Market Leaders Symantec and Fortinet Partner to Deliver Comprehensive Cloud Security Service

Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, and Fortinet (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced an expansive partnership agreement to provide customers with the industry’s most comprehensive and robust security solutions. Fortinet’s industry-leading Next-Generation Firewall (NGFW) capabilities are planned to be integrated into Symantec’s cloud-delivered Web Security Service (WSS). Additionally, Symantec’s industry-leading endpoint protection solutions are also planned to be integrated into the Fortinet Security Fabric platform. The technology partnership provides essential security controls across endpoint, network, and cloud environments that are critical to enforcing the Zero Trust security framework.

WSS, a leader in Secure Web Gateways, is a simple-to-use, cloud-delivered network security service that provides protection against advanced threats, provides access control, and safeguards critical business information for secure and compliant cloud application and web use. The integration of Fortinet’s industry-leading FortiGate Next-Generation Firewall with Symantec’s WSS will result in the most comprehensive set of cloud-delivered threat prevention capabilities in a single service offering on the market today.

“As the first step in this technology partnership, we plan to deliver best-of-breed security through the combination of enterprise-class advanced firewall controls to Symantec’s industry-leading network security service,” said Art Gilliland, EVP and GM Enterprise Products, Symantec. “Through this partnership, we hope to provide joint customers the power of Symantec’s Integrated Cyber Defense Platform bolstered by Fortinet’s leading NGFW in an integrated solution that’s easy to use and deploy.”

Additionally, Symantec’s industry-leading endpoint protection solution is planned to be integrated into the Fortinet Security Fabric platform, providing customers with real-time, actionable threat intelligence and automated response for exploit-driven attacks and advanced malware. Interoperability between Fortinet’s SD-WAN technology will also be certified to work with Symantec’s Web Security Service through Symantec’s Technology Integration Partner Program (TIPP). As part of the collaboration, both companies plan to engage in joint go-to-market activities.

“With today’s announcement, two industry leaders are coming together to provide enterprise-class capabilities across cloud, network, and endpoint security,” said John Maddison, SVP of products and solutions, Fortinet. “Upon completion of the integration, Symantec cloud web gateway customers will be able to benefit from Fortinet’s enterprise-class advanced firewall controls, and for the first time ever, Fortinet customers will be able to purchase the industry-leading FortiGate Next-Generation Firewall via FWaaS. With the addition of Symantec as a Fortinet Fabric-Ready Partner, Symantec’s endpoint security solution will be validated to seamlessly integrate with the Fortinet Security Fabric platform to provide more consistent and effective protection for joint customers.”

Timing and availability

• Fully integrated Cloud Firewall Service within WSS is expected to be available in the 1st half of calendar 2019. 
• Elements of the Fortinet Security Fabric have been integrated with Symantec Endpoint Protection, and the companies plan to explore further integrations.

Success Secrets: How you can Pass Fortinet Certification Exams in first attempt

Smarter Security Starts with Understanding How Cybercriminals Work

Today’s security teams are struggling to keep pace with the changes in their networks. Multi-cloud, virtualization, the explosion of IoT and BYOD devices, agile software development, and the crushing volume and speed of data—not to mention Shadow IT— have resources stretched thin. Meanwhile, cybercriminals have been undergoing their own digital transformation. Machine learning and agile development, new sophisticated attacks like ransomware and cryptomining, combined with Dark Web crime-as-a-service offerings mean that attacks are faster, harder to detect, and better at finding and exploiting vulnerabilities.

Understanding the Attack Chain

Effectively defending against cyberattacks in this new environment requires security teams to work smarter rather than harder. Today’s cybercriminal strategies target every link in an attack chain, from gathering information and gaining access, to moving laterally across the network to discover resources to target, to evading detection while exfiltrating data. Traditional security strategies, however, tend to only focus on a handful of attack components, which gives criminals a significant advantage.

Initial Access: Exploiting known vulnerabilities in servers, compromising websites or applications, or taking advantage of successful spearphishing attacks allow attackers to wedge a foothold into the edge of the network.

Execution: This is the point where an attacker executes a binary, command, or script to begin their network reconnaissance and exploitation process.

Persistence: Once an attacker has established a foothold, the next goal is to avoid detection. Creating or manipulating accounts, applying rootkits, using run keys or exploiting tools like application shimming enable attackers to persist in place while the explore the network for potential targets.

Privilege Escalation: Basic access does not allow an attacker much opportunity to explore the network. To move around the network and access resources worth stealing, an attacker needs higher network privileges.

Defense Evasion: To move through a network undetected, especially when exfiltrating data, attacks need to avoid detection by things like behavioral analytics and IPS tools. Techniques such as clearing files, learning and mimicking normal traffic behaviors, or disabling security tools are just a few of the full range of tools available to today's hackers.

Credential Access: In many organizations, critical data and other resources are protected behind a wall of security that require appropriate credentials for access. Unfortunately, gaining access to credentials isn't always that difficult. They are stored in files or in a registry that attackers can exploit, techniques like hooking allow cybercriminals to intercept traffic to uncover credentials, and account manipulation can involve things like adding or modifying the permissions to the account being used to access the network.

Discovery and Lateral Movement: Not all data exists in the segment of the network that was broken into. Many of the same techniques used to this point are used again to determine where valuable resources exist and to then allow an attacker to move laterally between network segments, whether they are local to the breach or at some remote physical or virtual data center.

Collection and Exfiltration: Once an attacker has identified a payload, they need to collect that data needs and extract it from the network without being detected. This is often the trickiest part of the process, as this may involve massive amounts of data. But if a cybercriminal has carefully crafted each attack element to this point, they are often able to remain inside a compromised network for months, slowly moving data to other resources that are under less scrutiny, and eventually out of the network.

Command and Control: The final step is for attackers to cover their tracks completely. Multi-hop proxies, data obfuscation, and multi-stage exfiltration are just a few of the techniques cybercriminals use to ensure that stolen data cannot be tracked and traced back to them.

Working Smarter

Addressing the entire attack chain needs to be combined with understanding how the network functions, including the impact that future business requirements will have on the network. Mapping those functions to the attack chain allows security teams to think comprehensively about security threats.

Our experts say about Fortinet Certification Exams

Cyber Adversaries Fortinet Predicts Organizations Will Employ More Automation To Combat Threats

Cyberattacks Will Become Smarter and More Sophisticated

For many criminal organizations, attack techniques are evaluated not only in terms of their effectiveness, but in the overhead required to develop, modify, and implement them. As a result, many of their attack strategies can be interrupted by addressing the economic model employed by cybercriminals. Strategic changes to people, processes, and technologies can force some cybercriminal organizations to rethink the financial value of targeting certain organizations. One way that organizations are doing this is by adopting new technologies and strategies such as machine learning and automation to take on tedious and time-consuming activities that normally require a high degree of human supervision and intervention. These newer defensive strategies are likely to impact cybercriminal strategies, causing them to shift attack methods and accelerate their own development efforts. In an effort to adapt to the increased use of machine learning and automation, we predict that the cybercriminal community is likely to adopt the following strategies, which the cybersecurity industry as a whole, will need to closely follow.

• Artificial Intelligence Fuzzing (AIF) and Vulnerabilities: Fuzzing has traditionally been a sophisticated technique used in lab environments by professional threat researchers to discover vulnerabilities in hardware and software interfaces and applications. They do this by injecting invalid, unexpected, or semi-random data into an interface or program and then monitoring for events such as crashes, undocumented jumps to debug routines, failing code assertions, and potential memory leaks. Historically, this technique has been limited to a handful of highly skilled engineers working in lab environments. However, as machine learning models are applied to this process we predict that this technique will not only become more efficient and tailored, but available to a wider range of less technical individuals. As cybercriminals begin to leverage machine learning to develop automated fuzzing programs they will be able to accelerate the process of discovering zero-day vulnerabilities, which will lead to an increase in zero-day attacks targeting different programs and platforms.
• Zero-Day Mining Using AIF: Once AIF is in place, it can be pointed at code within a controlled environment to mine for zero-day exploits. This will significantly accelerate the rate at which zero-day exploits are developed. Once this process becomes streamlined, zero-day mining-as-a-service will become enabled, creating customized attacks for individual targets. This will change how organizations will need to approach security as there will be no way to anticipate where these zero-days will appear, nor how to properly defend against them. This will be especially challenging when using the isolated legacy security tools which many organizations have deployed in their networks today.
• The “Price” of Zero-Days: Historically, the price of zero-day exploits has been quite high, primarily because of the time, effort, and skill required to uncover them. But as AI technology is applied over time, such exploits will shift from being extremely rare to becoming a commodity. We have already witnessed the commoditization of more traditional exploits, such as ransomware and botnets, and the results have pushed many traditional security solutions to their limits. The acceleration in the number and variety of available vulnerabilities and exploits, including the ability to quickly produce zero-day exploits and provide them as a service, will also impact the types and costs of services available on the dark web.
• Swarm-as-a-Service: Significant advances in sophisticated attacks powered by swarm-based intelligence technology is bringing us closer to a reality of swarm-based botnets known as hivenets. This emerging generation of threats will be used to create large swarms of intelligent bots that can operate collaboratively and autonomously. These swarm networks will not only raise the bar in terms of the technologies needed to defend organizations, but like zero-day mining, they will also have an impact on the underlying cybercriminal business model. Ultimately, as exploit technologies and attack methodologies evolve, their most significant impact will be on the business models employed by the cybercriminal community.
• Currently, the criminal ecosystem is very people-driven. Some professional hackers for hire build custom exploits for a fee, and even new advances such as Ransomware-as-a-Service requires black hat engineers to stand up different resources, such as building and testing exploits and managing back-end C2 servers. But when delivering autonomous, self-learning Swarms-as-a-Service, the amount of direct interaction between a hacker-customer and a black hat entrepreneur will drop dramatically.
• A-la-Carte Swarms: The ability to subdivide a swarm into different tasks to achieve a desired outcome is very similar to the way the world has moved towards virtualization. In a virtualized network, resources can spin up or spin down VMs based entirely on the need to address particular issues such as bandwidth. Likewise, resources in a swarm network could be allocated or reallocated to address specific challenges encountered in an attack chain. A swarm that criminal entrepreneurs have already preprogrammed with a range of analysis tools and exploits, combined with self-learning protocols that allow them to work as a group to refine their attack protocols, makes purchasing an attack for cybercriminals as simple as selecting from an a-la-carte menu.
• Poisoning Machine Learning: Machine learning is one of the most promising tools in the defensive security toolkit. Security devices and systems can be trained to perform specific tasks autonomously, such as baselining behaviors, applying behavioral analytics to identify sophisticated threats, or tracking and patching devices. Unfortunately, this process can also be exploited by cyber adversaries. By targeting the machine learning process, cybercriminals will be able to train devices or systems to not apply patches or updates to a particular device, to ignore specific types of applications or behaviors, or to not log specific traffic to evade detection. This will have an important evolutionary impact on the future of machine learning and AI technology.

Defenses Will Become More Sophisticated

To counteract these developments, organizations will need to continue to raise the bar for cybercriminals. Each of the following defensive strategies will have an impact on cybercriminal organizations, forcing them to change tactics, modify attacks, and develop new ways to assess opportunities. The cost of launching their attacks will escalate, requiring criminal developers to either spend more resources for the same result, or find a more accessible network to exploit.

1. Advanced Deception Tactics: Integrating deception techniques into security strategies to introduce network variations built around false information will force attackers to continually validate their threat intelligence, expend time and resources to detect false positives, and ensure that the networked resources they can see are actually legitimate. And since any attacks on false network resources can be immediately detected, automatically triggering countermeasures, attackers will have to be extremely cautious performing even basic tactics such as probing the network.
2. Unified Open Collaboration: One of the easiest ways for a cybercriminal to maximize investment in an existing attack and possibly evade detection is to simply make a minor change, even something as basic as changing an IP address. An effective way to keep up with such changes is by actively sharing threat intelligence. Continuously updated threat intelligence allows security vendors, and their customers, to stay abreast of the latest threat landscape. Open collaboration efforts between threat research organizations, industry alliances, security manufacturers, and law enforcement agencies will significantly shorten the time to detect new threats by exposing and sharing the tactics used by attackers. Rather than only being responsive, however, applying behavioral analytics to live data feeds through open collaboration will enable defenders to predict the behavior of malware, thereby circumventing the current model used by cybercriminals to repeatedly leverage existing malware by making minor changes.

Speed, Integration, and Automation Are Critical Cybersecurity Fundamentals

There is no future defense strategy involving automation or machine learning without a means to collect, process, and act on threat information in an integrated manner to produce an intelligent response. To contend with the growing sophistication of threats, organizations must integrate all security elements into a security fabric to find and respond to threats at speed and scale. Advanced threat intelligence correlated and shared across all security elements needs to be automated to shrink the necessary windows of detection and to provide quick remediation. Integration of point products deployed across the distributed network, combined with strategic segmentation, will significantly help fight the increasingly intelligent and automated nature of attacks.