Industry Trends

Cyber Threat Assessment: How to Find Indicators of Compromise

By John Welton | June 15, 2016

The threat landscape is in a constant state of evolution, and the arms race between cyberguardians and cybercriminals has been heating up dramatically over the course of the last year. An additional 20 billion IoT devices will be connected to the network by 2020, along with expansive growth in personal end user devices, forcing individuals and organizations to face an exponentially expanding attack surface bound to the borderless cyberspace. 

Fortinet’s Matti Blecher offers some perspective on this and how threat assessment can help.

An interview with: Matti Blecher

Set some context as to what is happening with the threat landscape today that makes threat assessment an urgent need?

Today’s digital economy connects more users, devices, applications, and data than ever before to drive business value. Billions of new IP-enabled, non-user IoT devices are transmitting vast amounts of data traversing wired and wireless access points, through both public and private networks, and across traditional and cloud infrastructures. To successfully compete in this new digital economy, organizations need to implement a tightly coordinated security strategy that can see and govern this data across an entire borderless network without compromising agility or performance. The consequences of falling behind in this arms race can be catastrophic, and has elevated the discussion of cybersecurity to the boardroom. This is a complex scenario, and as we have been saying repeatedly, complexity is the enemy of security.

How specifically can assessment help customers transition from reaction to prevention, if at all?

Secure network architectures need to constantly evolve to keep up with the latest advanced persistent threats. There are two ways to find out if your solution isn’t keeping up—wait for a breach to happen or run validation tests. A good cyber threat assessment can help you better understand:

  1. Security and Threat Prevention – which application vulnerabilities are attacking your network, which malware/botnets were detected, and which devices are “at risk”— which provides better firewall assessment and security breach probability
  2. User Productivity – which peer-to-peer, social media, instant messaging, and other apps are running — for increased application visibility and control
  3. Network Utilization and Performance – You need to understand and measure your throughput, session, and bandwidth usage requirements during peak hours — which provides network utilization benchmarks and monitoring tests for performance optimization

Why is assessment even more critical now? What has changed?

Essentially, cyber threat assessments are a collection of threats, attacks, and data collected from live production environments of all sizes and types. “Live” is the key word. In the past, it was much easier for firewalls to detect significant threats to the network because traffic could be classified based on specific protocols, and hacker approaches were not nearly as sophisticated. Unfortunately, a growing number of network threats are designed to avoid detection by bypassing traditional firewalls and evading traditional detection tools, especially for organizations that perhaps have not yet implemented a strategic security strategy designed to find advanced threats. 

What else can assessment do?

A thorough assessment provides an important opportunity for partners to engage with customers and prospects to ensure they’re not relying on legacy systems that are no longer effective against today’s sophisticated cyberattacks that often occur across multiple vectors and stages. By offering a deeper analysis of existing or possible threats, customers are given a clear assessment of the risks to their environments. And a vendor and its partners help prioritize actions to mitigate those risks, thereby providing customers with the peace of mind that comes from knowing their critical assets are protected.  

What does Fortinet offer?

Fortinet’s Cyber Threat Assessment Program has been designed to look deep into a company’s network traffic across the entire distributed environment searching for indicators of compromise. It provides organizations with a blueprint on how to reduce risk, while at the same time making their network more efficient. For example, Fortinet’s most recent report, conducted over the past several months, shows that manufacturing is likely to be the next industry specifically targeted by ransomware, which is valuable information for those types of organizations. For examples you can view past reports here and here.

In addition, Fortinet recently announced the Fortinet Security Fabric, which integrates the Fortinet security portfolio, as well as third-party solutions, into an integrated security architecture. The Fortinet Security Fabric allows security devices to share threat intelligence and coordinate responses anywhere across the distributed network, from IoT, across the network, and out to the Cloud. And recently, Fortinet announced the acquisition of AccelOps, a next-generation SIEM tool that significantly enhances visibility and control across the network, by enhancing network security visibility, security data analytics, and threat intelligence across multi-vendor solutions, as well as advanced controls designed for organizations like service providers who need to manage and secure multi-tenant environments.