INTELLIGENT MOBILE TECHNOLOGY
about exponentially increasing just the raw processing power
that is needed. Let alone ways to see across the variety of network
ecosystems in place in order to anticipate and stop a threat, while
simultaneously closing that vulnerability anywhere else it may exist.
So, what do we do differently? Today there is a need to deploy
network resources elastically across an expanding and changing
ecosystem. This new reality makes managing your security
deployment, one security vendor, at a time increasingly challenging.
Sophisticated threats and distributed networks require cross-
referencing data from a variety of tools to detect and respond to
threats. Isolated security solutions from multiple vendors make that
increasingly challenging.
Instead, organisations need to weave their security solutions
into a single, flexible framework that can be spread across the
network and can dynamically adapt as the network evolves.
Purpose-built security devices not only need to be deployed
at network connection points across the distributed network
ecosystem, where they can monitor and inspect local traffic, but
they also need to be connected together through an intelligent
Kalle Bjorn is Director of Systems Engineering at Fortinet.
malicious traffic to thereby reach the application infrastructure.
To really address this challenge, organisations need to
also implement a second tier of security to their encrypted
connections. That is, actually examining the applications and
content inside these encrypted connections. The challenge is
that when so much of your traffic is encrypted, this degree of
inspection puts a vast amount of pressure on the performance
requirements of security.
Make no mistake, inspecting SSL requires some pretty heavy
lifting when it comes to encryption and decryption. And we are
just looking at the tip of the iceberg here, because in addition to
increased performance requirements, exponential increases in data
means you will have to do this at an unprecedented scale as well.
Let us focus on IoT devices for a moment. IoT devices
are fairly chatty due to the number of data points they are
collecting, and they also share all of this collected data with some
centralised infrastructure. In addition, they are not necessarily
built on a well-vetted code base, primarily due to a need to
address the market quickly.
Other IoT devices use thousands of sessions and were not
really tuned with network resource consumption in mind. Imagine
a network managing access for tens of thousands of such devices.
This can be a huge problem for any network. When you start
multiplying every node by a thousand sessions and then add
sustained or concurrent sessions, you are looking at a scenario
that is going to overwhelm virtually any access point on the
market. Then try to do all that over SSL. It is going to generate an
insane amount of traffic.
Today’s trend towards complex interconnected network
environments presents a substantial security challenge. Once you
consider applying behavioural analytics and deep application
inspection to highly encrypted SD-WAN traffic, you are talking
We are not just facing
another familiar security
challenge. What is
heading our way is
literally unlike anything
we have seen before and
we need to prepare now.
fabric that provides a single view across the network to enable
the distribution and orchestration of a unified and adaptable
security policy.
They also need to share and correlate global and local threat
intelligence in real time, regardless of the environment they have
been deployed in, automatically coordinating an effective and
comprehensive response throughout the network, and as close to the
threat as possible.
We are not just facing another familiar security challenge.
What is heading our way is literally unlike anything we
have seen before and we need to prepare now. Thoughtful
engineering and careful planning, including the selection,
deployment and integration of security tools designed to work
together across highly elastic and adaptive environments are
necessary if we are to meet the requirements of the new digital
economy. This is our reality. Those that do not make this
transition may not survive.
45