The Evolution of the Enterprise And Enterprise Security

Transcription

1 The Evolution of the Enterprise And Enterprise Security Introduction Today's enterprise is evolving rapidly, with new technologies such as consumer-grade mobile devices, internet-based applications and cloud services supplementing or replacing the traditional corporate standard IT infrastructure and assets. These have a fundamental impact on enterprise security requirements specifically related to employees and data. Especially, in light of a corresponding evolution in the role of IT, as well as changes in the threat landscape. This paper discusses each of these technology, role and threat trends, plus emerging enterprise security requirements. Fundamental Technology Shift Mobility and BYOD According to IDC, tablet shipments have overtaken those of mobile PCs in 2013, and are predicted to surpass those of mobile and desktop PCs together in Adding in the 1 billion smartphones shipped, or simply looking around our office or home, it is clear that the way employees get work done is much different today than in the past. While this increased mobility undoubtedly has increased productivity and convenience, it also raises new challenges for IT and IT security. Attempting to manage and support such a large number and wide range of devices can be daunting. So too is the provision and control of enterprise applications and data. In the past, a single company issued Windows-based PC, with a corporate standard configuration and device-based security and authentication, was the single method for ensuring secure access to company systems and information. Today, that is no longer feasible with demands from employees and executives to use their ios and Android devices. In response, organizations are embracing (in full or in part) bring your own device (BYOD) policies. And as a result, necessary security controls are increasingly moving away from endpoints (which may no longer be seen, let alone controlled, by IT) to network checkpoints, and similarly based on users rather than devices. Takeaways Mobility and BYOD Greater network visibility and control User-rather than device-authentication FortiAuthenticator

2 Internet-based applications This greater mobility is driving (or is enabled by, depending on your view of things) internet-based applications and cloud services which are inherently available anytime, anywhere as opposed to the previous client-server based models of the enterprise. There is a dramatic rise in the enterprise use of social media (Facebook, LinkedIn) and cloud storage (Dropbox, Google Drive), not to mention public cloud services (SaaS, PaaS, IaaS). While this increased accessibility is a productivity driver, it also raises new security challenges. No longer are all applications provided by IT, ensuring that the content delivered is safe and the enterprise data within them secure. Instead employees are at increased risk that content delivered from 3rd party internet-based applications may be malicious and/or that data may be compromised within 3rd party, multi-tenant services or infrastructure. If nothing else, such external applications and services raise compliance and reporting challenges. In response, enterprises are looking to strike a balance between the use of such applications with security of the enterprise and its data. This starts with simply gaining visibility into what applications and services are used by employees, followed by establishing and enforcing granular policies. This is doubly challenging given such applications and services increasingly use encrypted communications as well as the fact that 1 in 3 respondents to a recent Fortinet survey indicated that they would contravene an employer policy preventing use of public loud services. Takeaways Cloud applications and services Greater application and service visibility Granular policies and enforcement Content and data security Changing Threat Landscape Advanced Persistent Threats Even as enterprises are relinquishing control over applications, services and devices and relying more heavily on network-based control points, the risk of cyber attack is higher than ever before. And the cyber threats themselves are more sophisticated- targeted, tailored, socially-engineered and even multi-staged. A simple search on "data breach" this past year will return countless headlines that make this abundantly clear. Cyber criminals are often: singling out individual organizations (or a small group of similar organizations in an industry); targeting employees with attacks crafted to fool even the wary; leveraging malware modified (and often tested) to bypass traditional security controls; moving stealthily within the organization in search of data exfiltrating that data over a period of time While established security technologies that leverage signatures, patterns, heuristics and reputations are a necessary baseline (and should be deployed for deeper Inspection at more segmentation points), PriceWaterhouse Cooper reported that 20% of large organizations had detected that they were successfully penetrated.

3 infrastructure. While this is a natural change, it does raise new demands and workload at a time that the group is also burdened with the complexity of a more diverse IT environment in a more dangerous threat environment as described earlier. And a respected analyst firm recently recommended that "all organizations should now assume that they are in a state of continuous compromise." As a result, organizations are examining new technologies- network and endpoint behavior analysis and forensics as well as "sandboxing"- specifically designed to address these new attacks and establish an "advanced threat defense." Takeaways APTs Deeper (IPS, AV, DLP) inspection Advanced threat protection technologies (anomaly detection, forensics and/or sandboxing) FortiSandbox The Changing Role of IT A service provider and business enabler Even as the role of IT, including IT Security, is becoming more complex as a result of the technology and threat landscape evolution, it too is transforming. In response, IT organizations are looking to reduce the complexity of managing security by consolidating mature security functions and, as much as possible, obtaining new technologies from existing vendors as features of in-place security products. Takeaways Changing Role of IT Consolidated security Integrated security capabilities FortiSandbox FortiAuthenticator Enterprise Security Requirements How security at the Enterprise Edge is changing So, how do enterprises tackle these challenges and succeed? 1. In response to the internet-based applications and cloud services increasingly used in the workplace, enterprises need fine-grained visibility and control to establish and enforce balanced policies that empower employees yet manage the risk to the enterprise. 2. As threats increase in sophistication (with an emphasis on beating established security techniques), new inspection methods that focus on activity rather than attributes are needed to complement what's already available. 3. With more business-enabling technologies being supported and advanced security technologies added at a same time that IT needs to transform into a strategic business contributor, consolidation of security functions becomes essential. More and more, such groups (staring with the CIO), are being asked to become strategic contributors to the business rather than simple caretakers of the

4 Solution for the Enterprise Campus Fortinet consistently offers the highest performance appliances in a price band, with flexible software platforms that enables them to be deployed in many different personalities (combinations of functions). Next Generation Firewall The foundation of the enterprise campus offering is a high performance next generation firewall (NGFW) that adds intrusion prevention, application control and antimalware to the traditional firewall/vpn combination. In particular, Fortinet NGFWs: Provide fine-grained, user or device-based visibility and control over more than 3000 discrete applications to establish/enforce appropriate policies Include powerful intrusion prevention, looking beyond port and protocol to actual content of your network traffic to identify and stop threats Leverage top rated antimalware to proactively detect malicious code seeking entry to the network Deliver actionable application and risk dashboards/reports for real-time views into network activity Run on purpose-built appliances with Custom ASICs for superior, multi-function performance, even over encrypted traffic While upgrading to a next generation firewall will certainly improve enterprise security, there is a growing recognition that there is an evolving class of highly targeted, highly tailored attacks that are specifically designed (and often tested) to bypass established defenses. In addition to the core Fortinet NGFW features described above, the following Advanced Threat Protection capabilities can be added to a FortiGate deployment: Unique dual-level sandboxing to examine code activity in simulated and virtual environments detect previously unknown threats Rich reporting on system, process, file and network behavior, including a risk rating Web filtering, botnet and call back detection to prevent communication with malicious sites and IPs Option of sharing threat information with FortiGuard labs to receive updated in-line protections Option of integrating with FortiGate and FortiMail products for simpler deployment FortiSandbox is a natural extension to your Fortinet next generation firewall. NGFW + Authentication With many organizations relinquishing control over the end user device, either supporting smartphones and tablets or moving to full BYOD, authentication of the user, becomes essential. Further, in given the sophistication of threats and increase of data breach noted earlier, there is growing need for two-factor or strong authentication. And in light of the complexity and desire for consolidation, many organizations are looking to extend their network security visibility with the control over user access. NGFW + Advanced Threat Protection

5 In addition to the core NGFW capabilities noted earlier, the following strong authentication functions can be easily enabled: Hardware, software, and SMS tokens Integration with LDAP, Active Directory and radius systems End user self-service Certificate Authority Single sign on throughout the network NGFW + Secure Web Gateway The Fortinet Difference Custom ASICs, Unmatched Performance At the heart of the FortiGate next generation firewalls are purpose-built FortiASIC processors that enable high performance required for the deeper level of next generation inspection as well as the consolidation of multiple security functions onto a single appliance. Further, our integrated architecture provides extremely high throughput and exceptionally low latency, minimizing packet processing while accurately scanning the data for threats. Traditional Security Appliances that use multipurpose CPU based architectures becomes an infrastructure bottleneck. Even when using multiple multi-core general purpose processors, network security devices cannot deliver the high performance and low latency required. The only way for a Network Security Platform to scale is via purpose-built ASICs to accelerate specific parts of the packet processing and content scanning functions. FortiGate technology utilizes optimum path processing (OPP) to optimize the different resources available in packet flow. Given the transformation of IT supporting more devices, applications and services- as well as evolution of the threat landscape requiring the addition of new security technologies, organizations with relatively constrained staff and budgets are looking to consolidate mature functions in order to free up resources for newer ones. The most common consolidation for enterprises is adding Web Filtering along with the IPS, Application Control and Antimalware of the NGFW in order to replace existing Secure Web Gateways, remove unnecessary appliances and avoid expensive renewals. In addition to the core Fortinet NGFW features mentioned earlier, organizations looking to consolidate Secure Web Gateway functions can take advantage of: Dynamic web filtering covering over 56 million rated sites across 79 categories Flexible policy engine including support for Usage Quotas, User Override and more Central management and reporting to simplify administration The FortiASIC utilized by the latest FortiGate Next Generation Firewall models are: Content Processor (FortiASIC CP8) Accelerated content security such as Antimalware, VPN encryption/ decryption and Authentication processing Network Processor (FortiASIC NP6) Accelerated network security tasks such as Firewall, VPN and IPv6 translation As a result, organizations can deliver low latency end while still improving security and consolidating functions. A win for everyone.

6 Summary Today s enterprise is undergoing a significant transformation, with increasingly tech-savvy employees taking advantage of the latest consumergrade technologies to become more agile, efficient and more productive. However, these technologies represent a business risk as well as opportunity, especially given an evolving threat landscape and the rise of highly targeted and tailored attacks. In response, enterprises are upgrading from traditional to next generation firewalls for the visibility and control required to allow the use of these new technologies in a secure manner. Furthermore, many organizations are looking to add Advanced Threat Protection and Authentication technologies as an extension of their NGFW and/or consolidate other network security appliances like Secure Web Gateways for more manageable and cost- effective IT security that facilitates the transformation of IT in a true strategic contributor to the business. For more information on the FortiGate Network Security Platforms, please go to