Partners

Potential Security Risks for Your Customers

By Jon Bove | January 24, 2019

Enhanced network security requires continuous research and evaluation of cyberthreat trends. That’s why Fortinet conducts regular threat research to share with partners, clients and the broader security community. Understanding the entryways, attack vectors and evasion techniques that cybercriminals are focusing on at any given time allows security teams to make critical changes to controls and stay a step ahead of those who mean them harm.

Our most recent Global Threat Landscape Report for Q3 of 2018 revealed such trends, including the detection of 7,925 unique exploits and 34,148 unique malware variants. In addition, some of the main threat trends we identified include mobile devices remaining a primary focus of cybercriminals, cryptojacking continuing to be prevalent — and increasingly dangerous — and that the persistence of IoT botnets is on the rise.

This latest report also reveals more than just recent threat trends — it offers visibility into infrastructure trends we’re seeing across organizations that are having a serious impact on network security.

(This byline originally appeared in Channel Futures as a bylined article.)

Infrastructure Trends in Q3 of 2018

As partners provide guidance to their customers on the strategies and tools to better secure their networks, that guidance should be informed by these most recent findings. Specifically, partners should ensure their customers are adjusting security strategies for success as they act on the following infrastructure trends.

There were three primary infrastructure trends across networks in Q3, revolving around digital transformation as well as security.

  • HTTPS and web traffic encryption increased from 55.4 percent in Q3 of 2017 to 72.2 percent in Q3 of 2018
  • The average number of IaaS apps in use increased from 26 in Q3 of 2017 to 32 in Q3 of 2018
  • The average number of SaaS apps in use increased from 32 in Q3 of 2017 to 38 in Q3 of 2018

All three of these infrastructural elements hit their highest points to date in Q3 of 2018. These three trends and their correlation make sense — cloud utilization has increased because of its lower upfront costs and scalability. As a result, organizations, especially small to midsize businesses, are increasingly moving workloads to the cloud, and relying on encryption to secure communication and data as they move between their various IaaS and SaaS deployments.

In terms of security, these changes represent positive trends for your customers. When implemented properly, cloud adoption can be equally as secure as on-premises data centers, and when working with modern security tools, encryption acts as an additional safeguard to protect data in transit and at rest. However, these trends also present some new security risks.

Potential Security Risks for Customers

For increased encryption and cloud use to enhance network security rather than hinder it, partners must help customers avoid common missteps.

Encryption is often thought of as a fail-safe step toward securing data. However, this is only true if it’s done correctly and augmented with the necessary tools. Otherwise, encryption can hinder security because organizations far too often believe that encrypted traffic is already secure, and as a result do not inspect it before allowing it to enter the network.

Cybercriminals are aware of this tendency, and have taken to using SSL and TLP encryption to disguise malicious code as well as to hide data being exfiltrated from the network. This is why inspection of encrypted traffic is so necessary. However, many customers face challenges with this as older security tools are unable to keep pace with detecting modern malware, especially when the variants are heavily encrypted.

Even for those customers that understand how critical it is to inspect their encrypted traffic, performance limitations of legacy security solutions make SSL inspection a burdensome bottleneck that many organizations simply opt to avoid. As a result, encryption, ironically, can actually reduce security effectiveness.

Cloud adoption can also bring risks if not properly secured. While the cloud isn’t inherently insecure, its security requires a different approach than what’s needed for on-premise storage.

Visibility into data movement and device use is severely reduced in the cloud. This is compounded as your customers deploy multicloud environments, thereby increasing network complexity and expanding the horizon that needs to be monitored. Without an integrated and centralized approach to security, the complexity resulting from increased instances of SaaS and IaaS can hinder the ability to detect anomalous behavior. Deep cross-platform and cross-solution integration is especially necessary to ensure consistency across SaaS applications that are built over various infrastructures, or transactions and workflows that span multiple network ecosystems.

Additionally, many customers incorrectly assume that the responsibility for security falls to the cloud service provider. This isn’t always the case. Often, providers use a shared responsibility model, meaning they will secure the cloud itself, while your customers must secure their data and workflows used and stored within the cloud. With this in mind, as your customers move to the cloud they must transition their security controls to these new environments to ensure consistent visibility, scalability, and enforcement.

How Partners Can Help Customers Secure This Infrastructure

As customers increase their reliance on of IaaS, SaaS and encryption, partners need a deep understanding of their networks to determine where vulnerabilities exist and where updates to controls and strategies are necessary – especially for SMB clients. To assist customers in avoiding common pitfalls, partners should keep the following ideas in mind as they evaluate networks.

First, when adopting encryption, partners must ensure their customers test their firewalls, segmentation and authentication infrastructure to understand how their performance and throughput will be impacted. Customers must then replace isolated legacy-point solutions with next-generation firewalls (NGFWs) that are also able to inspect encrypted traffic without sacrificing critical performance levels.

Next, to protect SaaS and IaaS instances, your customers require cloud security that incorporates:

  • Scalability: One of the core benefits of cloud adoption is its flexibility, which allows it to dynamically expand in times of high traffic, and scale down as traffic subsides. Your customers require cloud security that can scale with growing cloud instances to meet the needs of their cloud provider’s shared security model, protect cross-cloud workflows and secure data stored within the cloud.
  • Automation: Today’s cyberattacks occur at machine speeds, which means that hand-processing and correlating critical threat intelligence is no longer good enough. Instead, organizations must deploy security controls that leverage automated management that can detect and respond to security events in real time, informed by current threat intelligence.
  • Single-pane-of-glass visibility: With visibility diminished in the cloud, and especially across multicloud deployments, security teams need integrated and centralized visibility of data movement across their distributed networks.
  • Consistent tagging and labeling: This element is critical for enabling effective segmentation practices, especially in multicloud environments. This process allows IT teams to trace threats back to their root cause to minimize the impact of an attack and secure the rest of the network once a compromise has been detected.

Final Thoughts

Infrastructure and threat trends are often related. As organizations enable business by accelerating their transition to the cloud, and increase their use of encryption as a means to secure digital transformation, proper security becomes more important than ever. While such changes in infrastructure can be effective, and even necessary, when done improperly they can hurt security efforts. Partners must ensure their customers are aware of the controls and strategies they must have in place to maintain security, visibility and performance. To learn more about recent infrastructure and threat trends, download our Threat Landscape Report for Q3 of 2018.

To learn more, visit the "Best Practices to Grow Your Business Center" on the Partner Portal.

Sign up for our weekly FortiGuard Threat Brief to learn about breaking threat research.