Wazzup Pilipinas!
The world never stands still. In the technology space, this means that constant innovation and discovery is the key to a solution provider’s survival and growth.
In the cybersecurity arena, this creed is even more vital. Many hackers are brilliant people. There’s only one way to get the better of them – be even more brilliant. And faster and more creative.
Which is why R&D is crucial in the security technology business. Cybersecurity solution providers must deliver open, integrated security and networking technologies that enable enterprises to see and react rapidly to changing attack techniques, increase proactivity, and scale and provision their security along with business growth. To cope with this breadth of demands – sometimes in very short time spans − technology providers need to be able to cross traditional boundaries, allowing them to innovate across the entire ecosystem.
Fortinet is at the forefront of such innovation. In 2016 alone we were granted close to 80 patents in such diverse areas as CASB, malware detection techniques, data leak protection, virus detection, hardware acceleration, DDoS and cloud services.
However, the cyber threat landscape is continuing to become more challenging in 2017. Here are a few areas that Fortinet has identified for intensive R&D during the coming year:
1.
Deep
learning for attack analysis
Different types of detection technologies have emerged over the years. It
started out with signatures (a technique that compares an unidentified piece of
code to known malware), then heuristics (which attempts to identify malware
based on behavioural characteristics in the code), followed by sandboxing (in which unknown code is run in a
virtual environment to observe if it is malicious or not), and machine learning (which uses sophisticated algorithms to classify the behaviour
of a file as malicious or benign, before letting a human analyst make the final
decision).
Now, the latest
technology − deep learning − has come onto the market. Deep learning is an
advanced form of artificial intelligence which uses a process that is close to
the way human brains learn to recognize things. It has the potential to make a
big impact on cyber security, especially in detecting zero-day malware, new
malware, and very sophisticated advanced persistent threats (APTs).
Once a machine learns what malicious code looks like, it can identify
unknown code as malicious or benign with extremely high accuracy, and in near
real-time. A policy can then be automatically applied to delete or quarantine
the file, or to perform some other specified action, and that new intelligence
can then be automatically shared across the entire security ecosystem.
In 2017, Fortinet will continue to develop technologies designed to make
our appliances learn more intelligently and identify unknown malware more accurately.
2.
Big
data for log correlation
IT
is deeply entrenched in both our businesses and personal lives, leading to an
increasing amount of data being generated, collected, and stored around the
world.
And
since the working principle is that the more things a security solution
provider sees, the more opportunities there is for it to connect the dots,
understand the threats, and hence protect the network, leveraging big data to
make sense of exponentially growing event logs will be an important area of research
for us in 2017.
We
will continue to refine our Security Information & Event Management (SIEM)
capabilities in the new year, and increase our solutions’ ability to harness FortiGuard
Labs threat intelligence data for even deeper insight into cyber attacks.
3.
Strengthening
container security
Running applications in containers instead of virtual
machines (VMs) is gaining momentum. At the heart of this ecosystem lie
solutions like Docker, an open source project and platform that allows users to
pack, distribute, and manage Linux applications within containers.
There
are several benefits to Docker technology, including simplicity, faster
configurations, and more rapid deployment, but there are also some security downsides.
These include:
·
Kernel exploits − unlike in a VM,
the kernel is shared among all containers and the host. This amplifies any vulnerability
present in the kernel. Should a container cause a kernel panic, it will take
down the whole host, along with all associated applications.
·
Denial-of-service attacks − all
containers share kernel resources. If one container can monopolize access to
certain resources, it can cause denial-of-service (DoS) to other containers on
the host.
·
Container breakouts − an attacker
who gains access to a container should not be able to gain access to other
containers or the host. In Docker, users by default are not name-spaced, so any
process that breaks out of the container will have the same privileges on the
host as it did in the container. This could potentially enable privilege
escalation (e.g. root user) attacks.
·
Poisoned images – it’s difficult
to ascertain the sanctity of the images you are using. If an attacker tricks
you into running his image, both the host and your data are at risk.
·
Compromising secrets – for a
container to access a database or service, it will likely require an API key or
some username and password. An attacker who can get access to these keys will
also have access to the service. This is especially a problem in a micro-service
architecture in which containers are constantly stopping and starting,
vis-Ã -vis an architecture with small numbers of long-lived VMs.
Our 2017 research will address the
above areas. Such research is important because container technology can only
gain wider adoption in the coming years.
4.
Securing
vCPE
Still
in the domain of virtualization and cloud, virtual customer premise equipment
(vCPE) is another growth area ripe for research.
Today,
business requirements are changing quickly, and firms need the flexibility to adapt
their branch offices to those changing requirements in a fast and secure
manner. They need to be able to turn on new services on-demand from a single
platform, without the cost and complexity of deploying and managing additional
devices.
vCPE is a way for managed service providers (MSPs) to deliver
network services to enterprises, such as firewall security and VPN connectivity, by using software rather than dedicated
hardware devices. By virtualizing CPE, providers can simplify and speed up
service delivery, remotely configure and manage devices, and let customers
order new services or adjust existing ones on-demand.
Leveraging
Network Function Virtualization (NFV), Fortinet has made substantial progress
in consolidating advanced networking and security services on a single device
(FortiHypervisor), eliminating the need for multiple CPE while enabling
on-demand service delivery. We will continue our development to broaden
coverage, increase performance and improve customer experience in 2017.
5.
Helping
enterprises leverage SD-WAN
A
growing number of enterprises are demanding more flexible, open, and
cloud-based WAN technologies, rather than accept the installation of
proprietary or specialized WAN technology that often involves fixed circuits or
costly proprietary hardware.
This
heralds the rise of Software Defined Wide Area Networks (SD-WANs), which eliminates
expensive routing hardware by provisioning connectivity and services via the
cloud. SD-WAN technology also allows connectivity to be flexibly controlled
through cloud software.
SD-WAN has the potential to improve network
security in a number of ways, for instance:
·
SD-WAN
allows traffic to be easily encrypted.
·
SD-WAN
allows the network to be segmented, limiting the impact of a
breach or an attack to a small, manageable area.
·
The growth in cloud traffic has made
direct Internet access from the branch a reality, and an SD-WAN can be used not just to provide
the connectivity but to also
secure the connection.
·
By providing
a vast amount of visibility into the amount and types of traffic
traversing the network, SD-WANs allow attacks to be
discovered sooner.
This
year, Fortinet will conduct R&D on the above areas to make SD-WAN a
feasible endeavour for enterprises.
Thanks
to our technology vision and development of the Fortinet Security
Fabric, we
have the capability to tackle many of the security issues raised above in order
to support the digital transformation organizations are going through. We will
continue to expand the coverage of our Fabric, with our R&D focus moving
from visibility and awareness to measurement and benchmarking, and finally to understanding
how close an enterprise is to the prevailing best practices within its
industry.
With so much planned development on
the horizon, cybersecurity will remain an exciting sphere for enterprises to watch
during the new year.
Written by Michael Xie,
Founder, President & Chief Technology Officer, Fortinet
Ross is known as the Pambansang Blogger ng Pilipinas - An Information and Communication Technology (ICT) Professional by profession and a Social Media Evangelist by heart.
Post a Comment