Addressing Today’s Risks Requires Reliable Threat Intelligence

Two of the biggest challenges that CISOs face today are ensuring that security and business strategies are in alignment and that security solutions are focused on solving the right problems. More often than anyone wants to admit, security teams spend significant resources trying to resolve a specific set of security challenges only to find out that they either don’t support critical business objectives or that the organization has been compromised by an attack coming from an unrecognized threat vector.

Having a sense of urgency but not knowing where the threat is coming from is the equivalent of frantically wading around through flood water carrying a fire extinguisher. As it turns out, getting security right is just as important as having it in place. And ensuring that you have the right tool for the job starts by asking three key questions.

The first question you need to ask is, “what are we trying to do?”

Near and long-term business objectives and strategies need to be clearly understood. What goals and objectives do your various lines of business have? What resources will be required to accomplish those objectives, and who or what will have access to them? What will the impact on the network be? What new applications, workflows, and transactions will need to be developed and what new resources will need to be deployed? 

For example, implementing things like SD-WAN, 5G, and distributed multi-cloud infrastructures, deploying IoT and endpoint devices, and implementing DevOps and agile application development strategies likely mean that network security solutions are going to need to be re-engineered.

The second question is, “what are the risks associated with meeting those objectives?”

The initial reaction is to expand existing security tools to cover the expanded attack surface being created by things like IoT and cloud services. But this only addresses the tip of the iceberg. Technologies and services don’t exist in isolation. Digital transformation is more than shiny new devices. It is driving us toward a converged and hyper-meshed network fabric where devices and applications and connectivity and ecosystems all overlap and interact. As a result, challenges that need to be addressed are being simultaneously compounded and obscured, which makes answering the question about new risks quite complicated.

Leverage intelligence sources you can trust

Staying ahead of that threat curve requires that today’s CISOs have constant access to timely threat intelligence and trends. Just as security tools need a steady stream of relevant threat intelligence to stay tuned to the latest security risks, security decision makers need to stay on top of trends in order to see the bigger picture in order to ensure that their security strategies map to the actual risks their organization is facing, both now and around the corner.

Fortinet’s recent Threat Landscape Report provides essential information designed to help technical security professionals and CISOs alike make important and timely security decisions. Here are some critical data points that should be of interest to every CISO:

• Botnet dwell time inside an organization before detection increased 15% during Q4, growing to an average of nearly 12 infection days per firm.
• Exploits impacting individual firms grew 10% over the quarter, while the number of unique exploits encountered increased by 5%.
• Six of the top 12 exploits were IoT related. Four of those targeted IP-enabled cameras. Ironically, cybercriminals target security cameras because many lack adequate security. They also could enable cybercriminals to snoop on private interactions, enact malicious onsite activities (e.g., shut off cameras so attackers can physically access restricted areas) and launch DDoS attacks, steal proprietary information, and initiate ransomware attacks.
• Adware continues to be a threat and not just a nuisance. Globally, Adware sits at the top of the list of malware infections for most regions—exceeding one-quarter of all infection types for North America and Oceania, and almost one-quarter for Europe. With adware found to be in published apps, this attack type can pose a serious threat especially to unsuspecting mobile device users.

The third question is, “how do we reduce these risks as much as possible?”

To address the specific challenges outlined in the report, CISOs need to take the following steps:

• Organizations need to begin leveraging Artificial Intelligence and Machine Learning to combat new, machine-generated attacks effectively by automating their own security processes and by working with vendors that have woven AI deep into their solutions.
• Organizations need to increasingly rely on advanced threat intelligence—including real-time threat-intelligence sharing across all security elements—to keep pace with the volume, velocity, and sophistication of the evolving threat landscape.
• Organizations need to pay attention to their supply chain. IoT devices designed with poor security and malicious adware embedded on physical devices, mobile apps, and other delivery mechanisms are a growing threat. Organizations need to conduct thorough audits of devices before onboarding and ensure that intent-based segmentation is in place to shrink the potential attack surface.

In the broader security context, addressing radical and ongoing change requires a rethinking of what we mean by security. As we develop a meshed and hyperconnected networking infrastructure that spans ecosystems, businesses, societies, and personal lives, security needs to do the same.

Final Thoughts

We can no longer afford to deploy devices or platforms that operate in isolation. Different security tools with different functions still need to be integrated so they can more effectively see, share, correlate, and respond to threats. Consistent functionality is another requirement that ensures that security deployed in one ecosystem can seamlessly interoperate with security implemented in another—thereby ensuring that essential workflows are protected along their entire data path. And open standards need to be leveraged so that we can begin to securely link different networks together across businesses, public infrastructures, and social environments.

Keeping these options and strategies in mind, coupled with continually refreshing your knowledge base with timely security intelligence, will ensure that you can identify and implement appropriate security measures in place even as your business objectives and network infrastructures continue to evolve.

Access the full Global Threat Landscape Report. View the Fortinet Threat Landscape Indices for botnets, malware, and exploits for Q4, 2018.

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio. Sign up for the weekly FortiGuard Threat Intelligence Briefs.

Learn more about Fortinet's training and education efforts to close the global cyberskills gap with the Network Security Expert program, Network Security Academy program or FortiVets program. Also read more about how the Fortinet Security Fabric secures organizations for the Third Generation of Cybersecurity.