Keeping pace with today’s digital innovations takes time, effort, and careful scrutiny, especially when integrating any new technologies into your organization. Today’s always-on, connected organizations combined with rapid cycles of digital innovations create a great influx of connected devices as well as application and content consumption models. The introduction of Internet-of-Things (IoT) devices and the addition of cloud-based data storage and applications, mobile devices, new branch locations, and hybrid users introduce unique security vulnerabilities, complexities, and risks.
At the same time that the networks and their corresponding digital attack surfaces expand, cyberattacks become more automated, sophisticated, and granular, leveraging cloud scale and automation as they target known and newly created gaps in security postures. Evolving attack techniques, some with polymorphing attack components capable of targeting multiple edges simultaneously, aim to “slip in through the cracks”.
Mistake #1: Trusting too much
With “trusted” devices now deployed on the outside of an organization’s network perimeter and “untrusted” ones often roaming freely inside it, a legacy, perimeter-based security model isn’t effective in today’s security climate. Hybrid users working on- and off-premises, in public and private clouds, need free access to the network and applications.
Best practices dictate a zero-trust security model, where access to resources is granted or denied based upon the user’s identity, and permissions are assigned based on that user’s duties and responsibilities. Zero-trust principles mitigate the risk of malicious or vulnerable devices and users, and mandate access to real-time threat intelligence to detect and respond to cyberattacks.
A strongly enforced zero-trust security policy also requires internal network segmentation, which limits lateral movement of attackers and malware and decreases the probability and impact of a data breach. An organization’s security architecture should automatically identify devices connecting to the network, securely authenticate the user, and provide or deny access based on the permissions associated with that user’s account.
Mistake #2: Evaluating cloud platforms and application security in a silo
Managing multi-cloud security with custom solutions is complex and makes it difficult for organizations to maintain consistent security controls, manage and optimize application access, and maintain overall performance across the corporate wide-area network (WAN). This is especially true when multiple solutions from multiple vendors are used across the various instances.
Security capabilities need to support effective usage of cloud resources with features like auto scaling, and be environment-aware to provide the granularity needed to integrate and be cloud native across multi-cloud deployments. Multi-cloud environments need coordinated detection and enforcement across the digital attack surface to enable quick responses to threats that take advantage of security misconfigurations. Hybrid cloud applications that reside in disparate cloud environments require integrated cloud-native, consistent, context-aware security solutions that assess and automatically adjust to the risks following the data.
Mistake #3: Focusing on detection instead of time to prevention
Cyber criminals are increasingly using automation, cloud scale, and artificial intelligence (AI) to sequence even more sophisticated and polymorphing attack components across splintered perimeters. Manual detection and response just can’t keep pace. Security postures need to be “reprogrammed” in time to break the attack sequence before it is successful. This means not just evaluating the security team’s detection capabilities for accuracy and speed, but also its ability to move from detection to launching new defenses across environments.
Second, security teams must have real-time access to the most recent threat intelligence. Machine-learning (ML) classifiers can differentiate true threats from false positives, so security teams can focus their investigations and remediation efforts on real attacks. ML can be integrated into a wide range of security solutions, detect threats based on behavioral anomalies, and respond using predefined playbooks. Solutions deployed in-line can also be used to aid data collection and analytics, providing threat hunters and security operations center (SOC) analysts with the information they need to detect and respond to advanced attacks.
Mistake #4: Expanding connectivity without integrated security
To protect the growing array of devices on their networks from the cyber threats associated with them, many organizations deploy a range of narrowly targeted security products. Their number and variety make them difficult to monitor and manage, which increases the complexity of securing network environments.
Cloud-based applications are essential for businesses to run and enable digital innovation. This is expanding the network and creating new network edges. Companies have to be agile and adaptive so that application availability and the user experience are consistent, regardless of where they are working. And although today’s networks are designed to be highly agile, most traditional security solutions are not. A solution that converges security and networking functions into a single, integrated system that can expand to any edge needs to be implemented to avoid leaving unprotected any data or resources.
Mistake #5: Not including your full ecosystem
One of the major challenges with rapidly expanding the network edge is that many essential technologies lack integration and result in complexity that slows security teams and provides attackers with exploitation opportunities. As a result, most organizations have accumulated a wide variety of isolated security tools designed to protect a function or one segment of the network in isolation. This reduces visibility and restricts control, leading to missed threats and ineffective responses.
When organizations coordinate and collaborate with threat-intelligence partners, research organizations, and vendors, they are provided with information from the global security community that increases the unification of visibility, detection, and coordinated responses. This solution can easily integrate with the deployment to natively form a unified front for detection and response, and through a rich ecosystem designed to span the extended digital attack surface.
With the rapid addition of new innovations into existing environments, change is the only constant. So simplicity and adaptivity are key to securing those environments. As networks continue to grow more complex and heterogeneous, organizations require a broad, integrated, and automated security platform to simplify and optimize incident detection, prevention, and response. Avoiding these five mistakes when evaluating your next security investment will help close security gaps, unify siloed systems, and speed response times.
Learn more about how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.