Automated network security through openness
- 21 February, 2019 13:52
Today's threat landscape is both complex and fast moving. New threats emerge daily, constantly challenging security teams trying to track them down. As a result, there is a push to use more analytics, reporting and automation to understand what's going on and handle threats quickly.
In order for this to work, data from security applications and appliances need to be easily accessible to automated response systems so common threats can be quickly handled without the need for hands-on intervention. But this requires a degree of openness from vendors in the security market. Data needs to be sent between machines using agreed standards. That data can be used to trigger responses, that are accessible through application programming interfaces (APIs), when events are detected. Without cross-vendor openness, true multi-platform integration and automation isn’t possible.
Until recently, many security developers had systems that did this, but they only worked within the vendor's own ecosystem. Fortinet has moved to bridge the gap between different security solutions by making its platform API driven and opening those APIs to third parties. This avoids single-vendor lock-in and allows businesses to leverage existing security investments while moving to a more automated threat response posture.
Fortinet Fabric Connectors allow information from different parts of the security infrastructure, and multiple vendors, to work with a wide variety of different infosec solutions. Fabric Connectors synchronise security with dynamic operational changes and automate security tasks. They also support DevOps processes while protecting everything from the smallest IoT device through to critical cloud and on-premise infrastructure.
Automation adding value
Being able to automate processes across platforms from multiple vendors allows different services to be integrated. This covers everything from auto-scaling to service deployment and threat response. When a system is running at its maximum memory capacity, an alert could automatically trigger the availability of more memory from a cloud service. Or when a client signs up with a Managed Service Provider (MSP), the sign on process can deploy VMs from one vendor, a firewall from another and network services from a third.
The fabric works with multiple vendor solutions so there is no need to "rip and replace" existing systems in order to reap the benefits. Fortinet's cloud support is broad, covering both first and second tier cloud companies with AWS, Azure, Google and ServiceNow amongst more than 80 partners.
Within enterprises, there are clear use-cases. For example, a security event can be recorded in the SEIM, resulting in an alert. Rather than sending a message to a human operator for a response and action, the alert can trigger a response in an IT service management (ITSM) tool. This can automatically raise a ticket, quarantine the infected machine, and report the response to a dashboard so teams are aware that a threat has been thwarted.
As well as reducing the number of people required to manage threats, the response is far faster than any human can deliver, mitigating the risk of extended damage. MSPs can also leverage this connective fabric to automate a wide variety of tasks.
When a new customer is onboard, the API-driven automation can be used to deploy new virtual machines and update network configurations. Essentially, any service that a customer requests through a portal can be automated and deployed using Fortinet Fabric Connectors.
This common language works across physical networks, public cloud and private cloud infrastructure making it a critical solution as most vendors work within one environment with integration across platforms a challenge. Having a single control point that works across private, public and local systems simplifies management and allows for cross-platform integration.
Adopting this API-driven, standards-based approach doesn't only simplify automation. It also means the vision of a single interface for managing disparate systems is closer than ever before. FortiManager provides a central point where all these cross-platform functions can be viewed and managed. This is vital for MSPs managing complex, multi-customer environments or entries with multi-platform infrastructure.
Over the last few years, many vendors have added automation and integration to their platforms. But making that capability broadly available and accessible to both partners and competitors has remained a challenge. But there is a way forward through open APIs that can be used to capture information and automatically respond to inputs.
Click here to contact the Ingram Micro Fortinet Team.