But digital acceleration is a double-edged sword. One of the biggest security challenges facing organizations is providing consistent protection across their expanding network edge. Each new edge expands the potential attack surface, and cybercriminals have been quick to target these new attack vectors. Over the past two years, we have seen a dramatic rise in attacks, especially ransomware. And many of these occur through the less secure access points of the network edge. 

Part of the challenge of protecting the expanding network edge is that the network is expanding faster than traditional security can adapt. Most existing security strategies have been built around isolated point products designed to defend predictable, static network environments—which means they struggle to maintain consistent security when the network they are protecting is in a constant state of flux. And all a cybercriminal needs to infiltrate the network is to breach an undersecured edge and then exploit the implicit trust within the network to move around looking for data to steal and systems to corrupt or hold for ransom.

What’s needed is an adaptive edge security strategy that provides consistent visibility and control no matter where or when new edges are deployed, even when the underlying infrastructure or connectivity elements change. Zero Trust Edge converges networking and security to create an integrated protection framework that can ensure consistent policy deployment and enforcement at every edge. This includes granting explicit, per-session access to applications combined with the continuous validation of user identity and context regardless of how rapidly the network is expanding and evolving. 

As with most security strategies, implementing a Zero Trust Edge is easier said than done. But for those organizations looking to embrace digital acceleration without compromising security, a Zero Trust Edge strategy is essential. Here are five steps to follow to simplify the process of ensuring you provide consistent protection and eliminate weak links at the edges of your network.

Step 1. Gather Authentication Tools

Gather together the zero-trust access authentication tools you will need to establish a Zero Trust Edge. These include Zero Trust Network Access (ZTNA), Secure SD-WAN, a next-generation firewall (NGFW), and a secure web gateway (SWG) that includes intrusion detection systems (IDS) and intrusion prevention systems (IPS), a sandbox, a cloud access security broker (CASB), and network access control (NAC). These tools allow any user or device, regardless of location, to be properly authenticated and inspected before accessing any connected resources, whether on-premises or in the cloud.

The key here is interoperability. Using these tools should provide network-wide visibility and consistent monitoring and enforcement end-to-end, even for applications and workflows that need to span multiple environments. These tools should either be consolidated through a single vendor or integrated through a common framework that uses open standards and APIs, ideally on a single, universally deployable platform, to ensure seamless communication, coordination, and enforcement.

Step 2. Add Security Controls

 Security controls will need to be hosted both on-premises and in the cloud so every user can be authenticated from any location on any device. And while different tools are required for physical cloud and cloud-based networks, they all still need to work together as an integrated system. This ensures that users are protected, whether on-premises, at the home office, or traveling between them. In addition to working together, these tools also need to support convergence with the underlying networks so that protections can automatically adapt to changes in configurations, connectivity, or scale.

Step 3. Implement ZTNA

Implement ZTNA on every edge and device to enable secure access to on-premises and cloud-based applications for all users. ZTNA clients on end-user devices provide secure connectivity combined with per-session authentication and continuous monitoring to detect and respond to aberrant behavior. A ZTNA solution should also be implemented as part of your edge security solution so authentication and real-time traffic inspection can be a seamless part of the secure access and authentication process. And because the user experience is critical, NGFWs should also be able to inspect encrypted traffic, including streaming video, at wire speeds.

Step 4. Secure Remote Users

Remote users should be directed to cloud-based Security such as firewall as a service (FWaaS) and SWG to provide secure internet access while accessing SaaS applications. Remote users can also access private applications in data-center using cloud-delivered ZTNA enforcement. ZTNA and SWG can work with CASB to monitor and enforce policy for remote users, whether they are working from their home office or traveling between locations. But those solutions need to be integrated into the larger security architecture so that policies can be centrally deployed and orchestrated, and cyber events can be shared and correlated to protect all edges. 

Step 5. Control Cloud Application Access

Secure SD-WAN is the foundational technology for controlling access to cloud-based applications from on-premises locations, including data centers, campus environments, branch offices, and retail locations. Unlike traditional SD-WAN, Secure SD-WAN includes a full suite of enterprise-grade security that allows security, network, and connectivity functions to operate as a unified solution. On-premises security is also useful for network segmentation deployment to prevent lateral movement of threats. And with SD-WAN deployed on the same platform as other on-premises access and security tools, organizations can establish and maintain consistent security and networking policy without managing multiple consoles or troubleshooting issues between solutions.

Zero Trust Edge

The Zero Trust Edge approach to securing ever-expanding network edges helps ensure the critical convergence of security and networking everywhere. With a Zero Trust Edge architecture, security can seamlessly adapt to dynamic changes to the underlying network infrastructure, including connectivity, while providing access to applications based on user identity and context. Zero Trust Edge extends enterprise-grade security and provides granular access control to remote workers, providing secure access to the applications and resources they need, whether they are on-premises or accessing resources through the cloud. 

Read more about Zero Trust Edge in the recent Forrester report and find out how you can implement an enterprise-wide Zero Trust Edge architecture with Fortinet’s Security-driven Networking approach.

The post How to Build a Zero Trust Edge appeared first on eWEEK.

Cellular technology can be used for wireless WAN, but a wireless solution that is separated from SD-WAN makes deploying and managing branch connectivity more challenging. In addition, the companies that offer only wireless WAN capabilities may not be able to provide the security controls required to protect traffic.

Far too often, security is applied as an afterthought. When security solutions are deployed in silos so they are not well integrated with each other or the underlying network, security risks and gaps naturally arise as the attack surface expands and adapts. 

These gaps and blind spots enable sophisticated multi-step cyberattacks and are partly responsible for the recent dramatic rise in successful ransomware attacks. When you open branches to the internet, security must be robust, multilayered, and integrated. 

Organizations need a unified security framework to deliver an automated and reactive security posture that spans the entire attack surface. The framework needs to offer integrated security technologies and support the convergence of security and networking to improve productivity and the user experience.

For secure SD-WAN, the combined SD-WAN and LTE/5G solution must include a native and integrated set of multilayered security controls. To automate protections for both wired and wireless local breakouts, the solution should include controls like an intrusion prevention system (IPS), a next-generation firewall (NGFW), and a secure web gateway (SWG). In setting up an integrated LTE/5G SD-WAN solution, organizations should consider the following.

1. Make sure the cellular gateway is separated from the SD-WAN device

When deploying an integrated LTE/5G SD-WAN solution, the cellular modem should not be placed inside the SD-WAN device. If it is feasible, you can use a separate cellular gateway that is placed near a window for optimal reception. Then you can connect it to the SD-WAN device using an Ethernet cable, which isn’t expensive and delivers good signal quality.

2. Provide out-of-band management

Because wired service providers can experience outages, the LTE/5G SD-WAN solution should offer out-of-band management for branches, so a network operator can continue managing the branch and the devices during an outage.

3. Use a single dashboard for network management

When SD-WAN and LTE/5G technologies are integrated, a network administrator can use the same dashboard and operating system for network management. Splitting the management among vendors adds complexity and costs, but with an integrated solution, the administrator can set policies, metrics, and controls in SD-WAN, and have them applied to all LTE/5G connections. This consolidated management makes it easier to set up new branches, make network changes, and adjust connectivity policies that must be automated and applied to both wired and wireless connections at once. 

4. Ensure 5G is included in analytics

Secure SD-WAN has graphical dashboards with rich network analytics, bandwidth predictions, and consumption controls that can provide enormous visibility and control, but it’s important to ensure that LTE/5G links are part of the equation.

A Platform Approach for Securing 5G

To secure public and private 5G, organizations need a broad, integrated, and automated cybersecurity mesh platform that provides centralized management and visibility, supports and interoperates across a vast ecosystem of solutions, and automatically adapts to dynamic changes in the network. Secure SD-WAN is part of the Fortinet Security Fabric, which is an integrated end-to-end security platform that provides the required security visibility, automation, and control across public and private 5G networks.

Learn how Fortinet’s FortiExtender 5G/LTE and dual modem gateways enhance secure SD-WAN for OT, retail & more.

Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.

The post Four Considerations for Setting Up An Integrated SD-WAN Solution with LTE/5G appeared first on eWEEK.

If you’re still struggling to integrate and manage a collection of single-purpose products, the resulting complexity and lack of visibility is likely to leave your organization vulnerable. You should work to address security gaps as quickly as possible and take note of these five threats. They may target different areas, but each is cause for concern.

1. Attacks on Linux Systems

Remember when everyone said we should all ditch Windows and move to Linux because it was never attacked? It’s true that up until recently, Linux was generally ignored by cybercriminals. But sadly, that’s no longer the case anymore. Attacks against Linux operating systems and the applications that run on those systems are becoming as common as attacks on Windows systems. You might be used to defending against Windows attacks, but you might not be familiar with how to protect Linux from malware. One example of a Linux attack is a malicious implementation of the Beacon feature of Cobalt Strike called Vermilion Strike. It can target Linux systems with remote access capabilities without being detected. More botnet malware is being written for Linux platforms as well. 

In addition to being yet another vulnerable area to worry about, attacks on Linux systems are particularly concerning because Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications. And even worse, Linux environments often have valuable data like Secure Socket Shell (SSH) credentials, certificates, applications usernames, and passwords.

Here’s something else to consider. Microsoft is now actively integrating Windows Subsystem for Linux (WSL) into Windows 11. WSL is a compatibility layer used for running Linux binary executables natively on Windows. You can be sure that malware will follow. 

Most organizations just aren’t used to protecting Linux systems. Furthermore, many Linux users are power users and these systems are frequently sitting in parts of organizations that are providing critical services.

2. Attacks in Space

Space may be the final frontier, but it’s no longer safe from cyberattacks thanks to the increase in satellite internet. New exploits targeting satellite Internet networks will increase, and the biggest targets are likely to be organizations that rely on satellite-based connectivity to support low-latency activities. These activities include online gaming or delivering critical services to remote locations and remote field offices, pipelines, or cruises and airlines. As organizations add satellite networks to connect previously off-grid systems such as remote OT devices to their interconnected networks, it will increase the attack surface.

3. Attacks on Crypto Wallets

Just as a pickpocket can run off with your money in the real world, in the digital world, crypto wallets are now at risk. Attackers are creating more malware designed to target stored information, so they can steal credentials such as a bitcoin private keys, bitcoin addresses, and crypto wallet addresses. Once an attacker has vital information, they can drain the digital wallet. Many attacks begin with a phishing scam with a malicious Microsoft Word document attached to a spam email. A Word document macro then delivers the malware that steals the crypto wallet information and credentials from a victim’s infected devices.

Another scam involves a fake Amazon gift card generator that targets digital wallets by replacing the victim’s wallet with the attacker’s. And ElectroRAT is a new remote access trojan (RAT) that targets cryptocurrency by combining social engineering with custom cryptocurrency applications. ElectroRAT can perform keylogging, take screenshots, upload and download files, and execute commands.

4. Attacks on Critical Infrastructure

Over the last year, ransomware attacks have been on the rise, but now they are increasingly targeting critical infrastructure. Instead of going after smaller targets, cybercriminals are waging larger, more public attacks that affect more people. The convergence of information technology (IT) and operational technology (OT) networks has made it easier for attackers to access OT systems. By accessing compromised home networks or the devices used by remote workers, they can access IT and then OT systems. The rise of ransomware as a service means that attackers don’t need to have specialized technical knowledge anymore. They can simply buy attack kits on the dark web to attack OT systems.

Some of the incidents that target critical infrastructure have been called “killware,” even though the attacks don’t directly target human lives. However, the malware differs from regular exploits in that it disrupts hospitals, pipelines, water treatment plants, and other critical infrastructure that directly impacts people.

5. Attacks on the Network Edge

The increase in the number of people working remotely has led to an exponential expansion of new network edges, which has significantly expanded the attack surface and exposed corporate networks to many of the threats to residential networks. Because of this increase in network edges, there are more opportunities for “living off the land” threats. This type of threat involves using malware created from existing toolsets and capabilities, so the attacks and data exfiltration appear to be normal system activity. Living off the land attacks are sometimes combined with edge access trojans (EATs). The malware located in these edge environments uses local resources to observe activities and data at the edge and then steal, hijack, or ransom critical systems, applications, and information.

Be Prepared

All of these threats amply show why organizations must prioritize cybersecurity. Threats aren’t going away, so organizations need an integrated, coordinated approach to security instead of attempting to assemble a collection of point products. Instead of adding yet another security product to solve a problem, organizations should consider a cybersecurity mesh platform approach to security for unified visibility, automated control, and coordinated protection.

Learn more about FortiGuard Labs threat intelligence and research or Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.

Learn more about Fortinet’s FortiGuard security services portfolio.

The post Why These 5 Cybersecurity Threats Should Concern Any IT Team appeared first on eWEEK.

Fast Fiends

IT security teams are always under pressure to prepare for cyberthreats. They used to have much more time to prepare, but now SOCs often have only 48 hours or even much less. Threat actors are now executing attacks at speeds never witnessed before. 

They are accelerating through the attack phases, giving defenders little time to respond. It’s alarming when the data shows an increase in pace by the attackers, because as we all know, speed is crucial—especially, when the attack surface keeps growing.

The increased speed of attacks is compelling enterprises to quickly evolve and adopt AI-powered prevention and detection strategies. IT security teams that once relied upon point products and the “just stop execution of effects” philosophy of are finding they are no longer sufficient defenses. The heart of the matter is that there are too many various techniques that the attackers have available to them. 

Why Point Products are Problematic

Security point products are problematic because they don’t “talk” with other solutions. This lack of integration means there is no total visibility across the network. If you can’t see a threat, does that mean it’s not there? Even if you can see a threat, can you act in time given the speed of attacks today?

The other big problem with point products is the manual tasks that the SOCs are required to employ. Say, a suspicious event is found on Point Product A. The first action that probably needs to be done is a cross-reference with Point Product B and/or Point Product C. Then another step may be needed to cross-verified with a SIEM. This manual process must be done quickly to keep up with the speed of the threat attacks.

Integration and automation are vital elements of strong cybersecurity. Eliminating extra steps and taking the manual work out of the defense process, speeds the response and permits the security analysts to stay focused on the attack—rather than losing time on distractions like checking policies or uploading logs. 

The Need for Speed

IT security teams have always known that a speedy response is required when a threat emerges. That requirement is not going away. In fact, the demand is only going to be greater as cyberattacks continue to move faster and faster. 

The increase in the speed of execution and growing sophistication of threats are not the only challenges facing IT security. They now must also consider the growth in the number of techniques being used by cybercriminals in their attacks. To respond appropriately, CISO and IT security teams need the full support and cooperation of the entire operation. Organizations that don’t improve, fortify, and accelerate their intrusion responses, could find themselves as a cautionary tale in the next threat research report.

The recent Apache Log4j Vulnerability is discussed in the most recent FortiGuard Threat Landscape Report. Log4j is a good example of the increase of attack speed. A chart shows that the number of attacks that occurred in two weeks would have taken several months to reach the same amount in the recent past.

Attacks like Log4j could become very common, so the time to get visibility into the current threat landscape and cybersecurity postures is now. 

According to FortiGuard Labs Global Threat Landscape Report, the top takeaways from the second half of 2021 were:

• Log4j: Despite emerging in the second week of December, exploitation activity escalated quickly enough to make it the most prevalent IPS detection of the entire half of 2021.
• Threat actors are moving Linux-based malware closer and closer to the top shelf in their collection of nefarious tools.
• The sophistication, aggressiveness, and impact of the ransomware threat charges on, not slowing down.
• Botnet trends show a more sophisticated evolution of attack methods
• Malware trends show cybercriminals maximizing “remote everything”

Cybercriminals are developing attacks faster than ever. They continue to exploit the expanding attack surface of hybrid workers and IT and are using advanced persistent cybercrime strategies that are more destructive and less predictable than those in the past. To secure against evolving attack techniques, organizations need smarter solutions that can ingest real-time threat intelligence, detect threat patterns and fingerprints, correlate massive amounts of data to detect anomalies, and automatically initiate a coordinated response.
Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio. Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert program, Network Security Academy program, and FortiVet program.

The post The Latest Threat Intelligence to Help You Fortify Your IT Security appeared first on eWEEK.

If all of your security and networking solutions are designed to work together, they’re more effective than if they operate in isolation. A complete cybersecurity mesh platform architecture tied to Security-Driven Networking solutions can provide the unified visibility, automated control, and coordinated protection organizations need. This type of integration is particularly important for software-defined wide-area networking.

The Rise of SD-WAN

Today, many organizations are distributed with users working from multiple locations. These people need access to applications, which may be located in still more locations. The need to manage such a complex spiderweb of connections is why the SD-WAN market continues to grow. SD-WAN makes it possible to use available WAN services more effectively and economically. It simplifies branch networking, improves application performance, and provides faster access to cloud-based applications and communications. It can also monitor and modify connections to maintain bandwidth and prevent latency, jitter, and packet loss that can affect bandwidth-intensive applications and services like digital voice and video.

The Security Limitations of SD-WAN

From a networking standpoint, SD-WAN has dramatically improved branch connectivity and the user experience, but from a security standpoint, it has some serious issues. Most SD-WAN solutions don’t have integrated security, and direct internet access can lead to new threats.

Security solutions that are added on top of an existing SD-WAN solution often can’t keep up with the changes in a dynamic network and it can be almost impossible to track applications and workflows. Taking this type of security overlay approach can lead to gaps in protection. The network complexity that arises from a non-integrated SD-WAN architecture can make it difficult to manage and troubleshoot. Ideally, a solution should integrate networking, connectivity, and security functions into a single, centralized management console. But if it doesn’t, keeping security policies and enforcement consistent can be challenging or even impossible.

SD-WAN Works Best as a Platform

Instead of trying to bolt on security to SD-WAN after the fact, it makes more sense to take an integrated platform approach, so that the networking and security solutions work as a unified system. Integrated security then seamlessly adapts and scales with SD-WAN connectivity, which avoids the almost inevitable security gaps that can occur with an overlay security solution. SD-WAN works best as part of a holistic platform that incorporates the following elements:

Integrated ZTNA

As more organizations need to support work-from-anywhere initiatives, they’re looking to zero-trust network access (ZTNA) for remote access. It provides secure, per-user and per-session access to specific applications, rather than the perimeter-based network access provided by traditional VPNs. ZTNA makes it easier to manage access to critical applications and maintain visibility into who has access to which resources. ZTNA that’s integrated with a next-gen firewall-based SD-WAN solution – that is, integrated into a single platform – allows organizations to eliminate device sprawl and solution management overhead because they can enforce one policy consistently across all edges to protect the entire attack surface.

SD-WAN for Multi-Cloud Deployments

In a multi-cloud deployment situation, SD-WAN needs to be able to provide reliable access to cloud-based resources with granular controls, including dynamic failover, SLA-based application steering, and application availability, even during brownout or blackout conditions. It should support secure and high-performance connectivity between public cloud workloads running on multiple clouds without increasing cost and complexity. In addition to supporting seamless, reliable, and high-performance connectivity to the cloud and across clouds, an SD-WAN solution should also be able to route and secure workloads within the cloud on a single VM.

AIOps

Many SD-WAN solutions still rely on time-consuming and error-prone manual configurations. Adding AIOps to large and complex SD-WAN deployments enables automatic detection and response across all connections. It can identify issues and remediate them before an application or user is affected. AIOps can help find configuration errors and anomalies and aids in troubleshooting.

5G/LTE

A 5G or LTE gateway that is tightly integrated with an SD-WAN solution can not only help ensure fast, inexpensive, and flexible broadband connectivity at the branch edge, but also support seamless management and operation, and secure connectivity. The edge is a dynamic space and an effective SD-WAN gateway should offer dedicated cloud management dashboards that include simple out-of-band management (OBM) capabilities and provide support for multiple OBM console connections to serial cables and adapters.

SD-Branch

Branch technology is often made up of siloed appliances and consoles that manage wired access, wireless access, WAN, and security. An SD-WAN solution that can easily and seamlessly be extended into an SD-Branch solution can effectively reduce this complexity and appliance sprawl while maintaining a high level of performance.

Integration With a Cybersecurity Mesh Platform

Many organizations suffer from fragmented, complex infrastructures that make deploying new technologies and services difficult. An automated cybersecurity mesh platform is essential to reducing complexity and increasing overall security effectiveness across today’s expanding networks. This type of integrated platform offers centralized management and visibility and can automatically adapt to dynamic changes in the network.

SD-WAN that Supports Secure Digital Acceleration

Today, networks have to support new business needs while remaining protected against new security threats. If SD-WAN is a technology that is a part of your digital acceleration initiatives, the best solution is tied to a platform that enables a variety of use cases and interoperates across a vast ecosystem of solutions. Such an ecosystem matters because it gives organizations flexibility across their deployments while gaining the benefit of consolidated and converged operations, visibility, and security.

Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.

The post SD-WAN Works Best as Part of a Platform appeared first on eWEEK.

Although your home office may not have an ocean view, hybrid and flexible work environments are becoming the new norm. Work from anywhere (WFA) is quickly being adopted by many organizations as the new ideal work model because it improves employee productivity and overall work satisfaction. For many employees, one of the only silver linings of the pandemic is that they’ll never have to return to dreary cubicles or noisy open office situations.

However, implementing work from anywhere isn’t easy without the security capabilities Zero Trust Network Access (ZTNA) brings to the table. In fact, WFA is essentially the use case ZTNA was designed to support. ZTNA can make WFA a reality because it provides the same security no matter where someone is located and it reduces the attack surface by hiding applications from the internet behind a proxy point.

Going Beyond Just Working from Home

Implementing WFA securely goes beyond simply working from home. The goal is to keep users productive and secure as they move to different locations. Whether they’re working from the road or a home office, they need secure access to applications and resources that may be located in the cloud or data center. The key to keeping everything consistent is to unify ZTNA, endpoint, and network security with a common set of APIs and integration points. From a security standpoint, the situation may be different depending on the location, but the user experience and protection need to be consistent no matter where the users are connecting from or what applications and services they need to access.

From Home

Employees who work remotely all or part of the time generally log in from a specific location such as their home office. Their setup might include a home network and hardware such as a monitor and webcam that facilitates their work. Connecting to a home network introduces risks from everything else that is connected to it, such as non-secure IoT devices or other users. Those users could be streaming video or gaming, which introduces potential vulnerabilities since their connections are generally outside corporate network security and control.

Because ZTNA creates a secure tunnel, it insulates the user from other issues that may plague their home network. The ZTNA client on the endpoint will make the secure tunnel, and can then provide the device identity and report on the status of that endpoint. This helps determine if that specific device should get access to the requested application.

On the Road

When employees travel, they often have to connect using unknown and potentially unsecured networks that are vastly less secure than a corporate office or remote workspace. Connecting to work applications and resources can introduce new threats such as exposing communications to hackers and revealing exploitable devices that could be used to launch attacks. Because ZTNA only gives access to people and devices that should be accessing the network, it keeps out those that shouldn’t be there. Once entities are connected, it also provides visibility and control. By engaging in per-session device posture checks, ZTNA also makes sure that if a device is compromised while traveling, it will be detected quickly.

In the Office

Even in a corporate environment, consistent security is an important aspect of a layered defense. ZTNA provides seamless access to applications no matter where the user or the application may be located, including the office. Even in the office, users must provide access credentials such as multi-factor authentication and endpoint validation. Once connected, they only receive the least privileged access, which means they can access only the applications they need to perform their jobs and nothing else.

ZTNA Everywhere

Work from anywhere demonstrates how important it is for organizations to have the same security protection and control no matter where someone may be physically located. Users at many organizations often need access to both cloud and non-cloud resources, and consistent protocols and policies need to be implemented across the entire network. To meet this need, organizations running hybrid networks need flexible ZTNA solutions that aren’t cloud-only. Even better if ZTNA and SD-WAN are integrated into the same solution (without additional licenses or fees) to also ensure a better quality of experience for users. Because it shouldn’t matter where a user is working. The same zero trust security should apply everywhere and offer a consistent experience for users, whether they’re sitting in a lounge chair on a beach or at a desk in their home office.

Discover how Fortinet’s Zero-Trust Access framework allows organizations to identify, authenticate, and monitor users and devices on and off the network. Read more about why the Fortinet Security Fabric is the industry’s highest-performing cybersecurity mesh platform.

The post Make Work from Anywhere a Reality with ZTNA appeared first on eWEEK.

The challenge is that very few SD-WAN solutions are designed to effectively address all the use cases it needs to support. Many have limitations on how and where they can be deployed, such as a lack of form factor diversity and the inability to run natively in multiple cloud environments. Others do not have the capacity to run in smaller branch offices and today’s hyperscale data centers to create true end-to-end connectivity. And fewer still can do so while securing the connections, data, and applications being delivered.

One of the biggest issues organizations face is that they often select an SD-WAN tool to address a simple issue, like creating more flexible WAN connections to their branch office. But when they decide to apply that same functionality to other parts of the network, such as connecting cloud networks to the data center, they find their SD-WAN solution can’t scale. As a result, they end up with additional vendor and solution sprawl, adding to the complexity and overhead required to manage their WAN infrastructure.

It is always easier to scale and innovate when IT teams select the right SD-WAN tool from the start. But to do that, they need to know what they are looking for and see beyond the short-term problem they are trying to address. To help those organizations choose a Secure SD-WAN solution able to grow and scale with their business needs, regardless of how or where it is deployed, we have created a list of nine essential elements every SD-WAN buyer needs to consider when selecting a future-proof solution able to grow as their business evolves:

1. One solution everywhere. Naturally, an SD-WAN solution needs to support a variety of WAN environments. But an SD-WAN vendor needs to do more than simply enable all WAN uses cases. They need to provide tools that can be seamlessly integrated into a unified WAN edge. Ideally, any device, regardless of its form factor, should be powered and secured by a single OS. This ensures that policies and configurations can be centrally deployed and orchestrated. And it enables a unified management system that can extend visibility across the distributed network through a single console.

2. Built-in security. One of the biggest challenges of today’s SD-WAN deployments is that security needs to be added as an overlay, adding upfront complexity and ongoing management issues that can quickly erode the value of an SD-WAN solution. The idea SD-WAN solution integrates a full suite of enterprise-grade security tools with advanced networking functions to ensure and maintain its overall security posture, delivering consistent protection without impacting user experience.

3. Consistent application acceleration. An effective SD-WAN solution needs to deliver superior user experience and advanced connectivity between environments at any edge. Accurate application identification and steering need to happen seamlessly regardless of where an SD-WAN solution is deployed, including support for managing and securing encrypted traffic while providing advanced networking functions like dynamic link remediation.

4. Secure work-from-anywhere (WFA). With today’s hybrid workforce working from virtually any location, SD-WAN needs to do more than support remote offices. An embedded ZTNA Access Proxy allows remote workers to create a secure, remote connection to an SD-WAN device. Explicit per-user application access controls from ZTNA, combined with advanced application management tools from SD-WAN, allow organizations to extend an optimal user experience to every remote worker.

5. Scalability. An effective SD-WAN solution needs to combine dynamic scalability with enterprise-grade security to meet the fluctuating demands of today’s cloud-first, security-sensitive, global organizations. As organizations grow and users become more dispersed, SD-WAN needs to scale up and out. A practical solution must support offices and users in remote locations with limited connectivity options and highly dynamic workforce environments where high-volume scalability requirements can constantly change.

6. Automation everywhere. Cloud-on-ramp support needs to simplify, automate, and secures SD-WAN deployments in even the most complex environments, including to, across, and between multi-cloud and hybrid cloud environments.

7. Zero-touch roll-out. No one should have to roll out IT staff to deploy an SD-WAN solution. To achieve operational efficiencies at any scale, any viable SD-WAN solution must allow IT to build secure WAN networks quickly and efficiently. An effective SD-WAN solution shouldn’t need anything more than to be plugged into the local network. It should then be able to phone home, register with the network, pick up and implement configurations, and begin delivering secure connectivity services with little to no help from IT services.

8. Simplified and scalable management. Once a solution is deployed, it needs to also simplify ongoing management. According to IDC, 70% of remote workers report performance issues daily or multiple times a week. Any viable SD-WAN candidate needs to enable “Day 2+” operations with a unified and consistent view of analytics and reporting. This requires a single-pane-of-glass system for simplified management and troubleshooting that can be easily integrated into NOC and SOC operations as part of a larger network management strategy.

9. Future-proofing the network. Perhaps the most important takeaway from the events of the past few years is that networks will continue to evolve at an exponential rate. Any SD-WAN solution needs to be designed to adapt to new environments and business requirements, such as the emergence of the intelligent edge, the implementation of 5G and beyond, the adoption of SASE solutions, extending security into branch and home offices, and the adoption and deployment of increasingly intelligent devices. An SD-WAN solution needs to be built on an open platform that can serve as a foundation for future-proofing the network, allowing organizations to continue to leverage their existing interconnectivity and security investments as their needs continue to evolve.

Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.

The post 9 Considerations When Evaluating SD-WAN Solutions appeared first on eWEEK.

One reason for this is that the built-in security tools that come with various cloud platforms are unique to each, meaning they do not easily interoperate with similar solutions running on other platforms, compounding the challenge of consistently managing risk across all clouds in a multi-cloud world. The lack of cohesion between different security deployments often results in a lack of centralized visibility into critical service configurations, activities, network traffic, security events, and data hygiene. And this challenge will only be compounded further as a business adopts additional public cloud platforms.

This lack of consistent visibility and fragmented control renders security operations time-consuming and ineffective. And as the threat environment expands, organizations need to protect themselves not only from risks of configuration and management of the application elements themselves but also from risks originating via cloud application programming interfaces (APIs) and user interfaces (UIs). It is therefore of the utmost importance to start now to establish consistent visibility into cloud workloads, especially those that span multiple cloud environments.

With Flexibility Comes Less Visibility

While multi-cloud environments offer greater flexibility and business agility than ever before, with that flexibility comes less visibility: the more it is used and the further it expands, the bigger and more complex the digital attack surface becomes. The top security priority in multi-cloud environments, therefore, must be to integrate the various security instances into a unified security architecture for centralized visibility and control. And this process needs to not only be comprehensive and highly adaptable, it also needs to be highly automated, as on-the-fly translations of policies and protocols cannot be done manually as workflows move between cloud environments due to the differences in the public clouds. With an integrated architecture designed to dynamically interconnect different cloud-native security solutions, organizations can address challenges in a proactive, holistic way to improve operational efficiency while decreasing risk.

The reality is, the larger the digital attack surface, the harder it is to monitor network traffic, which increases the risk of cyberattack. These challenges are due to:

Limited visibility: Traditional security monitoring tools do not apply to cloud resources, services, or overall infrastructure deployments. Most security teams simply don’t have adequate tools for maintaining complete visibility in the cloud, let alone for multi-cloud.  This can leave gaps in maintaining the required or compliant security posture, exposing workloads, organizations, and end customers to risks arising out of things like misconfigurations or vulnerabilities.

Difficulty inspecting traffic: Even with accurate inventory management, monitoring traffic within and between clouds and detecting suspicious activity within that traffic is impossible without tools designed to see, correlate, and analyze traffic originating from different platforms.

Complexity slowing investigations: Disparate security solutions don’t allow security teams to drill down into data to identify and assess specific suspicious incidents or to correlate threat intelligence collected across multiple environments. This slows time to detect as well as response times to attacks and breaches, increasing risk.

Move in the Right Direction

A first step to improving a multi-cloud security posture is to implement a centralized, real-time view of assets and resources across regions and clouds. The second step is to inspect all traffic, across all clouds, to evaluate legitimate traffic versus malicious traffic using a global threat-intelligence feed to identify suspicious activity. With tools like these in place, security teams can shorten the time to detection because they are able to drill down to threat data presented in full contextual detail.

Such capabilities are provided by cloud workload protection (CWP) solutions. CWP is just what it sounds like: it’s the process used to protect workloads that move across different cloud environments. Organizations that use private and public clouds, or any combination thereof, need to protect transactions and data at the workload level, not just at the endpoints.

Cloud workload protection solutions are also designed to help customers assure compliance and mitigate risks associated with Infrastructure-as-a-Service (IaaS)-based applications. CWP enables organizations to gain or regain visibility and control over their dynamic multi-cloud infrastructures, as well as:

• Support the shared responsibility model of any cloud deployment by looking at the configuration settings of any cloud vendor (public) as well as those of the organization (private).
• Address the challenge of ungoverned cloud data with high-capacity cloud-based data loss prevention (DLP) and malicious content inspection.
• Help organizations assure they are compliant with industry-specific security standards by comparing activity and configurations with policies required by standards, including PCI, HIPAA, SOX, GDPR, ISO 27001, and NIST.

The Time to start is now

Multi-cloud strategies are here to stay; and they will continue to expand as they become an increasingly critical component of a digital business strategy. At the same time, cyber adversaries are looking to take advantage of the fact that most organizations have little visibility into workloads moving between different cloud environments. And they are actively building complex, multi-vector attacks designed to exploit that vulnerability.

Organizations need to establish broad visibility, granular control, and automated detection and response across their multi-cloud environment. Tools like CWP are a good place to start, but the goal should be to build a full security fabric able to span and expand as a multi-cloud strategy grows. But they need to do it now, before their environments expand much further—or before cybercriminals decide to exploit those systems for their own purposes.

Learn how Fortinet’s adaptive cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

The post Advanced Protection for Cloud Workloads appeared first on eWEEK.

Despite these tools and spending, it remains very difficult to assess how secure and protected organizations are against constantly evolving cyberattacks.

However, here is a range of methods to assess your enterprise’s security posture.

Security Scoring

Key performance indicators (KPIs) can be used to assess your cybersecurity posture across all security configurations and controls. KPIs are one way to answer the question of how secure an organization may be either as an absolute, based on its historical levels, or as compared to organizations of similar size, geographies, or business. Whether internally developed or established by industry available tools, using KPIs can provide a relative assessment that can be considered reasonable. But simply being better than the average, or improving over time, does not necessarily mean that your security is adequate for your level of risk.

Penetration Testing

Engaging a red team of ethical hackers to attempt to bypass your security configurations, controls, and teams can be very effective in understanding your enterprise’s risk of breach. These groups are experts in the latest tools, techniques, and tactics. They act like cybercriminals and attempt to breach your defenses, which is an excellent way to stress test every aspect of your security, including employee awareness. This approach helps you determine which defenses are strong and which are weak. A key limitation is that it is dependent on the expertise of the red team and it only occurs at a single point for a defined scope of the attack.

Breach Attack Simulation

Breach attack simulation (BAS), similar to penetration testing, attempts to assess the totality and effectiveness of your defenses, but it uses automation tools to seek entry, rather than human experts. BAS can be run regularly and broadly, rather than at a single point in time or scope. However, the attacks are more programmatic, so they may be less sophisticated or customized than penetration testing.

Independent Effectiveness Testing

Alongside organization-specific assessments of overall security, expert labs run independent tests of specific security tools. These tests often benefit from a larger sample set of attacks, as they are relevant to a broad set of organizations, and in many cases, will provide comparative scoring for security tools of the same type. The common downside is that they operate in a lab, rather than the real world where conditions may vary from those of your organization, particularly over time. These assessments also typically focus on just one type of control, such as network security, email security, or endpoint security. They rarely test combinations of controls.

MITRE Engenuity ATT&CK Evaluations

MITRE Engenuity’s ATT&CK Evaluations are another useful tool. These evaluations test a range of security tools that are typically in the same security category and expose them to a single or small number of sophisticated cybercriminal campaigns. These campaigns are comprised of a series of tactics and techniques that are designed to accomplish a defined cyber mission. The key benefits of this approach are that enterprise security teams gain visibility into the inner workings of security controls. They can understand not only what the solution detects but also why and how it does so. Seeing their operation can give teams more confidence in the type of protection they deliver. The evaluation goes beyond a single attack, sample set, point in time, or control. Evaluation results also can be combined across controls for a more comprehensive view of coverage or exposure.

The primary drawback is that cybercriminals’ attack tactics and techniques evolve over time and the evaluation results are constrained to the timeframe in which the campaigns are run. They also focus only on detection (and/or blocking) of the attack technique, with no ability to assess what else (including legitimate operations) might be flagged by the control.

Conclusion

Enterprises have a range of options to assess their security posture, based on individual control or as a whole. If the objective is to do more than the average organization, security scoring is a great tool. If your goal is to push security posture to higher levels, penetration testing and/or breach attack simulation are great aids. For granular assessments of individual security controls at points of exceptional risk, independent effectiveness testing can help. Lastly, for planning and implementing a rigorous and resilient defense based on capabilities across controls in aggregate, the MITRE ATT&CK Evaluation is a valuable tool.

Learn more about Fortinet’s FortiEDR solution and how it has the unique ability to defuse and disarm a threat in real-time, even after an endpoint is already infected.

The post The Value of Regularly Assessing Your Enterprise’s Cybersecurity Posture appeared first on eWEEK.

As networks shift from traditional IP-based to application-driven, reactive to predictive and manual to automated, as well as a change to support work-from-anywhere, the business outcomes and expectations to deliver enhanced user experience and instant ROI benefits remain the same. Organizations that have deployed basic SD-WAN solutions are realizing that the time and hassle of a wide-area network that needs to be reconfigured or manually intervened upon every time there’s a wider internet connectivity issue has completely negated many benefits they sought to realize by implementing SD-WAN in the first place. As a result, the need for SD-WAN to enable a self-healing network – one that automatically fixes issues before they are widely realized – from the WAN edge to the cloud edge has now become a key requirement for organizations. So what does it take to enable Self-Healing SD-WAN?

AI-Powered Application Learning:

One of the key use cases of SD-WAN solutions has been to deliver the best application experience regardless of where the application resides, whether it be from the datacenter to the cloud. In order, to deliver a great application experience for end-users, the number of applications a solution can recognize needs to be considered.

Fortinet Secure SD-WAN provides broad support of 5,000+ applications and, more importantly, this is not a static list, rather one that Fortinet continuously adapts and evolves to meet business needs. In today’s world where applications are more dynamic than ever, Fortinet’s AI-powered application learning helps not only with the scale of applications supported but also with faster application learning.

Reliable Accuracy:

Accurate application detection becomes essential to ensuring the proper prioritization of business-critical applications over those that are non-critical. However, the challenge is that over 80% of the traffic in today’s world is encrypted, and most SD-WAN solutions are unable to handle this type of traffic.

Fortinet Secure SD-WAN enables reliable accuracy even for encrypted traffic, including TLS 1.3. What makes this even more compelling for our customers is the ability to do this at scale without compromising on performance.

Advanced WAN Remediation:

 One of the big promises of SD-WAN solutions has been the remediation of WAN traffic during brownout and blackout conditions, leveraging capabilities like Forward Error Correction (FEC) and Packet Duplication. FEC and Packet Duplication have been key to enabling seamless unified communications like voice and video streaming based on critical parameters such as latency, jitter, and packet loss.

In today’s world where we rely on voice and video streaming more than ever, whether it be applications like Zoom, Webex, or Skype, the standard approach of Forward Error Correction needs a significant boost. With the latest FortiOS 7.0 release, Fortinet has advanced its WAN remediation capabilities with adaptive FEC, designed to dynamically enable FEC based on bandwidth conditions without manual assistance.

Intelligent Application Steering with passive WAN monitoring:

Beyond the number of applications supported, the accuracy and speed in which those applications can be detected must also be considered, and most importantly, the ability to steer the application in the right direction without reactively changing configurations – something many organizations struggle with.

Fortinet Secure SD-WAN provides a transport-agnostic solution to deliver the best experience over multiple paths – whether it is MPLS, broadband or LTE. Fortinet Secure SD-WAN is powered by a purpose-built SD-WAN processor that allows for faster application recognition and steering between multiple paths. The solution leverages passive WAN monitoring without adding more overhead to already burdened WAN situations. It also enables dynamic application switchover between multiple links without having to send active synthetic probes to measure WAN characteristics like latency, jitter and packet loss.

Integrating all of that functionality into a single, easy to deploy solution combined with AIOps to ensure consistent performance and reliability, enables networks to be more proactive than reactive. Fortinet Secure SD-WAN with its centralized management console can not only orchestrate connectivity, but also manage advanced routing and security functions, all through the same pane of glass. When you combine this with advanced analytics for a granular view of network and application performance, Fortinet Secure SD-WAN enables organizations to detect and respond to network anomalies and threats across the entire distributed deployment to enable a consistent, self-healing WAN experience across all edges.

Enable Self-Healing SD-WAN and take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.

The post Enabling Self-Healing SD-WAN from the WAN Edge to the Cloud Edge appeared first on eWEEK.