On the Use of Platforms for Cyber Security Protection

Just about every cyber security vendor refers to its solution as a platform. This is not surprising when one considers the obvious scaling, support, and extensibility advantages of platforms over point solutions. But the term is overused, and most point solutions available today are not really platforms. For example, few vendors take the time to ensure horizontal integration of their solution with other related functions required in the enterprise. Similarly, few vendors take the time to ensure vertical integration of their solution across the architectural evolution from perimeter to cloud. But when a security platform does provide support for such evolution and expansion, the protection results can be incredibly powerful. As part of the research for my 2017 TAG Cyber Security Annual (you can download the PDFs at, I had the pleasure and privilege of having lunch in New York City with my friend and colleague Ken Xie, CEO of Fortinet. I can say without hesitation that Ken is perhaps the most knowledgeable person on the planet when it comes to understanding how to construct a world-class cyber security platform, so I asked him to share his insights.

EA: Ken, how does a world-class cyber security vendor decide which features and functions to include in its platform? Do you do this scientifically, or do you have to make bets on the future?

KX: Predicting the future for security requirements is both art and science. At Fortinet, we have a vast network of threat researchers located around the globe. This team carefully monitors and deeply analyzes the cyber threat landscape every day. The intelligence they derive provides us with an understanding of trends, along with deeper insight and awareness of the specific threat patterns and behaviors that enable us to plan effectively for the future. But we also take input from our customers very seriously. They are on the front lines of use cases and requirements, and often request new features through their local sales engineering teams that we hadn’t considered. This two-way conversation helps us build a platform that meets the changing demands our customers are experiencing. And finally, we invest in strategic technologies, such as cloud or ASIC technologies, which have a longer development cycle. Happily, the market has shown that these forward-looking investments were the right approach.

EA: How important is it for enterprise security teams to know the relative difference between hardware appliances and their virtual equivalent?

KX: Physical hardware and virtual software appliances obviously differ in performance capabilities. Their security features and functions, however, should not. In architecting their networks, enterprise security teams need to consider where it makes the most sense to deploy hardware appliances versus virtual devices, and more importantly, the critical need of having a unified fabric, one that is built around a common OS and that ties their different deployments together into unified security architecture. Fortinet’s virtual solutions provide all the same features and functions of our hardware appliances. They run the same network operating system, use the same policy, management, and reporting consoles, receive the same security updates, and apply the same authentication. This commonality gives the customer a lot of flexibility when architecting their network security. This approach to security as a single system, regardless of whether it is implemented as an appliance or a virtual machine, enables customers to deploy a unified security policy and enforcement layer from IoT to the cloud.

EA: How fast are your customers moving toward virtualization, and do you see a time when they might buy security almost exclusively as software?

KX: The vast majority of our customers adopting virtualization are developing a hybrid deployment approach. While the dynamic workload management that a virtualized environment can provide is increasingly important, so is the heavy lifting of things like Big Data that require high-performance workhorse appliances. For example, for East-West traffic in data centers, or in private or public clouds, the adoption of virtual security is happening quite quickly. The distributed enterprise security requirements are also changing rapidly, especially around the WAN NGFW. Increasing SaaS/IaaS traffic, and the need for localized segmentation have placed higher demands on CPE offerings. Longer term, this may require a virtual CPE offering that cannot yet be virtualized.

EA: Fortinet has always been focused on securing the enterprise network. As the concept of enterprise network evolves to include mobile, cloud, and virtual infrastructure, is it easy to evolve the focus of your platform?

KX: For years we have been developing and evolving our solutions suite toward what we call the Fortinet Security Fabric. This fabric is designed to dynamically adapt to the evolving IT Infrastructure in order to cover its rapidly changing attack surface. It intelligently and transparently segments the customer’s network, from IoT to the Cloud, to provide advanced protection against sophisticated attacks. Each security element in the fabric is also aware of each other, allowing them to share policy and application flow information. This collaborative approach to threat intelligence provides a much faster time to detect, no matter what part of the network is being compromised, as well as the ability to provide a coordinated response. In addition, Fortinet encourages our technology partners to be an integral part of this distributed security framework.

EA: Do you see many differences between the types of threats that your customers are trying to deal with today versus when you first started in this business so many years ago?

KX: Yes. The biggest observation is that today’s threats are much more complex, utilizing multi-vector attacks and sophisticated evasion and persistence techniques. Fifteen years ago, the motivation for hackers was mainly notoriety, but today’s cyber threats are a multi-billion dollar business, with the intent to extract intellectual property, identities, or monies, or increasingly, they are politically motivated cyber attacks. In addition, today’s cybercriminal has access to a marketplace of commercial resources to help them build out their threat lifecycle. The commercial underground provides tools, processes, and even help desk services to assist hackers in defeating security defense systems. It’s an arms race, and while a security strategy needs to identify and fend off every threat, the criminal community only needs to get through defenses once. To better protect our customers, the security industry needs to cooperate more in sharing live threat intelligence. Fortinet is a founding member of the Cyber Threat Alliance, which promotes this goal. We also support third party test houses, such as NSS labs and ICSA, to make sure the security systems being deployed provide the best possible protection.