Saturday 22 September, 2018

Fortinet’s founder talks the evolution of threat Intelligence

Fortinet’s founder, President and CTO Michael Xie

Fortinet’s founder, President and CTO Michael Xie

The entire security battle between IT professionals and cybercriminals is really about one side constantly trying to outsmart the other. Security is not just about tools. It is also about the intelligence that powers them. As we prepare to expand our security research facility in Vancouver, this is a good time review the history of threat intelligence evolution.

For the first several decades of network security, efforts had been primarily focused on protecting connections to and from the network. Firewalls acted as gateway sentinels monitoring those connections. Then threats began to shift, the rise of applications had led to a need to secure the content inside those connections. We call this change the second generation of security.

These new threats required traditionally separate security tools to work together to inspect and secure transactions. We quickly understood that developing the first UTM and NGFW security devices required threat intelligence tools that could see and correlate information from a number of different threat vectors. The initial efforts were primarily focused on antivirus, antispam, web filtering, and IPS signatures that allowed us to see and identify the threats hidden inside network traffic.

For the next nine years, this process grew organically. We opened new labs across the globe, and we soon had over a hundred full-time security researchers. But the cybercriminals were relentless in developing their capabilities as well. It soon became apparent that playing cat and mouse was not an effective approach to addressing cybercrime. To get in front of the problem and stay there, it needs to be able to innovate the cybercrime community.

 

By 2010 we upgraded to our first hyperscale threat intelligence data center designed to fully leverage and correlate the rich intelligence being gathered from the hundreds of thousands of (now nearly 3.5 million) sensors that we had begun deploying around the world from day one.

A common operating system, unified management and controls, and open standards allowed security updates to be shared simultaneously across all deployed security devices, while enabling them to share and correlate intelligence to provide a unified response to threats.

By 2015, we had developed our Self-Evolving Detection System built around billions of nodes interconnected through machine learning and cutting edge artificial intelligence. We now train machines to teach machines, allowing them to effectively replace many of day-to-day tasks that analysts have traditionally had to do. This centaur model allows the analysts to now focus almost exclusively on more complex tasks, and is a necessary approach if we are to effectively tackle today’s explosive threat landscape.

This is just the beginning. The innovative research on training machines with artificial intelligence will continue to increase the autonomy of detection and defense systems, enabling to perform increasingly complex detection, correlation, and analysis. We are also actively expanding the footprint to cover future attack surfaces, including IoT, connected cars, smart cities, drones, and critical infrastructure.

This approach lays the foundation for the next generation of protection: Intent-Based Network Security. IBNS will shift security from being reactive to proactive. It will baseline network behavior, analyze vulnerabilities, and anticipate attacks before they occur. Advanced behavioral analytics will be able to determine intent before a threat actor or malware launches an attack. To do this, threat sharing, real-time correlation, and autonomous remediation needs to be integrated together and distributed throughout the kill chain. To make this work, the foundation of IBNS needs to be based on complete confidence and trust in the threat intelligence underlying it.

We are at a complicated inflection point. As society shifts towards a digital economy, technology is shaping virtually every part of our lives. Organizations are dealing with digital transformation challenges that are driving networks into the cloud, interconnecting everything and everyone, and making real-time access to data the measure of success. At the same time, cybercriminals are looking for new ways to profit from this economy. They are developing new tools and techniques to exploit the digital landscape, and their attacks are becoming increasingly sophisticated and effective, and advances in artificial intelligence and machine learning are enabling attacks to become autonomous. Soon, the time required between the detection and response to a breach will be measured in milliseconds.

Security tools that can effectively defend against this new threat paradigm are only as effective as the threat intelligence behind them.

This article was written by Fortinet’s founder, President and CTO Michael Xie