Cyber Security
Ken Xie, founder and chief executive officer at Fortinet
Of course, even Fortinet would say that their SD-WAN technology is not yet best in class, but if you don’t need the capabilities of the more sophisticated products, having it for free in FortiOS 60 certainly gives you options you might not have considered. The second major product announcement, which sent murmurs of excitement around the auditorium, was their CASB product. No surprises for what the product is called, but FortiCASB comes as a subscription service designed to provide visibility, compliance, data security, and threat protection for cloud-based services. They already have support for several major SaaS providers, with FortiCASB able to control and monitor users, behaviours and data stored in the cloud. This will again reduce the number of security vendors organisations need to use and pull data and telemetry back to one console, so that security analysts and the SOC has one interface for protecting the organisation’s data, wherever it is. Integrations with Microsoft Azure, Google Cloud, Amazon AWS, Salesforce, Dropbox and Box all exist, and direct API access to all of these partner services allows complete control over the user tenancy. The CASB includes: 1. 2. 3. 4. 5. 6.
User behaviour and user activity monitoring; API access to SaaS services; Reporting and analytics for cloud usage and risk; Access security and entitlement management; Compliance management with predefined policies and audit reports; Subscription based consumption model with no installation required.
Services vs Products Fortinet has always had a channel sales model, and as such they recognise that the best way to grow their own business is to focus on their products integrating well into managed service providers’ service models. One specific
36 | Australian Cyber Security Magazine
session of note, delivered by Fortinet’s Stephen Tallent and Sony Kogin, focused on how MSSPs’ business models can be accelerated using the new features in FortiOS 6.0. For example, SD-WAN is a service that non-telco MSSPs could now offer, adding it to their service catalogue with little to no difficulty, allowing them to directly take business from the telco monopoly on WAN provision. Upskilling MSSP engineering teams to manage SD-WAN is easy, since the product set is intuitive and management interfaces are familiar to Fortinet administrators. Fortinet has already established a new MSSP support team to assist partners and MSSPs in extending their service catalogue with these new service offerings. This covers the technology aspects of the service, as you would expect, but they will also help with financial modelling and staff training, so it’s a complete MSSP accelerator service. They claim that if existing MSSPs follow their model, they can grow their business by up to 13% year on year with new offerings. The global IoT and OT markets see revenues of over $9 billion (USD) per year, and the global cloud services market is valued at over $2 billion (USD) per year, so these are great sources of growth and revenue for any MSSP that wants their fair share. “Helping our mutual channel partners stay one step ahead of the constantly evolving cybersecurity market is a commitment Fortinet and Ingram Micro share. We’ve collaborated closely to deliver advanced security solutions for those partners, pairing offerings such as FortiGuard AI with our expertise throughout the security sales cycle. Our objective is to provide channel partners with the technology, services and support they need to serve as trusted security advisors in today’s increasingly hostile threat landscape.” Eric Kohl, vice president, advanced solutions & networking, Ingram Micro
Automate, Automate, Automate We know that automation saves money, so let’s take a look at the new automation features in FortiOS 6.0. Over the past few years, we’ve heard much about the value threat intelligence (TI) brings to security operations. Yet, TI hasn’t really delivered on its promises. The vast amount of TI SOCs ingest tends to leave analysts drowning in data and alerts, which only serves to reduce their capability. At FortiGuard Labs, their threat researchers are analysing a wide array of security threats, including malware, botnets, mobile threats, and zero-day vulnerabilities and the TI they create is shared with Fortinet’s threat intelligence partners. The TI feed is also used to inform SOC analysts and FortiGate users when known threats are found within environments they protect. With FortiOS 6.0, Fortinet has introduced an automation engine, so that steps for incident response can be triggered when particular conditions are met. This means actions, such as running scripts, quarantining devices or switch ports, and sending alerts, are now possible using orchestration tooling. This is the first release of this new automation capability within the security fabric, but I’m positive that further development in this area will finally see TI and incident response converging into a defensive force to be reckoned with.