In an exclusive interaction with CSO India, Rajesh Maurya, Regional Vice President, India & SAARC at Fortinet, threw light on the various security challenges plaguing Indian organizations, the technologies that are rapidly disrupting the security landscape, and what security professionals should do in order to prevent getting hit by advanced attacks.
What are the three biggest security challenges that you see in 2019?
The challenge of securing networks is accelerating, primarily in direct response to digital transformation efforts that are expanding the attack surface. The problem is that too many of the deployed security solutions not only operate in relative isolation, they also still tend to be perimeter-based - which is ironic given that the industry has been touting border-less networks for quite some time.
Part of the problem is that even as network borders are eroding, we still tend to think of our networks in traditional terms, with an assumption that the datacenter sits at the core, the network is reasonably static, and that all other elements — mobile users and devices, branch offices, and multi-cloud environments — branch off from that central network in a hub and spoke design.
Today, however, data is highly distributed, and the perimeter is not only disappearing, it is being replaced with a sophisticated, meshed network of networks made up of components that are not only virtual, but are frequently temporary. These new edges are also expanding the digital attack surface.
Securing these complex, distributed, and continuously evolving networks requires developing and deploying security devices that can provide business-level digital performance, consistent functionality, and seamless interoperability. Security teams that used to have a deep familiarity with their sphere of responsibility are now spread so thin that even basic security functions like patching and updating are being neglected.
Which technologies are disrupting the cybersecurity landscape?
The cloud edge: Most cloud security deployments can’t provide consistent security enforcement because they tend to be deployed as overlay solutions. This results in the loss of features, functionality, and performance, making it difficult to establish consistent policy enforcement. Cloud native security solutions operate much more effectively, but in a multi-cloud deployment they may have challenges inter-operating with devices running natively in another cloud environment.
The endpoint edge: End user devices are smarter, faster, and highly mobile—exposing organizations to risks due to loss, theft, malicious apps, or connecting to compromised public access points. IoT devices are not only inherently insecure, many can’t even be updated or patched, making them a preferred target by cyber criminals.
The WAN edge: SD-branches establish connectivity with other locations and resources through meshed VPN connections over the public internet that need to not only support, but also secure critical SaaS and unified communications applications, with advanced networking and security solutions.
“Part of the problem is that even as network borders are eroding, we still tend to think of our networks in traditional terms, with an assumption that the datacenter sits at the core, the network is reasonably static, and that all other elements — mobile users and devices, branch offices, and multi-cloud environments — branch off from that central network in a hub and spoke design.”
The new 5G edge: 5G will be another disruptive technology that will push digital transformation even further by introducing unprecedented speeds and inter-connectivity that will change how we share information, consume media, and make critical networking and security decisions.
How can enterprises prepare better to deal with Zero-Day Attacks and Advanced Persistent Threats?
The traditional process of identifying a threat and then developing a counter defense, or even attempting to anticipate and neutralize new attack strategies, are becoming obsolete. The best approach is to engineer as much risk as possible out of your current network by moving from implicit trust to a zero trust model. This includes implementing multi-factor authentication, deploying network access control, and adopting automated, intent-based segmentation and micro segmentation.
This begins by integrating traditionally isolated security devices into a single, integrated architecture. Tools that can actively correlate threat intelligence and respond as a single, integrated system are much more effective at combating even the most advanced threats.
Getting out of the trap of security 'brinksmanship' requires organizations to rethink their security strategies. Instead, organizations need to target the economic motivations of cyber criminals by anticipating their attacks and thereby forcing them back to the drawing board.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?
The implications of powerful and automated attacks may feel overwhelming, but organizations are not helpless. Automation is available to both sides, and organizations can use automation and AI to anticipate and mitigate these advanced threats. As the number of evasive techniques multiply and the time windows for prevention, detection, and remediation continue to shrink, an automated response is essential. AI-powered communications and collaboration will enable the discovery of even the most advanced threats, dynamically deliver a proactive response to suspicious behavior, and even begin to anticipate attacks.
Automated actionable threat intelligence shared at speed and scale shrinks the necessary windows of detection, is able to trace and intervene against attack workflows that move between network ecosystems, and provides the automated remediation required for today’s multi-vector exploits.
What is your advice to CSOs and other top level security management professionals?
In today’s meshed and increasingly perimeter-less networks, security teams need to identify everything connected to their ecosystem—including their state and configuration, validate requests for access, and monitor and encrypt all traffic. This requires security professionals to consider security solutions more in light of their ability to participate as an integral part of an integrated security strategy those solutions that not only share and correlate threat intelligence, but those that can also actively participate in any coordinated response to detected threats.
Organizations looking for a consistent security strategy need to insist on open standards. Security solutions that support open standards need to include the ability to collect data from security sensors, as well as directly from the network environment.
Security devices, regardless of vendors, also need to be able to share and correlate threat intelligence between third-party solutions and distribute it across all enforcement to effect a coordinated response based on policy. At the same time, cloud and other network providers need to implement open standards to make integration requirements more consistent across their environments to enable security tools to function more consistently between those platforms.