Security vendor Fortinet held its annual Accelerate event April 8-11 in Orlando, Fla. My research has found that cybersecurity remains the No. 1 concern for both IT and business leaders. Not since Y2K have I seen a single theme unify technology and business leaders for this long a period of time. The event was hosted by Fortinet, so a large part of the show was dedicated to new products, but a number of sessions were dedicated to larger security trends.
The security industry has been in a state of change for several years, and the show was helpful in codifying many thoughts regarding the evolution of this market. Security professions need to understand what these changes are and adjust strategy accordingly. Below are my top lessons learned from the event.
Lesson No. 1: Security must be built into digital transformation plans.
It’s hard to speak to anyone in the business world without the topic of digital transformation coming up. During his keynote, Fortinet Executive Vice-President of Product and Solutions John Maddison described digital transformation as the application of new technology to change or create new processes. I think most IT pros and would agree with this definition, but the key thing to understand that is that the new technologies such as IoT, cloud, SD-WAN and mobility also create new security risks. Businesses need to stop thinking of security as an afterthought and spend the time to bake security into their digital initiatives. If this is done correctly, it can accelerate digital initiatives. If security is bolted on afterward, it can significantly delay the rollout of new services.
Lesson No. 2: Machine learning is mandatory for security.
Paraphrasing Dorothy from “The Wizard of Oz,” security professionals need to deal with “devices and users and clouds, oh my!” Dorothy’s solution to escape the mess she was in was to click her heels together and get back to somewhere safe. Unfortunately, there is no magic way for security teams to leave. There are only massive amounts of data that need to be analyzed to find anomalies that can indicate a breach. A few years ago, savvy engineers could use sift through the data to find those key insights that might indicate a breach or threat. Today, there is far too much data for people to connect those dots. This is where machine learning (ML) and artificial intelligence (AI) can add value.
Security professionals need to stop fearing ML and understand that it’s an assistive technology that can help them do their jobs better. Doctors use ML to find anomalies in MRIs so they can spend less time looking at images and more time treating patients. Similarly, the technology can help security operations cut the time spent sifting through data and more time dealing with bigger issues.
At the conference, Fortinet highlighted a number of products that are now using AI and ML, including its web application firewall, SIEM, management tools and analytics platform. Look for this trend to continue, because all security products eventually will be infused with these advanced technologies.
Lesson No. 3: With security, platform wins.
Ever since there has been cybersecurity, there has been the debate of single vendor versus best of breed. The former provides interoperability, where the latter results in a perceived best-in-class solution. The fact is neither has worked, nor will those approaches ever work. The majority of businesses lean toward best of breed, which is why companies have an average of 32 security vendors deployed in their environments.
Recently, I’ve had conversations with CISOs who are starting to understand that it’s not necessary to have best of breed everywhere to have best-in-class protection. In fact, it’s often the case where that approach can lead to being less secure, because policies can be difficult to keep up to date across multiple vendors.
A better approach is the concept of a security platform, which is open so third-party vendors can plug into it.
There are numerous vendors that articulate a platform approach. Fortinet’s Security Fabric is an example of a platform in which it can offer a wide range of security capabilities, but the customer could choose to connect in alliance partners through APIs. Fortinet currently has 57 partners in the Fabric-Ready API program.
Single vendor doesn’t work. Best of breed doesn’t work. Single architecture based on an open platform is the right approach for security in the digital era.
Lesson No. 4: Network and security must come together.
Historically, the network and security teams have existed in silos, with security being deployed as an overlay to the network. During his keynote, Maddison displayed a slide that showed the digital attack surface being connected to IoT, endpoints, the WAN, edge devices, the cloud and more. It’s important to note that these may seem like separate technologies, but they’re all connected to a single network. This means a threat can come in through the cloud and take down an IoT device or from a user’s endpoint and infect the data center. An overlay model no longer works.
The network provides a tremendous amount of data that can be used to “see” things that security alone can’t and to react faster. As an example, most IoT systems are very predictable as to traffic generated. A connected AC system likely sends updates to the manufacturer only a few times a day. If the AC system attempted to communicate with an accounting server, that would indicate a breach. At that moment, the network and security technologies should work together to identify the anomaly, quarantine the device and start the remediation process. This can only happen if network and security technologies are tightly integrated. It’s for this reason that Arista, Cisco, Aruba, VMware and other network vendors are Fabric-Ready partners of Fortinet.
Lesson No. 5: The edge and cloud are complimentary – and both need to be secured.
A few years ago, the hype around cloud was at its peak, and many believed the cloud would “eat” everything—meaning few workloads would be completed inside private servers. Recently, the rhetoric has changed to edge-mania, in which the edge supposedly will eat the cloud. The reality is the edge and cloud are complimentary to one another and both will continue to grow because of the explosion of data.
[For the record, edge computing fundamentally is any type of computing that takes place outside a data center.]
Digital organizations are in a constant race to continually analyze data and find key insights in them.
The output of the analysis determines where the data should be analyzed. For example, the decision on whether a self-driving car should stop or not needs to be done in the car. However, that same data can be aggregated and used for traffic planning purposes and that’s done in the cloud.
Another factor to consider is there is no single “edge” per se. Instead there is a branch edge, campus edge, mobile edge, IoT edge and every other kind of edge one can think of. Wherever endpoints are connected, that’s the edge.
At Accelerate, I moderated a panel with Intel and Fortinet discussing the role of the edge. At the top left (right-click on it and select "View Image" to see a larger version) is a slide I presented during the session that highlights the difficulty for IT pros as they are responsible for everything from the “hand to the core.”
Securing and analyzing data requires an approach where compute and security capabilities are located everywhere, which supports the platform architecture.
Accelerate 2019 is in the books now, and it was a great event, because many of the key themes dealt with the shift in security mindset, architecture and technologies. As the expression goes, this isn’t your father’s IT environment, and protecting it requires embracing new methodologies.
Zeus Kerravala is the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.