John Maddison, EVP of products and solutions at Fortinet, says security sprawl is fast becoming a real concern for security teams
Network sprawl is a common experience for most enterprises. Nearly every network has expanded to include a multi-cloud strategy combining IaaS, PaaS, and SaaS into a widely distributed and constantly evolving landscape. Likewise, next-gen branch offices and retail networks no longer simply rely on a high-performance connection back to a central network or data center. Their local LAN also provides access to multiple end user and IoT devices, live connections to the public internet, and complex interconnectivity between other branch or retail location. And new advances in connectivity, such as 5G, will utterly transform the nature of mobile computing and establish a new meshed Edge network that will exponentially expand the network footprint.
These new Edges are also expanding the digital attack surface. Security sprawl is a real concern for security teams as they can quickly be overwhelmed with the variety of devices, number of consoles, and unique configuration and management concerns of different cloud or other networking ecosystems. Security teams that used to have a deep familiarity with their sphere of responsibility are now spread so thin that even basic security functions like patching and updating are being neglected.
Securing Today’s New Networks
The challenges being faced by security teams fall into two general categories:
- Performance—Today’s digital businesses require unprecedented levels of performance for their online applications and services on the front end, and the ability to organize and analyze Big Data and millions of IoT devices on the back end. Organizations cannot afford for security to be a bottleneck, whether due to the performance limitations of many legacy security devices, or due to the time it takes to manage devices and correlate data in order to see and respond to threats. The expanding Edges of the network cannot be a bottleneck, but must be protected with the same best of breed security being used to protect the network core.
- Interconnectivity—As data, applications, and services begin moving from their traditional central location out to the network edges, the challenge of performance is compounded by the demands of interconnectivity. Applications, workflows, transactions, and services today all need to move seamlessly across and between multiple environments and devices. And security is expected to seamlessly accompany them along those paths.
These security challenges impact every aspect of the digitally transforming network:
Cloud—The problem is, not only do nearly all of the legacy security tools currently in place operate in some sort of a silo, but so do new solutions being offered by a growing number of vendors. Of course, individual devices and platforms interoperate with their sister devices. But even those can experience severe interoperability issues when they are deployed in different network environments or form factors. In order for most tools to interoperate consistently as they are deployed in different cloud environments (if they are even available for more than one or two cloud platforms), for example, they often have to be deployed as an overlay solution that can’t take advantage of cloud native functionality and performance advantages.
SD-WAN—Similar challenges arise when deploying SD-WAN solutions. Most SD-WAN offerings provide basic connectivity, but they fall short when you need to create a meshed network of branch offices or retail store connections. And because most of them require organizations to deploy security as an overlay solution, most solutions available simply can’t scale to meet the performance or interconnectivity demands of a highly meshed VPN network and still apply things like advanced security protections or the inspection of encrypted data.
And that’s only half of the challenge. These branch and retail locations almost always have a complex LAN sitting behind those connections, with physical and wireless access points, mobile and IoT devices, and live access to the public internet and cloud services that also need to be secured.
5G and the New Edge—The advent of 5G is about to complicate things even further. To meet the demands of new Edge computing models—especially the delivery of on-demand rich media—data and applications are being redistributed to the remote edges of the network. These 5G-enabled devices are also going to create their own meshed Edge networks using devices that have combined their business and personal profiles into a single platform.
The Need for an Open Security Strategy
In environments where security sprawl is occurring as fast as digital transformation, traditional approaches to security don’t stand a chance against determined and well-armed cybercriminals looking to target the expanding attack surface. Securing these complex, distributed, and continuously evolving networks requires developing and deploying security devices that can provide business-level digital performance, consistent functionality, and seamless interoperability. Organizations looking for a consistent security strategy generally have two options.
Insist on Open Standards: Security solutions that support open standards need to include the ability to collect data from security sensors, as well as directly from the network environment. Security devices, regardless of vendors, also need to be able to share and correlate threat intelligence between third-party solutions and distribute it across all enforcement to effect a coordinated response based on policy. At the same time, cloud and other network providers need to implement open standards to make integration requirements more consistent across their environments to enable security tools to function more consistently between those platforms.
Implement Connectors: While direct interoperability through open standards would be ideal (as would running your entire distributed network using a single, integrated OS), not every vendor has the capacity or desire to integrate open standards into their solution. In this case, organizations need to—at a minimum—implement solutions that can support a connector strategy to negotiate and translate functions between security devices—even those deployed in different networks. Such solutions can range from an expansive SIEM solution designed to collect information and distribute and orchestrate policy, to specific, custom-built connectors designed to connect two elements together to enable a single, integrated security architecture.
The Advantages of Open Standards
A security architecture built around a framework of open standards not only ensures interoperability, but also increases performance. Automation that can span a variety of third-party solutions enables a proactive posture that accelerates detection, quarantine, and detonation. At the same time, real-time, centralized intelligence enables better decision-making; the centralized management and orchestration of more tools across more platforms enables visibility to be extended and control to be more granular, even in dynamically evolving networks; and total cost of ownership goes down while security effectiveness increases. And when combined with real time cyber intelligence reporting and advanced behavioral analytics, integrated systems can find and defuse an attack before it can impact live operations. And that is the Holy Grail of security that today’s siloed security solutions are simply unable to deliver.