Connect with us

Expert Speak

The Key Fundamentals for an Effective Security Design

Published

4 years ago

on

Written by Renee Tarun, Deputy CISO and VP Information Security at Fortinet

As organizations continue to accelerate their digital innovation initiatives with an effective security design, new network edges are also introduced to their security infrastructure – from the data center, LAN, SASE, and more. The network continues to expand and splinter the perimeter, allowing new attack vectors to present opportunities for cybercriminals.

Many organizations have accumulated a wide variety of isolated security tools designed to monitor a specific function or protect one segment of the network in isolation. Some of these new environments are essential solutions to urgent business needs, others are often over-trusted and fly under the radar. Given the rate of innovation, there is rarely enough time to make them part of a cohesive or comprehensive security strategy. Nearly 80% of organizations are introducing innovations faster than their ability to secure them against cyberattacks. When security is deployed so rapidly, the aftermath is a complex network with limited visibility and control.

Cyber criminals are always searching for new ways to bypass security controls, infiltrate networks, and achieve their objectives. Their attacks have grown in sophistication, aiming to attack different network edges simultaneously to obscure their attack methods and identify the most easily exploited link in the security chain. Distributed networks that rely on traditionally isolated point products can’t see or defend against these threats. The clear challenge is that the disconnected and isolated security tools put in place to secure rapidly expanding and multiplying network edges don’t work together.

This disconnection creates security and performance gaps that make it impossible to see and respond with speed and effectiveness to sophisticated and distributed attack sequences. The approach to network security needs to evolve. Here are five fundamental principles and practices that every organization needs to consider to get in front of and stay ahead of their current security challenges:

  • A unified security fabric is essential to establish and maintain control over every edge. It must be able to span the distributed and evolving network to detect threats, correlate data, and seamlessly enforce policy. This isn’t about selecting a single vendor, rather about choosing the right vendors. Priority needs to be given to those vendors that leverage application programming interfaces (APIs) and common standards to support interoperability—especially those that allow policy decisions to be made outside of their solution.
  • Deployed security solutions also need to have access to common datasets across all network edges, endpoints, and clouds, enriched with real-time global and community threat intelligence shared from every area of the organization. This common intelligence framework enables holistic analyses of the state of security and performance, identifies emerging threats, and enables unified response across the organization.
  • An integrated security framework needs to support and enable advanced data analysis, combined with the ability to automatically create new protections across the full attack cycle when those analytics detect previously unknown threats. This system should also be able to function autonomously within simpler environments and be linked to extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solutions for increasingly advanced network operations center (NOC) and security operations center (SOC) environments
  • This security fabric needs to be able to rapidly launch a coordinated threat response across the entire ecosystem the moment a threat is detected. This breaks the attack sequence before its objectives can be realized. Leveraging machine learning (ML) and artificial intelligence (AI) tied to dynamically generated playbooks makes this possible without introducing slowdowns or human error.
  • Because change is the only constant in today’s digital world, a security fabric needs to be dynamic, meaning that it must be designed to scale up and out as the network it is securing evolves and adapts. This requires deep integration between security and the network components and functions so organizations can continually innovate and expand networking and operations ecosystems without a lag in protections.

In order for organizations to have an effective security decision in today’s increasingly complex and ever-evolving network, security needs to be effective in providing broad visibility and control. Reducing complexity is the first step in achieving that. Only then can advanced analytics, threat correlation, dynamic adaptability, and integrated threat response be possible. Those functions, combined with the ability to be deployed broadly, deep integration and convergence between security tools and between security and the network, and dynamic automation augmented by AI, are the hallmarks of any security system capable of defending today’s dynamic networks and connected ecosystems.

Related Topics:
Continue Reading

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

4 weeks ago

on

April 23, 2025

By

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

2 months ago

on

March 25, 2025

By

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

2 months ago

on

March 8, 2025

By

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.