Recently, hundreds of millions of MySpace, Tumblr and LinkedIn account details that were stolen several years ago were advertised for sale online. Although the login details may not have been used for some time, their owners could possibly have reused them to access other online services, including mission-critical ones at the workplace or financial institution.
This incident highlights the era of increasing connectedness brought on by the Internet of Things (IoT). The risk of a data breach will only escalate even further as the attack surface and security challenges faced by enterprises expands exponentially with the proliferation of new devices.
Gartner estimates that 6.4 billion connected things will be in use worldwide in 2016, reaching 20.8 billion by 2020. Hackers will find it fruitful to compromise apps on these devices as a way to remotely attack public and private clouds and corporate networks to reach the data they hold.
Hence, the prediction by FortiGuard Labs– the threat research division of Fortinet – of “the emergence of increasingly sophisticated evasion techniques that will push the boundaries of detection and forensic investigation as hackers face increasing pressure from law enforcement” is particularly worrying.
Further, the extent of data loss resulting from such an attack will be difficult to assess due to the growing use of ‘blastware’, which destroys or disables a system when it is detected, and ‘ghostware’, which erases all indicators of compromise that security systems look for. Threat actors have even found a way to deceive threat intelligence mechanisms that rely on sandbox rating systems by using malware that behaves normally while under inspection.
And with more organizations adopting hybrid clouds, security teams must also consider how data is moved on-demand between geographically dispersed data centers – some owned and some managed by third parties – and then delivered to wherever the mobile user, device or application requesting it is located.
This new normal in IT has placed growing demands on enterprise networks that have outpaced the capacity of most legacy security technologies, even advanced next-generation firewalls. Security solutions must be capable of handling essential features such as IPS, sandboxing or SSL decryption without degrading network performance. They must be able to monitor and analyze a deluge of data to identify and expose what hackers are after and their unique attack strategies.
Covering all bases
To stay ahead of these cyber threats, security professionals require tightly integrated security and network technologies that share intelligence, and collaborate to detect, isolate and respond to threats in real time.
Fortinet has embraced this need with a complete, cohesive and automated Advanced Threat Protection (ATP) framework that covers all parts of the network from the cloud to the perimeter to the end point. The framework aims to deliver pervasive and adaptive security without compromising high performance, on-demand availability, security effectiveness or ease of security management.
Unlike point solutions, the ATP framework absorbs and analyzes information from diverse sources – IPS/IDS, firewalls, end-points, web application firewalls, email gateways and sandbox appliances. The universal visibility it provides enable consistent security policy and policy enforcement as data moves back and forth between remote devices, through local infrastructure core, and into the cloud.
The ATP framework conducts deep inspection of traffic flowing through millions of Fortinet devices deployed worldwide and dynamically generates local threat intelligence and automated responses.
Actionable security intelligence is transmitted to FortiGuard Labs, which then propagates real-time updates, via the FortiOS operating system, throughout the Fortinet Security Fabric– a tightly integrated set of security solutions, including FortiClient, FortiMail, FortiSandbox, FortiWeb and more – for complete visibility and control to rapidly detect and mitigate threats wherever they occur.
Intelligence to act
The Security Fabric also integrates with third-party solution providers. Most recently, Fortinet partnered with Carbon Black to provide security automation, intelligence and control through integration with the ATP Framework.
“Nobody has a complete picture of everything,” says Derek Manky, global security strategist for Fortinet. “It’s fair to be on a level playing field to have as much of that threat intelligence as you can but the difference is how you translate that to actionable security controls.”
“The ability of an enterprise to deal with complexity, whether that’s from a provisioning and configuration point of view or from an information security point of view, is much reduced just because of the sheer volume [of data] and difficulty involved,” adds Darren Turnbull, Fortinet’s vice president of Strategic Solutions. “We can provide the sandbox and tools within the network to analyze threats whilst at the same time giving you the protection. There is then scope for additional services to say what just happened to my organization? What can I do about that? What could I have done differently?”
That will be a key challenge for enterprises and government agencies seeking to stay ahead of the fast-evolving threat landscape and minimize risk of a data breach.
This is a QuestexAsia feature commissioned by Fortinet.