Organizations today cannot build a network and then layer security on top of it. It’s too complex and too slow. So, the convergence of networking and security is accelerating.
Trends like digital transformation, work from anywhere (WFA), and the use of personal devices for work – all accelerated by the pandemic – are reshaping how businesses approach their network infrastructures. One of the top considerations is how to protect people, information, and devices against surging and ever-evolving cybersecurity threats in this new hybrid, highly distributed world.
To better understand how new approaches to network infrastructure increase risks and what businesses can do to address them, I sat down with Fortinet’s Executive Vice President of Products and CMO, John Maddison, whose work keeps him singularly focused on the intersection between networking and security.
Zeus Kerravala: From your conversations with customers, what are the challenges and opportunities driving cybersecurity and networking buying decisions in 2023?
John Maddison: The top drivers are changes in the network infrastructure and the evolving threat landscape. The biggest impacts to the infrastructure span work-from-anywhere, the application journey, operational technology, specifically OT convergence with IT systems, connectivity, and, of course, digital acceleration. All of these changes increase the cybersecurity attack surface and change the way companies need to deploy security solutions, which is why the security industry is always a very rapidly moving environment.
In the threat landscape, we’ve seen a huge increase in ransomware attacks and, more recently, IP attacks, as well as a 53% increase in destructive Wiper malware. And given the geopolitical issues, state-sponsored attacks are on the rise as well. Advanced persistent threats or APTs and the fact that attackers can now get these APTs commercially off the shelf is also increasing the number of attacks. At the same time, the number of vulnerabilities and APTs are increasing, and the attack surface at companies is expanding, which makes it harder for companies to protect that attack surface.
Kerravala: Hybrid work and hybrid cloud now seem to be the path forward for most companies. Can you tell me what kind of security challenges this distribution of users and applications is creating?
Maddison: Hybrid work has forced people to look very carefully at their architectures. Over the long term, Universal Zero Trust Network Access (ZTNA) is where businesses want to get because Zero Trust must apply to people on and off the network and to devices. In this hybrid world, a cloud-only view or an on-network-only view won’t work. You must have both. So, sometimes going through a SASE network makes sense, and sometimes it requires SD-WAN. And sometimes, it makes sense to go from SD-WAN to SASE and SASE to SD-WAN. I think this mix will be the norm going forward because applications are in the cloud and in the data center, and users are on and off the network – and devices are connected to all this. So, we will have hybrid architectures for a long time to come.
Kerravala: In every discussion I have with business and technology leaders, cybersecurity is a top initiative. But many security pros are shifting from point products to a platform. Why is this?
Maddison: Customers used to tell me they opted for point solutions because they wanted best-of-breed, so they went to Vendor A, then Vendor B, then Vendor C, and so on. But this approach causes problems because the products often don’t work together very well. So now customers are saying they need a platform approach. Instead of having 30 so-called best-of-breed solutions, they want two to five best-of-breed platforms. They want to take a specific use case and then build a platform around it.
This product consolidation is different from convergence. Convergence gives you a great ROI, cost savings, and operational benefits. But cybersecurity professionals have a different perspective: they primarily want better security. They’ll save money with a platform approach, but their number one objective is to have a faster response time and to automate processes. And you just can’t do that with 30 different vendors.
That said, I don’t think we will ever get down to just a single security platform because customers always need to have a bit of leverage. You want some competition to keep vendors from getting lazy, but it can’t be every point product competing against every other point product. That’s just killing them.
Kerravala: We have talked about networking and security coming together for over a decade, and it finally seems to be happening. Why now?
Maddison: Some of it has to do with Covid. The pandemic forced everyone to accelerate their digital journey toward secure connectivity. Everything needs to be connected, and the network has to be really fast and highly secure, and reliable. But you can’t build a network and then layer security on top of it. It’s too complex and too slow.
So, this convergence of networking and security is accelerating. What used to be a dumb network with no idea about applications, content, users, or location is now coming together with really sophisticated security, and that convergence allows customers to move much faster in deploying secure connectivity.
A good example of this is the network firewall, which is really the heart of this convergence. Two big things have happened there. One is that the firewall itself has become more distributed and very important in all environments, not just the traditional data center. The other big thing is functionality. Today’s next-gen firewall has SD-WAN, zero trust, and a whole host of other applications inside, so it’s really a different beast from what it was five years ago.
Kerravala: Cybersecurity continues to shift from just reacting to taking more proactive behavioral approaches. How are analytics or security services augmenting security today? What are the benefits of this?
Maddison: I don’t think customers will completely get rid of signature-based systems for defense. We still need to filter out a lot of noise. But the more sophisticated attacks are using zero-day exploits of previously unknown vulnerabilities. To defend against zero-day attacks, you need behavioral systems, which is why there’s a much larger investment in detection and response systems. Endpoints have evolved to include EDR, or endpoint detection and response. And the network has also evolved to include NDR, or network detection and response. This combination of protection and detection capabilities has become more important, but just as important is the response. Detecting something is one thing, but what do you do about it? That’s where the need for automation and a platform approach comes in. With a platform, the endpoints can talk to the network, to the applications, to the NOC and SOC, and everything in between – and it’s all very fast.
Kerravala: What are you hearing from IT leaders about sustainability, and where that ranks on their priorities in 2023? How do you see technology vendors helping them meet their CSR goals?
Maddison: Sustainability is very important to Fortinet. There are two approaches vendors can take to deal with their carbon footprint. They can say, “Oh, well, I’ll go into a cloud vendor, and they’ll give me some carbon offsets, and I’ll go plant a tree somewhere.” Or they can do something about the problem. That’s why Fortinet is dedicated to sustainable product innovation and improving the efficiency, and reducing the power consumption of our products.
At Fortinet, for example, our ASICs are very specialized, and they don’t need anywhere near as much power. In fact, they’re 80% more efficient than competing CPU systems. That doesn’t sound like a lot in a single system, but when you’re shipping millions and millions each year as we do, it amounts to a big reduction in the carbon footprint. And we’re going to continue investing in ASICs.
Kerravala: How is Fortinet enabling customers to embrace the market and industry trends in unique ways?
Maddison: First, by developing our own custom ASICs to optimize performance and converging a lot of technology onto a single operating system (FortiOS), we make solutions work better together, helping customers close security gaps, improve operational efficiency, optimize user experience, and accelerate outcomes. We also have an open ecosystem, which is essential to enabling vendors to work together. For example, threat intelligence really should be shared. So, in addition to delivering enterprise-grade products, solutions, and services, we help our customers by pushing the industry to collaborate and improve cybersecurity for everyone.