Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

The Growing Need for a New Security Platform

The idea of a security platform is not new. Neither are the issues related to security and vendor sprawl inside an organization. The original idea behind the Next-Gen Firewall was to blend several products into a single platform to reduce IT overhead and simplify wiring closets that had been overrun with security devices. And it worked. NGFW solutions quickly became the cornerstone for security implementations in virtually every organization in the world.

The idea of a security platform is not new. Neither are the issues related to security and vendor sprawl inside an organization. The original idea behind the Next-Gen Firewall was to blend several products into a single platform to reduce IT overhead and simplify wiring closets that had been overrun with security devices. And it worked. NGFW solutions quickly became the cornerstone for security implementations in virtually every organization in the world.

There were still challenges, however. Interoperability was one. For many of these solutions, the various technologies — usually some combination of a firewall, IPS, VPN, web filtering, AV, and sandbox solution —didn’t really work together as a single seamless solution. Many components used different operating systems and even had separate management consoles. Another issue was the quality of the solutions embedded in the platform. A security vendor that built an NGFW platform may have had a top-notch firewall to use as an anchor solution, but then filled in the security roster with a second-rate IPS or web filtering solution. Debates raged about the value of an NGFW platform and a best-of-breed security approach.

Today, digital innovation has forced a complete upheaval of the traditional network. Multi-cloud environments, data centers comprised of both physical and virtual infrastructures, distributed branch offices, mobile workers, and home offices have fragmented the traditional perimeter and broken the traditional security model of placing an NGFW solution at the network edge to watch traffic moving back and forth across the border. Each new network environment now comes with its unique requirements and challenges, and as a result, security solutions have begun to pop up like mushrooms across the network. This has created a level of complexity in terms of deployment, optimization, and management that has overwhelmed most IT teams. It’s a problem that the traditional security platform approach is unable to address.

According to a recent IBM survey, an enterprise now has an average of 45 security tools deployed inside their organization. And worse, each incident they need to respond to requires coordination across 19 different tools. Unfortunately, these tools are not natively designed for this sort of interoperability. Organizations are once again struggling with vendor and solution sprawl, are forced to hand-correlate threat intelligence, and are hamstrung in their ability to implement any sort of automation to simplify the process. It’s part of the reason why dwell time for security breaches is now measured in months, and why the cost of a security breach is now north of $8.6 million per data breach in the US, according to IBM.

The Need for a New Security Platform

What’s needed is a new approach to the security platform. One that weaves all of the critical security functionality organizations needed into a unified solution that can protect the entire network and enable any user on any device to securely access any data or application no matter where it is located. But to make it work in today’s distributed network environments, we need to solve the problems of the first iteration of this approach. And for that to happen, an effective security platform needs to be built around three critical concepts: it must be broad, integrated, and automated.

A Platform that can be Deployed Anywhere

For a security platform to be effective, it needs to be deployed consistently and easily at every edge, whether for traditional or highly distributed data centers, public cloud environments, or branch offices and retail locations. And because of the growth in IoT devices, home offices, and off-network mobile users, it needs to extend to those places as well. It needs to run natively in every cloud environment, exist in every possible form factor, and be deployable in any environment.

Advertisement. Scroll to continue reading.

This broad approach ensures that it can provide the same, consistent protections whether securing a small operation with a handful of locations, a complex environment like a healthcare system with hospitals, clinics, and doctors’ offices, a high speed transactional environment like a trading floor or gaming environment, a pharmaceutical or aeronautics company using massive elephant flows for modeling and 3-D rendering, or a large multinational company with locations spanning multiple geographical regions.

Every Component Needs to Work Together

Unlike the security platforms of the past, an effective solution needs to include tools designed to function as a single, integrated system. This means that the security solutions that are part of that platform should either run on a common operating system, leverage open APIs, or be built using common standards. An open system also means that tools from different vendors can be utilized while still maintaining interoperability, enabling organizations to use tools that have been tested and validated to provide the best solution possible. 

In today’s highly dynamic environments, integration needs to go beyond just the security elements of a platform. Security and networking also need to function as a unified solution, a concept known as security-driven networking. That way, when the network adapts to changes in the environment by adjusting connections or scaling resources, security can automatically respond as part of a fully integrated system.

And the whole thing needs to be wrapped in a common management and orchestration system designed to extend visibility and control across the entire distributed network. This includes correlating threat intelligence gathered from any security device anywhere, centralizing configurations, ensuring consistent policy enforcement, and coordinating a unified response to detected threats.

A Platform Exists to Support Automation

Attacks can happen in the blink of an eye. Given the sophistication and speed of today’s attacks, defenders do not have the time or resources to correlate threat information or dig through mountains of log files from different solutions to detect a problem. This requires automation. But such automation is impossible if security solutions are designed to operate in isolation. 

When tools are able to function as a unified solution, things like machine learning and AI can enable an organization to detect, investigate, and respond to threats at digital speeds. Even advanced management systems, ranging from XDR to SIEM to SOAR systems for NOCs and SOCs, are all enhanced when the individual devices they are monitoring and managing are designed to work together. 

Today’s Networks Require a New Approach Security

The challenges organizations face today cannot be resolved using the same systems and strategies we have used before. Security needs to adapt just as completely as the networks they need to protect. A security platform was a good idea when it was introduced over two decades ago, and it is still a great idea. However, the concept needs to adapt and be updated like everything else. 

Today’s security platform needs to span the entire network, and adapt as the environment it is protecting expands and evolves. That requires having a platform designed around the three critical components of broad deployment and implementation, full integration between security and networking elements, and support for advanced automation built around machine learning an AI.

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.