CDSA

With more than 580,000 customers around the globe, Sunnyvale, Calif.-based security firm Fortinet is No. 1 in network security solutions deployed worldwide and leading the pack for related patents and third-party validations.

In its 22 years, the company has become the go-to vendor and provider to secure the largest and most distributed enterprises, service providers, and government organizations worldwide.

John Jacobs, field CISO for Fortinet’s High Tech vertical, spoke with MESA about the origins of the company, how work from home has rapidly expanded the attack surface for organizations, what the biggest threats are today, and will be a few years from now.

MESA: What was the impetus for Fortinet, how did the company first come about, and what gaps in the cybersecurity market has it sought to fill?

JJ: Fortinet was founded in 2000 by an early information security industry pioneer, Ken Xie, who was previously founder and CEO of Netscreen.

Ken understood that the cost delta was simply too large, 100x or more at that time, to enable businesses to choose security over simple data delivery (networking) in most circumstances. He initially focused on specialty hardware integration to drastically lower costs and improve performance, while simultaneously increasing the availability of security to both distributed and larger/complex environments.

Today Fortinet has expanded this to become the broadest cybersecurity portfolio in the industry.

Regarding notable gaps, one of key focus today is training skilled cybersecurity workers as the industry rapidly expands to touch every business vertical. Fortinet is on track to train over 1,000,000 people globally by 2026 through our Network Security Expert (NSE) Certification program, highlighted just this month at the White House National Cyber Workforce and Education Summit.

MESA: From secure networking to zero trust access, from cloud security to network operations, Fortinet’s cybersecurity offerings run the gamut. What does Fortinet do better in these areas than others, what makes the company stand out vs. the competition?

JJ: Fortinet has continued to maintain a cost/performance advantage with integrated hardware components. However, the expanding portfolio has pushed past all boundaries of a single dedicated device. Instead, the company now works to not just create another product, but a fully integrated security ecosystem. The Fortinet Security Fabric is the core of our strategy. It is a platform built around a common operating system and management framework to enable broad visibility, seamless integration, interoperability, and granular control/automation between critical security elements. Our primary underlying strength lies in the ability to detect, act, and interact, regardless of solution location or type of deployment.

A key differentiator in our portfolio is our high end Next-Generation Firewall, which is purpose built for the hyperscale era. It is ideal for the Media & Entertainment industry as it offers ultra-low latency, low power consumption and is capable of sharing large files and handling massive spikes in activity. It provides the highest performance without sacrificing security or the user experience.

MESA: What added cybersecurity challenges has the pandemic brought, especially to media and entertainment, and especially taking widespread work-from-home practices into account?

JJ: While workers relocated overnight to their home office, the attack surface for organizations rapidly expanded. Employees now regularly access protected assets from their home networks and personal devices. Fortinet partnered with Linksys to develop a unique HomeWRK platform https://www.fortinet.com/products/secure-home-network to provide the best of home networking and integrated security in a single packaged solution.

For more traditional businesses, our existing portfolio of small-office/home-office (SOHO) products has seen tremendous growth as the desire to expand enterprise security to the perimeter edge has taken a priority. Fortinet maintains the #1 position in the number of security appliances deployed, and that figure is now greater than our next three competitors: COMBINED.

On the consumption front, the amount of content pulled into the household spiked, and has not diminished. This places extra burden on M&E providers to not only manage the rights and licensing of that content, but to secure it at rest in storage, through transit, and on the consumer devices themselves.

Fortinet offers security monitoring and enforcement of content and devices from the center of massive core networks in the cloud, down to the edge consumption device, all under a single umbrella of visibility and orchestration.

In addition, there is a focused push toward the concept of zero-trust access. This methodology is to provide only the needed level of privilege, and nothing more, to only those users who need it, at the window of time requested. This is a contrast to legacy always-on VPN technology that simply created a new tunnel to systems from the end users.

MESA: Both with industries in general, and with media and entertainment specifically, what improvements are needed in the approach to cybersecurity? What are companies doing right, and what could they be doing better?

JJ: Industries have taken varied paces on their adoption of the new reality: data is the new currency. Regardless of the business vertical, it is a priority to protect both internal and customer data at every step, before, during, and after engagements.

What is going right: the message has been heard and every organization has some focus on cybersecurity. The key is to maintain that focus, even in quiet times, to ensure preparation and readiness, as the next event is inevitable.

What needs improvement: communication within most organizations, especially larger ones, is still often relegated to historical silos. The business unit owners hold ultimate responsibility, however, are often not the best representatives in what is a new communication topic and forum.

MESA: What are the most devastating threats out there today, and why? And will that change in the next, say, five years?

JJ: The most dangerous threats today are the complex and layered attacks from sponsored nation-state actors that maintain a staff, focused on breaching organizations for financial, political or other motives.

That said, disgruntled employees and even activist-hackers (hacktivists) pose real threats, in parallel. Most breaches come today from email phishing, careless security policy application, or unpatched vulnerabilities in legacy systems.

While it is difficult to predict five years forward in such a dynamic field, we are certain that attacks are going to become more complex, and the landscape is going to continue its expansion. More devices and applications will connect via existing and new communication mediums. This mandates that companies remain vigilant and continue to learn and adapt.

MESA: What’s next for Fortinet, what advances or added services can we expect from the company on the horizon?

JJ: Just like the cybersecurity industry, at-large, the company never stands still. There is a wave of convergence underway between networking and security, and we see opportunities to help organizations lower their operational costs and burden while we upgrade legacy solutions. With respect to technologies, cloud-based solutions are expanding with the focus on rapid integration and scalable expansion. Users are demanding better information, in a more meaningful format, with easier default solutions.

With this, we will continue to focus in the areas of machine-learning to better refine data integration and operations and automation to compensate for the lack of skilled industry professionals and their growing workload.

In addition, we predict a growth in our partner managed security services providers (MSSP) and have just announced our own security operations center as-a-service (SOCaaS) to remove those tasks from organizations that want to focus more on their core business.