Expand Customers’ Security Through Intent-Based Segmentation
… segmentation policies between traditional, SD-WAN and multicloud environments.
To do this, IBS needs to be able to perform four critical functions:
- It needs to be able to translate high-level business language into segmentation policy.
- It needs to implement and enforce policies across the network automatically.
- It needs to continually monitor the state of the data or devices being segmented.
- It needs to use machine learning to choose the best way to implement a segment, constantly monitor it and automatically take corrective action if anything should change.
Intent-Based Segmentation Strategic Approach
Helping your customers establish an effective segmentation strategy requires a 3-D approach that combines security technologies with professional security services.
- First, define where segmentation needs to be applied. This requires understanding how your customer is conducting business and which resources their workflows, applications and transactions need to access to do their jobs. Addressing those segmentation requirements needs to encompass all prevailing micro, macro, application and nano-segmentation techniques, and also needs to extend to all endpoints and devices, whether physical or virtual, and whether or not they can run any agents. For example, Chromebooks and multifunctional printers need to be segmented in spite of any constraints on traditional security. IBS is more comprehensive than conventional approaches because it covers all of the extended network and infrastructure assets of a modern organization.
- Second, determine how trust is established and monitored. IBS not only employs existing network and identity-based mechanisms, but it can also incorporate more agile and innovative mechanisms like using business logic. Trust can then be monitored using a third-party trust engine, and information can be collected and communicated across multicloud deployments to either allow or disallow access to a segmented network resource based on user behavior, actions, policies and risk assessment
- Third, determine what security inspection is going to be applied to the segmented traffic. This could be as simple as providing full visibility across the segment, or in-depth by imposing comprehensive security such as deep inspection of encrypted data or advanced threat protection such as sandboxing. This dimension is necessitated by the fact that even trusted users can unknowingly become infected with malware, and an unsecured device can then provide a platform for hackers to penetrate the network segment, thereby violating the established boundaries of trust. By some estimates, as much as 65 percent of global data traffic is now encrypted and if you are not doing a full inspection, then you do not see that traffic.
Offer Services to Help Secure Digital Networks
Securing today’s highly dynamic and flexible networks requires your customers to adapt to network and application changes at machine speeds. IBS allows them to automatically convert business objectives into security policies that not only seamlessly span the network but also automatically adapt as those objectives evolve.
However, none of this is possible until you help your customers make some fundamental changes to their security strategy and infrastructure. Until their internal security framework can see across the network, share and correlate threat intelligence, and respond to threats as a unified system, they will not be able to take full advantage of the opportunities being created in the new digital economy without also assuming unacceptable levels of risk.
Jon Bove is the vice president of Americas channels at Fortinet. In this capacity, Bove and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the United States as the company seeks to help them build successful – and profitable – security practices. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales-leadership and channel-leadership positions. During his time at Fortinet, he has been responsible for establishing Fortinet’s national partner program and aligning Fortinet’s regional partner strategy to allow partners to develop Fortinet security practices with the tools and programs to successfully grow their businesses. Follow @Fortinet on Twitter or Bove on LinkedIn.
- Page 1
- Page 2