Cybersecurity Mesh Architectures: Fortinet CISOs Discuss The Importance
The expanding attack surface, increasingly sophisticated cyber threats and network security complexity create challenges for organizations in virtually every industry. A cybersecurity mesh architecture is an approach that is designed to create a collaborative ecosystem of security tools operating across the digital infrastructure. The primary objective is to place security everywhere it’s needed, anywhere in the network, even as users, devices, and applications multiply and become more mobile. Fortinet Field CISOs Alain Sanchez, Joe Robertson, and Courtney Radke joined us to discuss the approach and what it means for CISOs.
What does a cybersecurity mesh architecture approach mean for CISOs?
Alain: With the explosion of edge devices, the complexity of the architectures, and the paramount importance of securing our hyperconnected world, the old-school approach of using security point solutions that aren’t natively integrated doesn’t make sense anymore. In the past, some level of security could be reached by wrapping a layer of interconnectivity around security technologies. But these days are gone. Integrated, automated platforms that provide visibility and trigger superfast defense mechanisms are being adopted even as we speak.
Joe: In fact, Gartner® has done a good job of succinctly describing how to streamline threat defenses with its Cybersecurity Mesh Architecture (CSMA) in its report, Top Strategic Technology Trends for 2022: Cybersecurity Mesh.1
Because cybersecurity is so complex, streamlining cannot be done by simply removing devices. If anything, organizations will need more tools to detect ever subtler tactics and techniques in the future. To reduce complexity, devices need to share threat information and shrink the gaps that attackers slip through. Many executives I meet with are looking to consolidate vendors down from 40 to 50 to a more manageable 5 to 10. But to simplify without losing security coverage requires interoperation and communication among devices.
Courtney: The timing of this discussion couldn’t be more appropriate. We’ve seen the number of security vendors increase significantly and become more pervasive. With that said, CIOs have been looking at the consolidation of technology and functions for some time now. Almost every tech leader I speak with has expressed a desire to decrease sprawl, reduce unnecessary singular-use products and widgets, and move into a more cohesive platform approach.
What are the key attributes of this new security architecture?
Alain: A cybersecurity mesh architecture is how advanced security strategies are designed as we speak. The explosion of edges is already a reality, and mobility and work-from-anywhere are now second nature for a large percentage of the connected population over the last 24 months.
The pandemic accelerated the trend toward a mesh architecture, but many organizations were headed that way already with the focus on platforms and integration. For example, securing the OT environment requires seeing, monitoring, and acting on a scale that is broader than the typical IT inventory. This visibility needs to go beyond the company boundaries and deeper into packets. At the same time, corporations of all sizes are seeing the need for a native and direct integration of concepts like zero-trust network access (ZTNA) and endpoint detection and response (EDR) as part of their strategies. And because the human brain is not fast enough to correlate and evaluate the damage of events happening in different locations, automation is a must these days.
Broad reach, native integration, and advanced, artificial intelligence–based automation are the key attributes of this mesh approach. They are precisely the core attributes of the Fortinet Security Fabric, which was introduced in 2016.
Joe: The key ideas behind a cybersecurity mesh architecture are:
1. A wide variety of security devices, tools, and applications are needed to identify, block, and quarantine attacks.
2. The devices should share threat intelligence by communicating with each other directly, preferably using standardized formats rather than through a SIEM or SOAR intermediary.
3. The devices in the mesh should be able to take on-board threat intelligence from a variety of external sources, such as the Cyber Threat Alliance, MITRE, CISA, and vendors.
4. The mesh should be able to incorporate scripts, playbooks, artificial intelligence, and machine learning to correlate, analyze, and respond to threats, attacks, and unusual behavior in real time.
Courtney: Like other industries, a technology explosion has been occurring in retail. They want to learn more about their consumers, create more tailored and consistent experiences, and hopefully gain more loyalty and wallet share. As we know, adding technology often comes at a cost to security. Many times, there is a lack of focus on protecting the whole environment cohesively in favor of the individual pieces. I see the security challenges manifest in three ways:
1. You cannot protect what you can’t see. Do you have the tools and services in place to detect advanced threats, even in encrypted traffic?
2. You cannot see where you aren’t looking. Does your visibility extend across your entire digital landscape?
3. When you see something, can you identify it? What intelligence sharing exists between teams, tools, and partners to better mitigate risk and reduce dwell time?
A cybersecurity mesh architecture aims to consolidate visibility, policy management, identity, and intelligence into a single consumable platform that stretches throughout the entire attack surface, reducing security gaps and blind spots more effectively and affordably than performing these roles separately.