Organizations can no longer deliver services at scale and still defend against today’s cybersecurity threats without rethinking their approach to security. Ken Xie, cofounder and CEO of Fortinet, sits down with us to discuss what that approach must look like and which primary capabilities organizations must integrate into their operations to more effectively secure their enterprises.
CyberScoop: How have you seen the arc of cybersecurity evolving over the last decade to where enterprises and government agencies are today?
Ken Xie: Today, data and applications move between different users, devices and networks, making visibility and control more difficult. The trusted zone has disappeared and the traditional perimeter extends through and with mobile end-user and IoT devices, even beyond the entire infrastructure. At the same time, digital innovation is continuously introducing new edges and fragmenting the perimeter even further.
Of course, cloud adoption plays a critical role in all of this. But it is important to remember that the current compute model is more than just one thing. A growing number of organizations are also building hyperscale data centers and implementing new edge computing. Smart cities, buildings, cars and infrastructures are bringing traditionally isolated systems together. And hyperscale and hyperperformance are now becoming basic requirements.
And over the last few months, many companies have had to engineer their networks to support work from home, so the network can scale to hundreds or thousands of remote users. And in the middle of this, the core network is also undergoing transformation to provide better quality of service and user experience.
Security needs to adapt to these changing network demands and configurations. The challenge is that the traditional security solutions most organizations rely on to protect their networks were never designed to support these new environments.
Cybersecurity today is still hampered by siloed systems where threats can remain undetected. What do you see as the key capabilities that security leaders should be working towards?
Most organizations have too many vendors and too many point products in place, and not enough people to support it all. The result is that IT teams are unable to see across the network, so they can’t easily control policies, correlate data, coordinate functions or automate the detection of and response to threats. And this is becoming even more complicated as industries, countries and regions have to adapt to new compliance requirements by incorporating them into their networking strategy.
Organizations need a cybersecurity architecture that can scale and expand to meet these new demands. That requires a fully integrated security platform approach. An integrated platform provides broad visibility across the entire digital attack surface, from the endpoint to the access point, from the WAN to the data center, and into the multi-cloud. This enables distributed security elements to talk to each other, share threat intelligence and even work together to provide a coordinated threat response.
Equally important is the ability for security to be automated. This includes the integration of security and networking into a single system. If an endpoint is compromised, for example, the security platform must automatically tell the switch or the access point to take it off the network. Dynamic segmentation allows new devices to be securely isolated from other systems. And higher-order inspection can occur while the network infrastructure focuses on performance and delivery. This next level of automation, where security and networking are part of the same platform, is critical to seeing and protecting today’s networks.
You’re a proponent of security-driven networking. How does that play into the broader push for zero trust?
Security-driven networking (SDN) is the convergence of networking and security. Networks make constant adjustments to ensure that applications and services are running as efficiently as possible. But network devices only address speed and connectivity. The layer and function above connectivity — such as securing applications and content, authenticating users and devices, and applying rules for the region or country where a transaction occurs — all need to be handled by a security device. When security has to wait to respond to transactions or network changes, like traditional overlay security solutions do, it can introduce security gaps and inefficiencies.
SDN ensures that whenever applications are used, when users or devices try to access resources, or when network connectivity changes to maintain an SLA, security is part of the process to automatically provide protection. This requires routers and switches, access points, Wi-Fi, private or public cloud resources, and SD-WAN to work seamlessly with things like access controls, network segmentation, next-gen firewalls, IPS, SSL inspection and content filtering.
With SDN in place, organizations can secure their entire distributed network using a single policy engine to enable automation. And when combined with real-time analytics and threat detection, the network can see and respond to new threats as soon as they happen. We call this the third generation of network security.
The first step is to use custom security processing units, or ASICs, that allow security to run as fast as the network. Next, all security functions, including application control, firewalling and IPS, need to be consolidated into a single, fully integrated next-gen firewall platform without compromising functionality or performance. Third, all security devices in any environment and in any form factor need to work together as a single, integrated system that can be controlled through one management console and with one set of policies. And finally, all of these security elements need to be tightly integrated with the network to ensure consistent protections and policy enforcement even when the network becomes highly dynamic.
This strategy is something the security market has been promising for over a decade, but that few vendors have been able to deliver. And now, the recent secure access service edge, or SASE, market momentum further validates the need for a security-driven networking approach.
As enterprises embrace artificial intelligence and automation tools into their security strategy, what should they be paying attention to?
Historically, the majority of security spend has been focused on prevention that involves using signatures or pattern-matching to prevent attacks from breaching their perimeter. But many organizations want to expand their defenses to include detection. They need to see those threats that get past their prevention technologies and then stop them before they can execute their attacks.
The challenge is that unknown, zero-day attacks that get past traditional prevention tools cannot be seen using traditional tools. Detecting these and other sophisticated attacks require security analysts to process and correlate data from many different sources to detect a network breach. As a result, many successful network breaches can go undetected for months. By contrast, AI and machine learning can look through a lot of data very quickly to detect sophisticated attacks and even previously unknown zero-day threats — including those designed to evade detection — so they can be identified and stopped before they can execute.
New endpoint detection and response (EDR) systems can do the same thing. EDR tools can proactively examine endpoint system activity, detect active threats and actually stop malware from executing. These newer solutions rely on machine learning and artificial intelligence to detect, identify and alert on unusual behavior.
But detection is only part of the challenge. New attacks can happen in microseconds. That’s why SIEM devices and SOAR systems also need to include AI and automation to automatically detect and stop these threats. However, for this to function at the scale required, artificial intelligence needs to be applied across the entire digital attack surface by embedding it into a broad range of solutions, enabling them to detect, share, correlate and respond to threats as a single system.
Looking to the future, what’s on the cybersecurity horizon you’re paying attention to that public and private sector leaders should prepare for?
Much of the digital transformation happening today is laying the foundation for the future of smart systems — smart cars, buildings, cities and infrastructures that include smart transportation, energy, manufacturing and financial systems. Faster and smarter mobile devices and new edge computing models, all powered by 5G, will accelerate all of this even further and faster. And billions of new edge devices and environments will be added and interconnected across a global network of public and private networks.
This requires the next generation of security development to focus on convergence, performance and automation. And this will only be possible for those solutions already designed to be part of a larger, integrated security system. Such solutions will need to be broadly deployed across the entire attack surface in every possible form factor. They will need to be integrated together to work as a single security fabric. And they will need to be automated so they can respond to threats without human intervention. This includes the need to integrate ML and AI so systems can stay ahead of new threats. Only the use of advanced technologies designed to work together as a single, integrated system will enable security to operate and scale at the speed of digital business.
Learn more about taking a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.