When next-generation firewalls (NGFW) were first introduced, they were touted as a multi-function security platform able to consolidate functionality, reduce IT overhead, and simplify setups. NGFW solutions are now the cornerstone of almost every organization’s security approach.
But not all NGFW solutions are created equal. While they may all come pre-loaded with a variety of technologies, like a firewall, IPS, VPN, web filtering, antivirus, and sandboxes, these technologies don’t always play well together. Even though they are bundled together, components might run different operating systems or require separate management consoles, and the quality across the included technologies can sometimes be inconsistent. For example, you might get an industry-leading firewall, but other components could be sub-par. As a result, IT teams face two options: compromise on security or add more devices, which entirely defeats the purpose of an integrated system.
Other barriers to a platform approach come from the increasingly complex digital landscape. Solutions must account for multi-cloud environments, physical and virtual data center infrastructures, distributed branch offices, mobile workers, and, increasingly, home offices. Keeping up with this complexity requires integrated and seamless solutions. Yet many NGFW solutions may only be available in a specific form factor or only operate in a limited number of environments. As a result, organizations often respond to this evolving network environment by deploying different NGFWs in different parts of the network, increasing complexity and security gaps while diminishing visibility, enforcement, and control.
Think of it this way. According to a recent IBM survey, organizations have deployed an average of 45 security tools inside their networks, with every reported incident requiring coordination across 19 different devices. Whether these tools were rolled out as standalone solutions or built into a single box, it is unlikely they were designed for interoperability at this level. As a result, IT teams end up spending a lot of their limited resources building and managing custom workarounds. In fact, 82% of organizations with ten or more solutions in place spend 30% or more of their time addressing vendor and solution sprawl issues. Meanwhile, the added complexity creates more attack vectors for malicious players to exploit. And without complete network visibility, breaches become harder to spot and dwell times become longer—with the average time needed to identify a breach now clocking in at 228 days.
A new security platform is in reach and this is an opportunity for you
Despite this dire picture, an integrated platform is possible—it just requires a new approach that addresses these weaknesses many organizations face. Developing an effective cybersecurity mesh architecture to secure data, workflows, and applications across dynamically evolving network environments requires an effective security platform built around three core ideas:
Go broad: Today’s unified security platform must support today’s dynamic networks by being consistently and easily deployed at every edge. And it should offer consistent protections whether deployed as a physical appliance to secure an enterprise campus or data center environment, a branch office or retail location, or a small operation, as a virtual device running natively in multiple public or private cloud environments, or as a cloud-based service protecting home offices and mobile users.
Fully integrate: An effective NGFW security platform must function as a single, integrated system. Security solutions should run on a common operating system, leverage open APIs, and use common standards. Tools from different vendors should also be able to use these standards to seamlessly connect to the platform, thereby enhancing interoperability and enabling organizations to use the best tools possible. And to maximize visibility and control, organizations should also consider a platform capable of supporting security-driven networking, which integrates security functionality with core network functionality so security policies can seamlessly adapt to dynamic networks. And all of this should use a common management system to extend visibility and control across the entire network. With this integrated approach, the security platform can correlate threat intelligence from any security device, centralize configurations, orchestrate policy distribution for consistent enforcement, and coordinate responses to any detected threat.
Get automated: With the growing sophistication and speed of today’s cyberattacks, few organizations have the time and resources to dig through log files from different solutions. Staying on top of threats requires combining global threat intelligence with AI and machine learning to detect, investigate, and respond to cyberattacks. But automation only works in a unified environment. Advanced management systems like XDR and SOAR systems for NOCs and SOCs benefit when monitored and managed devices are designed to work together.
Today’s challenges organizations will not be resolved using outdated approaches. While security platforms are still the right idea, how they are executed needs to adapt and evolve. New security strategies and systems must seamlessly span the entire network, adapt alongside the dynamic, high-performance, and hyper-connected networks they protect, and follow workflows and applications end-to-end to secure transactions and maintain optimal user experience.
By focusing on broadening deployment, integrating systems, and leveraging automation, organizations can select and leverage a security platform designed to meet their evolving needs across their expanding attack surface, today and well into the future. This is an opportunity for partners.
Sean Campbell is Director of Canadian Channels at Fortinet