In the final part of our Cybersecurity forum series, Tony Zabaneh, Manager, Systems Engineering – UAE at Fortinet shares his insight on how the company shares threat intelligence with businesses to help them make better cybersecurity investment decisions.
Dubai Diaries: What kind of attacks should businesses be prepared for considering the latest smart development vision for Dubai 2040
Tony Zabaneh: Over the past few years, networks have been radically transformed. In simplest terms, the traditional network perimeter has been replaced with multiple edge environments—local-area network (LAN), wide-area network (WAN), multi-cloud, data center, remote worker, Internet of Things (IoT), mobile devices, and more—each with its unique risks and vulnerabilities. One of the most significant advantages to cyber criminals in all of this is that while all of these edges are interconnected, often due to applications and workflows moving across or between multiple environments, many organizations have sacrificed centralized visibility and unified controls in favor of performance and agility.
If we talk about smart projects IoT devices are the main components of smart infrastructure. However, IoT devices were not built with security in mind. In the majority of cases, there is no way to install security on the device itself. In addition, they sometimes ship with malware on them, which then infects the network they are connected to. Over the past several years, Fortinet’s predictions report has touched on such issues as the evolution of ransomware, the risks of an expanding digital business footprint, and the targeting of converged technologies—especially those that are part of smart systems such as smart buildings, cities, and critical infrastructures. It has also considered the evolution of morphic malware, the grave potential of swarm based attacks, and the weaponization of artificial intelligence (AI) and machine learning (ML). Some of those have already come to pass, and others are well on their way.
DD: How much information should decision makers have access to or need in order to oversee the cyber risks? What should this information be and how often should the board have access to this information?
TZ: Cyber criminals are using automation to operate at machine speed, and have become more adept at evading security measures in their attacks, meaning a successful attack is inevitable. The focus now must turn to locating those attacks in complex network environments and addressing them in as little time as possible. Threat intelligence gives essential context on the types of threats and vulnerabilities that are trending among attackers to ensure fast response times.
DD: How do you advice decision makers on the effectiveness of their cybersecurity strategy at addressing the business risks?
TZ: CISOs now find themselves constantly searching for new tools to add to their arsenal, often to only find that cybercriminals have developed an even more advanced way to attack and circumvent security controls in place. Traditional security approaches and solutions need to be complemented with alternative models, such as AI and automation. These advantages enable CISOs to not only mitigate the risk brought on by automated cyberattacks with faster response times, broader visibility, and simplified network management, but actually get out ahead of their cyber adversaries.
As networks grow increasingly complex and distributed, a lack of visibility into and control over the various elements operating within a network, as well as the growing number of edges, many of which operate as largely autonomous environments, can create security gaps and an opportunity for zero-day threats to wreak havoc. Compounding this challenge further, most organizations are plagued with trying to hire and retain enough skilled resources to effectively manage their environments and to do incident response.
As a result, many of today’s breaches are actually the result of human error, whether a device was misconfigured, or a critical indication of compromise was overlooked. In many cases, it is simply the result of overworked IT admins. Even the most highly skilled IT and security professionals, with the best intentions, can occasionally make mistakes—but mistakes that can ultimately prove to be extremely costly for an organization. By leveraging automation and deploying AI-enabled technologies, it is much easier to identify threats, streamline workflows, and create consistent and efficient responses. They reduce the chances for human error by taking the human out of the loop, as well as through the elimination of slow manual processes.
Leveraging AI-driven solutions, such as AI-assisted network access control, cybersecurity professionals can achieve clear visibility into every device accessing a network at any given time. AI and automated tools simplify network management across these environments and alert security teams to imminent threats and process an automatic threat response. AI, especially, can continuously sift through mountains of data collected from devices across the network to identify threats. It can also automatically investigate the influx of alerts that have traditionally required manual input from security teams, enabling them to make better informed decisions, create a more proactive and efficient security program, and be more cost-effective. This frees up security teams to spend more time honing strategy, researching advanced threats, and cultivating a cyber-aware culture.
DD: How do you help decision makers determine whether or not they have the right data governance strategy in place to minimize the cyber risk?
TZ: Security Rating Service is intended to guide customers to design, implement and continually maintain the target Security Fabric security posture suited for their organization. The Security Fabric is fundamentally built on security best practices and by running these audit checks, security teams will be able to identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup, and implement best practice recommendations.
This service amongst many others that Fortinet offers helps to keep pace with evolving compliance and regulatory standards as this structured approach for configuration monitoring and tuning brings additional value to other critical processes. Supports quicker business decisions and remediation in data breach situations. It also reveals the status of 3rd party asset compliance as it can be monitored to ensure they are adhering to Enterprise Security Policies. Risk management teams can proactively monitor the status of security controls against compliance and regulatory standards. And most importantly it brings value to Operations Teams (OT), through early awareness of potentially non-compliant assets, unstable system configuration states, and data flow anomalies.
DD: What measures do you take to stay current on the cyber threat landscape? How do you share that with the business decision makers?
TZ: FortiGuard Labs, Fortinet’s global threat intelligence and research team, has brought together some of the brightest and most knowledgeable threat hunters, researchers, analysts, tool developers, and data scientists in the industry, located in research labs around the world.
FortiGuard Labs has access to the broadest set of telemetry and threat data resources in the industry. It continuously gathers threat information from the world’s most deployed network security solution, including the telemetry data from millions of sensors worldwide, and an extensive intelligence-sharing partner community.
FortiGuard Labs pioneered many of the concepts, processes, and technologies in use today across the threat intelligence industry. Their dedication to innovation has resulted in the creation of the industry’s most advanced AI and ML systems designed to flag threats and automatically create required protections. It has also led to the creation of intelligence sharing networks, as well as being awarded over 100 patents specifically focused on threat intelligence and research.
DD: How do you detect the cyber-attacks and respond to them?
TZ: FortiGuard Security Subscriptions refer to the different security options organisations can choose to add on to their Fortinet devices. FortiGuard Security Subscriptions can help customer stop in-flight threats, eliminate attacks from common entry points, proactively prevent and detect breaches, and secure their expanded attack surfaces. FortiGuard Labs, the threat intelligence and research organization at Fortinet, provides the security updates to the detections and prevention capabilities to these security add-ons. FortiGuard Security Subscriptions are fully integrated to maximize the protection across the Fortinet Security Fabric, provide protection across the attack vector spectrum, enable organisations to tailor their security choices to their environment, and validate their threat effectiveness through independent, real world testing results. In addition, FortiGuard Security Subscriptions include intrusion prevention, web filtering, antivirus/anti-spyware, anti-spam, database security, virus outbreak protection service, IP reputation updates, content disarm and reconstruction, security rating services, and network and web application control capabilities.
DD: Do you have a message for your customers?
TZ: In a digital world where the attack surface is rapidly expanding and pushing the edges of the network into new territories, enterprises must rethink cybersecurity strategies. The breadth of devices and data involved, the number of applications residing in the cloud combined with the amount of data crisscrossing on-premise and cloud systems, as well as the ability to employ advanced threat intelligence technologies such as artificial intelligence and machine learning are transforming how enterprises think about cybersecurity.