By Cornelius Mare, Director, Security Solutions, Fortinet Australia
Staying ahead of the increasingly sophisticated adversary community is becoming more complex, especially as enterprises adopt DX (digital transformation). Instead of having a single, centralised network to secure, organisations are employing a mixed hybrid network model that requires an equally mixed hybrid model for security services.
Today’s DX network might include public and private clouds, virtual software-defined networks, IT/OT convergence and an increasingly mobile workforce. This also includes things like ongoing DevOps application development, containerised environments and the adoption of IaaS and SaaS solutions including shadow IT and shadow SaaS.
The challenge is to ensure that your security services can keep pace with your rate of change. A critical component of that strategy is to incorporate the latest threat intelligence to protect your network from these well-funded and highly-motivated adversaries.
Gathering and maintaining critical threat intelligence
Threat intelligence comes in many forms, some proactive and actionable and some, unfortunately, reactive. There are generally three kinds of threat intelligence. Peer-based threat intelligence is based on empirical evidence. It is derived from industry metrics and collated into reports and threat alerts that are typically available as a service. These services provide real-time insights into the state of security and security challenges.
Expert-led threat reports go one step further and predict future malware and cybercriminal trends and techniques. Peer and expert-led threat intelligence are great for planning your security strategy…you always need to be thinking ahead. But for active protection today, you need to transform report-centric threat intelligence into actionable defence.
That calls for live threat feeds that provide robust and actionable information directly into your security fabric. The more security sensors that your threat intelligence service provider employs, the wider the net will be to capture the very latest threats. This combines with local data gathered from tools like sandboxes and SIEMS. And to derive the most benefit, the threat intelligence has to be correlated through a common management, policy and orchestration solution.
Inserting threat intelligence into your DX environment
Ironically, the most consistent aspect of your DX environment is probably your security requirement. Regardless of where or how your data, applications and networks are hosted, your security has to be consistent with policy, enforcement and mitigation. Consistent security across your entire extended network will assist in reducing your exposure to risk and is an effective strategy keep adversaries out of your DX networks and ensure consistent network performance.
DX has changed the threat landscape from the cloud to the edge and into the data centre. To protect your extended network you need to match your security services with your DX network service.
Are you taking advantage of software-defined WAN? If so, what tools are you using to secure your SD-WAN solution? You need Secure SD-WAN. Are you using Multiple clouds? You should have a cloud security access broker. Iaas and SaaS? Visionary managed security service providers offer real-time deployment monitoring, updates and mitigation of DX-optimised security services – including threat intelligence - on a OPEX basis.
DX has expanded the attack surface. Real-time threat intelligence is more critical than ever. Regardless of which way your organisation’s DX journey takes you, you’ll need to apply the very latest technology and threat intelligence – matched to the model of your DX network - into your security profile.
Fortinet has the technology and threat intelligence and a growing network of Australian visionary managed security service providers deliver the protection you need. This combination ensures that you can embrace DX and still secure your users, data and applications.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
About the author
Cornelius Mare is Director, Security Solutions at Fortinet Australia. As such, it is his business to know what’s happening in the cybersecurity world and help enterprises secure their transitional networks without sacrificing speed, functionality or control.