SBN Fortinet at RSA 2018

Fortinet recently participated as a Gold Sponsor at RSA Conference 2018 held in San Francisco. While there were a number of activities that Fortinet sponsored or participated in, there were three key events that stood out and that helped illuminate the value of Fortinet’s Security Fabric approach to securing today’s networked enterprises.

The Expo Show Floor

As described in our recent RSA Recap blog, this year’s expo was filled with vendors and attendees all looking to connect solutions to challenges. Based on the messaging all across the show floor, the biggest topics were the security concerns being created by the explosion in cloud-based services and applications, the proliferation of endpoint and IoT devices, and the resulting challenges related to visibility and control.

As usual, the vast majority of vendors were focused on detecting a particular issue – say, web-based transactions or endpoint device vulnerabilities, combined with some sort of prevention. Everybody, it seemed, had another new tool or service designed to secure some aspect of the challenges being introduced by an expanding attack surface. It’s the same “throw more technology at the problem” strategy that vendors have been selling, and organizations have been deploying – with diminishing success – for decades.

Fortinet, however, was one of only a handful of vendors who proposed that the answer to securing an increasingly complex network environment was to simplify security rather than escalate it by buying more hardware and services. And of that handful of organizations that had the insight to make such a proposal, only a smaller subset actually had a collection of marginally interconnected solutions that attempted to span the challenges organizations face. And of those, only Fortinet had all of the tools in place, combined with the level of deep integration and critical industry partnerships, necessary to make it happen.

Presentations and demo stations focused on the Security Fabric, the interconnected devices, solutions, services, and features that work together to make the fabric a reality, and partners from across the security industry who have helped build the rich Fabric-Ready ecosystem necessary to secure today’s increasingly complex and elastic network environments.

The Latest Threats

Derek Manky, Fortinet’s Global Security Strategist, walked session attendees through the evolving threat landscape and then focused on the emergence of Swarm Botnets in his session entitled “Order Vs. Mad Science: Analyzing Black Hat Swarm Intelligence” (Session ID: HT-W02). He described how a swarm is used in nature to compound the effectiveness of an organism that otherwise might be too small or vulnerable to solve a problem, attack an enemy, or defend against a predator. Starlings, ants, bees, and even humans can operate in swarms.

His presentation began with the prediction that we are going to see a dramatic rise in self-learning hivenets and swarmbots. Swarm technology can be applied to any element of the attack chain – planning, break-in, expanding the footprint, gathering intelligence, and then exfiltrating it – to accelerate the speed at which it occurs, increase the efficiency at meeting an objective, and maximize the impact of a successful attack.

These latest attack methodologies combine such things as information sharing malware code and real-time threat updates with active threat resources such as Shodan and dynamic tools such as Autosploit. This allows attackers to automate the locating of targets, the identification of potential vulnerabilities, mapping them to known exploits, and then targeting vulnerable ports and services. The challenge is that they still have to constantly communicate through their command and control server to their human attackers and databases, which slows down the process and increases the likelihood of exposure and detection.

But what if attacks could utilize swarm intelligence to take humans out of the loop in order to accelerate the learning and sharing process to digital speeds? Self-learning technologies could then tie malware goals to code-building blocks to develop custom attacks on the fly, real-time sharing between swarmbots devices could amplify the process of trial and error, and centralized hive-based controls would allow swarms to target multiple targets and attempt and modify multiple exploits simultaneously.

We are already seeing examples of this. Exploits such as Hajime and Hide-and-Seek already include decentralized botnet capabilities and swarm characteristics.

The biggest challenge to such an approach is that virtually none of the security tools on the market today are able to effectively defend a network against this sort of attack vector. What is needed is a hive-based security solution that can marshal a variety of technologies together into a cohesive defensive strategy. This requires things like:

  • Advanced threat intelligence sharing across multiple vendors, like that used by the Cyber Threat Alliance (CTA).
  • Expert systems built using artificial intelligence techniques combined with databases of expert knowledge to make autonomous decisions in real time.
  • Agile micro and macro segmentation for consistent visibility and control.
  • Security technologies built around common standards and automation protocols that can collect, share, and correlate threat data, identify and prioritize threats, and then immediately coordinate an integrated response to those threats anywhere across the extended attack surface human intervention.

All of these elements now exist in the Fortinet Security Fabric, making it the only solution on the market capable of addressing the next generation of threats organizations are just now beginning to face.

The Prioritizing of Resources

Fortinet’s CISO, Phil Quade, conducted a panel exercise that highlighted the issues being faced by those individuals tasked with securing complex network environments, and helped cut through the noise of the hundreds of vendors competing for the minds and wallets of today’s security professionals. The panelists were Colin Anderson, Global Chief Information Security Officer at Levi Strauss & Co., Theresa Payton, former White House CIO as well as CEO and Co-Founder, Fortalice Solutions, and Shannon Lietz, who is the Director of DevSecOps at Intuit.

In this session, entitled “Protecting Enterprise Data with National Security ‘100 Coins’ Approach” (Session ID: SPO2-T10), participants were asked to review an exhaustive set of security products and services, each with a value attached, that when combined totaled 245 coins. And to duplicate the resources challenges faced by most IT leaders, each was given only 100 coins and then tasked to select solutions to protect a network, and to then justify what they did – and did not – buy.

Here is a table of their security spend options:

What was pretty consistent across the panelists’ responses was that Visibility across the network was essential. As one panelist explained, you can’t protect it if you can’t see it.  Which led to an emphasis on Access Control, including multi-factor authentication, and identity and access management.  Segmentation, done agilely at both the macro and micro levels, was a panel favorite, and was noted as the foundation of any network architecture.  Automation was a pervasive theme, both to increase and sustain hygiene (e.g., automated and vulnerability scanning) and insight, and to reduce the complexity that network operators were faced with.

Panelist also embraced the need for advanced features such as Content Inspection (e.g., SSL decryption, sandboxing), Instrumentation of endpoints, and Advanced Analysis to detect both known bad traffic and malware, and to differentiate between normal and abnormal traffic and behaviors.

What wasn’t on anyone’s list was also interesting. One key influence of what was or was not selected was the perceived maturity of the security program being considered. Panelists explained that they were heavily influenced by their respective experiences, as well as current challenges with their unique environments. In addition, some also approached this as a year one exercise, intentionally selecting solutions that would lay the foundation for future security expenditures. It was a case of not putting the cart in front of the horse. So just because something wasn’t on the list didn’t mean it wasn’t important, but that it would only work if other tools it relied on were already in place.

Things like penetration testing were also seen as having dubious value, as the experience of the panelists was that the sorts of vulnerabilities often revealed in such exercises didn’t necessarily relate to their real-world experience as to how networks and network resources were actually used.

Key Takeaways

Many current security solutions, while fine in the abstract, often have limited value in today’s real-world networked environments. They are often siloed solutions that either add to the complexity of a solution overwhelmed and under resourced IT teams are already struggling to manage (expo floor overload), don’t participate as part of an integrated security strategy needed to combat today’s increasingly complex threats (hivenets and swarmbots), or don’t contribute to the broad visibility required to effectively manage a distributed security infrastructure (100 coins).

What’s clear at the end of the day – and at the end of the show – is that organizations need a holistic, integrated solution that ties things together into a seamless security fabric that can see across the network, track all devices, share intelligence; centralize policy distribution, management and correlation; and respond to threats in an automated and coordinated fashion, from IoT and endpoints devices, across the distributed and elastic network core, and out to the multi-cloud.

Read this solution guide to learn how the Fortinet Security Fabric takes the complexity out of security with integration and automation across all your cloud environments.

Check out our latest Quarterly Threat Landscape Report for more details about recent threats. Sign up for our weekly FortiGuard intel briefs or for our FortiGuard Threat Intelligence Service.

*** This is a Security Bloggers Network syndicated blog from Fortinet All Blogs authored by Fortinet All Blogs. Read the original post at: