Cornelius Mare, CISO at Fortinet Australia, shows how you can turn the tables on adversaries and beat them at their own game with a comprehensive security fabric, AI and machine-driven learning and a healthy dose of deception.
Many of the recent hacks and malware strikes in the headlines have disrupted the delivery of goods and services around the globe. Indeed, business leaders are asking if these attacks could have been prevented, or at least made less costly.
Simply following basic security precautions can help improve your security profile: keep your software updated and patched, maintain strict access controls, monitor all network activity and train your staff on best practices. These simple rules can go a long way to prevent ‘drive-by' attacks by opportunists and amateurs.
But other adversaries, professional criminal gangs, state actors and motivated trouble-makers, have more advanced agendas: mega-buck payouts, political point-scoring, ruined reputations and ego-driven publicity-seeking. They are well-funded, tech-savvy and fast-moving. They utilise machine learning and artificial intelligence to ferret out and exploit any gaps in your defences (ie advanced persistent threats), spring zero-day attacks on unsuspecting networks or even try to bribe (or threaten) IT staff to get strong passwords and access. They don't fool around. Neither should you.
Consistent security for speed, accuracy and automated response
Your entire network is a target. An attack on any node, be it an endpoint, web app or server, is an attack on all. Adversaries take a holistic view of your infrastructure and look for gaps, misconfigurations and poor cyber hygiene. Your challenge is to plug those gaps, ensure proper operations of your security services and keep your staff well-trained.
Consistent security across the entire network – core, edges and cloud – is the first step. Every node has to be secured and integrated into your integrated NOC/SOC management processes. This provides granular-level visibility and control so that you can monitor every keystroke and all traffic anywhere on your network.
Only then can you start to automate and harden your defences to detect and respond to perceived threats. A common security fabric is fast… it picks up anomalous activity as it happens, analyses the characteristics of the event using machine learning and AI and then triggers the appropriate response, all in near real-time. Additionally, a fine-tuned security fabric reduces the number of false positives so your SOC team doesn't waste time chasing phantoms.
Advanced detection and response: Leveraging your current security services
Your security policies are in place and presumably fit for purpose. Hopefully, you've identified and secured every endpoint, the core and all cloud-based applications. And you've trained your staff on best practices. You've got the basics covered.
Moving to the next level doesn't have to be expensive or especially difficult. You can add specific security services like sandboxing, behaviour analysis, zero trust network access, global threat intelligence alerts and more on a Security as a Service basis. If your security fabric is up-to-speed, you can slot in these advanced services without having to worry about interoperability. Consistency across the network is the enabler.
And once you've got that covered you can take the fight to your adversaries. How about setting up a decoy network that hackers can infiltrate to launch a ransomware attack? Once they've taken the bait you can reverse engineer their tactics, tools and procedures to identify how they operate and harden your defences. Turn the black-hat hackers into white-hat operatives. Knowing when adversaries are on the network, and visibility into their tactics, gives you the advantage.
That's the holy grail. But before you can counter-punch you need to standardise your security services, extend that security to the core, edge and cloud, monitor activity and define your mitigation and response policies. If you protect yourself, adversaries will most likely go elsewhere and leave you alone. And if they do attack, you can hit back. Hard.
About the author
Cornelius Mare is CISO at Fortinet Australia. As such, it is his business to know what's happening in the cybersecurity world and how to help enterprises secure their transitional networks without sacrificing speed, functionality or control. In particular, Corne is an expert with hybrid cloud environments and artificial intelligence. These tools, along with other Fortinet security services, help organisations manage their digital transformations with confidence.
Fortinet (NASDAQ: FTNT) secures the largest enterprises, service providers and government organisations around the world. Fortinet empowers customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud or edge environments.
Fortinet ranks #1 in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning organisation, the Fortinet Network Security Expert (NSE) Training Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.