THE NEW ORDER

Next Article

CONNECTING THE DOTS

ALAIN SANCHEZ, FORTINET EMEA FIELD CISO, TALKS ABOUT THE NEW CONVERGENCES SHAPING THE DIGITAL WORLD IN 2023 AND BEYOND.

You are talking about new convergences and holistic security. Can you elaborate please?

There are many dimensions of convergence. The primary one started from a vision about 22 years ago, and this is the building block of Fortinet. When you look at security and networking, there are two dimensions - networking is where all the creativity, collaboration, and interactive applications which turn the reality of our world into an advanced value proposition take place. But the very moment you do networking and move one byte from A to B, that byte, by essence, can be attacked. So the first level of convergence is networking and security operating as one. And we made it possible by creating an ASIC that offloaded the processor from the security stack, which ensures there is no performance at the detriment of security or security at the detriment of performance.

Another dimension is fixed mobile convergence. You have a mobile network that can provide quality service, speed, or collaboration, but you must secure it simultaneously. At the same time, a merger between IT and OT is happening, which were two separate domains before. So these are all the different dimensions of convergences. The industry is moving towards integrated platforms with a broader scope and an understanding of what’s happening in the wireless interface, security, and networking.

We used to buy cybersecurity like we used to buy IT, the old-school best-of-breed approach. As a result, the industry has ended up with a mosaic of products. But the value needs to come from the integration of these products. And you can make very accurate decisions by correlating the network dimension, the security dimension, the fixed mobile, etc., This is the convergence of all that dimensions.

Why is holistic cybersecurity more important than ever?

An application is the most fancied one in the IT world because it has a user. It takes data, processes it, and stores it. But at the same time, it opens up what we call an attack surface, which comes from the application’s code, data, interface, storage, or processing. So many domains can be attacked. This is why a holistic cybersecurity approach is important, and C-level executives have started to approach it from the economic angle because there is so much at stake. When an application is related to your value proposition and adds value to the community of your users, you have to secure it – not only technically but legally as well because of the new set of absolutely necessary compliance requirements.

How can we secure OT systems given the fact they were never designed with security mind?

The OT devices and sensors - all these beautiful little things enhancing our processes need to be economically viable to their manufacturers. If you buy a temperature sensor from Amazon for $19, there is not enough memory in this very rudimentary device. From an IT perspective, there is not enough CPU to execute the security code. So we observe them, and we machine learn what the normal behavior is. There is a learning period where we know this sensor sends five kilobytes every ten milliseconds. It sends this to an IP address, generally a middleware that will aggregate all the data and present it to the user. The moment this device sends more kilobytes in an erratic scheme, you’ll know something is wrong. The moment the way it behaves differently, you can see that, and you can correlate that with other parameters from your network.

So, we do need ML capabilities for this.

We do, which is why we invest a lot in machine learning and artificial intelligence. Fortinet has more patents in artificial intelligence than any other player in cybersecurity, enabling us to address the OT challenges. So I don’t need to be inside the sensor – all I need to do is scrutinize and observe the sensor to come up with baseline behavior from which I can make decisions. However, it is important to remember machine learning requires time, the same way a human needs time to learn. Twenty weeks of learning is not so unusual for a very complex industrial process to avoid false positives because you have maintenance, production, and data processing phases. So you need to smartly address all of that and develop a picture of the normal behavior of the complex process.