Industry Trends

Securing the New Network Edge

By Fortinet | April 18, 2019

This is a summary of a byline article written by Fortinet’s John Maddison, entitled “Addressing the Challenges of Moving Security to the Edge,” that first appeared in Security Week on April 04, 2019.

For the most part, the traditional network perimeter is gone. In its place are a growing number of new network edges—branches, private and public cloud infrastructures and services, and literally billions of connected IoT and mobile endpoint devices—that complicate an organization’s ability to “maintain a consistent and manageable security infrastructure.”

There are two specific challenges that organizations face as a result:

  1. Maintaining effective policy enforcement and functionality across different environments.
  2. Creating consistent security policies that can be coordinated across all edges.

Because networks are under such consistent pressure to evolve and adapt, IT teams struggle to keep up. One result has been a spike in successful attacks targeting known vulnerabilities. To address this challenge, organizations need to consider new ways to secure their expanding edge environments: from deployment to detection to response.

Securing the Expanding Edges of the Network

Here are some of the new edge environments organizations need to address immediately, or risk serious cyber consequences:

The Cloud Edge —Most cloud security deployments can’t provide consistent security enforcement because they tend to be deployed as overlay solutions. This results in the loss features, functionality, and performance, making it difficult to establish consistent policy enforcement. Cloud native security solutions operate much more effectively, but in a multi-cloud deployment they may have challenges interoperating with devices running natively in another cloud environment. Resolving this challenge requires the use of connectors that enable single-click deployment into a cloud, as well as automatic translation between deployed solutions for consistent security enforcement and communications. 

The Endpoint Edge — End user devices are smarter, faster, and highly mobile—exposing organizations to risks due to loss, theft, malicious apps, or connecting to compromised public access points. IoT devices are not only inherently insecure, many can’t even be updated or patched, making them a preferred target by cybercriminals.

    “Securing the endpoint edge requires ensuring that communications are encrypted and that security devices are able to inspect that encrypted     data at network speeds. Devices also need to be automatically identified at the moment of access, and appropriate policies and segmentation     rules applied without human intervention. They also need to be continuously monitored, while their access policies need to be automatically     distributed to security devices deployed across the extended network.”

                                                                                —Addressing the Challenges of Moving Security to the Edge”, Security Week, April 04, 2019.

The WAN Edge —SD-Branches establish connectivity with other locations and resources through meshed VPN connections over the public Internet that need to not only support, but also secure critical SaaS and Unified Communications applications, with advanced networking and security solutions. Unfortunately, far too many SD-WAN solutions not only provide limited networking functionality, but require organizations to develop and deploy an ad-hoc security solution to secure their branch connections and environments.

    “An effective Secure SD-WAN solution needs to not only include advanced routing functions and performance enhancements—such as load     balancing applications between VPN connections—but it also needs to include a fully integrated suite of security tools that interoperate with     security solutions deployed elsewhere, and that can seamlessly extends consistent security functionality, performance, and enforcement to the     local branch LAN.”

                                                                                —Addressing the Challenges of Moving Security to the Edge”, Security Week, April 04, 2019.

The New 5G Edge5G will be another disruptive technology that will push digital transformation even further by introducing unprecedented speeds and interconnectivity that will change how we share information, consume media, and make critical networking and security decisions. Interconnectivity between devices also has the potential to create a new and open edge cloud. Because of the performance requirements of things like rich media and hyperconnectivity, applications—especially security—cannot afford to make round trips to a central data center for a decision to be made. 

As a result, data and decision-making—along with security—will need to move to be embedded in edge devices. Security will also have to leverage machine learning and AI so autonomous decisions can be made at digital speeds. And that edge security will also need to integrate seamlessly and consistently with the security deployed at the other edge environments.

Conclusion

Fundamental to securing the new edge will be seeing each of these new edge environments as part of the same security environment. From there, it is easy to see that the best approach to security is the development of an integrated fabric architecture that can simply be extended as new network environments are adopted, without sacrificing any functionality, visibility, or centralized control. A single, holistic security strategy comprised of interconnected solutions provides a comprehensive approach that is not only manageable and cost effective, but also fluid enough to adapt as networks undergo constant change.

The full version of this article, entitled “Addressing the Challenges of Moving Security to the Edge” written by Fortinet’s John Maddison, can be found on the Security Week website.

Learn more about Fortinet's broad, integrated, and automated Security Fabric and AI Predictive Intelligence solutions.