In an increasingly digitalized world, where data breaches and cyber attacks have become a daily occurrence, the importance of safeguarding our networks and data has never been more crucial. As technology evolves at an unprecedented pace, so do the threats that target our valuable information. Enter Fortinet, a leading provider of network security solutions that understands the significance of openness in combating these ever-evolving dangers. In this article, we will explore how Fortinet’s commitment to openness not only enhances their own products and services but also contributes to strengthening the overall security landscape.
The Significance of Openness in Safeguarding Our Networks and Data through Fortinet.
In recent years, we’ve witnessed cybercriminals enhance their operations and introduce more sophisticated tactics in efforts to compromise organizations around the globe. All we need to do is look at recent news headlines to know that attackers’ efforts to expand and infiltrate corporate networks have been and continue to be prevalent. From research showing that nearly a third of APT groups were active in 1H 2023 due to the continued growth of ransomware, every organization, regardless of size or industry, is now a target.
No single organization can combat cybercrime alone, even with the most effective technologies and skilled security professionals in place. Greater collaboration and transparency across public and private sector organizations are required to fight cybercrime effectively, and every business has a role to play.
During our recent Fortinet Security Summit, Hugh Carroll, head of government affairs at Fortinet, sat down with Suzanne Spaulding, Fortinet Strategic Advisory Council (FSAC) member and former Undersecretary for the National Protection and Programs Directorate (NPPD) for the Department of Homeland Security, and Dr. Carl Windsor, senior vice president of Products and Solutions at Fortinet, to discuss the importance of transparency in protecting our networks and data. Below are highlights from their conversation.
Greater Transparency Drives Better Security
When an organization is under attack, there’s a strong chance that other organizations in the same industry or geographic region are experiencing – or will experience – the same type of attack. This is why increasing our collective sharing of threat intelligence and vulnerabilities—enables what Spaulding calls “fighting in the light”— is vital to protecting enterprises and thwarting potential breaches. As disparate organizations uncover new threat intelligence or vulnerability insights, they should consider how greater transparency will make everyone more secure. “There are so many adversaries [attempting to steal] information,” she noted. “Whoever can figure out how to operate in a transparent world most effectively is going to have the advantage.”
Windsor echoed Spaulding’s thoughts, noting, “Sunlight is the greatest disinfectant.” When organizations get in the habit of sharing critical insights as quickly as possible, security professionals have a better opportunity to effectively protect against a new threat or vulnerability. “That gets us one step ahead of the adversaries,” Windsor concluded.
The need to normalize Transparency:
Spaulding and Carroll agreed that the security community must normalize transparency and information sharing for organizations to collectively advance their fight against adversaries. “Everyone is getting attacked every day. We need to eliminate the stigma associated with that,” Spaulding urged. “And the same thing has to happen now with respect to vulnerability disclosures.”
A recent Forbes article reinforced this point, emphasizing, “If a cybersecurity company claims to have zero vulnerabilities, that should be a red flag. If you see a vendor that claims no vulnerabilities, that’s almost certainly because of a lack of disclosure, not a lack of issues.” This ultimately can pose a significant cyber risk for customers.
While U.S. government agencies like CISA, NSA, and the FBI collaborate to make critical information available to security practitioners, Spaulding also stressed the importance of vendors being more forthcoming about vulnerabilities in their products. “All software is going to have vulnerabilities. So the real question is, how soon are you [as the customer] going to find out about those vulnerabilities so that you can take the appropriate mitigation measures?” she asked.
When asked about what considerations customers should weigh regarding best practice mitigation measures to incorporate in their review of cybersecurity solutions, Windsor recommended that security leaders look at an organization’s website, reviewing their published vulnerabilities, to quickly ascertain whether transparency is in their DNA. “[If you look at our website, you’ll see] advisories that we publish. We put them out regardless of whether we discover those vulnerabilities internally or not. Some vendors don’t publish all their vulnerabilities, which is problematic because then users and customers don’t know they need to upgrade or patch their devices.”
Embracing "Shift Left" Security:
In addition to calling for greater transparency and information sharing, Spaulding and Windsor discussed the need for vendors to increasingly take a “shift left” approach to security.
Windsor spoke about Fortinet’s approach to enhancing its secure product development lifecycle, making the organization’s technologies secure by design and secure by default. “The goal of what we’re trying to achieve is to shift security left,” he said and continued “to get to the point where we’re not having vulnerabilities come out into production code.” Windsor added, “We’re also doing things like threat modeling to design vulnerabilities out of the product in the first step.”
More Insights from the Third Annual Fortinet Security Summit
Fortinet recently hosted more than 500 executives, experts, and thought leaders at the Silverado Resort in Napa Valley, California, for its third annual security summit to discuss the most pressing issues in cybersecurity. Learn more about the Fortinet Security Summit and read additional insights from the event.
In conclusion, the significance of openness cannot be overstated when it comes to safeguarding our networks and data through Fortinet. By embracing an open approach, organizations can effectively address the ever-evolving challenges of cybersecurity and stay one step ahead of malicious actors. The openness philosophy allows for seamless integration with third-party technologies, enhancing visibility and control over network traffic. It also promotes collaboration within the cybersecurity community, fostering innovation and knowledge sharing. Therefore, it is imperative for organizations to prioritize openness in their cybersecurity strategies and invest in solutions like Fortinet that embody this principle. Together, we can create a more secure digital landscape for all.