Over the past couple of decades, changes in the threat landscape have driven changes in how we design, implement, and manage security. Organizations have spent the last two decades updating their security gear to keep up with the latest threats and attack vectors. In the late 1990s, the creation of viruses and worms forced the development of anti-virus and IDS solutions. Spam and phishing drove the development of advanced email gateways. The list is long, with organizations adding things like Anti-DDoS, Secure Web Gateways, and Reputation filters to their security closets on an almost annual basis.
The thing these security tools tended to have in common is that they were all signature based. And because cybercriminals tend to be as invested in ROI and TCO as their victims, they learned that attacks that could be countered by a new signature were less profitable.
So they switched their tactics.
Advanced threats and ransomware began implementing advanced strategies—such as polymorphism, multi-stage attacks, fileless malware, and obfuscation techniques—that could detect and bypass signature-based solutions. The playing field tipped strong in favor of cyber adversaries and security developers invented behavioral analytics and ATP solutions to detect zero-day attacks and identify anomalous and malicious behaviors.
That was before digital transformation, where providing consistent and timely security is once again becoming increasingly difficult to accomplish. This is being driven by two elements of transformation—interconnectivity and performance—that are transforming how we create and interact with new digital environments.
Both of these also have serious implications for our ability to detect and respond to new threats, which means we need to make some radical changes to how we design and apply security.
Interconnectivity: Networks, devices, and applications now need to move seamlessly between platforms and environments. Unfortunately, most security solutions are unable to do the same, creating gaps in both visibility and control. Current challenges in securing traffic that moves from the multi-cloud to the edge are just the tip of the iceberg. Highly interconnected systems, such as smart cars, smart cities, and edge networks will require security to span dozens, hundreds, or even thousands of systems simultaneously.
Performance: New immersive and interactive applications and services require massive amounts of processing power. And because computing power always follows the data, endpoint and IoT devices are also becoming faster and smarter. This means that security not only needs to support and secure more throughput, it also has to deliver decisions in as close to real time as possible.
To meet the demands of interconnectivity and performance, networking capacity and functionality has had to grow exponentially. And in the process, it has outpaced the traditional security model of placing security devices in a particular location to monitor a controlled set of data while isolating them from other solutions—which frankly, in retrospect, seems to have been a pretty bad idea.
Addressing the needs of our new digital world is going to require us to transform how and where we deploy security. That will require four things to happen:
For security to continue to not only be effective, but actually get out ahead of the fast-moving threat landscape, a new generation of tools, such as advanced behavioral analysis, intent-based segmentation, automation, machine learning, and artificial intelligence will need to be developed and incorporated into everyone’s security strategy. This starts by automating not just detection and protection, but also predictive systems that empower prevention.
We also need to be able to teach machines to identify threats and respond in an appropriate manner. This starts with a predefined set of protocols and a preprogrammed decision tree—which is what most vendors mean when they claim to have embedded AI into their systems. But what we really need is the ability to correlate threat intelligence across a variety of tools such as analytics to identify a complex attack scenario, especially those made up of smaller attack events. This will also require the application of AI solutions to accelerate the process of discovering and responding to events—especially those never seen before.
Securing today’s networks requires automating the identification, detection and remediation of malicious tactics—particularly those techniques designed to evade discovery. And even more challenging, the creation of new techniques for searching beyond patterns in code and malware behavior.
Again, Fortinet has led the way by being an early adopter of AI, which has enabled us to significantly improve the immediate detection and remediation of global threats with amazing accuracy—a task that previously required an entire team of trained researchers. And now, that advanced intelligence is being integrated into a growing suite of security devices alongside analytics and intent-based security solutions, for both physical and cloud deployments. This enables organizations to reallocate valuable human resources to other, higher-order tasks, while autonomous tools can detect, prevent, and even predict threats in order to short-circuit attacks before they can cause damage.
Malicious actors will continue to evolve their attacks in order to successfully exploit the expanding attack surface. Gaining the upper hand requires more than playing catch-up with threat actors. It means developing broad, powerful, and automated solutions built around deeply integrated security tools designed not just for today’s increasingly complex and distributed networks and network edge, but for the networking challenges of tomorrow. That requires combining real vision with years of experience monitoring and responding to evolving threat trends and techniques.
Artificial intelligence and machine learning, especially when combined with other advanced security solutions, will be tremendous aids in this process. But to be truly effective, the security solutions these strategies support also need to operate where the threats exist, adapt as the networks they are protecting change, interoperate between and across devices and networks, and operate at the digital speeds that tomorrow’s networking solutions will require.
That requires a level of commitment to innovation that few vendors have consistently provided. But that will be the benchmark the entire industry will need to meet if we want to defend the emerging digital economy against the organized cybercriminal communities that want to disrupt and profit from the efforts of others.
Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.
Find out how Fortinet integrates AI and machine learning capabilities across our Security Fabric to detect and identify threats, protecting organizations from increasingly sophisticated threats.