Fortinet CEO: Network and security technologies give rise to security-driven networking

A conversation about the future of network security with Fortinet CEO Ken Xie

The network and security industries both continue to evolve at a rate never seen before.  Historically, security and network operation teams have worked in parallel with one another, sometimes being at odds with each other's goals.

However, that is changing as businesses rely on their networks to operate. It’s fair to say that today, for many companies, the network is the business. As this happens, network and security technologies need to be more closely aligned giving rise to the concept of security-driven networking.

In this post, ZK Research had a chance to sit down with the co-founder and CEO of Fortinet Ken Xie to discuss the future of networking and security. 

ZK: With things like digital transformation and 5G constantly changing networks, where are we in terms of security today? Is security keeping up?

Xie: Security has to always be evolving. For a long time, security was all about securing connections. First-generation firewalls were placed between a LAN and the Internet to prevent criminals from gaining access to network resources. As those connections became faster, and more data was embedded in applications, security had to switch its focus from connections to the content. That’s when the second generation of network security began, with the introduction of the [next-generation firewall] NGFW.

While those second-generation security tools have served their purposes, they no longer meet the needs of today’s digital businesses. Security can no longer function as a moat around a castle. Instead, today’s digital networks and data are distributed across growing numbers of virtual clouds, edges, and physical devices. Data is not only highly mobile, but it is also at greater risk as the attack surface increases. And as new edge networks emerge, driven by 5G and SD-WAN, the challenges will only get bigger.

In this new digital world, security needs to not only be integrated into the network but also help drive its development. With many new networking environments, such as multi-cloud, next-gen branch, and the mobile edge, the challenge many organizations face is building a consistent and manageable security framework that can span digital innovation. Achieving this requires a security-driven networking strategy that not only asks, “How do we secure this?” but also, “How will this become part of our larger security-fabric architecture?” 

Part of the answer involves solutions that seamlessly interoperate with security deployed across the network, such as in the cloud. Security-driven networking ensures that whenever networking infrastructures evolve or expand, security automatically adapts as an integrated part of the network rather than waiting to respond to changes, as traditional overlay security solutions do, which can introduce security gaps and inefficiencies.

Other top concerns for both networks and security are performance and interconnectivity. Network and security policies both need to follow applications at digital speeds, especially as they move across and between different connected networks. The days of bolting on security and expecting it to protect businesses and consumers are over. To keep pace with the ongoing digital transformation of our interconnected environments, security and the network will have to converge. This is the only way that threat detection and prevention can continue to span the evolving network and respond at network speeds.

Only security-driven and security-enabled networks will be able to ensure that detection and prevention are woven into every transaction, and then follow those transactions from origin to completion to ensure they are protected along their entire data path.

ZK: How does the edge factor into security, both today and going forward?

Xie: Traditionally, we interacted with the cyber world through a specific interface, such as a laptop or smart device. However, in this new digital world, traditional networks are being completely transformed. Data centers are moving to the cloud. Technology is converging with our physical world in the form of smart cars and wearables and even embedded devices and interactive communities. And for that to work, data and compute services will also need to be positioned at the edge, processing data locally. And rather than relying on one or two interfaces, we are now interacting with technology everywhere.

The number of connected things already outnumbers people and will continue to grow quickly. A smart home today can have many different edges – smart appliances, voice-activated assistants, laptops, smartphones, connected security systems such as smart locks, and entertainment systems. To provide consistent protection for all of these connections, security will have to exist simultaneously in all of them. It has to be woven directly into the infrastructure. There is really no other way for this to work.

ZK: What are some of the security challenges of the growing WAN edge?

Xie: Next-gen branches and SD-WAN are perfect examples of how second-generation security no longer supports modern networking challenges. Organizations are moving to SD-WAN because their MPLS connections are too rigid for device and application interconnectivity. Traditional hub and spoke models don’t work because the central network hub is disappearing. And while an overlay VPN solution can support meshed connections between different branch offices, encrypting traffic isn’t enough either.

SD-WAN is a great starting point to deeply interconnect security and networking into a single solution and where Fortinet has focused. SD-WAN needs to provide connectivity plus support advanced routing protocols, such as load balancing and optimizing connections and provide advanced security. If not, that branch will become the weakest link in your security chain. By tying those elements together into a single solution, and integrating network and security management into a single interface, organizations can realize the performance and interconnectivity benefits of tying networking and security solutions together.
A Secure SD-WAN strategy not only provides business-critical SaaS and productivity applications, and enables and secures live connections between all branch and cloud environments, it can also tie the local-branch LAN to the WAN to support and secure its functions as well. A truly integrated solution can support things like true zero-touch deployment, integrated and centralized management, and advanced traffic and connection management for network and security functions.

ZK: How do we provide adequate security performance as the edge becomes everywhere?

Xie: As end-user devices, applications and IoT grow and converge, billions of new edges will be created. Many of these edges will create and enable new immersive technologies, such as VR and AR-based communications and interactive tools that tie multiple services together, which will further enable things like autonomous cars and smart cities.  As solutions like these continue to evolve, they will further converge the physical and cyber worlds. Transactions and decisions will need to be made in microseconds, and they will need to be made locally, which means that decision-making can no longer rely on human intervention, whether you are talking about routing traffic, reacting to a physical event or responding to a cyber threat.

In this new digital world, performance and interconnectivity are table stakes. So network and security convergence is not just about policies and protocols. The true performance will require the implementation of specialized physical and virtual processors that can accelerate decision making. We have spent years refining specially designed security processors that provide unmatched performance at a fraction of the cost of the traditional CPUs used by other vendors. And these aren’t just limited to security. Our new SD-WAN solutions include the world’s first customized processors designed to accelerate both security and networking functions so branch offices can function at the speeds that the digital marketplace requires.
We have also taken those same specialized engineering skills and developed new virtual ASICs to provide the same level of performance acceleration in a virtual environment. These new virtual security processors provide up to two to three  times the performance of traditional virtualized security solutions. This enables us to extend full advanced security solutions to the new 5G-powered network edge and still inspect encrypted data, accelerate local decision making, and support edge networking and computing at network-required speeds.

ZK: Is the edge going to replace the cloud?

Xie: We are going to need both, and they are going to have to be closely aligned. But the edge is going to push digital transformation in another new direction, and organizations need to get ready for that now.
Because of transactional timing requirements, compute resources have always had to be as physically close to data as possible. Mainframes were deployed inside physical data centers for this reason. Applications forced smartphones to be faster and smarter so decisions didn’t have to be made on some remote server. Today, as we move data from the physical data center to the cloud, compute resources have been deployed there as well so that the large amounts of data being collected by today’s businesses can be processed with scale and agility.

The next big migration of data will be to the remote edge. IoT and mobile devices will need to support immersive technologies, which will require massive amounts of data and processing power. And for those services to respond at the speeds that applications and consumers require, data and computing resources will need to be placed on edge devices. This change will not only have a significant impact on networks but on how and where we deploy and manage security.

This will affect security in two ways. First, to secure an edge built from an enormous number of interconnected devices, security will need to focus on prevention, which is a lot harder. And second, security will need to operate natively on those edge devices. That’s because high-performance transactions will not only require immediate decision-making, but they will also be rapidly moving across any number of edge devices through new edge-based networks. If security is to keep up, it will need to be converged with the edge and live on new edge-based IoT and networking devices.  

And even then, things like AI are going to have to be built into the next generation of security solutions to meet the performance demands of 5G networks and beyond. Which is why Fortinet has spent the past decade building, training, and refining the largest and most comprehensive artificial neural network designed for security in the world. This AI network currently includes over billions of interconnected nodes, and since its training cycles were completed, it has now taken over critical threat detection and analysis functions that previously required teams of trained researchers to accomplish. And this success is why we have now begun to weave its advanced AI technology into our portfolio of security solutions – a feat that, like our advanced security and networking processors, no other vendor is even close to replicating.

Now see Network pros react to new Cisco certification curriculum

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.