Network security in the new service provider reality

We are standing at the cusp of a new digital era. Networks don’t just need to be bigger and faster — they need to be dynamic, fluid, and intuitive. They need to become part of a larger, global meshed Internet, where data and intelligence is shared dynamically between traditionally isolated users, devices, and organizations.

To meet this demand, networks are being redesigned from the ground up to accommodate hyper-virtualization, smart applications, services-based networking that abstracts the physical layer, and three-dimensional data processing across an exponentially growing set of devices. For this to work, two things need to happen. First, many of the activities and decisions that currently require human intervention need to be automated. And second, individual organizations (no matter how big) need to acknowledge that they are not going to be able to do this on their own.

Service providers play a pivotal role in this new paradigm. More data than ever is going to be pushed through their networks. More users and devices will need instant access to data wherever it is located, from virtually anywhere else on just about any device imaginable.

With the influx in data and devices, the opportunities for cyber criminals are expanding in parallel. To provide the protection that is required, service providers will need to consider three aspects of their security infrastructure.

1. Policy: You need to ensure that security policy follows the data, no matter where it goes. You cannot secure every device along a data or transaction path. And you cannot count on users to make good decisions about security.

If data is moving between a corporate network and service provider environment, it’s a good idea for you to both have the same sort of security solutions in place. If done right, this can ensure that security policies and enforcement requirements are consistently applied as traffic moves back and forth between the domains the organization owns and the ones they don’t. Management and orchestration tools can also work together, which means that threat intelligence can be collected and correlated no matter where a threat may appear.

2. Procedures: Think of security as the function of a single, interactive security fabric that permeates the entire distributed environment, from IoT to the cloud. The average IT security manager is monitoring up to 14 dashboards, and often hand-correlating events and data between them. This is simply not sustainable, especially as the time to respond to threats gets smaller and the scope of the network continues to expand.

Add the security skills shortage to the mix and you are brewing a perfect storm of escalating vulnerability combined with increasingly complex security deployments that have actually reduced visibility and control. This is an opportunity made for service providers and presents openings for you to provide value-added security services to organizations that lack the scale, skills and technology necessary to effectively manage and deliver security across dynamic and highly distributed network environments.

3. Technology: Use solutions designed to meet the next generation of threats. Most security solutions do a pretty good job of identifying and preventing threats that happen in predictable ways. But the really good attacks are anything but that. They require coordination between multiple devices to recognize multi-vector attacks. Tools need to collaborate to provide appropriate responses and dynamically segment the network to intelligently contain threats. And they can’t wait for human intervention.

Service providers need to also be aware of the emerging threats that will soon impact the integrity and security of their networks and those of their customers.

The first is that the emerging IoT means that there are new threat vectors that need to be addressed. Many IoT devices are ‘headless’, so you can’t install an endpoint client on them. The first line of defense is access control. But with the volume of traffic and devices increasing, organizations need a single access control strategy that covers local, remote, and cloud-based access points with a unified access policy. This may require that policy be centrally managed, but provide distributed enforcement, including coordination with service provider access policies.

A second issue is that new threats and critical threat intelligence are beginning to hide in the vast amounts of data that flow largely uninspected through the network: IDC estimates that companies examine only about 10% of the data that crosses into their networks. The rest is “unstructured” or “qualitative” data from things such as online surveys and response forms, customer forums and social media, documents and videos, and helpdesk calls and anecdotal evidence gathered by sales teams.

As networked environments become more complex, security needs to adapt. The answer to complexity is simplicity along with dynamic and automated coordination of security elements.

Peerapong Jongvibool is VP, Southeast Asia & Hong Kong, Fortinet