Enhanced network security requires continuous research and evaluation of cyberthreat trends. That’s why Fortinet conducts regular threat research to share with partners, clients and the broader security community. Understanding the entryways, attack vectors and evasion techniques that cybercriminals are focusing on at any given time allows security teams to make critical changes to controls and stay a step ahead of those who mean them harm.
Our most recent Global Threat Landscape Report for Q3 of 2018 revealed such trends, including the detection of 7,925 unique exploits and 34,148 unique malware variants. In addition, some of the main threat trends we identified include mobile devices remaining a primary focus of cybercriminals, cryptojacking continuing to be prevalent — and increasingly dangerous — and that the persistence of IoT botnets is on the rise.
This latest report also reveals more than just recent threat trends — it offers visibility into infrastructure trends we’re seeing across organizations that are having a serious impact on network security.
(This byline originally appeared in Channel Futures as a bylined article.)
As partners provide guidance to their customers on the strategies and tools to better secure their networks, that guidance should be informed by these most recent findings. Specifically, partners should ensure their customers are adjusting security strategies for success as they act on the following infrastructure trends.
There were three primary infrastructure trends across networks in Q3, revolving around digital transformation as well as security.
All three of these infrastructural elements hit their highest points to date in Q3 of 2018. These three trends and their correlation make sense — cloud utilization has increased because of its lower upfront costs and scalability. As a result, organizations, especially small to midsize businesses, are increasingly moving workloads to the cloud, and relying on encryption to secure communication and data as they move between their various IaaS and SaaS deployments.
In terms of security, these changes represent positive trends for your customers. When implemented properly, cloud adoption can be equally as secure as on-premises data centers, and when working with modern security tools, encryption acts as an additional safeguard to protect data in transit and at rest. However, these trends also present some new security risks.
For increased encryption and cloud use to enhance network security rather than hinder it, partners must help customers avoid common missteps.
Encryption is often thought of as a fail-safe step toward securing data. However, this is only true if it’s done correctly and augmented with the necessary tools. Otherwise, encryption can hinder security because organizations far too often believe that encrypted traffic is already secure, and as a result do not inspect it before allowing it to enter the network.
Cybercriminals are aware of this tendency, and have taken to using SSL and TLP encryption to disguise malicious code as well as to hide data being exfiltrated from the network. This is why inspection of encrypted traffic is so necessary. However, many customers face challenges with this as older security tools are unable to keep pace with detecting modern malware, especially when the variants are heavily encrypted.
Even for those customers that understand how critical it is to inspect their encrypted traffic, performance limitations of legacy security solutions make SSL inspection a burdensome bottleneck that many organizations simply opt to avoid. As a result, encryption, ironically, can actually reduce security effectiveness.
Cloud adoption can also bring risks if not properly secured. While the cloud isn’t inherently insecure, its security requires a different approach than what’s needed for on-premise storage.
Visibility into data movement and device use is severely reduced in the cloud. This is compounded as your customers deploy multicloud environments, thereby increasing network complexity and expanding the horizon that needs to be monitored. Without an integrated and centralized approach to security, the complexity resulting from increased instances of SaaS and IaaS can hinder the ability to detect anomalous behavior. Deep cross-platform and cross-solution integration is especially necessary to ensure consistency across SaaS applications that are built over various infrastructures, or transactions and workflows that span multiple network ecosystems.
Additionally, many customers incorrectly assume that the responsibility for security falls to the cloud service provider. This isn’t always the case. Often, providers use a shared responsibility model, meaning they will secure the cloud itself, while your customers must secure their data and workflows used and stored within the cloud. With this in mind, as your customers move to the cloud they must transition their security controls to these new environments to ensure consistent visibility, scalability, and enforcement.
As customers increase their reliance on of IaaS, SaaS and encryption, partners need a deep understanding of their networks to determine where vulnerabilities exist and where updates to controls and strategies are necessary – especially for SMB clients. To assist customers in avoiding common pitfalls, partners should keep the following ideas in mind as they evaluate networks.
First, when adopting encryption, partners must ensure their customers test their firewalls, segmentation and authentication infrastructure to understand how their performance and throughput will be impacted. Customers must then replace isolated legacy-point solutions with next-generation firewalls (NGFWs) that are also able to inspect encrypted traffic without sacrificing critical performance levels.
Next, to protect SaaS and IaaS instances, your customers require cloud security that incorporates:
Infrastructure and threat trends are often related. As organizations enable business by accelerating their transition to the cloud, and increase their use of encryption as a means to secure digital transformation, proper security becomes more important than ever. While such changes in infrastructure can be effective, and even necessary, when done improperly they can hurt security efforts. Partners must ensure their customers are aware of the controls and strategies they must have in place to maintain security, visibility and performance. To learn more about recent infrastructure and threat trends, download our Threat Landscape Report for Q3 of 2018.
To learn more, visit the "Best Practices to Grow Your Business Center" on the Partner Portal.
Sign up for our weekly FortiGuard Threat Brief to learn about breaking threat research.