Previously, network perimeters were clearly defined, traffic moved at predictable speed, data and servers lived in specific locations, and protocols spanned the entire network. Before digital transformation, securing networks was pretty straightforward. However, competing successfully in today’s digital marketplace requires one of the most rapid and comprehensive transformations of business networks in history, and security must keep up.
Security Transformation Lags Behind Digital Transformation
Legacy security systems no longer provide consistent visibility and control over today’s rapidly evolving and highly dynamic network environments. As a result, security fails to take into account new technologies, does not support new use cases, and often fails to address new regulatory requirements.
And to make matters worse, digital transformation tends to happen in a piecemeal and reactive fashion. Which means that security is being deployed as an afterthought and in isolation. The resulting vendor and solution sprawl increased complexity of management and orchestration, and stovepiped solutions reduce visibility and fracture the ability to provide consistent and comprehensive control over security events. And the cybersecurity skills gap has compounded these problems even further, forcing security teams to do more with less.
CISOs and security leaders are clearly feeling overwhelmed. Dwell time – the amount of time an attacker can remain undetected in a network – continues to grow. Attacks are increasingly successful and expensive. And even basic cyber hygiene has become increasingly rare, leaving organizations vulnerable to exploits – according to the latest Fortinet Threat Landscape Report, as many of these targeted vulnerabilities are from a decade ago as they are from this year – that should have been addressed with a consistent patching regimen.
It is time for organizations to take back control of their networks. However, this will require some radical changes in how we think about and deploy security. And those organizations that fail to take start taking these steps now may not be in business in a decade.
Radically Rethinking Security
Rather than deploying a collection of security tools across the network, organizations will need to adopt a Security-Driven Networking strategy. This approach is three-pronged:
- This next-generation security approach starts by ensuring that no network changes can occur – whether deploying a new server or building a new cloud infrastructure – unless security has been fully accounted for before the first virtual device has been spun up.
- Next, security needs to be agile and adaptable to new digital environments and user demands. This requires solutions that can seamlessly integrated into a larger security fabric and that can incorporate things like dynamic event correlation and machine learning for more efficient automation.
- Finally, security needs to be woven directly into the network itself so that it isn’t forced to play perpetual catch-up in a dynamically changing environments. Lag times between network changes and security protocol adaptations introducing security gaps can be predicted and exploited.
Adding SOAR to Your Integrated Security Strategy
A critical technology for achieving a more holistic security strategy is a solution known as SOAR (Security Orchestration, Automation and Response). SOAR solutions allow organizations to collect data about security threats from across the distributed network, correlate information, and then automatically respond to security events without human intervention.
According to Gartner, the three most important capabilities of SOAR technologies are:
Threat and vulnerability management to enable the remediation of vulnerabilities by providing formalized workflow, reporting, and collaboration capabilities.
Security incident response that spans the entire response process, from planning and management, to the tracking and coordinating of responses to a security incident.
Security operations automation to enable the orchestration of workflows, processes, policy execution, and reporting.
Fortinet Announces the Acquisition of CyberSponse
These functions are a natural extension of the integrated Security Fabric approach that Fortinet has been pioneering for the past four years. Which is why Fortinet is proud to announce the acquisition of CyberSponse, a leading Security Orchestration, Automation and Response (SOAR) platform provider. The CyberSponse SOAR solution is already integrated into Fortinet’s Security Fabric, and will further extend the automation and incident response capabilities of FortiAnalyzer, FortiSIEM, and FortiGate to further simplify security operations and reduce overhead for organizations trying to better protect their expanding digital footprint.
According the Ken Xie, Fortinet’s founder and CEO, “The growing number of security tools being deployed by enterprises have introduced operational complexity that make organizations more vulnerable to breaches. With the integration of CyberSponse’s powerful SOAR platform into the Fortinet Security Fabric we will offer customers accelerated incident response and the ability to standardize and scale processes that will enhance security posture and reduce business risk and associated costs.”
The CyberSponse SOAR platform is an ideal solution for enterprises and service providers seeking to simplify their operations while maximizing the efficiency of their security operations centers (SOCs). It does this by consolidating and triaging alerts from a wide range of security products, automating analysis and repetitive tasks to save valuable resources, and then leveraging well-defined playbooks to enable real time incident response.
Jon Oltsik, Senior Principal Analyst and Fellow at Enterprise Strategy Group (ESG), explained that “Organizations are still looking for advanced incident response (IR) capabilities that can help them be more efficient. To meet these goals, large organizations will gladly embrace a SOAR solution from Fortinet that can help them enhance automation, orchestration and response capabilities and maximize efficiencies, savings, and speed.”
The Benefits of the CyberSponse SOAR Platform
This combination of Fortinet and CyberSponse technologies will equip cybersecurity teams with a powerful, patented solution that includes an Enterprise-grade scalable architecture that streamlines SOC operations, and over 325 connectors designed to easily integrate with all major security vendors and technologies for a single, centralized point of visibility and control, and granular, role-based access control to secure user-related data.
It also includes more than 200 out-of-the-box, easy-to-configure playbooks that enable the automation of incident response action sequences as well as routine tasks. This includes the most advanced case management modules in the industry, with incident timelines and asset correlation views.
Joseph Loomis, Founder and CSO at CyberSponse, echoes the assessment of Jon Oltsik. “This is an ideal match. CyberSponse’s mission has always been to make security operations management effortless and effective with innovative, disruptive technology. The combined powerhouse of Fortinet’s Security Fabric and CyberSponse’s SOAR technology will ensure customers are protected by the most sophisticated global security operations platform, with hundreds of integrations for streamlined out-of-the-box playbook execution.”
Digital Transformation Requires an Advanced Security Strategy
Moving aggressively into today’s marketplace is essential for organizations looking to compete in the new digital economy. But the rush to embrace new business models and digital resources should not come at the expense of security. Strategic planning needs to include the adoption of a Security-Driven Networking strategy, the implementation of an integrated Security Fabric, and the deployment of a centralized SOAR platform to ensure visibility, control, orchestration, and automated response to cyber events that occur anywhere across today’s distributed and expanding networks.
Get to know the CyberSponse SOAR platform by watching this video:
Learn more about this news and how to empower security operations teams to achieve higher efficiencies and accelerate incident response.