Dealing with security sprawl as organizations deploy multiple security solutions across their networks.
As networks become more complex and distributed, identifying and responding to cyber-threats have become increasingly difficult. This ‘security sprawl’ is making any sort of centralized management challenging as many enterprises today are deploying an average of 45 security solutions across their network.
Security sprawl complicates management, fragments visibility, and limits the ability of organizations to respond effectively to threats.
In addition, detecting and responding to a cyber incident requires coordination across several tools, leading to complex workarounds that need constant management and reconfiguration every time a device is upgraded.
Due to the COVID-19 pandemic, businesses have had to implement a work-from-anywhere (WFA) strategy, resulting to the rapid expansion of the network’s attack surface. As workers begin to return to the office, a hybrid approach to work has become the new status quo. With the rise of WFA arrangements, and as individuals and businesses adopted new technologies to maintain business continuity, global threat actors have been observed to capitalize on these shifts.
The Cybersecurity Mesh Architecture (CSMA) by Gartner is an integrated set of security tools and APIs combined with centralized management, analytics, and threat intelligence. Gartner predicts that by 2024, organizations that adopt a CSMA strategy to integrate security tools to work as a collaborative ecosystem will reduce the financial impact of individual security incidents by an average of 90%.
Fortinet has advocated for a similar framework – the Fortinet Security Fabric – which is a broad, integrated, and automated cybersecurity mesh platform essential to reducing complexity and increasing overall security effectiveness across today’s expanding networks.
CybersecAsia sought out more insights into such a cybersecurity mesh architecture from Jess Ng, Country Head, Singapore and Brunei, Fortinet.
What are the common cybersecurity challenges, especially for SMEs in South-East Asia, due to the work-from-anywhere (WFA) trend arising from pandemic measures?
Ng: In a work-from-anywhere (WFA) scenario, the user experience and protection need to be consistent no matter where the users are connecting from or what applications and services they need to access. Business continuity and data privacy are at stake when implementing a WFA policy while insulating against the cyber risks from malicious connections that lie beyond corporate control.
Protecting users, data and applications from end-to-end is no longer something organisations can take for granted. According to estimates cited by Interpol, compromised work email accounts alone can cost as much as US$100,000, topping the list of cyber threats in South-East Asia.
Furthermore, national data in the region show that small and medium enterprises (SMEs) were targeted in greater numbers since the pandemic. In the face of these threats, under allocating spend for cybersecurity or taking the literacy of staff lightly can stunt growth and hamper competitiveness.
Implementing WFA securely goes beyond simply working from home. The goal is to keep users productive and secure as they move to different locations. For many employees, one of the only silver linings of the pandemic is enhanced work flexibility.
Companies including SMEs can harness the power of zero-trust network access (ZTNA) to ensure network security is not diminished regardless of where an employee works. ZTNA reduces the attack surface by verifying users and devices before every application session, ensuring secure access to the cloud or data centres while keeping the user experience consistent.
What is your perspective on Gartner’s concept of the Cybersecurity Mesh Architecture (CSMA), and what are the benefits of using it?
Ng: Gartner’s CSMA is similar to a decade-old Fortinet concept known as “Fortinet Security Fabric”. Having pioneered the doctrine of a broad, integrated and automated cybersecurity mesh platform, Fortinet sees a unified security mesh architecture that increases security and is straightforward to use as crucial to defending company networks against the cyberthreats of today.
We agree that it is essential to reducing complexity and increasing overall security effectiveness across today’s expanding networks.
According to IBM’s 2021 Cost of a Data Breach Report, enterprises on average deploy 45 security solutions across their networks. Aside from constraining the ability to spot threats and centralised management, this security sprawl forces organisations to implement complex workarounds to rein in their fragmented infrastructure and deployments.
New and increasingly complex trends such as WFA, are the perfect use cases for a unified security mesh architecture. WFA requires multiple solutions to work together across a dynamic set of campus and data centre assets, distributed home offices, and cloud-based applications. Ideally, security and networking technologies can interoperate — sharing threat intelligence, correlating data, and automatically responding to threats as a single, coordinated system.
A “security-driven networking” strategy converges security and networking together in a unifying, mesh architecture to bring fragmented infrastructure and deployments under control.
How can organizations effectively adopt CSMA on top of their existing digital infrastructure?
Ng: The challenge is to ensure integration so that organisations are not stifled across their deployments. Unifying security tools into a collaborative ecosystem will empower organisations to consolidate operations and visibility for actionable threat perception.
For instance, Fortinet Security Fabric open ecosystem breaks down technology and vendor silos by enabling interoperability with more than 450 third-party partners. This enables flexibility and scalability, allowing organisations to gain a more consistent security posture as well as the option to avoid losses from existing technological investments.
Due to the fragmentation from complex processes and tools, decision makers face tough questions over the cost of implementing an overarching cybersecurity infrastructure.
A unified mesh architecture reduces time spent on deployment and maintenance, freeing up cybersecurity teams for more value-added activities. On the other hand, this model enables channel partners to provide customers with a more robust solution – and add real value – through a broad portfolio of genuinely integrated solutions.
How does CSMA help futureproof organizations so they can manage distributed solutions centrally and act on threat intelligence quickly?
Ng: Organizations are facing notable challenges as they aim to fortify their cybersecurity architecture and drive business goals. The most significant of these include security perimeter fragmentation, breaking dependence on silos by bridging the gap between security and networking as well as security consolidation in a multi-cloud strategy.
The cybersecurity mesh is set to remain a fundamental trend in coming years because it addresses these issues, providing centralised management and enhancing visibility.
Additionally, unifying protection tools to cover all access and endpoints ensures security policies can be applied to all segments of the organisation’s environment. The cybersecurity mesh also offers the flexibility to utilise firewalls and network control tools to isolate a threat from attacking the entire infrastructure. As a result, businesses are able to attain savings on expenditure by reducing their reliance on workstations needed for managing disparate and widely distributed solutions.