Emad Abu Jazar, Country Manager, Saudi Arabia, Fortinet, tells us why his company is at the forefront of the fight against cybercriminals.
The threat landscape in the Kingdom is pretty intense and complex now. How do you help your customers address the cybersecurity challenges?
The threat facing all networks, whether SMB or large enterprise, has and continues to increase exponentially. The combination of the growth of threats with the dramatic increase of the number of devices that can be used to access the network means the job of protecting an enterprise network will continue to be more and more difficult.
In order to secure Fortinet’s customers networks it’s imperative to understand the challenges and their root cause. From Fortinet’s perspective there are three key issues affecting the network’s security position; the way that security has traditionally been implemented is too complex, the networks themselves have drifted away from a defined perimeter and organisations are faced with the compromise of choosing between security and performance.
Fortinet’s response is to counter these three issues with its philosophy “Security Without Compromise” by offering seamless, intelligent and powerful solutions.
Saudi is now developing a national information security strategy. How can Fortinet contribute to the country’s vision?
All of Fortinet’s resources are geared to develop new technologies, and enhance current solutions in order to cover the entire security spectrum. As a leading network security vendor we are committed to supporting efforts that contribute towards fighting modern cyber crime. Our Cyber Threat Assessment Program (CTAP) is designed to provide organisations a detailed look into the type and amount of cyber threats posing risks to their networks, yet are going undetected by their existing security solutions. This new initiative is part of a broader effort by Fortinet and our FortiGuard Labs threat research team to integrate risk and advisory capabilities with its end-to-end security platform to provide customers greater insight into dynamically changing cyber risks that threaten their businesses.
Our collaborative efforts and global alliances play a key role in helping us work with governments and local security councils in an advisory role to address the growth threat concerns.
There is a dearth of security skills in the Kingdom. How is Fortinet planning to address this?
Enterprises are facing a severe skill shortage when it comes to cyber security and according to the Enterprise Strategy Group (ESG), a cybersecurity specialist is the most difficult IT position to fill. Fortinet has developed an effective method to help address this challenge. We conduct intensive training sessions for our partners and end-users on all our solutions and implementations. This helps them to better understand the solutions and simplify its implementation and management. We also actively participation in industry seminars, and share intelligence on the latest threat landscape and cybersecurity protection techniques.
Also, Fortinet introduced this year a worldwide network security academy, designed to develop and train action-oriented cybersecurity experts to manage new and advanced threats on the horizon. The Fortinet Network Security Academy (FNSA) was created to address the international shortage of cybersecurity experts and to build a workforce skilled in all aspects of Fortinet’s end-to-end network security fabric who will be recognized in the industry among an elite group of security professionals. From code to client to cloud, the Academy brings the training and certification opportunities previously only offered to Fortinet customers and partners to educational institutions, non-profit organisations and veterans programs. Training for faculty is free of charge for these organisations, arming the professors with the skills required to teach the program to students who will learn how to protect global organisations from cyber threats.
What do you think are the top threats facing IT decision-makers in Saudi?
ZeroDay attacks, DDos attacks, Web Application attacks, and data theft are among the top threats facing organisations in Saudi Arabia. That difficulty is readily seen from the number of high profile data breaches over the past several years. However, while the headlines of each new data breach grab our attention, particularly the number of identities or credit cards compromised, what is frequently overlooked in the long term impact to the organisation, both from a reputational and financial point of view.
But securing an enterprise network is more than just looking at yesterday’s or today’s issues. Looking ahead at different trends and their potential impact on the network’s security is also part of the ongoing challenge. To avoid becoming obsolete with the next wave of new trends that will hit the market, Fortinet’s technology vision, the Fortinet Security Fabric has to have certain characteristics that will it allow to adapt as necessary.
Can you name of some of your biggest customers in the country?
Our customers span various verticals and include leading telcos, universities, banks, enterprises, oil & gas, healthcare as well as a number of SMBs.
Do you think the traditional security methods can prevent the new breed of attacks?
Enterprises today are still relying on the same old strategies. Just look at the news: it seems that almost daily we’re reading about another attack, another breach, another massive loss of data.
Why aren’t these strategies working anymore? It could be a number of reasons but there are three key areas that we can point to.
The first is being too focused on compliance: just checking all the boxes on a list isn’t enough. How many massive retail breaches have we seen where the company was recently audited and found to be fully PCI-compliant? Attackers don’t care that you passed your last audit.
They’re also too risk based and reactive. While yes, it is important to protect against the low-hanging, already-seen fruit, it’s the new unknowns that are critical to detect. An annual risk assessment is obsolete the moment it’s done in today’s threat landscape.
Finally, they’re far too focused on ‘best of breed’ solutions. A firewall from one vendor, a sandbox from another, a spam solution from a third. None of these tools were ever designed to work together, leaving your network with potential protection gaps.
What should an organisation do to avoid becoming the next headline?
The solution starts with changing the way the enterprise looks at security. Security must be comprehensive and intelligent with zero trade-offs in network performance. Legacy security approaches have gotten too complex and network traffic has become unmanageable, resulting in too many alerts and not enough clarity on what is important.
At Fortinet, we’ve come up with three maxims defining our approach to security today.
Rule number one is to Keep It Simple: the more complex your network is, the harder it is to secure it.
The second rule is that the definition of a network has changed and the number of potential attack vectors has multiplied. What was the boundary of your network yesterday no longer exists today.
And finally, rule number 3. Slowing down the network to implement security is not, never has been nor will it ever be a satisfactory strategy.
Fortinet has recently broadened its Secure Access Architecture solutions. Can you tell us what is new?
Today’s network surface has changed and there are more ways to access networks through wireless networks, mobile, and the cloud. Fortinet’s Secure Access Architecture of wired and wireless networking solutions merges advanced security with enterprise access layers to provide seamless protection across the expanding attack surface – from IoT (Internet of Things) to the Cloud. It offers universal management and policy controls that simplify administration across wired and wireless infrastructures, enabling sophisticated segmentation of devices from critical data.