Business & Technology
The entire security arms race between IT professionals and cybercriminals is really about one side constantly trying to outsmart the other. Security isn’t just about tools. It’s also about the intelligence that powers them. Which is why when we started Fortinet 16 years ago we were every bit as committed to developing security intelligence and research solutions that were as innovative as the technology we were developing.
As we prepare to expand our security research facility in Vancouver, this is a good time review the history of this evolution. First, reviewing the development of threat intelligence provides an interesting insight into the minds of the cybercriminals we are defending ourselves against. Second, seeing where we came from helps us predict the trajectory of how to stay ahead of the criminal community going forward. And finally, it can provide organizations with a baseline with which to evaluate the long-term efficacy of the solutions they have deployed. Because security, as it turns out, is about much more than speeds and feeds.
For the first several decades of network security, efforts had been primarily focused on protecting connections to and from the network. Firewalls acted as gateway sentinels monitoring those connections. But then threats began to shift. When Fortinet was founded in 2000, the rise of applications had led to a need to secure the content inside those connections. We call this change the second generation of security.
These new threats required traditionally separate security tools to work together to inspect and secure transactions. We quickly understood that developing the first UTM and NGFW security devices required threat intelligence tools that could see and correlate information from a number of different threat vectors. Our initial efforts were primarily focused on antivirus, antispam, web filtering, and IPS signatures that allowed us to see and identify the threats hidden inside network traffic.
Our FortiGuard Labs team started with a group of 10-15 people doing AV analysis. This was a fledgling industry, and we had a small set of less than 500,000 threats that we kept on a handful of machines needed to process data. We primarily researched threats by hand and pushed out about two updates per day. Engineers worked graveyard shifts in order to cover the world.
For the next nine years, this process grew organically. We opened new labs in Europe and Asia, and we soon had over a hundred full-time security researchers. But the cybercriminals were relentless in developing their capabilities as well. It soon became apparent that playing cat and mouse was not an effective approach to addressing cybercrime. To get in front of the problem and stay there, we needed to be able to out innovate the cybercrime community.
In 2009 Fortinet went public, and we used our initial IPO funding to build out the resources for hyperscale. This involved not only accumulating new hardware, but also engineering tools that would allow us to correlate threat intelligence on an unprecedented scale. By 2010 we upgraded to our first hyperscale threat intelligence data center designed to fully leverage and correlate the rich intelligence being gathered from the hundreds of thousands of (now nearly 3.5 million) sensors that we had begun deploying around the world from day one.
At the same time, as our UTM and NGFW solutions evolved into an entire family of security solutions, we intentionally continued to engineer them with a common operating system, unified management and controls, and open standards so they could be integrated together. This allowed security updates to be shared simultaneously across all deployed security devices, while enabling them to share and correlate intelligence to provide a unified response to threats.
By 2015, and hundreds of patents later, we had developed our Self-Evolving Detection System built around billions of nodes interconnected through machine learning and cutting edge artificial intelligence. We now train machines to teach machines, allowing them to effectively replace many of day-to-day tasks that our analysts have traditionally had to do. This centaur model allows those analysts to now focus almost exclusively on more complex tasks, and is a necessary approach if we are to effectively tackle today’s explosive threat landscape.
This is just the beginning. Our cutting edge research on training machines with AI will continue to increase the autonomy of our detection and defense systems, enabling to perform increasingly complex detection, correlation, and analysis. We are also actively expanding our footprint to cover future attack surfaces, including IoT, connected cars, smart cities, drones, and critical infrastructure.
This approach lays the foundation for the next generation of protection: Intent-Based Network Security. IBNS will shift security from being reactive to proactive. It will baseline network behavior, analyze vulnerabilities, and anticipate attacks before they occur. Advanced behavioral analytics will be able to determine intent before a threat actor or malware launches an attack. To do this, threat sharing, real-time correlation, and autonomous remediation needs to be integrated together and distributed throughout the kill chain. To make this work, the foundation of IBNS needs to be based on complete confidence and trust in the threat intelligence underlying it.
To achieve this, Fortinet has had to develop a wide range of interconnected threat intelligence skills and strategies. These include:
Fortinet Network Security Expert (NSE) is an eight-level certification program that provides self-paced and instructor-led cybersecurity courses combined with practical, experiential exercises and independently proctored exams to ensure and certify the mastery of complex network security concepts. To date, over 50,000 individuals have received NSE certifications.
We have also created the Fortinet Network Security Academy for secondary and post-secondary students. This program leverages the NSE curriculum and currently provides cybersecurity courses at hundreds of schools in 46 countries. And our FortiVets program provides cybersecurity and jobs skills training to help military veterans transition to civilian life as a security professional.
We are at a complicated inflection point. As society shifts towards a digital economy, technology is shaping virtually every part of our lives. Organizations are dealing with digital transformation challenges that are driving networks into the cloud, interconnecting everything and everyone, and making real-time access to data the measure of success. At the same time, cybercriminals are looking for new ways to profit from this economy. They are developing new tools and techniques to exploit the digital landscape, and their attacks are becoming increasingly sophisticated and effective, and advances in artificial intelligence and machine learning are enabling attacks to become autonomous. Soon, the time required between the detection and response to a breach will be measured in milliseconds.
Security tools that can effectively defend against this new threat paradigm are only as effective as the threat intelligence behind them. Take that away, and things like firewalls and other isolated security platforms become really expensive welcome mats.
Sign up for our weekly FortiGuard Labs intel briefs or to be a part of our open beta of Fortinet’s FortiGuard Threat Intelligence Service.
This byline originally appeared in CSO.