Fortinet: We Secure Our Future
From the network to our daily life, security is an essential element of the digital transformation we are experiencing. In the last two years, we have experienced epochal changes in many aspects of our daily life. We have increasingly become aware of how digital permeates our lives and how important cyber security is, with several cases of attacks that have risen to the limelight of the public spotlight. Due to the repercussions, they have had on systems around the world. Flexibility and scalability have been companies’ mantras, especially in the emergency phases with a sudden transition to smart working to maintain operations. Now, however, it is necessary to complete the transformation process by securing companies’ infrastructures to free up new competitiveness. We discussed it with Cesare Radaelli, Senior Director of Channel Account of Fortinet Italy & Malta Antonio Madoglio, Senior Director of Systems Engineering of Fortinet Italy & Malta.
How Have Business Models Changed, And What Role Did The Pandemic Play In This Change?
The change we are experiencing is twofold – Cesare Radaelli affirms -: on the one hand, there is a contingent evolution that brings new models of use and business; on the other, there are accelerations that push new business models ahead of what could be a natural evolution. The natural evolution of the IT sector concerns the increasing dematerialization of the IT concept of a company: for years, there has been talking of a perimeter that no longer exists, and new technologies increasingly attract companies, even in those market sectors where the innovation was not such a marked element, thanks also to the PNR funds which are an opportunity to increase one’s competitiveness and modernize the tools.
Another essential element is the desire to have certainties on costs, with a tendency of companies to shift investments from capex to opex to the rent model. The pandemic has dramatically accelerated these processes: a very high percentage of companies were not prepared to work differently from one day to the next, but the concept of intelligent working has entered, willy-nilly, into the daily lives of most of us. After the first wave, we understood that the new structure had left a legacy from which there is no turning back: hence the need to take smart working beyond the emergency phase and make it an operational reality by addressing all contractual implications. , regulatory, and last but not least minor safety.
A very high percentage of companies were not prepared to work differently from one day to the next. Still, the concept of intelligent working has entered, willy-nilly, into the daily lives of most of us. After the first wave, we understood that the new structure had left a legacy from which there is no turning back: hence the need to take smart working beyond the emergency phase and make it an operational reality by addressing all contractual implications. , regulatory, and last but not least minor safety.
a very high percentage of companies were not prepared to work differently from one day to the next. Still, the concept of intelligent working has entered, willy-nilly, into the daily lives of most of us. After the first wave, we understood that the new structure had left a legacy from which there is no turning back: hence the need to take smart working beyond the emergency phase and make it an operational reality by addressing all contractual implications. regulatory, and last but not least minor safety.
What Evolutions Should We Expect For The Future?
We are moving towards a very fluid business model that integrates on-prem systems with third-party platforms:
- The adoption of the cloud is growing a lot.
- Business models are increasingly oriented towards canonization.
- The reality of intelligent working will make it increasingly necessary to operate within and out of the company symmetrically.
The evolution of the landscape of attacks and threats will also affect sectors where, until yesterday, the need to secure everything was not so strongly felt, such as the IoT world.
What Is The Current Cyber Threat Landscape, And How Is It Evolving?
In the second half of last year – underlines Antonio Madoglio – there was an unprecedented increase in attacks. Ransomware, in particular, has grown about 11 times over the previous year. We have also had higher-profile attacks that aimed at making services unavailable: for example, the attacks seen on the Colonial Pipeline and JBS hit huge organizations, impacting millions of people.
The increase in attacks has greatly sensitized organizations running for cover by patching the significant vulnerabilities discovered in the last 2-3 years. Still, doing this will take months. In addition to the vulnerabilities known for years, there are also those just discovered, the so-called zero-days. In 2022, we expect an increase in the number of vulnerabilities found, which will expose organizations’ networks even more.
FortiGuard Labs’ Predictions For 2022
In the face of the unprecedented increase in attacks over the past year, 2022 promises to be another record year for cybercrime. Fortinet’s FortiGuard Labs predicts a further rise in ransomware attacks and zero-day vulnerabilities. Among the targets that could be targeted, there will also be systems so far less attacked, such as Linux, OT networks, quantum encryption, and machine learning systems. Finally, the as-a-service model applied to cybercrime will grow: phishing and botnets will also be used after ransomware.
Let’s talk about Fortinet Security Fabric and the concept of mesh: why is it a different way of doing security? Will this be the future, and why? For many, it could be the future; for us, it is the present: the concept of security mesh, recently adopted by Gartner, is based on the collaboration between the different elements that make up a security system. Until now, those who built a security system were used to insert every piece, usually of other technologies, to fill the gaps for a specific area. In the end, they found themselves with the problem of managing and harmonizing these elements with considerable costs.
The security mesh overcomes all this. This technology can ideally cover every application area where the individual elements speak natively, which means synchronizing the various aspects. It is like having a team that faces various problems together: I define my policy on my platform, then the technology declines it according to the area in which it must be implemented. This leads to simplifying the security model and ease of management, essential in the era of smart working and the cloud, as well as reducing costs. This is the concept of our Security Fabric.
What Is Changing In The OT World, And What Risks Are We Running?
OT networks were isolated environments until recently; they did not have an embedded security infrastructure: no one had thought of protecting these networks because they were physically separate from the world, so there was no need. With digital transformation, however, everything changes: data management applications that process production data increasingly need to interact with the OT part, generating a convergence between IT and OT that exposes the OT world to the same risks as IT, therefore, to cyber-attacks. With consequences that could be not only economical but also far more serious: let’s think about what could happen if an attack blocked a hospital’s network.
However, the awareness that cybersecurity is a priority also for the OT is increasing. We are trying to bring to the OT world all the know-how that has been collected in 20 years of experience in the IT world, with the necessary adjustments: we speak, for example, the introduction of rugged equipment capable of withstanding the vibrations, high or low temperatures, electromagnetic pollution that can occur in the OT world. Then there are the regulations to be taken into account, the various standards to be respected, and the human factor to be managed to raise awareness of these issues.
Electromagnetic pollution can occur in the OT world. Then there are the regulations to be taken into account, the various standards to be respected, and the human factor to be managed to raise awareness of these issues. Electromagnetic pollution can occur in the OT world. Then there are the regulations to be taken into account, the various standards to be respected, and the human factor to be managed to raise awareness of these issues.
Multi Cloud And Edge, Do They Bring The Network Back To The Center Of Everything?
Without the network, there is no connectivity. Still, connectivity is dangerous without security: the concept of security-driven networking that we at Fortinet have been pursuing for some years. Where there is a network, safety cannot be ignored, which must be designed when the project is done. In the past, first, the network was built, and then the firewall was installed. Now we know that when you design a network, you must create it with all the security requirements because this affects the design itself.
Today, more than ever, we have seen that the methods of accessing the network and the dislocations of data are the most heterogeneous and create a very complex scenario to manage. A security device must be able to choose the right network to access the correct application and vice versa; a network device must guarantee connectivity with the right degree of security. For this reason, our embedded solutions also have complex and advanced routing and networking functions. Still, they can also natively integrate with high-performance third-party switching devices to optimize security in final access to data.
How Do You Relate To The Channel? What’s The Latest In Your Channel Strategy?
Fortinet operates exclusively through the channel – explains Cesare Radaelli – and we do so to increasingly specialize companies in the face of the demands and challenges of the market. Fortinet has more than 50 products in its portfolio, which are, on the one hand, an advantage for our partners because they can have a wide range of proposals. On the other they carry the burden of knowing our technology well to be able to download its value to the ground. . This is why we focus a lot on specialization and training. It is also important to underline Fortinet’s ability to operate in all markets, from small businesses to enormous enterprises, supporting the partner in all areas thanks to a team that brings together different professionals able to understand the other languages of the markets.
How Do You Support Partners On Training And Specialization Issues?
Training is a cornerstone of our program. The pandemic has also had an impact in this sense: from the first lockdown, Fortinet has decided to open the portfolio of training courses free of charge to all (and will remain open until the end of the year). The theme of specialization remains central: Fortinet pushes its partners to follow the path and to be certified to obtain the necessary know-how to develop safety projects in a context where resources are lacking at all levels. For this, it is essential to broaden the spectrum of skills to as many people as possible. About a year ago, we introduced specializations in disciplines such as SD-WAN, data center, cloud,
Still, from the point of view of training, another activity that we are carrying out (no less important) is that of the academy. We collaborate with private training structures and academic institutions (partnerships with ELIS Consortium, Polytechnic of Bari, and the University of Calabria already active) to raise awareness on security issues. This program – adding Antonio Madoglio – aims to fill the talent search market gap. All companies in our sector struggle to find professionals with adequate preparation. Therefore, the sooner you create training starting from technical institutes and universities, the sooner you will be able to have a pool of expert candidates in the sector.