Ver­ti­cal fo­cus

cy­ber­se­cu­rity

The Smart Manager - - Contents - * so­cial­nomics.net

Joe Sarno, Fortinet, an­a­lyzes the threats and op­por­tu­ni­ties in the cy­ber­se­cu­rity mar­ket.

Busi­nesses across the world now have a new kind of ad­ver­sary—the virtual en­emy. The re­cent in­ci­dent in which 90 ATMs across and 19 banks across In­dia were hacked, af­fect­ing 3.2mil­lion peo­ple, shows how vul­ner­a­ble or­ga­ni­za­tions and in­di­vid­u­als are in the face of cy­ber threats. Joe Sarno of Fortinet gives an in­sight into the chal­lenges and op­por­tu­ni­ties in the global cy­ber­se­cu­rity mar­ket.

Each new in­no­va­tion is yet an­other op­por­tu­nity or en­try point for the bad guys to launch an attack against a po­ten­tial vic­tim.

The global cy­ber­se­cu­rity land­scape is un­der­go­ing mas­sive up­heaval and is fac­ing one storm af­ter an­other on a daily ba­sis. Data breaches have in­creased man­i­fold with new and emerg­ing threats com­ing up ev­ery other day. The World­wide se­cu­rity mar­ket stands at $2.47bn ac­cord­ing to IDC’s Q1 2016 Se­cu­rity Ap­pli­ance Tracker. The US, in­clud­ing Canada led the re­gion wise spend with $1.14bn, fol­lowed by Europe at $583mn, while APAC mar­ket was es­ti­mated at $541mn.

Ac­cord­ing to Gart­ner En­ter­prise se­cu­rity spend­ing (hard­ware, soft­ware, and ser­vices) re­search, spend­ing in In­dia is at pace and is es­ti­mated to reach $1.12bn in 2016, up by 10.6% from $1.01bn in 2015. Se­cu­rity spend­ing will con­tinue to grow in 2017 while the rev­enue is pro­jected to reach $1.24bn. Se­cu­rity ser­vices (that in­clude con­sult­ing, im­ple­men­ta­tion, supp+-ort, and man­aged se­cu­rity ser­vices) rev­enue ac­counted for 61% of the to­tal rev­enue in 2015, and will in­crease to 66% by 2020.

driv­ing forces

The root cause for the in­creas­ing num­ber of cy­ber at­tacks is our over-de­pen­dency on tech­nol­ogy. For many in­di­vid­u­als and or­ga­ni­za­tions, in­for­ma­tion tech­nol­ogy (IT) is no longer an an­cil­lary part of the busi­ness but a key in­gre­di­ent for suc­cess. Hence, there is a pro­lif­er­a­tion of tech­nol­o­gy­based in­no­va­tions within gov­ern­ments and in­sti­tu­tions of all sizes. The pace of change of these tech­nol­ogy in­no­va­tions has a significant in­flu­ence on the ve­loc­ity and fre­quency of cy­ber at­tacks. For some per­spec­tive on this ac­cel­er­ated pace, con­sider that to reach 50 mil­lion users, it took ra­dio 38 years, tele­vi­sion 13 years, in­ter­net four years, and iPod only three years. Face­book added 100 mil­lion users in less than nine months and iPhone apps have hit 1 bil­lion down­load in nine months.*

This pace has pro­duced a vast attack sur­face for threat ac­tors, and has sub­se­quently cre­ated new and emerg­ing attack vec­tors and op­tions for in­trud­ers. If tech­nol­ogy in­no­va­tion and adop­tion was lim­ited, then cy­ber­se­cu­rity breaches would be at a bare min­i­mum, but it is not. In­stead it is ex­pected to con­tinue to rise with the pro­lif­er­a­tion of IoT de­vices. This cre­ates a significant se­cu­rity chal­lenge to keep pace with the rate of tech­nol­ogy in­no­va­tion.

In­no­va­tion is a good thing be­cause it makes our lives bet­ter, but it can also rep­re­sent an­other en­try point for threat ac­tors and hack­ers. For ex­am­ple, LinkedIn made it eas­ier for pro­fes­sion­als to stay con­nected but also in­tro­duced ad­di­tional risks. Clearly, there were not data breach re­ports about 100 mil­lion LinkedIn ac­counts be­ing com­pro­mised 15 years ago be­cause there was no LinkedIn at that time. Why does this mat­ter? Each new in­no­va­tion is yet an­other op­por­tu­nity or en­try point for the bad guys to launch an attack against a po­ten­tial vic­tim.

Cy­ber at­tacks are more scal­able than phys­i­cal threats and are ca­pa­ble of con­trol­ling phys­i­cal as­sets and there­fore can wreak the same mag­ni­tude of havoc, if not more. They can be as so­phis­ti­cated as phys­i­cal crimes and, in some cases, even more so. Fi­nally, cy­ber threats are ex­ten­si­ble and can eas­ily be up­graded, im­proved, or ob­fus­cated and of­fer the lowest risk of get­ting caught be­cause they are dif­fi­cult to de­tect. At­tri­bu­tion is very dif­fi­cult as is per­se­cu­tion across in­ter­na­tional bound­aries. These are the core rea­sons why cy­ber threats pose huge risks in today’s dig­i­tal world.

types of cy­ber threats and how to mit­i­gate them

Net­works, at present, are un­der­go­ing dra­matic changes. Or­ga­ni­za­tions are si­mul­ta­ne­ously wrestling with tech­nolo­gies such as BYOD, IoT, vir­tu­al­iza­tion, SDN, cloud, pro­lif­er­a­tion of ap­pli­ca­tions, big data, and the ex­pec­ta­tions of the next gen­er­a­tion of em­ploy­ees to blend their work and per­sonal lives on a sin­gle de­vice of their choice, with instant ac­cess to any data, at any

time, from any lo­ca­tion. This has ex­po­nen­tially in­creased the attack sur­face that or­ga­ni­za­tions need to be con­cerned with.

The re­sponse to in­creas­ingly com­pli­cated net­worked en­vi­ron­ments needs to be sim­plic­ity. Se­cur­ing these evolv­ing en­vi­ron­ments re­quires three things:

01 col­lab­o­ra­tive in­tel­li­gence: Lo­cal and global threat in­tel­li­gence needs to be shared be­tween se­cu­rity de­vices, and a co­or­di­nated re­sponse be­tween de­vices needs to be or­ches­trated cen­trally.

02 seg­men­ta­tion: Net­works need to be in­tel­li­gently seg­mented into func­tional se­cu­rity zones. End-to-end seg­men­ta­tion, from IoT to the cloud, and across phys­i­cal and virtual en­vi­ron­ments, pro­vides deep vis­i­bil­ity into traf­fic that moves lat­er­ally across the dis­trib­uted net­work, lim­its the spread of mal­ware, and al­lows for the iden­ti­fi­ca­tion and quar­an­tin­ing of in­fected de­vices.

03 univer­sal pol­icy: There is a need for a cen­tral­ized se­cu­rity pol­icy en­gine that de­ter­mines trust lev­els be­tween net­work seg­ments, col­lects real-time threat in­for­ma­tion, es­tab­lishes a uni­fied se­cu­rity pol­icy, and dis­trib­utes ap­pro­pri­ate or­ches­trated pol­icy en­force­ment.

Cy­ber in­sur­ance is an­other so­lu­tion that is in­creas­ingly be­com­ing more rel­e­vant today.

To mit­i­gate these threats, Fortinet has in­tro­duced its new se­cu­rity fab­ric ar­chi­tec­ture. It is de­signed to in­te­grate se­cu­rity tech­nolo­gies for the end­point, ac­cess layer, net­work, ap­pli­ca­tions, data cen­ter, con­tent, and cloud into a sin­gle col­lab­o­ra­tive se­cu­rity so­lu­tion that can be or­ches­trated through a sin­gle man­age­ment in­ter­face.

Cy­ber in­sur­ance is an­other so­lu­tion that is in­creas­ingly be­com­ing more rel­e­vant today. It has been avail­able in the mar­ket for over ten years; how­ever, most se­cu­rity pro­fes­sion­als seem un­likely to have heard of it or know that it ex­ists. In­sur­ance can be suc­cess­fully used as a risk-trans­fer op­tion espe­cially in those coun­tries that have manda­tory data breach no­ti­fi­ca­tion laws. As the ex­pense of deal­ing with a breach gets higher and the cost of deal­ing with manda­tory no­ti­fi­ca­tion is added, the op­tion of us­ing an in­sur­ance cover will be­come more at­trac­tive for many busi­nesses.

IoT-based se­cu­rity so­lu­tions

The Asia-Pa­cific re­gion is tipped to be at the fore­front of IoT growth with mar­ket re­searcher IDC es­ti­mat­ing that Asia-Pa­cific’s in­dus­tries will con­nect 8.6 bil­lion things by 2019, cre­at­ing a mar­ket op­por­tu­nity of $508bn.

IoT de­vices are sub­jected to a wide va­ri­ety of at­tacks. These in­clude tar­geted code in­jec­tion, phys­i­cally al­ter­ing the firmware, man-in-the mid­dle at­tacks, re­motely con­trol­ling de­vices to al­ter or dis­able their func­tion­al­ity, spoof­ing IoT de­vices, or sim­ply hid­ing mal­ware in the vol­ume of IoT data. IoT de­vices which are at risk in­clude in­fu­sion pumps or heart mon­i­tors used in hos­pi­tals, crit­i­cal in­fra­struc­ture de­vices, traf­fic con­trol or ir­ri­ga­tion sys­tems, and in­ven­tory con­trol de­vices to help track and man­age sup­ply chain.

Or­ga­ni­za­tions need to im­ple­ment cer­tain key se­cu­rity so­lu­tions and strate­gies to se­cure IoT de­ploy­ment:

■ strict ac­cess con­trols

Or­ga­ni­za­tions need to im­ple­ment se­cu­rity in the net­work ac­cess layer. Ac­cess con­trol al­lows net­works to au­to­mat­i­cally iden­tify, au­then­ti­cate, and au­tho­rize IoT de­vices wher­ever they con­nect to the net­work, en­sur­ing they are not be­ing spoofed. net­work seg­men­ta­tion

Given the na­ture of IoT de­vices, we need to en­sure IoT traf­fic never touches the rest of the data flow­ing through the net­work.

Tra­di­tion­ally, seg­ment­ing traf­fic could be achieved us­ing static VLANs. How­ever, given the highly mo­bile na­ture of IoT de­vices, it is ad­vis­able to im­ple­ment a se­cure seg­men­ta­tion so­lu­tion that is de­signed to adapt to the fluid move­ment of de­vices be­tween ac­cess points lo­cated across your dis­trib­uted net­work.

se­cu­rity em­bed­ded in the ac­cess point

De­ploy wire­less ac­cess points that al­ready have em­bed­ded se­cu­rity, and that can also seam­lessly in­te­grate into the larger se­cu­rity ar­chi­tec­ture in or­der to share in­tel­li­gence and co­or­di­nate a re­sponse to threats.

uni­fied man­age­ment and or­ches­tra­tion so­lu­tion

Im­ple­ment a uni­fied man­age­ment and or­ches­tra­tion so­lu­tion that can col­lect threat data from mul­ti­ple sources and de­vices lo­cated across the dis­trib­uted net­work, cor­re­late data, and pro­vide au­to­mated co­or­di­nated re­sponses to stop so­phis­ti­cated threats in their tracks. pro­tec­tion for IoT o/s vul­ner­a­bil­i­ties/ ex­ploits

A net­work needs to au­then­ti­cate and in­spect an in­creas­ing num­ber of IoT de­vices as they ac­cess the net­work. The net­work needs to sift through in­creas­ing vol­umes of traf­fic to find anoma­lous be­hav­iors, which then can be cor­rob­o­rated to de­tect known vul­ner­a­bil­i­ties and ex­ploits, zero-day or multi-vec­tor at­tacks. The sys­tem will also need to be able to iden­tify, in­spect, and se­cure IoT-spe­cific ap­pli­ca­tions and tools to de­tect and re­spond to com­pro­mised ap­pli­ca­tions and in­ap­pro­pri­ate or unau­tho­rized be­hav­iors. Fi­nally, the net­work en­forces con­sis­tent se­cu­rity across a dis­trib­uted net­work, in­clud­ing into the cloud and IoT net­works.

Im­ple­ment a uni­fied man­age­ment and or­ches­tra­tion so­lu­tion that can col­lect threat data from mul­ti­ple source.

mar­kets in In­dia with the high­est adop­tion of se­cu­rity so­lu­tions

In In­dia, all the three mar­ket seg­ments—small and medium busi­ness, en­ter­prise and ser­vice

providers—are grow­ing rapidly. In the last 2-3 years, en­ter­prises and the gov­ern­ment sec­tors have made significant in­vest­ments for bet­ter se­cu­rity ser­vices. Small and medium en­ter­prises that face the same prob­lems as big cor­po­ra­tions are also in­vest­ing more in com­par­a­tive so­lu­tions that can cover all the as­pects of cy­ber­se­cu­rity. The ser­vice providers in In­dia are in­vest­ing heav­ily to pro­vide se­cu­rity for the LTEs or the 5G/4G in­vest­ment in­fra­struc­ture. We are also wit­ness­ing in­vest­ments in terms of se­cur­ing data cen­ters. Across all ver­ti­cals, we are reg­is­ter­ing high growth and we fore­see a lot of new op­por­tu­ni­ties for fur­ther growth.

Ar­ti­fi­cial In­tel­li­gence and hu­man op­er­a­tors need to work to­gether.

the chal­lenges

One may as­sume that with greater au­to­ma­tion and the ad­vance­ment of tech­nol­ogy in gen­eral, the de­pen­dency of cy­ber­se­cu­rity on hu­man be­ings have fallen. The truth is quite the op­po­site. In­tel­li­gent cy­ber­se­cu­rity tech­nolo­gies can only take the place of hu­man de­ci­sion-mak­ing as an ini­tial fil­ter (take a look at what trad­ing al­go­rithms have done to the mod­ern stock mar­ket). At the end of the day both Ar­ti­fi­cial In­tel­li­gence and hu­man op­er­a­tors need to work to­gether. With­out the hu­man el­e­ment, large swaths of the world will suf­fer from poorly im­ple­mented cy­ber­se­cu­rity, se­cu­rity tasks will be sub-op­ti­mally done, lead­ing to greater vul­ner­a­bil­i­ties in cy­berde­fences and in­ef­fi­ciently run se­cu­rity de­part­ments.

To suc­cess­fully groom cy­ber­se­cu­rity talent, all stake­hold­ers in the in­dus­try must come to­gether—not just tech­nol­ogy providers, but gov­ern­ments, reg­u­la­tors, ed­u­ca­tional in­sti­tu­tions, ser­vices providers, and end-users. There must be more con­certed set­ting of the se­cu­rity ed­u­ca­tion agenda, cur­ricu­lum de­vel­op­ment and knowl­edge trans­fer, and fund­ing and in­tern­ship pro­grams.

It is clear that iso­lated se­cu­rity de­vices do not solve today’s cy­ber­se­cu­rity chal­lenges; com­pa­nies need some­thing dif­fer­ent. They want in­te­grated se­cu­rity, from IoT to the cloud, with ac­tion­able an­a­lyt­ics across their multi-ven­dor net­work­ing and se­cu­rity so­lu­tions, all de­liv­ered through a sin­gle pane of glass view. Fortinet’s ‘se­cu­rity fab­ric’ has de­liv­ered on this tech­nol­ogy vi­sion with a com­plete re­think­ing of se­cu­rity for cus­tomers to im­ple­ment more strate­gic ap­proaches, such as in­ter­nal seg­men­ta­tion or au­to­mated univer­sal pol­icy to stay ahead of the threat land­scape.

Most or­ga­ni­za­tions have de­ployed se­cu­rity de­vices from mul­ti­ple ven­dors in­side their net­works. A ‘se­cu­rity fab­ric’ lets cus­tomers max­i­mize these ex­ist­ing in­vest­ments with in­te­gra­tion that goes be­yond sim­ply al­low­ing third-party so­lu­tions to col­lect or re­di­rect data and traf­fic. Part­ner so­lu­tions that in­te­grate with the

By open­ing the Se­cu­rity Fab­ric to our part­ner ecosys­tem, we ac­cel­er­ate our cus­tomers’ tran­si­tion to in­te­grated se­cu­rity strate­gies to ad­dress the full spec­trum of chal­lenges across the attack life cy­cle.

fu­ture growth

When we started our In­dia op­er­a­tions ten years ago, the growth was slower than more ma­ture coun­tries but in the last ten years we have en­joyed high year-on-year growth, match­ing the com­pany’s Y-o-Y growth of about 30%. We have seen the dy­nam­ics of the mar­ket evolv­ing rapidly, spe­cially over the last five years. Now we are well-equipped to meet most of the se­cu­rity needs for each of our three mar­ket seg­ments that we are tar­get­ing—small and medium busi­ness, en­ter­prises, and ser­vice providers. So today I think I can say that Fortinet In­dia is in line with other ma­ture coun­tries and en­joy­ing high growth in this mar­ket. ■

JOE SARNO IS VICE PRES­I­DENT, IN­TER­NA­TIONAL EMERG­ING, MEA, EAST­ERN EUROPE, IN­DIA, AND SAARC OF FORTINET.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.