As in any war, a good general has a deep understanding of his or her force’s weaknesses as much as its strengths. Boundaries are maintained, vulnerable points are fortified, and half the battle is won.
In the cyberwar we are locked in today, things are not so simple. The very same digital transformation that companies are seeking also means that the perimeter of security is dissolving to all but nothing.
This surge in opportunities for exploitation has spelt success for cybercrime, for which the global economy is expected to pay dearly — to the tune of about $3 trillion by 2020 next year, as experts predict.
They say that the war you prepare for is not the one you fight. Cybersecurity teams are constantly left scrambling to provide solutions for problems they were unprepared to face. In this case, however, more is not better. Rather than increasing their complexity, a security team must see their network in a new light.
Edge networking has arisen to address new security concerns. By keeping data close to where it is going to be processed, edge computing supports real-time responses and increases flexibility. Edge devices, anything from the smartphone in your hand to containers in the cloud, interconnect to provide separate paths for data to be relayed to data centers, the public internet, and the cloud.
The edge is ever expanding as more and more devices join the pool — cybersecurity teams must build their security solutions to run on a variety of platforms, each of which comes with its own set of requirements.
Securing multi-edge environments involves a number of components that form a tiered strategy: VPN encryption, ideally an overlay network, is a basic necessity for edge connections. From the point of access, network access control requires devices to be identified and the proper standardised protocol triggered depending on the characteristics of that connection.
This is especially pertinent for internet-of-things (IoT) devices, many of which are insecure by nature. Devices are then sorted into segmented networks that confine access to authorised areas and allow for rapid cutoff of errant devices.
For every connection, security systems must support real-time, in-depth inspection of the encrypted data being transmitted. In turn, devices should be able to report information on threats to one centralised management solution that is consistently applied in response. The networks of tomorrow are able to adapt dynamically.
Security teams must look to further automate and design flexible systems so that organisations can seek digital transformation without fear of compromise.
As it is, most security systems are built primarily to secure the perimeter, without paying enough attention to responding to attacks that have actually succeeded in breaching it. The result, in many cases, is a huge lag between a breach occurring and its detection — averaging at 197 days, according to IBM.
Even for organisations with protocols in place behind the perimeter, the threat of an inside job is just as real as an outside attack. Whether an ambitious employee with malicious intent or one bearing a grudge, someone on the inside has trust in their favour and is in a position to disrupt operations, destroy data, or steal it.
This is where FortiInsight can help. Through machine learning, it monitors endpoints, data movements and user activity to detect suspicious behavior and policy violations. With this visibility into their network’s data activity, organisations can be prepared to tackle any potential threat, even if they are coming from inside the network.
In light of threats which are getting more complex and sophisticated, FortiDeceptor, another solution developed by Fortinet, aims to plug these gaps through deception technology. The basic mechanism involves setting traps throughout a network, awaiting access. To a cybercriminal they appear to be potentially valuable data, but when accessed, they sound the alarm, alerting the organisation. Deception serves to expose attacks while simultaneously diverting perpetrators from real assets.
By pairing deception technology with threat analytics, FortiDeceptor allows security teams to monitor patterns of cyberattack and identify vulnerabilities in security infrastructure. While attackers are deterred by decoys, the overall security framework can be strengthened.
Security systems that depend primarily on chance discovery or manual approaches to detect breaches are ultimately unequipped to effectively deal with threats within and without.
Fortinet is at GovWare booth #D02 on 1-3 October 2019.
GovWare is the region’s most established premier conference and showcase for cybersecurity, and is the cornerstone event of Singapore International Cyber Week. GovWare 2019 is taking place from 1 – 3 October at Suntec Singapore Convention & Exhibition Centre. Register for the event here.