Securing today's enterprise is more challenging than ever. Whereas in the past there was a well-defined perimeter to secure, the rise of the Internet of Things (IoT) following mobility and BYOD, as well as the continued adoption of public following widespread adoption of private cloud services, results in a much more diverse and dynamic attack surface to be protected. At the same time, the threat landscape continues to evolve in regard to both volume and sophistication as cybercrime has achieved big business status and maturity. Powered by a robust cybercrime ecosystem that includes a growing segment of "malware-as-a-service" providers, FortiGuard Labs saw more than 700,000 intrusion attempts by the close of 2016, with 120,000 pieces of malware and 25,000 spam messages - every minute of every day. Further, in Verizon's 2016 Data Breach Investigations Report, the malware at the heart of incidents lived for only 58 seconds or less and was seen only at the compromised organization in nearly all cases. Most importantly, regardless of whether the result of a volume-based or targeted attack, a recent Fortinet Threat Landscape publication reported that the average organization has been successfully compromised with more than six active bots communicating out to cyber criminals. That's why Fortinet is pioneering a new approach to security, Fortinet Security Fabric, which includes specific components recommended to address today's advanced threats.
With so many potential ways for cyber criminals to gain entry into the dynamic enterprise, it is important to design and implement a security architecture that is broad enough to cover the entire attack surface. Further, it is critical to have security components that are powerful enough to enable all the technologies appropriate at each protection point without slowing networks or employees. And finally, it must be automated and work as a single, cohesive system to keep pace with the changing and fast-moving threat landscape. This type of approach is absolutely critical to effective advanced threat protection. While there are always new, innovative technologies to combat new, innovative cyber threats, none represents a "silver bullet" to protect organizations that don't also handle all of "the basics" of security best practices. Instead, the most effective defense is founded on a cohesive and extensible architecture that encompasses all the important basics, along with the latest emerging technologies, as they demonstrate their effectiveness, working together to stop attacks at multiple points of the organization and multiple phases of their life cycle. Further, this approach must incorporate current security capabilities, emerging technologies, and customer-specific learning mechanisms to create and distribute actionable security intelligence from newly detected threats in real time. And it must coordinate among security components from multiple vendors, such that the entire infrastructure can act as a single entity to protect the organization.
Broad coverage across the attack surface
Effectively protecting the enterprise starts with ensuring coverage across the entire attack surface - all physical protection points and attack vectors. Specifically, both prevention and detection components must be able to inspect traffic, objects, and user activity from the endpoint (including IoT) and access layer to the network edge and core, all the way out to the public cloud.
Powerful processing to enable the security you need
Note that many of the security technologies required to prevent or detect advanced threats require deeper or more time-consuming analysis, yet they simply cannot be allowed to impede or even slow the business. As a result, it is essential to accelerate, either in hardware, software, or cloud services, these functions so they can be enabled (and not turned off) and improve the organization's security posture. Examples of these more rigorous, yet potentially hindering, security functions include anti-malware inspection on network traffic, sandbox analysis on either the network or endpoint, more advanced behavioral techniques on the endpoints, and similar technologies. Fortinet FortiGate appliances include proprietary security processors for network traffic (NP chips), content inspection (CP chips), and a combined system on a chip (SoC) to ensure that all necessary FortiGate security features can be enabled on properly sized appliances to stop threats seeking entry, from the smallest remote office to the largest data center and all points in between. These features include the full next-generation firewall stack of intrusion prevention, application control, web filtering, anti-malware, SSL inspection, integrated sandboxing, and more. Further, FortiGate virtual appliances have been optimized for cloud-scale performance in the world's largest IaaS and PaaS environments to extend advanced threat protection out to the public cloud.
Automated to act as a single system
Covering the breadth of the organization with security components powerful enough to enable the necessary security functions are simply the building blocks to improve security. If these components operate independently from each other, there will be gaps between them through which cyber criminals can slip through and silos that will slow response and mitigation when that happens. Remember, in the absence of ties between the products, it falls to the security team to manually bridge gaps and coordinate responses - an inherently time-consuming and less-effective exercise. Accordingly, an organization's strongest defense will only be achieved when security can be automated across all of the deployed components.