully integrated into the environment. Applications and workflows are automatically secured regardless of changing data paths, access is dynamically managed, and encrypted traffic is inspected and analyzed at network speeds.
How to Achieve This
To make this happen, you need to start by upgrading what’s under the hood of your security devices. In gaming systems, the highest performing CPU is simply unable to keep up with even a basic Graphics Processing Unit. The same approach applies to security, where high-performance physical and virtual security processors can accelerate networking and security functions. These Security Processors ensure dynamic scalability and can do things like deliver high-speed SSL inspection performance that is simply not possible any other way, and need to be built into and support every security solution.
Next, reduce or consolidate point product vendors to eliminate the challenges of solution sprawl and the lag time required to communicate between isolated systems. This will enable single-point management, policy distribution and orchestration, event correlation, configuration assessment, and unified enforcement – and even maintain compliance standards.
Security and network access controls also need to be integrated into wireless access points, switches, and other network hardware and virtual machines. When this happens, security-driven networking functionality can be extended across the campus, out to the branch network WAN edge, deep into the local branch network, and into the cloud. SD-WAN connections, next-gen branch offices, and cloud on-ramp activities can all be improved and optimized using a security-driven networking strategy.
SD-WAN/SD-Branch Use Case
Traditional MPLS connections limit application performance and dynamic communications. Security-based SD-WAN solution combines built-in protections with advanced SD-WAN networking capabilities to eliminate MPLS-required traffic backhauling, prioritize business-critical applications, and improve overall user experience without compromising on security.
When security and networking is integrated, even hundreds of SD-WAN deployments can be controlled through a single management interface to ensure that networking and security services are always in sync. And by integrating it with the wired and wireless access points, SD-WAN security can be easily extended into the branch LAN to enable deeper integration and consistent security.
Your CISO and members of the security team need to be involved in business development conversations from day one. Next, all security solutions need to be part of an integrated security fabric that extends into every corner of your network. And finally, the next generation of security tools need to support deep integration with networking functionalities to enable a security strategy that can automatically grow and expand as your network evolves.
Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.
Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.