Mark Weir, Regional Director UK & I, Fortinet
The Enterprise security market has grown extremely complicated over the past decade. This complexity is being compounded as the business of Financial Services moves from person-to-person transactions to automated high-speed machine-to-machine operations and workflows. We originally designed security systems that protect people from other people – vaults, teller cages, guards, armored cars, alarms, and security cameras. These tools allowed us to trust people as business partners.
This has all changed. Financial Services is moving to a fully digital business model, which exponentially increases the speed and volume of data, and fundamentally changes the nature of transactional trust. Now, when a new threat emerges, some vendor somewhere creates a new device designed to address that threat, and organisations feel pressured by their boards or business units to purchase and deploy it. Which is why many of our large Financial Services customers have over 40 security vendors inside their networks.
They have multiple firewalls, antivirus tools, IDS/IPS, anti-DDoS, email, WAFs, sandboxes, SIEMs, and multiple app control and identification technologies. All of these have separate management systems, release trains, and operating systems. These systems also have limited connectivity or integration. They rarely share intelligence or coordinate responses to threats. So a lot of out-of-band management systems have been added over time to manage policy, ensure compliance, analyse information, and cross-reference events and logs. It’s what some call an “accidental architecture.”
This complexity hinders security effectiveness. We are encrypting more traffic and data, and authorising more devices than ever before. All this traffic needs to be inspected in a zero trust environment. In large global environments, however, it can take days to update protection to all devices from a new piece of malware. And even then you can’t be sure everything is looking for the same thing. And while next generation networks can rearrange devices and workflows with a few clicks of a mouse, add, moves, and changes to security devices can take weeks, with lots of manual intervention to re-implement policy and ensure consistent compliance.
Interestingly, these legacy systems were built on the same physical security model employed by banks. Which is fine when your assets are generally all kept in the same place. But in a digital business model, the security equivalent to an industrial safe surrounded by armed guards and video surveillance equipment does not scale, cannot be easily reprovisioned, and is not very efficient.
What does a Security Fabric do?
A cooperative security fabric enables the scale, provisioning, performance, and efficiency needed for this evolving digital business model. A fabric uses a common communications and intelligence framework to enable communication between multiple vendor security systems. It also simplifies the management and orchestration of security tools and policies to as few management, correlation, and reporting consoles as possible. This allows organisations to better automate policy, dynamically share threat intelligence, and coordinate to automatically mitigate identified security events.
Why has this not been done before?
Legacy vendors have historically preferred to build closed systems that required customers to buy all the pieces of their security portfolio. This approach does not work or scale today because networks have fundamentally changed. This approach was fine when security was only about users on the Internet working in a closed environment on a private network. But with the advent of cloud computing, virtualisation, next-gen data centers, custom applications, and things like IoT and BYOD, finding a vendor that can secure the distributed network while delivering centralised intelligence and single-pane-of-glass management is next to impossible.
Why? Because even large security vendors that sell a broad portfolio of security solutions don’t provide all the pieces needed to deliver true security effectiveness and financial services customers gravitate towards best-of-breed solutions from multiple vendors. In addition, customers want multiple vendors in their security environment in order to provide multiple lines of defense but they expect these vendor solutions to work together as a single unified security solution.
What will a Security Fabric do for me?
An integrated and collaborative security fabric provides broad visibility across the distributed network, from IoT to the cloud, and granular control based on real-time threat intelligence and unified orchestration and collaboration. Here are a few of the advantages provided by a cooperative Security Fabric architecture:
The Fabric Lets You Inspect Everything
In a zero trust world, where borders are permeable and workloads move dynamically between constantly shifting virtual environments, you need to inspect all traffic. This was not possible with traditional firewall and IPS technology, which primarily inspected traffic at the perimeter. They simply could not perform at the speed and latency levels that the internal network and applications require. So, east-west, or lateral traffic was largely uninspected. Fortinet’s fabric technology has changed all that, and can sit inline providing deep analysis and inspection without impacting the network or applications
The Fabric Improves Time to Mitigation
An example of this today is an environment where an organisation is using Carbon Black to defend their endpoint technology, and have a FortiGate firewall running IPS deployed with our patented CPRL technology that can detect new ransomware on a network. Once detected, FortiGate automatically sends the malware to its Sandbox for a signature to be generated. This signature is used by the IPS to find and block future instances of this malware. But the Sandbox also updates Carbon Black, which automatically protects all endpoints. This reduces what is traditionally a 2-3 day process in a legacy environment, requiring lots of manual work, to a fully automated, multi-vendor event taking minutes.
It Automates Security Adds, Moves, and Changes
Organisations are constantly adding and moving users and devices. In many new virtualised environments, these changes can be done in minutes, with workflows being automatically rerouted between dynamically shifting resources. Security has not kept up. What takes minutes for the network infrastructure can take days or weeks for security, as it requires a lot of manual configuration changes to firewalls, policy, endpoints, etc. And by the time this is done, the underlying network has probably already changed again.
The Security Fabric automates this manual process, allowing security to adapt in real-time as resources are provisioned, configured, and deployed.
The Fabric Reduces Operational Complexity
One of the biggest challenges Financial Services customers face is simply sifting through all the various reporting tools and management consoles to try and get a unified or single view of what is happening. Catching advanced threats is often a matter of persistent sleuthing combined with dumb luck – which is why the most sophisticated threats often persist inside a network for months before being detected. When you have forty different vendors inside your security deployment, you have far too many panes of glass to look through, and far too many different hands on that glass to easily pull together a cohesive and unified view of what is really happening on your network. Operational complexity, even when it involves security devices, often works in the favor of the attacker.
Fortinet’s cooperative Security Fabric allows for a single management platform to monitor, manage, and orchestrate solutions across the entire distributed network. It offers tiered management solutions to distribute control, while providing a single source of truth to quickly detect and automatically respond to advanced threats.
Today, Financial Services organisations are rapidly transforming to a digital business model. This change brings new cyber security challenges and risks. You need a security solution designed to address this advanced threat landscape, because your legacy security solutions were never designed to operate at the speed and dexterity your new networks demand, or to detect and thwart the advanced threats today’s cybercriminals have available. You need an automated and integrated architecture like the Fortinet Security Fabric.