RSA 2018: Cutting Through The Noise

This year, the number of vendors displaying their wares seemed larger than ever. This may have been due to the massive construction project underway upgrading the Moscone Center in San Francisco, which meant vendors were tucked away everywhere you turned besides the main halls, such as the lower levels of the nearby Marriott Marquis. It is also probably due to the fact that there are simply more security vendors than ever before. In a relatively short amount of time, the number of companies selling a security solution has grown exponentially. An event like RSA doesn’t cut through the noise of a growing market such as this. It amplifies it.

At one point, on the first full day of the show, standing in one of the rows of vendors trying to get my bearings, I heard someone behind me say, “Everybody is selling the same thing. How do you know which one is best?” It was probably the best question of the event. And while not everyone was actually selling the exact same thing, most solutions did tend to boil down to a handful of categories: securing the cloud, securing transactions, securing users and devices, seeing into the dark corners of your network, etc. How can you see what’s happening on your expanding network, and what can you do about it? It was a clear reflection of the current state of digital transformation most organizations are dealing with.

If you didn’t know exactly why you were there, the sheer volume of the event could be bewildering. But even if you knew what you were looking for, it could still be too much. What I think was being asked by that attendee that first day who was feeling a bit overwhelmed, was “how do I cut through all the noise and find what I need?”

Ready, Fire, Aim

Part of the challenge of answering that question is that we still aren’t doing the basics, so we can’t up-level our analysis of the problem. Instead, we tend to see a problem in some segment of our network or as part of some new networking project, buy a piece of technology to solve that problem, and then try to figure out, after the fact, how to integrate it into what’s already in place. It’s the classic “ready, fire, aim” approach that led to most of challenges we faced in our traditional physical networks, and that we are now brining to things like IoT and the cloud. A wiring closet full of dozens of different security technologies simply isn’t the best approach to securing your network.

Look at the evidence. In spite of the billions of dollars being spent on security, the number of network breaches has continued to accelerate, the impact of things like ransomware or data theft has grown larger, and the time between a network breach and the resulting compromise of digital resources is getting shorter. And the majority of these breaches successfully exploit vulnerabilities that we all already know about. In fact, the majority of them are already up to three years old when they are compromised, with some as much as ten.

Getting Back to the Basics

Building an effective security framework designed for your organization needs to start with three basic strategies:

Assessing your risks. The first question that needs to be asked is, “what are you trying to do?” Not just with the cloud/datacenter/mobility/IoT project in front of you, but across your entire business. The goal of security isn’t to just keep the bad guys out. The goal is to also make sure that your security strategies align with your business objectives so they can enable you to securely grow your organization. And that requires clear visibility, an understanding of the risks associated with your specific goals, and a game plan that not only prioritizes next steps, but also ensures that every step is an integrated part of the larger objectives of your organization.

Aligning controls with your risks. Once you understand your risks and have aligned them with your business objectives and processes, you can get a better idea of the kinds of security controls you need to have in place. The simpler control questions are the easiest. Do you need access management? If so, where and for what? What about network segmentation? Do you still need edge firewalls? Do you need to manage mobile workers or personal devices? Is it 100% of your workforce or 10%? And what are these mobile devices allowed to do?

The harder controls to pin down are also the most critical. Where do workflows originate, what devices or network segments do they touch, and can I see and disrupt a security event along that entire potential attack path? If a breach occurs at one place in your network, what responses should that trigger – both local to the event and elsewhere in the network? How do I reduce the complexity of securing a growing and highly elastic network? And because I have limited resources, how much of this needs to be automated, and what is the fewest number of management and control consoles I can get away with?

Aligning technologies with your controls. Now you are ready to ask the right questions. Sure, there are certain security features you need and performance numbers you need to support. But you also have bigger questions to ask. Can this device integrate and/or interoperate with other solutions assigned to the same risk? While a solution may have a lot of features, does it have the ones I need, and are they easy to access and automate, and can they be integrates with other functions or data from other devices or services? And the biggest question to ask is, does this solution add to or reduce the complexity of managing my overall security framework, especially given my resource constraints?

With these best practices in place, you should be able to quickly cut through the noise, avoid the “shiny new toy” syndrome, and quickly assess whether a particular solution is right for your organization right now. And since you have also aligned your security strategy with your business plans, now and into the future, you can also assess as to whether this solution can adapt as your business and security plans continue to evolve. Having a strategy in place means that those events like RSA can be an effective way to shop for solutions or adapt strategies to new possibilities without compromising your other objectives.

Read more about Fortinet news announced this year at the RSA Conference including:

Fortinet Delivers the Industry’s First Integrated NOC-SOC Solution

Fortinet and IBM: Working Together to Address Today’s Digital Transformation Challenges

The Critical Need for Threat Intelligence

Fortinet Receives Recommended Rating in NSS Labs Latest Advanced Endpoint Protection Test Report

Read this solution guide to learn how the Fortinet Security Fabric takes the complexity out of security with integration and automation across all your cloud environments.