Tuesday, December 18, 2018

Common SD-WAN Security Mistakes


Digital transformation is about much more than moving workflows to the cloud and adopting IoT. It is about retooling the entire network to make it faster, more efficient, much more flexible, and cost-effective. Which means it also includes things like agile software and application development, rethinking access and onboarding, and creating dynamic and adaptable network environments.

Top of the list for many organizations is the adoption of SD-WAN, which extends the advantages of digital transformation to branch offices. It provides them with instant access to distributed resources, whether they are located in a central data center, in a multi-cloud deployment, or somewhere else across the connected network. And it does this without the rigid implementation requirements and expensive overhead of traditional MPLS connections. 

Common SD-WAN Security Mistakes


The challenge is that SD-WAN is often adopted with only a cursory consideration of security. SD-WAN projects tend to be driven by the networking team, and a lot of organizations get so swept up in the cost-saving benefits of SD-WAN that they completely forget about security. 

Part of the problem is that the vendor community has done a poor job of integrating meaningful security into their solutions. There are currently over 60 vendors offering SD-WAN solutions, and nearly all of them only support IPSec VPN and basic stateful security, which is not at all enough to protect your branch against evolving cyberattacks. As a result, organizations having to add additional layers of effective security after their SD-WAN solution has already been deployed. This mistake not only puts the organization at risk due to their running an unsecured solution, but the process of bolting on security after the fact – often using the legacy security tools in place that were never really designed for the complexities of an SD-WAN deployment - creates unnecessary complexity and overhead, thereby increasing total cost of ownership.

Essential SD-WAN Security Requirements


To address these challenges, here are four security strategies that need to be part of any SD-WAN solution and strategy:

1. Insist on Native NGFW Protection


To begin, organizations must choose an SD-WAN solution with built-in NGFW security. This advanced security enables consistent inspection, detection, and protection across the entire SD-WAN, from branch to cloud to core, as an integrated function of any SD-WAN deployment. It also enables protection to natively follow workflows, data, and applications even as the SD-WAN network shifts and adapts to changing networking demands – a function that most legacy security solutions struggle to perform. Of course, not all security solutions are the same, so it is even better if that integrated NGFW security solutions has been verified by a third party for its security effectiveness. 

2. Integration is Fundamental


The other challenge is that you don’t want to deploy yet another stand-alone security solution. Fractured visibility and device-by-device policy orchestration simply adds more complexity to an already complicated challenge of securing today’s distributed digital networks. So the next thing you need to ensure is that the security strategy you choose for your SD-WAN deployment can be easily and seamlessly integrated into your existing security architecture. Choosing a solution that functions as part of a broader security fabric gives your organization a stronger security posture by providing transparent views of network security, centralized management controls, and threat intelligence sharing and correlation.

3. SD-WAN Traffic Must Be Encrypted


The challenge of replacing MPLS with a broadband connection is that public Internet is generally less reliable, which can be a serious issue for digital businesses and users that demand instant access to resources and data. In addition, nearly 90% of all organizations have implemented a multi-cloud strategy, which each require their own separate connection. As a result, most organizations deploying SD-WAN use multiple broadband links to connect the enterprise branch to the core network as well as to reach the multi-cloud. Every such connection, however, also expands your potential attack surface.

In addition, organizations are increasingly deploying cloud-based SaaS applications such as Office365 and Salesforce so their entire workforce is able to collaborate with maximum efficiency. These connections may often include critical information that needs to be protected. This is why using VPN as a transport security overlay is a fundamental component of any SD-WAN solution, and why it’s also essential that these VPN solutions provide very high performance combined with dynamic scalability. 

4. Encrypted Traffic Must Be Inspected


Secure connectivity, however, isn’t enough in digital business environments that measure success in microseconds. As SSL (HTTPS) traffic increases, attackers are hiding malware inside encrypted tunnels to evade detection. Unfortunately, most SD-WAN vendors that only offer basic security do not provide SSL inspection, or if they do, it is woefully inadequate. This is the most common mistake we see when enterprises deploy SD-WAN. 

One of the challenges is that even if security teams do manage to bolt on security to their SD-WAN deployment, SSL inspection will cripple the performance of nearly every legacy NGFW solution on the market. It’s so bad, in fact, that most security vendors won’t even publish their SSL inspection performance numbers. However, few organizations competing in today’s digital marketplace are willing to sacrifice performance. So real SSL inspection is either applied haphazardly or not at all. This is why it’s essential that in addition to scalable VPN connectivity, you also take a close look at SSL inspection numbers provided by third-party testing labs to ensure you select a solution that meets your performance and security requirements.

Our experts say about Fortinet Certification Exams



Tuesday, December 11, 2018

Helping Exponential-e Navigate the Changing Threat Landscape


The Need for a Modern, Efficient Solution


To continue to provide their customers with the peace of mind that Exponential-e strives for, it was clear that their managed firewall service would have to be updated to keep up with advancing requirements.

Exponential-e already had an established Fortinet Managed Firewall offering, which helped their customers protect their corporate networks from security threats and unauthorised access attempts. However, although the deployed FortiGate models were suitable at the time of implementation, the technology which powered these devices was aging. And because the threat landscape had evolved, their clusters were operating at maximum capacity and there was no system for centralised management. This meant that managing and operating these systems was time consuming and potentially insufficient. As a result, Exponential-e was looking to update and relaunch their Managed Firewall offering as a Managed Next Generation Firewall (MNGF) service, which would help to meet a number of security and operational concerns while keeping their solutions in line with the objective of becoming a managed security service provider (MSSP).

Another issue was that their current infrastructure had become unnecessarily costly to deploy and maintain. As a service provider, Exponential-e was keen to ensure maximum operational efficiency and therefore needed to increase the cost effectiveness of their offering.

Finally, Exponential-e was also driven by increasing customer demand for more visibility into threat data. Increasingly, customers prefer this approach to a ‘black box’ service, so Exponential-e required an interface which could provide their customers with higher visibility and advanced admin capabilities.

Meeting Exponential-e’s Requirements


To address these concerns, Fortinet worked closely with Exponential-e to build a solution strategy that would continue to help them drive their business success forward. Fortinet provided a range of complimentary products to meet Exponential-e’s initial requirements, including two FortiGate enterprise firewalls, along with FortiManager, FortiAnalyzer, FortiPortal, and FortiDeploy.

Rather than implementing a rigid product set that would rapidly become outdated, Exponential-e also needed a security infrastructure that could adapt to emerging threats. As a result, Fortinet’s FortiGuard security services subscription was an ideal solution as it provides constant updates to ensure customers are equipped to deal with the latest emerging threats. This solution is also backed up by Fortinet’s large, dedicated FortiGuard research team, which constantly scours the cyber landscape to discover, pre-empt, and block developing threats, enabling Fortinet customers like Exponential-e to rest assured that their offerings are updated and robust enough to stand up to emerging attacks.

This solution also met Exponential-e’s requirement to promote higher operational efficiency. Their new Fortinet solution has enabled Exponential-e to provide more efficient automated services for their customers, thereby reducing the overall costs for the ongoing maintenance and support of the managed services they offer. As a service provider who manages systems on behalf of their clients, this was an important concern to address. Fortinet’s easily deployed infrastructure provided higher efficiency, empowering Exponential-e to manage a greater number of solutions in a more efficient manner.

Success Secrets: How you can Pass Fortinet Certification Exams in first attempt


Sunday, December 2, 2018

Mobile Malware Attacks Are Prevalent - fortinet certifications


Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced the findings of its latest quarterly Global Threat Landscape Report. The research reveals threats are increasing and evolving to become more sophisticated. Unique threat variants and families are on the rise, while botnet infections continue to infect organizations. For a detailed view of the Threat Landscape Indices for exploits, botnets, and malware as well as some important takeaways for CISOs read the blog. Highlights of the report follow:


  • Threat Development Continues to Be a Top Focus for Cybercriminals. Cybercriminals are not only expanding their attack arsenal but also developing new strategies for breaching defenses. Unique malware variants grew 43%, while the number of malware families grew by nearly 32%. The number of unique daily malware detections per firm also rose 62%. In line with these trends, unique exploits increased nearly 10% and the number of exploit detections per firm rose 37%. Cybercriminals continue to evolve threats by creating unique malware variants and families, demonstrating the ongoing importance of threat intelligence and assessment tools.
  • Mobile Devices Remain a Target. Over one-quarter of organizations experienced a mobile malware attack, with the majority being on the Android operating system. In fact, of the threats organizations faced from all attack vectors, 14% of total malware alerts were Android related. By comparison, only .000311% of threats were targeted at Apple iOS. Mobile threats are a looming threat that must be addressed, especially as the mobile-shopping holiday season nears. These threats can become a gateway for corporate networks to be exploited. Criminals know mobile is an accessible target for infiltrating a network, and they are exploiting it.
  • Cryptojacking is a Gateway to Other Attacks. Cryptojacking remains prevalent and continues to grow in scope. The number of platforms affected by cryptojacking jumped 38% and the number of unique signatures nearly doubled in the past year. These include new sophisticated platforms for advanced attackers as well as “as-a-service” platforms for novice criminals. IoT botnets are also increasingly leveraging cryptojacking exploits for their attack strategy. Although it is often considered to be a nuisance threat that simply hijacks unused CPU cycles, security leaders are realizing how cryptojacking can become a gateway for additional attacks. Underestimating the repercussions of cryptojacking places an organization under heightened risk.
  • Percentage of Malicious Network Traffic is Higher on Weekends or Holidays. Data shows malicious network traffic represents a higher percentage of overall traffic on weekends and holidays as business traffic slows down significantly since many employees are not working during this time. For many organizations this may be an opportune time to sweep for malware because as the “haystack” of traffic becomes smaller, the chance of finding malicious “needles” is much greater. With cybercriminals using more automated and sophisticated techniques, any opportunity to increase visibility can be an advantage.
  • Burstiness of Botnets. The botnet index rose only 2%, though the number of infection days per firm increased 34% from 7.6 days to 10.2 days. This may be an indication that botnets are becoming more sophisticated, difficult to detect, or harder to remove. It may also denote a failure to practice good cyber hygiene in general by some organizations. The importance of consistent security hygiene remains vital to thoroughly addressing the total scope of these attacks. Sometimes botnets can go dormant, only to return after normal business operations have resumed, if the root cause or “patient zero” is not determined.
  • Encrypted Traffic Reaches a New Threshold. Encrypted traffic reached a new high, comprising 72% of all network traffic, up from 55% just one year ago. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a challenge for traditional security solutions. The critical firewall and IPS performance limitations of some legacy security solutions continue to limit the ability of organizations to inspect encrypted data at business speeds. As a result, a growing percentage of this traffic is increasingly not analyzed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.

Digital Change Requires a New Approach to Security


The threat data in this quarter’s report once again reinforces many of the threat prediction trends unveiled by the FortiGuard Labs global research team. To stay ahead of the ongoing efforts of cybercriminals, organizations need to transform their security strategies as part of their digital transformation efforts. Isolated, legacy security devices and poor security hygiene continue to be a formula for increased risk to today’s threat landscape as they do not provide adequate visibility or control. Instead, a security fabric that spans the entire expanded network environment and is integrated between each security element is vital to address today’s growing threat environment and to protect the expanding attack surface. This approach enables actionable threat intelligence to be shared at speed and scale, shrinks the necessary windows of detection, and provides the automated remediation required for today’s multi-vector exploits.

Report and Index Overview


The Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of global sensors during Q3 2018. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter. The report also examines important zero-day vulnerabilities and infrastructure trends to add context about the trajectory of cyberattacks affecting organizations over time.