By Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet
Security platforms have been around for a while. When Next-Generation Firewalls (NGFW) appeared on the scene – able to blend several products into a single platform, reducing IT overhead and simplifying setups – they quickly became the cornerstone for security in nearly every organization worldwide.
But many NGFW solutions are not without their own set of challenges. Far too often, the various technologies pre-loaded onto the device (firewall, IPS, VPN, web filtering, antivirus, and sandboxes) do not work together seamlessly. While they may be wrapped in a single piece of sheet metal, many of its components actually require separate management consoles, and even run on different operating systems. Compounding the problem further, the quality of the technologies embedded within that single device is also frequently lacking. While such a platform may have a top-notch firewall, for example, the rest of the security roster may include a second-rate IPS or web filtering solution that customers will need to either just learn to live with, or that they will have to replace with another box.
Such solutions defeat the whole purpose of buying an “integrated” solution, which is to simplify management and reduce vendor and solution sprawl through consolidation.
Security Challenges in Today’s Digital Landscape
This challenge isn’t limited to supposedly integrated devices. Today’s digital landscape now consists of multi-cloud environments, data centers comprised of both physical and virtual infrastructures, distributed branch offices, mobile workers, and home offices. This ever-growing complexity means that simply placing a security device at the network edge is no longer sufficient. Complex challenges require seamless and integrated solutions. But due to the unique requirements and challenges of each new network environment, building a streamlined solution can be challenging.
As a result, security solutions are often Frankensteined together across the network, creating further complexity and leading to security gaps.
A recent IBM survey suggests there is an average of 45 security tools deployed inside any given organization, with each incident requiring coordination across 19 different tools. The key issue here is that these tools, whether deployed as separate solutions or as disparate tools wrapped inside a single box, are not natively designed for this level of interoperability. As a result, vendor and solution sprawl growing problems, preventing the use of automation to simplify processes and requiring the hand-correlation of threat intelligence to enable responses. IBM also reports that dwell time for security breaches is now measured in months, with costs exceeding $8.6 million per breach, in large part because cybercriminals can exploit the visibility gaps created by the inability to unify security functionality
Three Critical Concepts for a New Security Platform
A new approach is needed that weaves all critical security functionality into a unified solution that protects the entire network while enabling secure data and application access for users, regardless of location. To work in modern distributed network environments, an effective security platform must be built around the following three concepts:
1. It must be deployable from anywhere: To be effective, a unified cybersecurity platform needs to work in traditional networks, run natively every cloud environment, exist in every possible form factor, and be deployable consistently and easily at every edge. This includes supporting traditional or highly distributed data centers, public cloud environments, branch offices, retail locations, home offices, and off-network mobile users. This enables a consistent level of protection, regardless of environment or geographical region.
2. It must be fully integrated: An effective solution must include tools designed to function as a single, integrated system. Security solutions that are part of the same platform should either run on a common operating system, leverage open APIs, or be built using common standards. If done right, tools from different vendors can even be utilized while still maintaining interoperability. Integration should also go beyond just the security elements of a platform to include integration of networking, a concept known as security-driven networking. This enables security to respond automatically to network changes. And this should all be wrapped into a common management and orchestration system that extends visibility and control across the entire distributed network.
3. It must support automation: Automation that leverages AI and machine learning is required to detect, investigate, and respond to the sophistication and speed of today’s attacks. Such automation is only possible when security tools can function as a unified solution. Advanced management systems – including XDR, SIEM, and SOAR systems for NOCs and SOCs – are all enhanced when the devices being monitored and managed are designed to work together.
A New Approach to Security
Today’s challenges require new security strategies and systems that can dynamically adapt alongside the networks they need to protect. A security platform has long been the right approach for organizations’ security needs, but this idea requires updating for effectiveness in today’s dynamic, high performance, hyperconnected networks. Such platforms must now be able to seamlessly span the entire network and adapt to an ever-evolving threat landscape. Designing such a platform around the three critical components of broad deployability, integration, and automation is the key.