Three key ideas for evaluating your security strategy differently

Founder, President and CTO at Fortinetoverseeing the technology vision and strategy for the world leader in infrastructure security.

Competing in today’s digital economy requires a lot of investment in digital acceleration. Businesses that rely on applications need networks to interconnect users and resources across campuses, data centers, branch offices, multi-clouds, home offices, and even mobile workplaces. This ensures that every user has reliable and consistent access to the critical resources they need to do their job, no matter where those devices, data or users are.

However, while hyper-connected networks are ideal for businesses, they pose a serious challenge to traditional security devices. Visibility and control can be severely compromised when point security devices are deployed in a hybrid environment. Dispersed solutions are often unable to share threat intelligence or orchestrate and enforce end-to-end policies. The results have been predictable, with a dramatic increase in ransomware and other cyber incidents in the two years since networks were reversed and working from anywhere became the new norm.

Switching to a cybersecurity mesh architecture

As Gartner, Inc. notes, “IT leaders must integrate security tools into a cooperative ecosystem using a composable and scalable cybersecurity mesh architecture approach” if they hope to protect their networks from ransomware and other malicious attacks. This means replacing their legacy security systems with an integrated strategy by 2024 if they hope to “reduce the financial impact of security incidents by an average of 90%”. Rather than using siled security devices to protect separate network segments, Gartner argues that “a cybersecurity network allows tools to interoperate by providing critical security services and centralized policy management and orchestration.” This allows them to function as a single solution, including extending security controls beyond the traditional network perimeter.

To be effective, security features must mirror the network they are protecting. Legacy security systems work as they do because yesterday’s networks were static, with clearly defined perimeters and access points. Traffic was predictable, and most of the resources were safely hidden behind the firewall. Although everything has changed now, security has not kept up. IT teams now struggle to protect new wine by using old wineskins.

How to change your approach to security

Of course, declaring that you need a new approach to security is much easier than realizing it. While such a shift certainly involves updating and replacing technology, it starts with a paradigm shift in how we think about security. This includes three key ideas.

1. Switch to a zero-trust model. The first change is to change the way we think about trust: who and what we trust, how much we trust them and how we know if they have broken that trust. Most networks have been designed using implicit trust, which allows users and devices to move freely within the network to access resources. Although few networks are fully open, although there are more than one might assume, most users and devices still have a lot of freedom of movement within their network segment. Perimeter checks may have been sufficient at some point, but this approach is now increasingly dangerous.

Today’s malware is quite adept at evading detection and escalating privileges to move sideways across the network, looking for data and resources to target. This is why ransomware attacks can be so devastating. Attackers usually gain access by breaching the perimeter through a new network edge such as an unsecured home network.

This implicit trust approach must be replaced with a zero-trust model that assumes that every user, device, application, and workflow may already have been compromised. That simple change of thinking changes everything. Every user and device anywhere on the network must be explicitly authenticated and given session-specific access only to the resources they need to do their jobs. These connections must therefore be continuously monitored to ensure continued compliance.

To complicate matters further, applications, workflows, transactions, devices, users and other resources no longer exist in one permanent location. As a result, isolated security devices struggle to enforce policies as users, devices, and applications travel across or between network environments. It gets even more complicated when the underlying network changes constantly, and sometimes dramatically, as it scales and adjusts to changing requirements.

2. Converge security with the network. The next critical change is about convergence. Security and networking must be deeply integrated because most security configurations and policies cannot keep pace with dynamic network environments. This leaves security gaps that can be easily exploited. A converged strategy that integrates security and network functions can eliminate this risk.

Since many networks are unable to properly recognize and securely route end-to-end application traffic, security must also be able to understand and inspect all types of data and must do so in real time so that application security does not affect user experience. By combining application-sensitive security with network functions, organizations can ensure and maintain an optimal user experience without compromising defense.

3. Consolidate and integrate security solutions. The third shift requires the consolidation of security solutions to reduce the sprawl of suppliers and their integration to function as a single cohesive system. Manually correlating threat information across disparate management consoles means that many threats are overlooked and those that are found are not discovered until it is too late.

Successful consolidation requires three critical steps.

• Select an integrated and universally distributable platform from a single supplier. Tools that share a common operating system and centralized management and orchestration can automatically see, share, correlate, and respond to threats anywhere on the network in ways that are impossible using disparate solutions.

• Additional solutions must use common standards and open APIs to ensure interoperability.

• The system must be augmented with AI and ML to ensure that security can detect and respond to increasingly sophisticated threats at digital speed.

You have to start now

Cybercriminals have already begun to target today’s growing attack surface. Waiting to face that risk or trying to move forward using an outdated security strategy is a formula for disaster. Organizations looking to compete successfully in today’s digital marketplace need to take the necessary steps right now to build and implement a fully integrated cybersecurity mesh architecture. Those who don’t will be left behind.

The Forbes Technology Council is an invite-only community for world-class CIOs, CTOs, and technology executives. Do I qualify?

Leave a Reply

Your email address will not be published.