Q1. What do enterprises need to understand about IoT security threats? How is Fortinet's Security Fabric Approach helping organizations address these challenges?
The most important thing to remember about IoT and security is that the devices, the Things in IoT, are inherently insecure and completely change the organization's attack surface. Organizations should carefully consider the security implications before starting any IoT deployments.
The advantage of the Fortinet Security Fabric approach is that it integrates multiple security technologies into a single, cohesive capability. With IoT, a Security Fabric enabled network can automatically recognize when these devices are attached to the network, classify them and assign predefined policies.
Q2. Tell us a little bit about Fortinet's recently introduced FortiSandbox 2000E. Why has sandboxing become a security requirement for organizations?
Because the threats an organization faces every day are constantly increasing in terms of both volume and sophistication, it absolutely necessary that the defences against them can keep up. That's the objective of the new FortiSandbox: greater performance, faster detection and better protection.
Sandboxing has become such a crucial part of an organization's security due to the need to quickly and accurately detect threats that have managed to enter the network. Without an advanced detection capability like that provided by sandboxing, a hacker would be able to remain undetected in a network longer, leading to the resulting data breach being more extensive and more harmful to the organization.
Q3. Fortinet is a Platinum Sponsor at Black Hat Europe 2017. What is your main focus at the event?
Black Hat Europe is the perfect opportunity for Fortinet's cybersecurity experts to share their knowledge with security professionals, understand their expectations and challenges to better address them. Demonstrating the value proposition of the Fortinet Security Fabric will also be key for us. It is also the chance to network and share common experiences with our peers from the industry.
Eric Hutchinson
CEO
Spirent Communications
John Weinschenk
General Manager Applications and Security
Spirent Communications
Q1. Eric, how has the emergence of an increasingly connected world impacted enterprise security, privacy and safety? What is Spirent's strategy for helping organizations address these threats?
The way in which the business world communicates, operates, and collaborates has dramatically changed with increased reliability and access of connectivity. In addition to traditional uses such as video conferencing, file sharing, and internal system access, IoT is another area many enterprises are investing in for operational aspects including facility management, supply chain, and identification. Unfortunately, with convenience comes an increase in the points of entry for potential security compromise. Adding to the security risk is the reality that employees bring WiFi and Bluetooth enabled devices into the work place that could also potentially connect to company networks.
Spirent is a well-established leader in solutions which support the development and management of communications networks and connected devices. Our customer base includes the largest wireless, positioning and network equipment manufacturers, network operators, enterprises and governments around the globe. With the constantly evolving threat landscape, security is a critical aspect to any test or monitoring. Our deep rooted experience in the development and operation of all aspects of our connected world allows us to provide security solutions that correlate data beyond basic security testing which allows our customers to reduce their security risks while maintaining and validating performance, scalability and reliability.
Q2. John, talk to us about CyberFlood and why it is such a core component of your company's recently expanded security focus.
When I talk to CISOs today, their challenges are much different than they were 10 years ago. Cybersecurity is now a topic discussed at the board level, and although security budgets have increased, threats are increasing at a much faster pace. With endless requests from their team for new security investments, they have to insure they spend every dollar as effectively as possible. CyberFlood allows our customers to validate the value out of their existing network and security infrastructure and also measure the impact to performance, as well as security, if components are added or removed.
Security also requires consistent monitoring and validation based on application traffic mixes, attacks, malware and exploits. CyberFlood provides up-to-date and fresh content including applications and attacks so that when a new attack hits, our customers can quickly validate their defenses and gain practical intelligence on any modifications that may be required. The methodologies used by cyber criminals are becoming more advanced and constantly evolving, and as security professionals we need to empower our customers with the ability to emulate various attack profiles and validate their security counter measures.
Q3. Eric, how have DevOps and DevSecOps practices impacted demand for your range of scanning, penetration testing, monitoring, and source code analysis security services? What, if anything, are you doing differently these days to accommodate the need for tools that can help enterprises integrate security within DevOps?
Integrating security into the development lifecycle has become the cornerstone of any application security program. We see DevOps evolving to DevSecOps and InfoSec aligning with the DevOps initiatives and security requirements becoming a key aspect of DevOps practices and benefits. Our SecurityLabs security services are leveraged both production and pre-production however with security playing an increased role in DevOps we have made the consumption of information DevOps friendly. This dramatically reduces security analysis time and enhances the visibility, continuous security testing and delivery time with automation as part of the DevOps environment and the software development life cycle.
Q4. Spirent is a Diamond Sponsor at Black Hat Europe 2017. Why is it important for Spirent to be there? What do you want attendees to take away from your presence there?
Cybersecurity is a global challenge, with subtle nuances by region and country. In Europe compliance has been a hot topic with the EU General Data Protection Regulations (GDPR) going into effect May 2018. Black Hat Europe provides a unique opportunity for security professionals to communicate and collaborate on specific cybersecurity initiatives and challenges unique to the region.
As a UK based security company and CREST certified organization for penetration testing, we hope attendees that visit our booth walk away with a better understanding on how our robust solutions map to their business needs.
