Story image

Fortinet’s Advanced Threat Protection: Securing your datacentre

15 Apr 16

Your datacentre, the data you hold and the application services you host are all directly in the cross-hairs of hackers, spies and opportunists of every stripe. And why not? Stolen data is a commodity worth money (or bitcoins!) on the open market.

The minute you advertise your datacentre and ‘as a service’ offerings you are putting up a big fat target for cyber-criminals. You are saying to the dark side that ‘my datacentre is safe and secure and you can’t break in’. But can you back up your claim? Can you secure your customer’s data from all threats, especially criminals who are prepared to make a major effort to break into your network?

“Is any network 100% safe?” asks Andrew Khan, Fortinet senior business manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber-security solutions. “Of course not. Even the White House, the Pentagon and the Kremlin get hacked. And they have massive security budgets and thousands of full-time black and white hat experts. But you can make it extremely difficult for all but the most well-funded and relentless crooks to even come close to getting inside your datacentre. How? By hardening your defences inside and out.”

Advanced persistent threats
Today’s most damaging attacks, typically classified as Advanced Persistent Threats (APT), occur across the spectrum of possible attack vectors. Innovative malware, zero-day vulnerabilities and emerging evasion techniques can all render a single approach problematic.

“A deeper, more comprehensive approach is needed,” says Khan, “to counter these increasingly sophisticated attacks. Fortinet, and other security vendors, are all working hard to build a multi-layered defence-in-depth framework for combating these APTs.”

Prevent – The known threats
Most malware is already known. Last year, nearly a quarter of malware was more than ten years old and almost 90% discovered before 2014.  Known threats can be blocked through next-generation firewalls, secure email gateways, endpoint security and other technologies. Previously unknown malware and targeted attacks, however, can hide from these measures. Dodgy traffic that seems suspicious should be handed off to the next point of your multi-layered defence.

Detect – The unknown
Today’s more sensitive filters can detect previously unknown threats and create actionable threat intelligence. Sandboxing, for instance, isolates potentially malicious software in a sheltered environment so its full behaviour can be observed without affecting production networks.

“But sandboxing alone can’t stop everything,” continues Khan. “Attackers respond to new technologies by figuring out how they work and then finding ways around them. Indeed, smart crooks are already trying to compromise sandboxes. That’s why it’s important to stay updated. Just as criminals evolve, your datacentre defences need to keep up as well.”

Mitigate – Taking action
Once an intrusion has been validated, users, devices and content have to be quarantined. “You need to have automated and manual systems in place to ensure the safety of network resources and data,” says Khan. “That’s to contain the damage. But you need to fight back. FortiSandbox, for instance, automatically forwards any new threats to the FortiGuard Labs for analysis, de-construction and remediation. This results in updates being fed back to the security devices and providing every layer with up-to-date protection.”

Integration is key
“It’s not one particular technology that’s driving Advanced Threat Protection (ATP),” says Khan. “It’s the integration and collaboration amongst all of them. ATP relies on multiple types of technologies, products and research, each with different roles and each working in concert with one another. For example, FortiSandbox can integrate into FortiGate Next Generation Firewalls, FortiMail for inspection of attachments and FortiWeb web application firewalls for web-facing services.”

“We can expect to see continued cybercriminal innovation with an even greater focus on datacentres,” concludes Khan. “Your best strategy is to deploy a multi-layered approach with established and emerging technologies which work together. No other approach can defend against today’s Advanced Persistent Threats. It’s a challenge, to be sure, but one that has to be met.”

For further information, please contact:
Hugo Hutchinson, Business Development Manager
Email: hugo.hutchinson@ingrammicro.com
Mobile: 021 245 8276

Marc Brunzel, Business Development Manager
Email: marc.brunzel@ingrammicro.com
Mobile: 021 241 6946

Andrew Khan, Senior Business Manager
Email: andrew.khan@ingrammicro.com
Mobile: 021 819 793

STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
QNAP introduces new 10GbE and Thunderbolt 3 NAS series
The new series is supposedly an all-in-one NAS solution for file storage, backup, sharing, synchronisation and centralised management.