Business & Technology
Two of the biggest challenges that CISOs face today are ensuring that security and business strategies are in alignment and that security solutions are focused on solving the right problems. More often than anyone wants to admit, security teams spend significant resources trying to resolve a specific set of security challenges only to find out that they either don’t support critical business objectives or that the organization has been compromised by an attack coming from an unrecognized threat vector.
Having a sense of urgency but not knowing where the threat is coming from is the equivalent of frantically wading around through flood water carrying a fire extinguisher. As it turns out, getting security right is just as important as having it in place. And ensuring that you have the right tool for the job starts by asking three key questions.
Near and long-term business objectives and strategies need to be clearly understood. What goals and objectives do your various lines of business have? What resources will be required to accomplish those objectives, and who or what will have access to them? What will the impact on the network be? What new applications, workflows, and transactions will need to be developed and what new resources will need to be deployed?
For example, implementing things like SD-WAN, 5G, and distributed multi-cloud infrastructures, deploying IoT and endpoint devices, and implementing DevOps and agile application development strategies likely mean that network security solutions are going to need to be re-engineered.
The initial reaction is to expand existing security tools to cover the expanded attack surface being created by things like IoT and cloud services. But this only addresses the tip of the iceberg. Technologies and services don’t exist in isolation. Digital transformation is more than shiny new devices. It is driving us toward a converged and hyper-meshed network fabric where devices and applications and connectivity and ecosystems all overlap and interact. As a result, challenges that need to be addressed are being simultaneously compounded and obscured, which makes answering the question about new risks quite complicated.
Leverage intelligence sources you can trust
Staying ahead of that threat curve requires that today’s CISOs have constant access to timely threat intelligence and trends. Just as security tools need a steady stream of relevant threat intelligence to stay tuned to the latest security risks, security decision makers need to stay on top of trends in order to see the bigger picture in order to ensure that their security strategies map to the actual risks their organization is facing, both now and around the corner.
Fortinet’s recent Threat Landscape Report provides essential information designed to help technical security professionals and CISOs alike make important and timely security decisions. Here are some critical data points that should be of interest to every CISO:
To address the specific challenges outlined in the report, CISOs need to take the following steps:
In the broader security context, addressing radical and ongoing change requires a rethinking of what we mean by security. As we develop a meshed and hyperconnected networking infrastructure that spans ecosystems, businesses, societies, and personal lives, security needs to do the same.
We can no longer afford to deploy devices or platforms that operate in isolation. Different security tools with different functions still need to be integrated so they can more effectively see, share, correlate, and respond to threats. Consistent functionality is another requirement that ensures that security deployed in one ecosystem can seamlessly interoperate with security implemented in another—thereby ensuring that essential workflows are protected along their entire data path. And open standards need to be leveraged so that we can begin to securely link different networks together across businesses, public infrastructures, and social environments.
Keeping these options and strategies in mind, coupled with continually refreshing your knowledge base with timely security intelligence, will ensure that you can identify and implement appropriate security measures in place even as your business objectives and network infrastructures continue to evolve.
Access the full Global Threat Landscape Report. View the Fortinet Threat Landscape Indices for botnets, malware, and exploits for Q4, 2018.
Learn more about Fortinet's training and education efforts to close the global cyberskills gap with the Network Security Expert program, Network Security Academy program or FortiVets program. Also read more about how the Fortinet Security Fabric secures organizations for the Third Generation of Cybersecurity.