Silos Are a Cybercriminal's Best Friend

Silos Are a Cybercriminal’s Best Friend

Written by Jon Bove
September 6, 2018

Today's attacks are designed to exploit vulnerabilities and dive deep into the network without leaving a trace. This enables lateral movement, in which bad actors search for resources to take over or data to exploit, all without detection.

Cybercriminals by definition don’t play by the rules. They aren’t constrained by org-chart-diagrammed lines of business, carefully guarded network domains, narrowly deployed security solutions or compartmentalized technology teams. They look at your customer’s network as a single entity and will take every opportunity for lateral movement. That means they may have better visibility into an organization’s network operations and architecture than many of the folks who actually work there.

This “silo effect” is dangerous. It’s also way too prevalent.

As cybersecurity needs have evolved, organizations have deployed one-off security solutions in different areas of the network and cloud infrastructure that often require individual management. As a result, threat intelligence is isolated, so detecting sophisticated attacks requires the sort of manual correlation that most organizations simply do not have the resources to support. For MSPs, the mandate is to break down these walls and provide integrated security solutions.

As to how to convince line-of-business decision-makers, look no further than the shift to a digital business model. Data is the currency of today’s economy. Collecting it, generating it, mining it and finding ways to make it available to both employees and consumers are measures of success. But while workflows and data now move freely between one network ecosystem and the next, the institutional culture building these systems still has hard lines drawn between domains and lines of responsibility, and they protect zones of personal control that have developed over years or even decades. In such an environment, establishing consistent visibility, management and security protocols that span the network can be next to impossible.

6 Top MSSPs Share Their Sales Secrets: Struggling to sell managed security? These peer experts have some tips for you.

Malicious actors know this and use it to their advantage. Fortinet’s first-quarter Threat Landscape report reveals that the number of unique exploit detections grew by over 11 percent, to 6,623. And at the same time, 73 percent of companies experienced a severe exploit during the quarter. Our data seems to indicate that cybercriminals are getting better at matching exploits to their targets. I can attest that organizations with institutionalized controls and rigid hierarchies that isolate personnel and restrict resources to teams with specific silos of responsibility tend to be more vulnerable to today’s sophisticated attack strategies. The fractured infrastructure resulting from this model allows attackers to hide in the gaps between control systems.

Likewise, complex, multivector attacks are difficult to identify when a team has access to only a limited sphere of functionality. And malware that can mimic legitimate traffic is especially difficult to detect when the team responsible for security has no control over the data or resources being consumed or delivered by another team.

Mind Those Gaps

Security-focused partners are in a good position to help customers reconsider how they plan to stay ahead of the criminal community that wants to steal, hijack or ransom their data. You are an impartial, outside observer who may see schisms that the company doesn’t even realize may be putting its data at risk.

Once you get their attention, there are four steps to begin implementing effective security services help bridge the gap between traditionally isolated security devices.

Technology integration. Because today’s threats are so sophisticated, customers need to integrate security solutions so they can work as a unified system to find and respond to even the fastest and most stealthy attacks. Building a fabric-based security framework around open APIs and a common OS enables those security technologies to span the distributed network as a single, integrated security solution. By weaving different security technologies together using a common framework, you can help customers effectively share and correlate threat intelligence and collaborate to adapt and respond to threats, regardless of which zone of the network or which team owns and manages the asset being targeted.
Unified intelligence. In a unified security strategy, all solutions must operate using the same set of policies, protocols and intelligence. Adding a common threat-intelligence service to a fabric-based security strategy ensures that different security tools deployed across the infrastructure are on the same page when it comes to looking for and discovering new threats.
Consistent application of services. When you offer a uniform set of security services that spans your customers’ ecosystem of networks, they can tie different and disparate security solutions together even further. These services, such as sandboxing, intrusion prevention, virus-outbreak prevention or application controls, allow you to use a common set of intelligence and techniques to better identify, correlate and respond to threats in a coordinated fashion, regardless of where a threat is detected or where security resources are located.
Process automation. Human decision-making delays can no longer be tolerated as the time between a breach and the compromise of data or resources continues to shorten. To address this growing challenge, offer decision-making and analysis engines that take humans out of the loop. Leveraging AI engines and automation to perform the vast majority of decisions and analysis at speed and scale would not only close the gap on threat impact, but also allow humans to reallocate resources to focus on the really hard remaining decisions, where human cognition and intervention are required.

Cybercrime has evolved faster than the typical piecemeal security strategy can defend against it. Wide-reaching knowledge of the attack landscape and the ability to respond quickly at multiple levels are the only ways to provide the level of security needed now. By providing such services, you will ensure consistent enforcement and security effectiveness, regardless of how complex your customers’ network environments may be.

Jon Bove is the vice president of Americas channels at Fortinet. In this capacity, Bove and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the United States as the company seeks to help them build successful – and profitable – security practices. During his time at Fortinet, he has been responsible for establishing Fortinet’s national partner program and aligning Fortinet’s regional partner strategy to allow partners to develop Fortinet security practices with the tools and programs to successfully grow their business.