Software defined networks were developed to overcome the networking challenges that traditional network strategies couldn’t address.
Despite best efforts to protect networking environments, the occurrence of breaches is on the rise. We are in an environment where workers today expect to be able to conduct their business from any device of their choosing, in the location most conducive to personal productivity, and with applications that are not always tied to the corporate network. This shift of control from the technology provider to the technology user has changed the way we work and has created a whole host of challenges for CIOs tasked with protecting data and technology assets. Attackers exploit this new world, taking advantage of not only the thousands of new points of entry into the network but also by preying on the lack of attention users exhibit. Shedding more light on software defined security market in India and Fortinet’s plans for this market, Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet recently had an exclusive interaction with ITNewsBuzz team. Let’s read the edited excerpts:
ITNewsBuzz: What are the growth drivers for software defined security market in India? How Fortinet is doing in software defined security market?
Rajesh Maurya: Today, transactions, workflows, applications, and data requests across the network needs to be just as fast as those being processed at the network core. SD-WAN solutions for example provides branch users with flexible access to resources located anywhere across the distributed network and allow end users to use advanced applications, generate complex workflows, and utilize cloud-based services from a variety of devices, including their BYOD solutions.
The growing appeal of SD-WAN technologies has caught the attention of the IT world and many are realizing the benefits of efficient cloud adoption, broad application visibility and lowered operating costs. But without the right solution, the speed and agility of SD-WAN can come at the expense of security. To respond to this pervasive industry challenge, Fortinet produced the industry’s first NGFW-centric approach to SD-WAN by tightly integrating SD-WAN functionality into the FortiGate Next-Generation Firewall. This approach produces a compelling solution that combines the increased scalability, flexibility, simplicity and cost savings of SD-WAN with industry-leading security protection.
Fortinet’s Secure SD-WAN has been well received by the industry, earning a “Recommended” rating from NSS labs and positive feedback from users on Gartner Peer Insights.
ITNewsBuzz: Security companies including you and your competition spend millions of dollars on R&D and innovative products but breaches haven’t halted. Why do hackers always stay ahead?
Rajesh Maurya: The number of vulnerabilities available to cybercriminals continues to accelerate. But according to one recent report, of the over 100,000 vulnerabilities published to the CVE list, less than 6 percent were actually exploited in the wild. The challenge is that predicting which vulnerability will be targeted next, and which exploit will be used, requires advanced strategies, such as leveraging telemetry data to perform predictive analysis, that many organizations do not have in place.
There’s an even larger treasure trove of potential vulnerabilities hidden from view that defenders haven’t even begun to take into consideration as part of their security strategy. Countless vulnerabilities exist inside software and hardware, particularly in the area of IoT, waiting to be discovered and exploited by cybercriminals. Fortunately, cybercriminals have not yet figured out how to extract those zero-day vulnerabilities from existing software except in the most rudimentary ways. But that is about to change. As malicious actors begin to incorporate AI and machine learning (ML) into their exploit models, attack campaigns targeting multiple zero-day vulnerabilities will be able to spin up at any instant and cybercriminals will begin integrating more and more zero-day exploits into attack kits.
The implications of such powerful and sophisticated attacks may feel overwhelming, but organizations are not helpless. Automation is available to both sides, and organizations can use automation and AI to anticipate and mitigate these advanced threats. As the number of evasive techniques multiply and the time windows for prevention, detection, and remediation continue to shrink, an automated response is essential. Organizations require a security platform where traditionally discrete security element can communicate with each other in real time. AI-powered communications and collaboration will enable the discovery of even the most advanced threats, dynamically deliver a proactive response to suspicious behavior, and even begin to anticipate attacks.
ITNewsBuzz: What are the major challenges that Indian CIOs face in handling cybersecurity risks?
Rajesh Maurya: The edge of the network has become blurred with all these new endpoints including mobile devices, sensors, and IoT devices like cameras, cable boxes, and thermostats. It’s difficult for CIOs to protect a network as the infrastructure and use become more complex. This new digital world requires a new security approach. The approach must be holistic and adaptive in its view, yet tactical in its deployment of technology. An approach that moves beyond deploying silos of point products, exposing the enterprise when threats dynamically shift to a different target.
ITNewsBuzz: What are the major challenges in Security Market in India and its acceptance at partner level?
Rajesh Maurya: Security operations will continue to take center stage as we move into a fully digitized world. The cost of vigilance is high both in terms of investment and the exposures caused by lack of investment. High-profile breaches damage the corporate brand and directly impact revenue. Costs for noncompliance in regulated industries are harsh but pale in comparison to the lost revenue caused by a major security event. Organizations must spend in proportion to their exposure, but above all, they must align and rationalize investments to the appropriate threats.
The proper response is paramount to avoid costly incidents. The frequency and speed with which attacks are launched, and with which a defense must be mounted, means integrated automation has to be at the heart of countermeasures. Manual intervention and real-time analysis driven solely by staff cannot match the speed with which attackers strike and adapt.
Underpinning all of this is a human element. An understaffed security function and an employee population unaware of how to defend critical data will too easily fall prey to even straightforward phishing attacks. This could be an organization’s biggest exposure. Talent must be recruited and cultivated, and programs must be put in place to ensure security professionals understand not only how to train employees to use effective password hygiene but also how to leverage sophisticated analytics to predict exposures.
Above all, partners must think beyond hot, new products purporting to address the latest threat. Siloed products widen the gap between discovery and remediation, and this is a problem that can be solved. Thoughtfully building process and workflows to cross the chasm between operations and security will make a meaningful impact in improving an organization’s real security posture.
ITNewsBuzz: Enterprise these days are interested in technological trends like IoT, cloud, ML and AI. Which latest technologies interests you more and why?
Rajesh Maurya: Our Fortinet Security Fabric segments the entire enterprise network—from the Internet of Things (IoT) to the cloud—to provide superior protection against sophisticated threats. More than 25% of enterprise attacks are predicted to target IoT devices by 2020. And siloed apps in multi-cloud environments make it even harder to respond to threats. The Fortinet Security Fabric delivers real-time visibility across all devices and applications. Enterprises average more than 30 point security products within their environments, resulting in multiple time-consuming security consoles and lack of transparency. The Fortinet Security Fabric streamlines communications among the different security solutions, shrinking detection and remediation windows.
Sophisticated cyberattack technologies such as artificial intelligence (AI) and machine learning (ML) are reducing the time from intrusion to attack. This means enterprises need to detect threats faster. With Fortinet Security Fabric, you can coordinate automated responses and remediation to threats detected anywhere across your extended network.
ITNewsBuzz: How do you see the dimension or the direction of enterprise security in 2019?
Rajesh Maurya: Digital transformation requires an equivalent security transformation to protect business from today’s threat. This requires shifting from point security products, manual security management, and reactive security to a strategy one where different security elements are integrated into a single system, security flows and covers multiple network ecosystems, threat-intelligence is centrally collected and correlated, and threat detection and response is automated.
As the speed of threats rapidly increases, the time windows for prevention, detection, and remediation continue to shrink. Rapid response times are crucial, which makes the implementation of truly expansive and integrated security automation essential, from data collection to coordinated responses to threats. At the same time organizations are facing challenges figuring out how to inspect and secure the growing volume of encrypted traffic, battling the persistence of botnets, and addressing new malware trends such as cryptojacking.
Partners have a sizable business opportunity in helping customers successfully address today’s security challenges. Customers need to automate their security hygiene measures and replace isolated security devices with an integrated security fabric architecture that can seamlessly span the growing attack surface.
ITNewsBuzz: Fortinet has a well-entrenched partner ecosystem so far in India. What unique initiatives are you planning for the channel nourishment in 2019?
Rajesh Maurya: Partners have always been a critical element of Fortinet’s go-to-market strategy. Our goal is to help partner get aligned with our Partner Program to accelerate their business and drive unprecedented growth and profit by delivering superior security technology solutions to their customers. We arm partners with the right programs – like deal registration, renewal tracking, incentives for promoting our technologies, and trade promotions – to drive profits.
We have a MSSP program that helps our partners deliver Fortinet cloud and support services, combined with technology like our virtual firewalls. This makes it much easier for their customers to adopt the benefits of the Fortinet Security Fabric with a predictable monthly pricing model, and benefits the partner with a consistent and recurring source of revenue.To assist customer’s partners, need to have the expertise and knowledge. As a result, we’re actively evolving our partner program, to encourage holistic technical certification for partners and aligning their sales cycle with the way customers are buying security both today and tomorrow. The Fortinet Security Fabric provides our partners with a foundational security architecture that they can build their businesses and practices around. Fortinet’s vast breadth of integrated solutions span the entire digital attack surface – from IoT, to endpoints, web applications, and multi-cloud networks – and provide an ideal entry point for security consolidation that channel partners can build their ‘security stack’ around.