The key lesson from last month's WannaCry ransomware outbreak is that events move much faster than people. In a blink of an eye more than 300,000 computers in 150 countries were hit by a known exploit that should have and could have been neutralised. Given that most of the infected PCs were running pirated versions of Windows XP that had not been patched, NZ was spared from any significant damage.
But the event highlighted the facts that the world has become increasingly reliant on digital networks, network security is only as good as the weakest link and that reducing risk will become predicated by a judicious mix of automation, analytics and purpose-built security embedded within every single node on the network.
“The threat landscape is expanding at breakneck speed,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest and most experienced distributor of Fortinet's cyber security solutions.
“The Internet of Things (IoT), online SCADA (supervisory control and data acquisition) and the ubiquity of social media and handheld devices are combining to create the perfect storm for potential disruption in all aspects of modern society. Indeed, it's a wonder we've been able to avoid a total shutdown of digital services so far.
Traffic and device explosion
Traditional data center traffic has reached 15 ZB annually (a zettabyte [ZB] is approximately equal to a thousand exabytes or a billion terabytes). The number of IoT devices will hit 50 billion by 2020 and is set to generate an additional 600 ZB of traffic per year!
This resulting wave of structured and unstructured data will overwhelm traditional security solutions. In the not so distant future, the struggle to protect network operations will happen behind the scenes as machines battle machines in near real time and morph organically to create and mitigate threats.
“In spite of the changing threat landscape and dramatic increase in traffic and devices, today's security solutions are keeping pace,” says Khan, “through a combination of proven best practices and a comprehensive security framework. Fortinet is pushing the boundaries with highspeed authentication and monitoring, internal segmentation that protects distributed digital resources and cloud-based security services that track and defend devices and data anywhere across the network of networks.
Analytics, automation and artificial intelligence
All of this is orchestrated via the three As: analytics, automation and artificial intelligence. “Fortinet's security fabric ties together the entire distributed network and connects IoT devices and data to the edge, across the core and into the cloud,” notes Khan.
“This fabric – anchored by FortiGate next generation firewalls running FortiOS 5.6 – employs advanced detection analytical capabilities that automatically respond to threats. These analytics and automated responses are then fed into the FortiGuard Labs knowledge base to predict variations on the threat and proactively update the interconnected infrastructure to further protect the network.
“This approach,” continues Khan, “enables your clients to effectively monitor legitimate traffic, check authentication and credentialing and impose access management across the distributed environment through an integrated, synchronised and automated security architecture.
Fortinet's security fabric
Fortinet Security Fabric integrates and automates multi-layered protections to defend organisations from both existing and novel attacks like WannaCry:
Advanced Threat Protection: Fast-moving threats like WannaCry are flagged and analysed for suspicious behaviour by FortiSandbox, enabling the Security Fabric to automatically mitigate fast-breaking threats.
Intrusion Prevention Systems: WannaCry leveraged a backdoor to gain access to networks and bypass edge protections. FortiGuard IPS signatures stop exploits like this before they are used to compromise the network edge.
Internal Segmentation: Devices infected outside the security infrastructure and then connected to corporate networks enable malware to spread laterally. Internal Segmentation Firewalls contain the infection and act automatically before they contaminate the rest of the network.
Security Information and Event Management: FortiSIEM's File Integrity Manager automatically tracks changes made to files on infected devices and systems, both inside and outside of the network architecture. As WannaCry starts to encrypt files, FortiSIEM automatically flags these file changes and isolates them before they cause additional damage.
Application Controls: As WannaCry attempts to reach out to its Command and Control servers for instructions, App Controls cuts off communication and breaks its ability to perform additional tasks.
As a Fortinet Partner, you'll have the tools at your disposal to fully protect your clients as they become more reliant on digital processing for all of their business processes. “Interruption is simply unacceptable,” concludes Khan. “No other security vendor come close to what Fortinet offers right now. But Fortinet is moving beyond current capabilities and is developing even more advanced algorithms that will continue to outpace the tricks of the adversaries.
For further information on how Fortinet's solutions can protect your clients in a rapidly changing environment, give Andrew or his team a call. They'll be happy to talk.For further information, please contact:
Andrew Khan, Senior Business Manager Email: firstname.lastname@example.org M: 021 819 793
James Meuli, Solutions Architect Email: email@example.com M: 0275 520 167
Leroy Clarke, Business Development Manager Email: firstname.lastname@example.org M: 021 857 646