If you’re like most security practitioners, you long for the days of traditional point-to-point networks with trusted, flat insides surrounded by strong easy-to-defend perimeters. Today’s networks, with their messy meshes of mobile, Internet-of-Things (IoT) and cloud networks are anything but easy to defend. Perhaps it’s time to take a page out of the network engineer’s playbook and focus on building intent-based security into your architecture.
Networks are growing increasingly diverse and complex. In fact, 2017 will see businesses spend $964 billion to deploy 3.1 billion things, supporting everything from smart electric meters and commercial security cameras to just-in-time inventory systems.
The problem becomes clear when you factor in the enormous upswing in big data initiatives as enterprises look to capitalize on all that connectivity and data to enhance or build new products. All that data crossing all those different networks, servers and endpoints creates new business opportunities. But it also presents ripe opportunities for criminals to steal, compromise and lately ransom all that lucrative data.
An Easier Way
Faced with keeping up with this huge volume of data and transactions, many network engineers are making the move to software-defined networks (SDN). SDN provides the flexibility, efficiency and automation required to ensure that every employee, customer, device and application in today’s hyperconnected world can access the data they need when they need it.
To simplify management, SDN also supports a scheme called “intent-based” networking (IBN). With IBN, the logical intent of the network communications is separated from the underlying switches and routers providing the connectivity. This presents a big win for network engineers, who can simply set parameters for a connection (give me a low latency path from A to B, and if jitter occurs, switch to path C), without having to worry about the underlying technology (does it use Cisco routers? Is it MPLS?).
Why can’t security do the same? Actually, now it can, thanks to our partner Fortinet and its Security Fabric architecture. Instead of struggling to manage a hodgepodge of point security solutions with their own deployment, configuration and alerting idiosyncrasies, Fortinet’s Security Fabric embeds security intent within the network, both simplifying and improving security at the same time.
How Intent-Based Security Works
Much like the SDN flavor, Fortinet’s intent-based security automatically translates business requirements into synchronized security actions and policies, without worrying about the intricacies of the underlying security toolset. Every tool within the fabric, be it from Fortinet or a partner, can communicate and collaborate with the others and be managed seamlessly from a single pane of glass— no matter the network, device or application.
For example, if Fortinet’s FortiSandbox identifies new malware and creates a signature, it can automatically and immediately propagate it to other tools in the fabric, ensuring that even zero-day attacks are recognized and mitigated quickly and efficiently. All policies are applied consistently and automatically throughout the fabric, easing management and ensuring your security architecture does exactly what you need.
As a value-added distributor of Fortinet solutions, Fine Tec can support your efforts to guide customers on a successful path to intent-based network security. Learn more.