Today’s networks, and the people and things that access them, are more distributed than ever. The ongoing explosion of network edges that spanned data centers, wide area networks (WAN), local area networks (LAN), OT networks, and cloud access security brokers (CASB) now also include LTE, off-net resources, and the new home office. And many of these resources are now accessed through the public internet.
This increasingly distributed network approach enables people to work from anywhere: from branch offices, from home, from vehicles, and countless other locations. But for companies to be as agile and adaptive as they need to be, application availability and user experience need to be consistent. And at the same time, these users and various end-user and IoT devices also need to connect seamlessly and securely to those resources.
From a security perspective, however, the net result of this massive expansion and distribution of users and resources is that the network perimeter across the entire infrastructure has splintered. This situation has made applying consistent enterprise-grade protections and policy enforcement and maintaining broad visibility and control almost impossible using traditional security solutions. Although the need for cloud-delivered security for remote users has received the most notice because of the almost overnight move to working from home, consistent security everywhere is the key.
For large enterprises, campus office and secure connectivity to the data center remains relevant because the migration from the data center to cloud will take time. The need for consistent security continues to be important to provide full protection without compromising data.
It's also critically important to have the same security deployed everywhere, especially in the branch, to stop lateral movements of threats inside the branch LAN or to prevent criminals from using the “weakest link” in the security profile to launch attacks against the rest of the network.
Keeping Up with Changes
Today’s networks are designed to be highly agile to accommodate the needs of today’s distributed and mobile workforce, but most traditional point-product security solutions are not. So, a dynamic network environment may leave critical resources and data unprotected while legacy security solutions – without a platform approach to provide consistent, end-to-end protection – struggle to keep up with expanding infrastructures and shifting resources.
Security needs to span across all network edges. But the problem is that many of the technologies an organization needs to create a consistent security framework across the
network don’t work together. Instead, security has often been tacked on piecemeal as networks expanded, without any type of unifying security strategy.
As a result of this approach, many organizations have now amassed a wide variety of isolated security tools that are designed to protect only a single function or segment of the network, often working in isolation. In this type of siloed, multi-vendor environment, maintaining network-wide visibility and consistent policy enforcement is almost impossible. This vendor and solution sprawl also introduces more risk and complexity as IT staff struggle to maintain and monitor a wide range of security and networking solutions, each with its own management interfaces and consoles. Already stretched to the limit, staff members also have to stay ahead of the multitude of threats that continue to morph, change, and expand.
Obviously, this type of ad hoc approach can’t scale. Security can't be cobbled together as an afterthought; it needs to be everywhere.
Consistent Security Everywhere, In Any Form Factor
A unified security platform that is designed to cover the extended digital attack surface can enable broad, integrated, and automated security, which reduces complexity and closes the security gaps that are often found in multi-vendor environments. It needs to be available in all form factors, including cloud-delivered, virtual, hardware, and container. A platform that is capable of delivering consistent security everywhere, in any form factor—cloud-delivered, virtual systems, physical hardware, and container-based solutions—should span these areas:
- Next-generation firewalls (NGFWs): Filter network traffic to protect an organization from internal and external threats. Content inspection capabilities not only need to provide the ability to identify and block attacks, malware, and other threats, they also need to function at the digital speeds users require, even when dealing with things like streaming video or encrypted traffic.
- SD-WAN: Delivers both networking and security capabilities in a unified solution. This approach delivers application performance, consolidated management, and advanced protection in a single, integrated system designed to improve user experience, which is a fundamental goal for digital transformation efforts.
- Secure Access Service Edge (SASE): Combines security and networking and delivers it anywhere users and devices are located through a cloud-based consumption model that provides protection for remote users and lean IT looking for thin edge appliances to shift from capital expenditures to operating expenses. SASE helps eliminate security gaps without affecting user experience.
- Zero Trust Network Access (ZTNA): Provides controlled remote access to applications to remote users, home offices, and other locations. ZTNA offers a better user experience than a traditional VPN while providing a more granular set of security protections.
- Wireless WAN and LTE: Extends network connectivity and security beyond the WAN edge for secure, scalable, and highly available network connectivity anywhere. This can either be part of a powerful backup solution or as a primary connection service in remote locations where other services are unreliable or unavailable.
- Adaptive cloud security: Covers all public clouds, software-as-a-service applications, and hybrid cloud deployments to deliver consistent, seamless security that follows applications and data.
Stay Ahead of Attacks
A coordinated, integrated security strategy built around a unified security platform provides broad deployment to any edge, deep integration between solutions, and cross-network automation to quickly respond to threats targeting any segment of the network. This approach uniquely enables organizations to provide consistent coverage across the entire attack surface, especially to stay ahead of new, more sophisticated threats.
And this is particularly important because organizations aren't the only ones embarking on digital transformation. Cybercriminals are also taking advantage of machine learning, artificial intelligence, and the power of clouds and automation to create ever-more coordinated, large-scale, and automated attacks. For organizations operating in this new digital marketplace, the risks are higher wherever and whenever security gaps exist. This makes it critical for context-aware, high-performing security to be embedded into the connectivity and compute layers. A unified, self-healing security ecosystem that spans across devices, users, and applications can minimize gaps and provide timely and coordinated preventions across the entire attack lifecycle.
Nirav Shah is vice president of products and solutions at Fortinet.