Aamir Lakhani, senior security strategist at Fortinet, chats about the new FortiGate Cookbook which focuses on the fundamentals of network protection, and the takeaways at Fortinet's talk on advanced persistent threats at Black Hat USA 2015.
Q: Aamir, the increasing number of corporate data breaches and the growing amount of sophisticated malware targeting corporate networks and employees' PCs has had quite an effect on the market for next-gen firewalls. What is Fortinet's latest technology for countering these attacks on the enterprise?
Aamir Lakhani: Fortinet products are powered by FortiGuard Advanced Research Labs. FortiGuard proactively hunts and protects against the newest and most complicated attacks.
Fortinet products -- including Endpoint Security, Advanced Threat Protection and Sandboxing, AV and Malware, IPS, Web filtering, and Mail and Web Gateways -- benefit directly from the research at FortiGuard. Along with our products, our advanced analytics and behavioral analysis protect customers against both insider and external threats, detect and stop most APTs, and provide unmatched visibility and awareness into their organization's threat landscape.
At FortiGuard Labs, we dissect each threat and examine the multiple attack vectors in order to implement multiple protection engines. Additionally, our zero-day researchers are proactively working with top hardware and software vendors to uncover zero-day threats and ensure that our products protect against them. This includes the latest threats against operating systems, popular software, mobile devices, and devices classified within the Internet of Things.
Q: Your brand new FortiGate Cookbook Web site focuses on the fundamentals of network protection. What are some of the recipes in that cookbook that will interest security pros?
Lakhani: Remote Internet browsing using a VPN is a great recipe in the Cookbook that organizations can use to protect their mobile users who frequently travel and connect to open wireless networks or vulnerable hotspots. Remote Internet browsing using a VPN demonstrates techniques and configurations that protect users, provide a reasonable expectation of privacy, and don't consume all of your bandwidth.
Q: I understand that your focus at Black Hat USA 2015 will be advanced persistent threats (APTs). What will be some of the takeaways for conference-goers who plan on attending the Fortinet talks there?
Lakhani: Fortinet threat research teams at FortiGuard Advanced Threat Research Labs will show that the volume, frequency, and complexity of attacks are increasing. We are seeing trends move away from simple credit card breaches to threats against personal identification and intellectual data. CryptoLocker was one of the first types of malware to be classified as ransomware that infected organizations, and we expect to see an upward trend in ransomware. In 2014, we had a major breach every month. In 2015, we would not be surprised if we see a breach every few weeks. It is no longer a question of if organizations will be hacked, but rather when. Fortinet will provide unparalleled detection and visibility to uncover and stop these advanced attacks.
Q:You've chosen to be a Platinum Sponsor of Black Hat USA 2015. Give me a few reasons why you think others may want to do the same.
Lakhani: Fortinet is the worldwide leader in security protection and detection devices. Fortinet understands region-specific threats and challenges in Asia and how they play out on a global stage. We are thrilled to partner with Black Hat to promote a safer and more secure Internet.
Simon Crosby, co-founder and CTO at Bromium, talks about the results of a survey of 100 information security pros asking about their greatest challenges and risks, and his recommendations for minimizing losses in case of ransomware infection.
Q: Simon, you just conducted a survey of over 100 information security professionals asking them what currently are their greatest challenges and risks. Fill me in on some of the results.
Simon Crosby: The primary focus of this report was on end users because previous research conducted by Bromium revealed that an overwhelming majority of information security professionals believe end users are their greatest security headache -- a trend that continued in this report. When we drilled down into why end users are such an issue, we found that nearly two-thirds of information security professionals are concerned with end users clicking on suspicious Internet content. The majority of the risk seems to come from malicious URLs, but malicious e-mail attachments are also a concern.
One reason that malicious Internet content is such a risk is because threat detection and response are complex and time-consuming. Bromium analysis reveals an alarming 62% of organizations investigate or respond to 50% or less of their security alerts – and only 15% of organizations investigate or respond to 90% or more of their security alerts.
This represents a huge security gap. What is the value of a security alert if information security professionals are not taking the time to investigate and respond to them? Just ask Target. There is no value! Detection is worthless without action, yet the overwhelming majority of information security professionals are unable to cope with the volume of their security alerts.
Q: Bromium recently released a report on ransomware, talking about the trend towards the malware's increasing sophistication. What are some of the recommendations you give clients on how to minimize their losses in case of infection?
Crosby: There are no tools or solutions that can unlock these files after attack, so the only defense is protection. Users should avoid clicking on suspicious files, e-mail attachments, and URLs. Make sure to frequently patch operating systems, Internet browsers, and extensions. Of course, next-generation protection solutions like Bromium can prevent these attacks. Additionally, in the case of compromise, the impact of the attack can be minimized by frequently backing up your files on an external hard drive.
Q: I know Bromium's expertise is focused on how and why the majority of attacks begin at the endpoint ... and how and why endpoint security needs to evolve past detection-based solutions to include proactive protection. Is that what you'll be discussing at Black Hat USA ... and, if so, what will be some of the takeaways?
Crosby: When more than 70% of breaches begin at the endpoint and nearly 80% of information security professionals state that users are their biggest security headache, it should be obvious that the endpoint is the beachhead where cyber security battles wage. However, we have seen that detection-based solutions -- such as anti-virus -- are woefully inadequate at preventing attacks, which is why so many breaches begin at the endpoint. Additionally, even "defense-in-depth" approaches to security can be subjugated through Kernel vulnerabilities. The information security model is outdated. It is time to embrace a new paradigm that is focused on proactive protection, enabled through the isolation of unknown and untrusted content, to prevent it from ever coming into contact with valuable enterprise resources.
Q: Bromium is a Platinum Sponsor of Black Hat USA 2015. Why has the conference become such an important part of your marketing strategy?
Crosby: Black Hat is where the rubber meets the road. It is where information security research and information security solutions meet and interact in a very real and practical way. The research presented at Black Hat can set the agenda for many information security professionals. And the information security solutions on display can help these information security professionals address the challenges they may face in the coming year.
Steve Perkins, chief marketing officer at Accuvant, discusses its Quick Start Service which is designed to help clients quickly roll out a new technology, and why Accuvant chose to be a Platinum Sponsor of Black Hat USA 2015.
Q: Steve, in a recent blog, one of your practice resource managers talks about encryption of data being the solution to corporate breaches. Is that truly the silver bullet that Accuvant is recommending to contain breaches?
Steve Perkins: That blog states, "Encrypting files, archives, or other methods of storage, unfortunately, is not the end-all be-all solution to corporate breaches. However, encryption will buy you time, if properly implemented." The author further states that encryption is not a silver bullet but can be an essential part of a layered defense.
Security is a dynamic business. Personally, I don't think there are any silver bullets. The solution is bigger than just products or services. It's products, services, people, processes, strategies and tactics, in-house and managed. All of these pieces pulled together in an ongoing programmatic way, tailored to an organization's unique needs and circumstances -- that is the solution.
Q: Accuvant has recently been touting its Quick Start Service which are designed to help clients quickly roll out a new technology in their environment. How does that work?
Perkins: Our Quick Start Service is a way for companies with new technologies to deploy them rapidly in their environment. We take our expertise, leading industry practices, and in-depth product knowledge and put that to work for our clients to have them up and running quickly. We also provide them with documentation and knowledge transfer to help get staff trained on a particular product. Using our Quick Start Service helps clients realize better ROI and helps keep investments from becoming shelfware.
Our Quick Start Service is just one of more than 100 different offerings included in our comprehensive suite of advisory, architecture and implementation, managed security, applied research, and training services. We address our clients' needs by providing solutions from the strategic all the way through the tactical level, serving as a single partner that clients can work with regardless of their security requirements.
Q: You recently merged with FishNet creating what's being called a $1.5-billion "security behemoth." What should your clients – and those of FishNet – expect from the merger? How will it affect them?
Perkins: The coming together of Accuvant and FishNet Security provides our combined client base of more than 10,000 organizations with greater benefits through improved access to resources, services, and solutions. Our new, combined company offers:
Our new company will be making significant investment in our managed services platforms, consulting offerings, and technology solution sets. We also will invest heavily in research and innovation at every level – on the Internet of things, advanced vulnerabilities of products, and the most effective applications – and even at the security program level. And our focus on making this organization the best place to work in the industry with unprecedented opportunities will help us to continue hiring the best and brightest individuals. The results of these investments will allow us to evolve how organizations form and build successful security programs that aim to solve today's most complex security challenges.
This union is already having a positive impact on clients. It brings together proven and complementary information security expertise and solutions, dramatically advancing our company's capabilities, expanding our geographic footprint, and enabling us to more effectively help organizations address the growing threat landscape.
Q: You are a Platinum Sponsor of Black Hat USA 2015. What made Accuvant decide to make that move?
Perkins: Black Hat USA is a unique event in that it brings together some of the best technical minds in the industry to present cutting-edge research and training courses, as well as senior-level security professionals and business executives trying to understand the evolving threat landscape. Having the opportunity to engage with this broad audience is why we participate year after year. And year after year we've been successful with recruiting talented individuals as a result of our involvement at Black Hat. This year, we're excited to participate in the Business Hall (#135) and are planning various other activities for that week to take full advantage of this great opportunity.