By Lionell Go Macahilig
Unquestionably, enterprises worldwide witnessed several changes for the past ten years, particularly in the area of cybersecurity. If there is someone who could fluently share insights in this respect, that is Jonathan Nguyen-Duy, Vice President for Strategy and Analytics from Fortinet. With 25 years of experience in security, Nguyen-Duy looked over more than 12,000 data breaches in the last 16 years.
Based on a data from Fortinet shared by Nguyen-Duy, there were less than 50 types of threat actors and less than a thousand threat alerts that an average company should worry about on any given day back in 2007. However, fast forward to the present, those figures skyrocketed to more than a million alerts which could be triggered by any of over a thousand threat types out there. As a result, security spending among enterprises shot up from less than three billion to over 90 billion dollars in just a span of a decade.
“And yet, from all that spending and investments, and all that money, time, and human energy, I think that outside of the very 350 large companies, organizations, and critical national infrastructure, primarily financial services and couple of government agencies, everyone else is basically failing,” says Nguyen-Duy. “I say that because the number of data breaches and the amount of damage continues to grow every year. The number, velocity, and complexity of cyberattacks continue to grow and the barriers to entry have not increased. Cyberattacks are no longer just about the exposure or infiltration of data. It is now disruptive attacks that not only aim for financial gain, but simply to disrupt an organization to break public trust,” he added.
Ninety percent of organizations are exploited to vulnerabilities that have been known for at least three years, and many of which have vulnerabilities that have been known for ten years. Nguyen-Duy added that across the 12,000 data breaches that he saw during his career, approximately 85% to 90% of these attacks were caused by vulnerabilities in which a patch wasn’t available. In addition, about 80% of data breaches could have been mitigated through simple and intermediate controls.
Connectivity means more complexity
With the availability of connected devices, platforms, and vehicles brought about by the IoT trend, we have more things ever that are not only IP-enabled, but are interconnected as well. Today, the level of complexity that an organization has to manage is not only limited to the traditional physical infrastructure, but it also has to manage things that were not connected before like supply chains, vehicles, connected platforms, remote offices, BYOD, IOT, and industrial control systems, as well as the sheer volume of data that is generated by these channels.
On the average, each of us would generate three to five terabytes of data per day over the next two to three years because we’re more interconnected. When you think about that at the enterprise level, the challenge is how to have the visibility across that much data, detect anomalous behavior, determine whether that behavior was malicious or not, and how to mitigate it.
“At the end of this you’ll see, ironically, is less visibility and less control because traditional approaches cannot scale across a very large ecosystem. These are the two things that we need when working in today’s type of ecosystem: scale because the network is broader than ever, and speed because of how the attacks are being executed it means that breach detection is growing and if we’re going to be successful, we have to be able to react on that speed,” Nguyen-Duy remarked.
Digital transformation and fabric-based security
But as enterprises gear toward digital transformation, complexity comes in and traditional approaches no longer work. Apart from the growing complexity among enterprise networks, Nguyen-Duy also cited other factors that contribute to the problem not without giving a recommendation.
“I think we are at the point of inflection that if we don’t do things in a different way, it’s going to be a lot worse because the same failing teams that are tasked to do the security are also tasked to do the digital transformation. How does that same team that faces constraints in terms of financial resources, structural resources, and shortage of people stretch and scale to address digital transformation? That’s why I think that we have to move beyond the traditional approaches,” he said.
The normal situation is that companies have multiple vendors for multiple products and they end up with multiple orchestrations of management consoles, in which operators are performing manual mitigation and manual segmentation. Secureworks’s latest research on data protection shows that 30% of the victims that they investigated lost up to 30% of the network resources in first three minutes of the attack. That scenario tells you why traditional methodologies that involve multiple products that were never designed to be integrated and work together are no longer reasonable.
“What they’re doing is what they did on the Titanic. They’re manually closing the watertight doors trying to mitigate damage, which is simply no longer effective in a digitized enterprise. That’s why you need to have a fabric-based approach that offers an integrated series of devices that collect and share information so you can have a mitigation that responds at the machine’s speed,” Nguyen-Duy explained.
The Fortinet Security Fabric delivers broad protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud, or on-premises. This solution synchronizes your security resources to enforce policies, coordinate automated responses to threats detected anywhere in your network, and easily manage all of your different security solutions and products through a single console. Learn more about Fortinet Security Fabric at www.fortinet.com.