Jonathan Nguyen-Duy, VP Strategy at Fortinet stops by the Palo Alto Studios to talk with John Furrier.
#CUBEConversation #theCUBE
https://siliconangle.com/2018/02/13/cybersecurity-battles-solving-operational-complexity-dilemma-thecube-cubeconversations/
Cybersecurity battles: Solving the operational complexity dilemma
Companies are charging through their digital transformations to enable data-driven approaches that can provide a competitive edge in their products or operations. As more data is brought online and the complexity of an operating environment increases, however, the rise of the darknet information exchanges that connect threat actors with targets has dramatically increased organizational vulnerability to attack and risk.
“What we’ve seen consistently has been the acceleration of the volume, the complexity, and the variety of cyber threats. Ten years ago, 2007 or so, there were about 500 threat factors. Today we’re north of 5,000,” said Jonathan Nguyen-Duy (pictured), vice president of strategy and analytics at Fortinet Inc., a cybersecurity and malware protection company.
Nguyen-Duy spoke with John Furrier (@furrier), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at theCUBE’s studio in Palo Alto, California, to discuss the increasing state of complexity in the cybersecurity world and Fortinet’s approach to managing this complexity. (* Disclosure below.)
Managing complexity is managing risk
The exponential growth of connected devices and services in a digital transformation enables business operations teams to push productivity to new limits, but it comes at a cost in information security. Cybersecurity teams are inundated with the complexity of managing new connected devices, multiple-computing environments, third-party technology integrations, and disparate security solutions, according to Nguyen-Duy.
“No one knows if the devices are properly configured. No one has actually done the third-party technology integration. No one has actually met the requirements that we’d employ three years ago. … I think at the heart of that complexity, that’s reflected in the fact that we’re missing the basic elements in security,” Nguyen-Duy said.
The complexity in operating environments means that opportunities to address known threats can slip through the cracks. The large data attacks from nation-states and hackers alike didn’t succeed because of advanced malware. They simply exploited weaknesses in a company’s infrastructure.
“These were known vulnerabilities. The patches existed. They weren’t patched. In my experience, 80 percent of all the attacks could be mitigated through simple to intermediate controls,” Nguyen-Duy stated.
Even operations seemingly as simple as patch management can be overwhelming for security teams. Dynamic development and operations environments can make bringing mission-critical applications offline for patching nearly impossible.
“If our current teams are so overwhelmed that they cannot mitigate known attacks, exploits against known vulnerabilities, how are they going to be able to grapple with the complexity of managing zetabytes of data with an ecosystem that spans around the world, that operates in milliseconds?” Nguyen-Duy said.
One company role is becoming increasingly more important in the cybersecurity age: the chief information security officer, according to Nguyen-Duy. The CISO must balance the growth and productivity needs of the business with the security and risk management aspects of cybersecurity. Starting with third-party, certified best practices and implementation and leveraging best-in-class products that have gone through rigorous clearances help provide a fabric of security around applications.
“You’re going to need a partner who has a global infrastructure of telemetry to understand what’s happening in real time, in the wild. And once you collect that data, you’re going to need to have intelligence analysts, researchers, that can put into context what that data means, because data doesn’t become information on its own,” Nguyen-Duy concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CUBE Conversations 2018 | Palo Alto and Boston. If you don’t think you received an email check your
spam folder.
Sign in to CUBE Conversations 2018 | Palo Alto and Boston.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For CUBE Conversations 2018 | Palo Alto and Boston
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for CUBE Conversations 2018 | Palo Alto and Boston.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CUBE Conversations 2018 | Palo Alto and Boston. If you don’t think you received an email check your
spam folder.
Sign in to CUBE Conversations 2018 | Palo Alto and Boston.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to CUBE Conversations 2018 | Palo Alto and Boston
Please sign in with LinkedIn to continue to CUBE Conversations 2018 | Palo Alto and Boston. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jonathan Nguyen-Duy, Fortinet | CUBE Conversations Jan 2018
Jonathan Nguyen-Duy, VP Strategy at Fortinet stops by the Palo Alto Studios to talk with John Furrier.
#CUBEConversation #theCUBE
https://siliconangle.com/2018/02/13/cybersecurity-battles-solving-operational-complexity-dilemma-thecube-cubeconversations/
Cybersecurity battles: Solving the operational complexity dilemma
Companies are charging through their digital transformations to enable data-driven approaches that can provide a competitive edge in their products or operations. As more data is brought online and the complexity of an operating environment increases, however, the rise of the darknet information exchanges that connect threat actors with targets has dramatically increased organizational vulnerability to attack and risk.
“What we’ve seen consistently has been the acceleration of the volume, the complexity, and the variety of cyber threats. Ten years ago, 2007 or so, there were about 500 threat factors. Today we’re north of 5,000,” said Jonathan Nguyen-Duy (pictured), vice president of strategy and analytics at Fortinet Inc., a cybersecurity and malware protection company.
Nguyen-Duy spoke with John Furrier (@furrier), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at theCUBE’s studio in Palo Alto, California, to discuss the increasing state of complexity in the cybersecurity world and Fortinet’s approach to managing this complexity. (* Disclosure below.)
Managing complexity is managing risk
The exponential growth of connected devices and services in a digital transformation enables business operations teams to push productivity to new limits, but it comes at a cost in information security. Cybersecurity teams are inundated with the complexity of managing new connected devices, multiple-computing environments, third-party technology integrations, and disparate security solutions, according to Nguyen-Duy.
“No one knows if the devices are properly configured. No one has actually done the third-party technology integration. No one has actually met the requirements that we’d employ three years ago. … I think at the heart of that complexity, that’s reflected in the fact that we’re missing the basic elements in security,” Nguyen-Duy said.
The complexity in operating environments means that opportunities to address known threats can slip through the cracks. The large data attacks from nation-states and hackers alike didn’t succeed because of advanced malware. They simply exploited weaknesses in a company’s infrastructure.
“These were known vulnerabilities. The patches existed. They weren’t patched. In my experience, 80 percent of all the attacks could be mitigated through simple to intermediate controls,” Nguyen-Duy stated.
Even operations seemingly as simple as patch management can be overwhelming for security teams. Dynamic development and operations environments can make bringing mission-critical applications offline for patching nearly impossible.
“If our current teams are so overwhelmed that they cannot mitigate known attacks, exploits against known vulnerabilities, how are they going to be able to grapple with the complexity of managing zetabytes of data with an ecosystem that spans around the world, that operates in milliseconds?” Nguyen-Duy said.
One company role is becoming increasingly more important in the cybersecurity age: the chief information security officer, according to Nguyen-Duy. The CISO must balance the growth and productivity needs of the business with the security and risk management aspects of cybersecurity. Starting with third-party, certified best practices and implementation and leveraging best-in-class products that have gone through rigorous clearances help provide a fabric of security around applications.
“You’re going to need a partner who has a global infrastructure of telemetry to understand what’s happening in real time, in the wild. And once you collect that data, you’re going to need to have intelligence analysts, researchers, that can put into context what that data means, because data doesn’t become information on its own,” Nguyen-Duy concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
