by RSS Susan Biddle  |  Oct 15, 2017  |  Filed in: Business and Technology

From October 15th – 18th, the 2017 Internet2 Technology Exchange will take place in San Francisco, CA. The Technology Exchange brings together leaders from the research, education, and technology communities to discuss and find solutions to the technical challenges that threaten the missions of their organizations.

The robust Internet2 community comprises 317 US higher education institutions, 81 leading corporations, 64 affiliate and federal affiliate members, 43 regional and state education networks, and more than 65 national research and education networking partners. The goal of this conference is to bring members and non-members together to discuss and foster the development of technologies to advance research and education.

Cyber Risks at Research and Education Institutions

Fortinet is proud to sponsor this conference in order to address the growing security threats facing research and education (R&E) institutions. Collaborating with Internet2 members and technology experts, we aim to better secure the personal information and intellectual property housed at educational and research facilities across the globe.

Data breaches can do irreparable damage to organizations across industries. However, in the research and education space, the stakes are especially high. These facilities rely on an inherent trust with partner organizations around the globe. If this trust is harmed through a data breach that exposes classified research or the personal information of subjects, it can result in broken partnerships that drastically impact the ability to conduct meaningful, humanitarian research.

At this year’s conference, Fortinet’s James Cabe will be presenting alongside Jonathan Lee and Jay Etchings from Arizona State University on protecting research facilities using identity and intent-based security. Fortinet and Arizona State University have been working together to secure the research done at ASU that spans from computational physics, to population genetics, to social media data analysis. During their presentation they will speak about what they have learned throughout this process, and how similar institutions can benefit from their findings.  

Preparing for Automation with Identity

The goal of this presentation is to educate the Internet2 community as to how they can begin to optimize their security processes and infrastructure in order to take advantage of advances in new security automation and intent-based security technologies.

These advanced solutions enable IT teams to, for example, improve the authentication and authorization process using such things as nano-segmentation to track and analyze user roles, resource utilization, and more across the facility. By tracking and learning how people use data and resources, the network is able to establish a fingerprint of user behavior and then use that to actively manage permissions. Assessing usage information allows the IT team to tailor individual authentication and authorization protocols to better meet user needs. Baselining user activities and needs and then building security features around them is a key step towards increasing security automation and enabling intent-based security.

The 3 Building Blocks to Automated Intent-Based Security

In order fully harness the power of automated intent-based security, organizations need to have three core capabilities.

  1. First, organizations must be able to process and store large amounts of data. This will become the storehouse of all intelligence required for granular and responsive automation.
  2. Next, organizations need to be able to use this data and intelligence to discover underlying wisdom about processes and behaviors. These behavioral “fingerprints” can then be used to effectively guide security actions by determining the intent of behaviors based on how far they deviate from normal.
  3. Finally, organizations need to be able to take action based upon the wisdom they uncover in order to enable proactive automation and autonomous decision making. In order to accomplish this, organizations will need to deploy a fabric-based security architecture that allows the sharing and correlation of information across tools, and then automates a coordinated threat response across the entire distributed network.

With these three capabilities in place, IT teams can begin to divine wisdom about their specific network usages, and use it to refine their security policies, enhance machine learning, and improve the efficacy of automated responses to threats.

Bringing Wisdom to Automation

This sort of intelligence analysis allows organizations to understand how and why things occur the way they do within their network. From there, IT teams can tailor security functions to do such things as match security protocols to the way researchers and educators access and use protected resources. 

As automation capabilities grow, this wisdom template will be integral to judging if anomalous behavior is innocent or a cyberattack, based on the established context of how individuals normally interact with the network and data. When IT teams have refined these distinctions over time, they build up a knowledge of what constitutes normal behavior for their network, as well as what is abnormal, which can then be incorporated into their security fabric architecture.

The ultimate goal of automated intent-based security will be to combine more traditional signature-based security solutions with adaptive and behavioral security abilities for even more effective defense in depth, from the core to the cloud.

Final Thoughts

For education and research organizations, data protection is paramount. Through longstanding partnerships in the R&E sector, Fortinet has developed insights into how to best protect this sensitive data in real-time. To learn more about building automated intent-based security at your organizations, attend:

What: Bringing Wisdom to Automation: Using Identity and Intent-Based Security

When: Wednesday, October 18th

Time: 10:20 am – 11:10 am  

Read more about Fortinet and protecting education data.

by RSS Susan Biddle  |  Oct 15, 2017  |  Filed in: Business and Technology