College and university business and financial offices are busy collecting student data and processing credit card payments for everything—from tuition to residence fees. University human resource departments regularly use employees direct deposit and health insurance data. This stockpile of sensitive payment and personally identifiable student information, coupled with limited IT resources, makes schools a playground for cyber criminals.  In fact, in 2016, education surpassed healthcare as the sector most targeted by ransomware, the fastest growing cybercrime today.

Ransomware outbreaks, including Petya and WannaCry, cost businesses $1 billion in 2016. Even so, school administrators—even some IT professionals—have a false sense of security in their Mac-heavy environments, with usage rates of 70 percent in K-12 and 80 percent in higher ed.

While Macs are perceived as being “safe” from malware, Mac’s small market share may largely be the reason for fewer attacks, rather than the vulnerability level of the Mac OS X. In fact, attacks on Macs were up 744 percent in 2016.

Ransomware is Getting Smarter

Ransomware doesn’t require entry to the MacOS operating system, not even special privileges. It just needs to target personal files stored in the user’s home directory. Hackers target unsuspecting users with malicious downloads launched from email and social media platforms. If they connect to your network, all it takes is a network vulnerability for the ransomware to take hold.

Hackers are creating new malware that runs on multiple platforms. They’re also scaling up attacks through ransomware-as-a-service (RaaS)—pre-configured ransomware packages offered to “franchisees” in exchange for a cut of the ransom money. FortiGuard Labs recently discovered an RaaS that uses a web portal hosted in a TOR network, possibly the first attack on a non-Windows operating system and the first RaaS to target MacOS.

Education is Your Best Defense

While Mac-specific ransomware attacks haven’t hit the level of Windows occurrences, the risks— the encryption of files to prevent access—are equally serious. To avoid them, schools should:

1. Patch early and often. Pay close attention to Apple’s security updates and apply all patches quickly.
2. Backup devices. Use Apple’s Time Machine service to make redundant backups, storing the most critical information offline. Scan backups for vulnerabilities
3. Encrypt data stored on devices. While this may not be effective against many ransomware variants, it can protect against malware that is designed to steal files and data.
4. Install an endpoint security client. Carefully research security vendors to assure their solutions will protect devices and tie that security back into your network security strategy, allowing you to leverage and share threat intelligence.
5. Cover all threat vectors. Email is still the biggest vehicle for transmitting ransomware, so deploy an appropriate email security solution, along with web security tools, wired and wireless access controls, cloud-based security, and network segmentation to detect, respond to and contain threats found anywhere in your distributed environment.

Ransomware is evolving, and educational institutions can’t afford to be lax. As a value-added distributor of the Fortinet Security Fabric, Fine Tec can help you ensure that your educational customers are aware of ransomware risks to Macs and have a plan in place to counter them. Contact us to learn more.

Earlier this summer, Gartner named Fortinet’s unified threat management (UTM) solution a Magic Quadrant leader for the eighth year in a row. This news presents a valuable opportunity for SMBs seeking a less complex, more scalable security approach.

According to a Fortinet press release, Gartner recognized Fortinet for its “completeness of vision” and “ability to execute on that vision.” Fortinet’s FortiGate UTM is positioned in the highest ranks for its capacity to execute, feature/price/ performance combination and its perennial presence on SMB shortlists. In fact, Gartner says Fortinet is the most frequently shortlisted vendor for SMB and distributed office use cases among all competitors.

It’s no surprise, as Fortinet’s UTM pairs the most advanced security technology on the market with easy management and control required by today’s SMB and distributed office environments. Based on the industry-leading FortiOS operating system, Fortinet’s FortiGate UTM combines the security and feature sets of Fortinet’s FortiGate firewall, FortiAP wireless access points and FortiSwitches into a single, easy-to-manage compact appliance that offers:

• Advanced security, including enterprise firewall, intrusion protection system (IPS), virtual private network (VPN) inspection, web application firewall (WAF), SSL inspection and cloud-based sandboxing.
• Performance networking, handling routing, load balancing, WAN optimization, 3G/4G connectivity and 802.11ac Wi-Fi.

With Fortinet’s UTM, SMB customers have the enterprise-grade networking and security features they require without the enterprise-grade headaches that come with managing complex, multi-vendor point solutions.

SMB Cybersecurity Challenges

The need for robust UTM protection exists because SMBs are being targeted by attackers who know smaller companies have the same type of lucrative data (banking information, personal data, social security numbers, etc.) as larger organizations but are often far easier to infiltrate. Not only do SMBs have fewer staffing and resources than their larger counterparts, but attacks on SMBs are also likely to have more dire consequences; the National Cyber Security Alliance finds that 60% of small companies go completely out of business within six months of suffering a cyberattack.

Gartner’s validation of Fortinet makes the UTM purchase decision easier for SMBs searching for a tried-and-true security solution that is both feature-rich and easy to deploy/manage. Built on Fortinet’s industry-leading security and networking expertise, the FortiGate UTM offers a more powerful, scalable UTM with the added advantage of Fortinet’s Security Fabric approach. Since each tool in Fortinet’s Security Fabric, including its UTM, can dynamically share threat intelligence and coordinate response SMBs can identify, thwart and mitigate security attacks faster and more accurately—even as their business and networks become more complex.

With Fortinet in their corner, SMBs are ready to face even the most advanced, persistent and sophisticated attacks without having to over-tax their staff—or their budgets. As a value-added distributor of Fortinet solutions, Fine Tec can help you deliver to your SMB customers the advantages of a simpler, more scalable security architecture with the award-winning security and performance capabilities provided by the Fortinet UTM solution. Learn more.

SMBs are moving to the cloud in droves, with a recent Techaisle survey finding that 94 percent expect to be using some type of software-as-a-service (SaaS) application by year’s end. While those SMBs that move to the cloud are poised to reap several benefits, from costs savings to scalability, they are also opening themselves up to a new range of cyberattacks that threaten to put those benefits – and their company as a whole – at risk. Fortunately, Fortinet has extended its SMB-focused unified threat management platform (UTM) to the cloud, ensuring that your SMB customers can fully protect their SaaS workloads with industry-leading SaaS-ready security.

SAAS on the Rise

Drilling down into the Techaisle numbers further, it becomes readily apparent that many SMBs are becoming cloud-first organizations, with small businesses expecting a 140 percent increase in SaaS usage and mid-market firms increasing their number of SaaS applications by 80 percent. The move makes sense because the cloud is designed specifically to offload the time- and resource-intensive tasks few SMBs can handle in-house while providing the on-demand infrastructure and scalability a growing business needs.

Consequently, many new SMB converts to SaaS are implementing business-critical SaaS apps, including:

• Customer relationship management (CRM)
• Enterprise resource planning (ERP)
• Supply chain management
• Inventory management
• Marketing automation
• Customer service

The result is an always-on business in which even far-flung employees and small offices can access enterprise-grade business applications anytime, anywhere.

SMBs Under Fire

All that flexibility, however, comes with a price. As more SMBs put more mission-critical data in the cloud, they also find that they are increasingly targeted by attackers looking for fast, easy scores. In fact, Verizon’s latest Data Breach Investigation Report (DBIR) found that attacks on small businesses are on the rise, with 61 percent of all victims that reported a breach last year having fewer than 1,000 employees.

In the past, SMBs could provide their organizations with baseline security using UTM appliances strategically located throughout their environments. Such UTM wares offered SMBs the best of both worlds: strong, flexible networking and security in an easy-to-manage and deploy form factor. But with the move to the cloud, all bets are off as on-premises security solutions no longer have the access or visibility into critical cloud-based workloads.

Cloud-Ready Security

Enter Fortinet’s FortiGate UTM. Fortinet recently expanded its FortiCloud management solution to encompass its FortiGate UTMs, the SMB-focused all-in-one security solution that Gartner just named a Magic Quadrant leader in the space for the eighth year in a row.

The move means SMB customers using FortiGate UTM appliances can now deploy, manage and service their entire security and networking posture from a single pane of glass using Fortinet’s innovative Security Fabric architecture. Fortinet’s fabric uniquely enables all security and network tools to work together in concert to identify, mitigate and stop all manner of attacks in real time, no matter where they occur, on-premises or the cloud.

As a value-added distributor of Fortinet solutions, Fine Tec can help you deliver the advantages of UTM simplicity in the cloud. Learn more.

In 93% of data breaches reported within Verizon’s latest Data Breach Investigations Report, compromise occurred in minutes or less, and the average malware hash was visible for only 58 seconds. These scary stats just go to show that hackers are faster and more sophisticated than ever, armed with threats and attacks that leave traditional, reactive security tools in the dust. To even the playing field, enterprises need to deploy faster, more intelligent defense tactics – strategies built with intelligent security automation at its core.

Network Complexity Creates Complex, Security Challenges

Just as hackers are becoming more sophisticated, enterprise networks are becoming more complex. The days of a single data center supporting employees bound to their desktops are over. More companies are:

• Going mobile, with IDC expecting mobile workers to account for 72.3% of the total U.S. workforce by 2020.
• Using public cloud services, with Gartner projecting the market for public cloud to hit $318 billion by 2019.
• Deploying Internet-of-Things (IoT) initiatives, with Gartner forecasting the number of IoT devices to reach 20 billion by 2020, the majority of which will not only be connected wirelessly, but also be “headless,” with no security capabilities at all.

To manage all this complexity and keep data secure requires a complete rethink of security. You can’t rely on reactive, siloed, signature-based solutions to detect attacks amid the ever-evolving threat landscape.

In today’s complex world, you need security that’s comprehensive, intelligent and automated to identify and proactively thwart attacks before they wreak havoc on your network. But getting there isn’t easy. It requires three primary building blocks:

1. Intelligence: The ability to process and store huge amounts of data gathered from every point across the distributed network — from data center to cloud and back again.
2. Wisdom: The ability to know what to do with all that intelligence; for instance, what does it tell you about your environment and how it’s changing? End-to-end visibility is a key prerequisite. You can’t know what you can’t see.
3. Automation: The ability to take action on that wisdom, automatically and proactively, to stop attacks before they can even get started. After all, fast attacks require even faster response.

With intelligent security automation, security is built directly into the network to ensure every component acts together to gather intelligence, hone wisdom and proactively and automatically respond to security events. It sounds like a futuristic proposal, but our partner Fortinet actually addresses all these building blocks in its Security Fabric architecture.

Fortinet Security Fabric Paves Way to Intelligent Security Automation

With the Fortinet Security Fabric,

every security component in your network – across data center, mobile, IoT and even the cloud – is woven together in on one comprehensive, scalable, API-based fabric. Each component is able to communicate and collaborate with all others, no matter where they are, how they communicate, or most importantly, what vendor they come from.

Together, the fabric provides a single end-to-end view of your entire network, enabling you to fully understand the threats you face while automating the best response.

As a value-added distributor of Fortinet solutions, Fine Tec can help you guide customers on a successful path to intelligent security automation. Learn more.

FortiCloud – Up to 70% off FortiCloud Multitenancy License

With our latest release, FortiCloud has the ability to manage the world’s most popular UTM from the cloud. Access customers’ FortiGate Firewalls from any browser, anywhere, and at any time, simplifying the effort to service customer networks, and easily adding a recurring revenue stream to your business. And, until December 31, partners can receive up to 70% off FortiCloud Multitenancy Licenses, so you can view all managed accounts and devices on one screen.

NSE Xperts Academy (US)

NSE Xperts Academy is Fortinet’s premier training event for top partner sales engineers in the US. The event takes place at Hotel ZaZa in Dallas, Texas, October 22-October 27. Throughout the event, attendees participate in a deep-dive technical track of your choice delivered by Fortinet subject matter experts. All attendees must have at least an NSE 4 certification. Space is limited to 100 attendees (only one attendee per partner). Apply today!

40% Savings on NSE Exams

Now through December 31, you can order Pearson Vue certification testing vouchers at a 40% discount directly through an Authorized Fortinet Distributor. Vouchers are available for NSE 4, NSE 5, NSE 6 (combined exam), NSE 7, and NSE 8 (written and practical). More information is available on the Partner Portal.

Fortinet Launches Global FortiGuard Threat Intelligence Service

Fortinet’s newest offering arms cybersecurity leaders with cyber situational awareness highlighting and prioritizing the latest threat trends and risks. The service empowers CISOs to effectively communicate these risks to the C-Suite while also enabling more efficient management of Security Operations to maximize resources and proactively defend against trending threats. Fortinet’s FortiGuard Threat Intelligence Service is available as an open beta today – click here to learn more.

SWAT Training – Coming to a City Near You!

The SWAT team has set an ambitious goal of training 500 partners by year’s end. This free training is designed to showcase the capabilities of our secure wireless solution, and can even be considered lead-in training for NSE 6. The best part? Attendees walk away with the training bundle kit they work with during training! For more information, please contact your Channel Account Manager.

News to Share:

Ken Xie Named a Top 25 Innovator of 2017 by CRN

The list highlights the 25 Most Innovative Executives in enterprise IT who recognize today’s biggest business challenges and find the most creative ways to solve them.

CRN: 33 Hot New Security Products Announced at Black Hat 2017

Fortinet’s Global Threat Intelligence Service makes the cut.

 

Fireside Chat with Panasonic Avionics: Talking Security for In-Flight Infotainment

Fortinet recently talked with Panasonic Avionics to learn about the company’s security priorities and the tools they use to keep customers’ information safe on today’s connected aircraft.

Upcoming Events

Inconvenient time? All of our events are available on-demand on our events page.

NSE Threat Intelligence Insider: August 2017

Learn more about the recent threats and how Fortinet’s Security Fabric protects against them.

Thursday, August 17, 11am EDT

Register

NSE Solution Insider: FY2018 E-Rate Training

Tuesday, September 26^th, 11AM EDT

Register

In a recent email, an esteemed co-worker* typed ‘could era,’ when he/she intended to write ‘cloud era.’ Or perhaps they were the victim of another one of those unfortunate spell-check autocorrects like ‘covfefe’ may have been – or not. It’s best to leave that to the political pundits to try to decipher.

But that coworker’s innocent typo is food for thought. How many IT managers out there are still wrestling with maximizing the potential of private, public or hybrid clouds? What is keeping them from getting from a best-effort ‘could’ to a fully optimized, powerhouse ‘cloud’ that supports critical business initiatives while streamlining the network?

Network Functions Virtualization (NFV) has been identified as an important step in full cloud optimization. However, a recent survey found several factors inhibiting the adoption of NFV. The leading factor cited was the lack of a compelling business case. Certainly it is hard to quantify the return on investment (ROI) of ‘soft’ benefits like reducing the time needed to deploy new services, achieve greater flexibility in network management, and to improve the end-user experience. However, many of these variables can be recast into pure CAPEX and OPEX numbers that will help prove the case.

We’ve also heard from numerous IT managers that implementing NFV, and SR-IOV in particular, is difficult to the point of hair-pulling frustration. On this and the previously mentioned concern, Array can help.

Array’s AVX Series Network Functions Platform is the first product of its kind to fully address the problems of deploying network functions virtualization, specifically in the realm of networking, security and application delivery virtual appliances (VAs) and virtualized network functions (VNFs).

In terms of building the business case, the AVX Series offers several capabilities that can be directly tied to CAPEX, OPEX and ROI. For example:

• Consolidate the functions of multiple (and expensive) physical/dedicated appliances (such as next-gen firewalls, SSL VPNs, load balancers and WAFs) into a single, one- to two-RU platform – saving rack space, power, cooling and other costs
• Deploy best-of-breed VAs or VNFs on the fly, with a streamlined configuration and the ability to service chain functions (more on that later)
• Pay-as-you-grow – rather than investing all at once and up front, you can purchase Array licenses singly, or in 4, 8, 16 or 32-packs. (Depending on the model and instance sizes, the AVX Series supports up to eight, 16 or 32 instances.) So if you need just a few instances of networking or security functions now, you can easily upgrade later to support more instances
• Choose the size instance that meets your needs, and receive guaranteed performance per instance. For example, you might select a small instance size for an SSL VPN VA that receives fairly light usage (like IT staff remoting in to a management console), but choose a large instance size for a NGFW function that is a main security measure protecting multiple servers and other assets
• Select best-of-breed technologies. While there are a number of “combo” products available that combine two or more functions on a single dedicated appliance, typically two key issues arise: First, the manufacturer may specialize in one function, while others are afterthoughts that cannot really be seen as best of breed. Second, every physical appliances has limits on the amount of resources (compute, I/O, etc.) available. It’s not uncommon to see performance issues for the ‘afterthought’ technologies that can impact user experience, due to resource contention

Demystifying and streamlining NFV and SR-IOV deployment is another area where Array’s Network Functions Platform shines. As mentioned above, one of the factors that have slowed NFV adoption is the sheer complexity of deployment. Adding to the problem is that IT staff retraining and reskilling are costly and time-consuming.

The AVX Series abstracts and streamlines the complexity of NFV deployment and management, and offers an easy-to-use WebUI to further simplify set-up and deployment. VA/VNF licenses for Array and other best-of-breed products (such as Fortinet FortiGate NGFW and Positive Technologies’ WAF at present) can be ordered directly from the interface.

Instances can be created or modified size-wise on the fly. Set-up of SR-IOV for instances is similarly simplified. All required configurations are accomplished with just a click or two. Service chains or topologies can also be set up with just a few clicks. For example, traffic could first be routed through a next-gen firewall VA, then to one or more application delivery controller VAs for load balancing across multiple servers, all within the AVX Series.

NFV is a goal for many organizations worldwide. With the AVX Series Network Functions Platform, getting from ‘could’ to ‘cloud’ has never been easier.

For a brief overview of the AVX Series, see our corporate video. For a more in-depth discussion, see one of our recent webinars titled Consolidating ADCs on Next Gen Network Functions Platforms.

SD-WAN technology is fast growing in popularity. It enables an organization to connect distributed facilities for a much lower cost than traditional technologies like MPLS (multiprotocol label switching). An SD-WAN can be very secure, but only if it’s approached the right way. Expanding a network increases the scope of any existing risks, so securing it becomes more important than ever.

What is SD-WAN?

The term, SD-WAN isn’t precisely defined. It’s a set of enabling technologies based on the SDN (software-defined network) architecture. It lets a network’s architecture use any available transport mechanisms. Paths adjust dynamically to traffic and outages. The network is under a single point of control, usually a GUI control panel. Network-wide end-to-end encryption lets data safely move through the Internet.

Most often the unifying software is cloud-based. This isn’t a requirement, but it’s common enough that people often think of SD-WAN as cloud-based private networking.

Having a fast private network that isn’t restricted by geography offers many advantages. Offices can share servers. Communication by VoIP and video reduces the need to travel for meetings. It’s easy to send documents without resorting to insecure channels.

In the past, MPLS has been the most common way to connect locations in a WAN. It’s expensive, though. It often requires substantial work to set up the “last mile” connection. An SD-WAN can mix MPLS with public Internet connections or go entirely over the Internet.

Security Concerns

Network-wide encryption is a basic requirement of an SD-WAN, but it’s only one piece of security. All the issues that affect a local network increase in scale when a LAN becomes a WAN. If it’s bad when SMB-propagated malware like Wannacry or Petya spreads across one office, it’s worse when it spreads through the whole enterprise.

It’s necessary to build security into the entire network. Every access point is a potential weakness. That includes mobile devices, routers, PoS terminals and IoT devices (Internet of Things). A bigger network has a bigger attack surface and is more complex to manage. The approach to security needs to be as elastic as the network it protects.

Addressing The Challenge

Just as SD-WAN technology brings remote components together into a single network, the security system needs to treat them all as parts of an interconnected whole. The multitude of threats in today’s world requires a layered security strategy. When some of the equipment is far away, keeping track of everything through software becomes even more important.

Controlling access is the first step. Transient devices, such as mobile phones and machines coming through a VPN, need to be identified and authorized. The firewall needs to block inappropriate traffic.

Security software on individual machines should communicate with the rest of the network. An attack on one machine may warn of a threat to the others.

Monitoring needs to cover the whole network and catch any abnormal activity quickly. The faster attacks are discovered, the less damage they can do. The response may be an automated action, a notification to an administrator, or both.

Fortinet’s Security Fabric integrates every aspect of the network into a collaborative whole. It brings together diverse technologies to protect a network that spans multiple data centers, on-premise and remote endpoints and the cloud. It doesn’t just identify known malware but analyzes network behavior to catch previously unknown threats.

Fine Tec is a value-added distributor of Fortinet systems. A properly run SD-WAN can be highly secure. With Fine Tec’s guidance, you can help customers ensure it will be launched with the strongest protection.

Five things you should know about Fortinet

Renewal Order Process Improvements

In the efforts to provide partners with a framework to operate efficiently, effective June 1^st, Fortinet is implementing improvements for the renewal order process. This new process is designed to improve the partner experience as well as improve your customer relationships. More information can be found on the portal.

New Lower Pricing for FortiGate 3800 Series – Effective Immediately!

The FG-3800’s are next generation firewall appliances suitable for mid-sized and large enterprises. Partners can join the monthly Partner Acceleration Webinar to learn more about the substantial discounts and how you can take advantage.

Magic Quadrant Season is Upon Fortinet

Over the next two months, Gartner is expected to release their Enterprise Firewall, UTM, and WAF Magic Quadrants. Fortinet have placed well in the past, and looking forward to repeating that performance. As the MQs are released, Fortinet will be simultaneously releasing assets for the partners to leverage.

Now Available for Partners – NSE Insider Webinars

NSE Insiders is a new series of webinars that provides detailed product information to help understand the technology behind Fortinet’s solutions and how to better position them with your customers. Partners will now receive a monthly email detailing upcoming webinars they can register for. Additionally, understanding partners are busy, the NSE Insiders will be available on demand via the Partner Portal.

PAN Take Out Campaign – New Assets Available!

Don’t forget – Fortinet is offering partners a special pricing discount on hardware and software bundles, as well as a discount on professional services when you displace PAN on your customer networks. See the Partner Portal for more details. New assets have recently been added, including a battlecard and cost calculator.

News to Share:

InfoTECH Feature: Security Platform vs. Security Fabric

John Maddison takes a closer look at the two different approaches, and what they really mean for customers.

CIO Outlook: Fortinet: Directing the Future of Cybersecurity

The cover story of CIO Outlook highlights CEO and Founder Ken Xie and Fortinet’s unique approach to addressing trends within an evolving IT infrastructure while simultaneously driving business value.

SearchIT Channel: Fortinet Security Fabric: Channel Partners Find a Role

Change is evident in the IT industry, especially in terms of security. The threat landscape represents an area in constant flux. Recently, customer interest shifted from traditional point products to integrated solutions. Fortinet Inc. responded to the change with the Fortinet Security Fabric, with partners playing a key role in its evolution.

Edward Jones Selects Fortinet to Deliver High-Performance Network Access at Scale to its Data Center and Branch Office Networks Across North America

Leading financial services firm chooses Fortinet to protect more than 13,000 locations through single pane of glass cybersecurity management.

Upcoming Events

Visit the Upcoming Events section on the Portal homepage for a full list.

NSE Solution Insider: How to Win & Grow FortiGate Deals with FortiAuthenticator

Thursday, June 1

11:00 AM Eastern

Register

vmLIVE Webinar: Extend Your Security Fabric to the Private Cloud with Fortinet and NSX

Fortinet and VMware are teaming up for a June 1^st webinar. The session will discuss how Fortinet’s Security Fabric can provide broad, powerful, and automated protection from IoT to the cloud through tight integration with VMware NSX. This is a great opportunity to expand your knowledge of the interoperability and value the Fortinet Security Fabric brings to your portfolio. Register (NOTE: partners must be part of the VMware partner program to register)

NSE Solution Insider: Protecting Industrial Control System (ICS/SCADA)

Learn about the comprehensive security solution using FortiGate, segmentation, Industrial Security Service, authentication, and Fortinet’s integration with Fabric Ready Partner Nozomi Networks.

Tuesday, June 6, 2017

11:00AM Eastern

Register

NSE Solution Insider: Fortinet Security Fabric Ready Partner Program

Discover more about the technology partners who are part of the Fabric Ready Program.

Thursday, June 8, 2017

11:00 AM Eastern

Register

*** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet’s General Counsel can be a binding commitment of Fortinet to Fortinet’s customers or partners. Thank you. ***

As enterprise organizations continue to add BYOD, IoT devices, virtual servers/cloud services, switches, routers and offices that are connected and sharing information throughout the globe, the task of identifying and securing these endpoints can seem overwhelming. To manage these trends, about half the market had turned to (or are turning to) network access control (NAC) technology. The network access control market size was $681.3 million in 2015 and is estimated to reach roughly $2.65 billion by 2020[i].

Interestingly, at the end of 2016, only about half the market has adopted network access control technology. The general consensus at RSA 2017 was that endpoint security and automation needs expanded so quickly, that before network access control could even fully penetrate the market, the technology needs and requirements advanced. The best NAC solutions had to evolve to form the foundation of a more sophisticated Security Automation and Orchestration Solution (SA&O) that provides comprehensive endpoint security.

Many organizations have already realized that vendors who can only provide network access control for a wireless environment, or can only manage traditional NAC use cases like simple onboarding and guest management are severely behind the market.. Savvy companies are leap-frogging past network access control and moving directly to the more sophisticated and successful SA&O solutions. SA&O solutions not only control access, but also provide complete visibility, automate threat response, and record all contextual information with each alert, to speed the time to remediation. NAC is not dead, but successful NAC solutions have evolved; let’s look at the history of network access control to see why rapid evolution was required.

The History of NAC Solutions

The early versions of network access control functioned as a way to authenticate and authorize endpoints, primarily managed PCs, using simple scan-and-block technology. NAC solutions then evolved to address the emerging demand for managing and limiting guest access to corporate networks.

While these early NAC solutions provided control over traditionally managed endpoints, the unrelenting march to IoT and BYOD created unique challenges. IDC predicts global IoT revenue will reach $7.065B by 2020, more than triple the $2.712B in 2015[ii].  BYOD also continues to grow, with IDC forecasting US mobile employees growing from 96.2 million in 2015 to 105.4 million mobile workers in 2020. This growth would mean more than 72 percent of the total workforce qualifies as a mobile worker[iii]. The explosion of these endpoints creates an expanded perimeter that must be contained.

The most formidable challenge is that there is virtually no device configuration standardization for BYOD or IoT. There are hundreds of permutations of device type, brand, operating system and security health status, most without any enterprise grade security, and it’s getting even more complex. From robots, heat monitors, and insulin pumps, to HVAC sensors and automated security access, the number of IoT devices that are connecting to networks is increasing at a staggering pace.

Enterprise organizations also face the need to secure IoT devices in two different ways.  First, many companies are now selling, or planning to sell, IoT enabled products that connect back to their networks to provide valuable information on product use and maintenance needs. Companies are rolling out IoT-enabled products for almost everything, from large wind powered turbines and trains, to office printers and security cameras. Without 100% visibility, it is impossible for organizations to see how and where an attack started, making it difficult to remediate the attack and prevent similar incursions.

The second IoT challenge is that more enterprises are buying and incorporating IoT enabled devices from other vendors, IoT devices are used to monitor and control the mechanical, electrical and electronic systems used in various types of buildings. While these devices save time and simplify operations (for example, they can email you when you are low on toner or automatically re-order), they also offer another avenue for hackers to access enterprise networks.

Mobile and IoT endpoints expanded the network attack surface significantly and cyber criminals noticed. Endpoints represent one of the weakest points in the network and are prime targets. In fact, as much as 65% of data breaches start on endpoint devices[iv]. You have to be able to see where each device is, what it is doing, how it is interacting with other devices as well as the entire network topology for both current and forensic threat investigation. But visibility alone is not enough, to be successful, NAC solutions had to evolve into SA&O to fully secure these endpoints.

With this massive proliferation of endpoints, it is impossible for IT groups to secure, provision and manage alerts for all of these endpoints. NAC solutions had to evolve into SA&O to automate provisioning, remediation, triage and quarantine. All devices must be automatically checked to ensure each complies with the minimum network security standards. If the device required updates, SA&O solutions can shift users to a help page to self-remediate. If a device is suspicious or dangerous, the best SA&O solutions can automatically triage and quarantine the device in real-time, before it can reach network data or cause damage. It can then send that alert, along with contextual information, to a security analyst for immediate follow-up.

Furthermore, security threats are expanding and changing at a frantic pace. To combat zero-day exploits, organizations need real-time automated threat response that offers granular policies tied to both the user and the device. Enterprise organizations realize that comprehensive security now requires integrating several best-of-breed security solutions. This was another driving factor in the evolution of network access control into security orchestration and automation. Organizations needed SA&O to aggregate the security data from different sources into one central view, so all threat data and alerts can be viewed through one pane of glass.

What to look for in an endpoint security solution 

The best SA&O solutions enable an organization to see all endpoints and integrate information from multiple security sources into a single, comprehensive view using just one instance of the solution. To accomplish this, the solution needs to communicate and exchange information with all network devices, rather than requiring an access control solution for each network segment. Companies should start by looking for a vendor-agnostic solution that supports all best-of-breed technologies, is proven, scalable and offers multiple deployment options for physical devices, virtual appliances, and cloud services. A good SA&O solution should also meet the following criteria:

• Flexible connectivity support – The solution must be vendor-agnostic and support all wired and wireless connectivity sources across the entire network.
• Broad range of device support – New generations of IoT, mobile and gaming devices enter the market every few months, security solutions must work together to protect every endpoint and network device.
• High level of automation – IT security professionals are stretched thin in most organizations. Any security device that’s brought in must support a high level of automation so that it does not drain already limited IT resource. This should include user self-provisioning, self-remediation and automated threat response.
• Real-time threat response – For endpoints that could pose a potential threat, organizations need automated, real-time threat response that can quarantine suspect devices immediately, then forwards the alert and context to a security analyst for remediation.
• Granular policies – Endpoint security solutions must support very specific levels of access for both the user (right time, right place) and the device (right device, security updates, etc.).
• Integration with other security solutions – SA&O must seamlessly integrate and leverage the data of other best-of-breed security solutions in order to form a much stronger, secure enterprise network infrastructure.
• Scalable to support rapid growth – An enterprise SA&O solution must provide a scalable architecture that can support multiple locations across the enterprise, and virtually unlimited devices with one instances of the security solution.

For more details on the evolution of Network Access Control and how to address BYOD & IoT endpoint security, see our whitepaper, The Evolution of Network Access Control: How NAC Solutions Have Evolved to Secure IoT and BYOD Devices or call 603-228-5300 to arrange a demonstration.

 

[i] https://globenewswire.com/news-release/2016/03/30/824012/0/en/2-6-Network-Access-Control-Market-2016-Global-Forecast-to-2020.html 

[ii] http://www.forbes.com/sites/louiscolumbus/2016/11/27/roundup-of-internet-of-things-forecasts-and-market-estimates-2016/#795918a4ba55

[iii] http://www.businesswire.com/news/home/20150623005073/en/IDC-Forecasts-U.S.-Mobile-Worker-Population-Surpass

[iv] 2014 Verizon Data Breach Investigations Report

If you’re like most security practitioners, you long for the days of traditional point-to-point networks with trusted, flat insides surrounded by strong easy-to-defend perimeters. Today’s networks, with their messy meshes of mobile, Internet-of-Things (IoT) and cloud networks are anything but easy to defend. Perhaps it’s time to take a page out of the network engineer’s playbook and focus on building intent-based security into your architecture.

Networks are growing increasingly diverse and complex. In fact, 2017 will see businesses spend $964 billion to deploy 3.1 billion things, supporting everything from smart electric meters and commercial security cameras to just-in-time inventory systems.

The problem becomes clear when you factor in the enormous upswing in big data initiatives as enterprises look to capitalize on all that connectivity and data to enhance or build new products. All that data crossing all those different networks, servers and endpoints creates new business opportunities. But it also presents ripe opportunities for criminals to steal, compromise and lately ransom all that lucrative data.

An Easier Way

Faced with keeping up with this huge volume of data and transactions, many network engineers are making the move to software-defined networks (SDN). SDN provides the flexibility, efficiency and automation required to ensure that every employee, customer, device and application in today’s hyperconnected world can access the data they need when they need it.

To simplify management, SDN also supports a scheme called “intent-based” networking (IBN). With IBN, the logical intent of the network communications is separated from the underlying switches and routers providing the connectivity. This presents a big win for network engineers, who can simply set parameters for a connection (give me a low latency path from A to B, and if jitter occurs, switch to path C), without having to worry about the underlying technology (does it use Cisco routers? Is it MPLS?).

Why can’t security do the same? Actually, now it can, thanks to our partner Fortinet and its Security Fabric architecture. Instead of struggling to manage a hodgepodge of point security solutions with their own deployment, configuration and alerting idiosyncrasies, Fortinet’s Security Fabric embeds security intent within the network, both simplifying and improving security at the same time.

How Intent-Based Security Works

Much like the SDN flavor, Fortinet’s intent-based security automatically translates business requirements into synchronized security actions and policies, without worrying about the intricacies of the underlying security toolset. Every tool within the fabric, be it from Fortinet or a partner, can communicate and collaborate with the others and be managed seamlessly from a single pane of glass— no matter the network, device or application.

For example, if Fortinet’s FortiSandbox identifies new malware and creates a signature, it can automatically and immediately propagate it to other tools in the fabric, ensuring that even zero-day attacks are recognized and mitigated quickly and efficiently. All policies are applied consistently and automatically throughout the fabric, easing management and ensuring your security architecture does exactly what you need.

As a value-added distributor of Fortinet solutions, Fine Tec can support your efforts to guide customers on a successful path to intent-based network security. Learn more.