SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Fortinet's advanced threat protection: Breaking the kill chain
Tue, 25th Aug 2015
FYI, this story is more than a year old

Cyber criminals are getting smarter. No longer satisfied with simply stealing credit card details or defacing web sites, today's malware mavens want to destroy reputations, disrupt commerce and bring the internet to its knees.

The vehicles for this on-line mayhem are called Advanced Persistent Threats (APT). They infiltrate without detection, stay hidden and then execute on demand. And because APTs can morph ‘on the fly', traditional signature-based network security is struggling to keep up.

It's not the known threats that are today's biggest challenge, it's the unknown ones. So how can you protect against what you don't know?

Prevent: Known threats

“Taking care of known threats is business as usual,” says Andrew Khan, Business Development Manager - Fortinet at Ingram Micro, distributor of Fortinet's market leading FortiGate Next Generation Firewalls and associated network security solutions.

“An up-to-date firewall, secure email gateways and endpoint security keep most malware out of your network. But unknown malware and targeted attacks, however, can hide themselves and sneak by traditional network security.

"This is why savvy network managers are adopting a ‘defence-in-depth' approach… If malware gets by one barrier, it gets stopped at the next one in a multi-layered defence.

Detect: The unknown

Fortinet's advanced threat protection, backed by 200 full-time security researchers at the FortiGuard laboratory, can detect previously unknown threats and create actionable threat intelligence. One tactic Fortinet employs is Sandboxing.

“Sandboxing shunts potentially malicious software into a ‘neutral zone' so its full behaviour can be observed without affecting production networks,” continues Khan.

“This is an effective way to combat many of today's attacks, especially those that are time sensitive, the so-called zero-day threats. But the bad guys are hard at work finding ways to circumvent sandbox protection. That's why it's important to stay updated: just as criminals evolve, your system needs to as well.

Mitigate: Taking action

The prevention of threats into the network is the first priority for any security system. A clear detection and remediation process is just as critical in case malware gets by the first barriers.

“Once an intrusion has been validated,” continues Khan, “users, devices and content should be quarantined. Ideally you'll have systems in place to ensure the safety of network resources and organisational data.

"Collaboration is also critical. FortiGate / FortiSandbox forwards detected malware to the FortiGuard lab where it is analysed in depth. Then updates are fed back to the different services on the network to provide every layer with the right mix of up-to-date protection.

“Today's network security isn't one particular product or methodology,” concludes Khan. “It takes integration and collaboration between multiple technologies, products and procedures.

"Deploying a multi-layered approach with established and emerging technologies is the most effective way to keep your networks safe and break the kill chain of Advanced Persistent Threats.

For further information, please contact:

Hugo Hutchinson Business Development Manager P: 09-414-0261 | M: 021-245-8276