How to Be a Bold and Effective Security Leader

Listen to post:
Getting your Trinity Audio player ready...

Security leaders today are facing a number of challenges, including a rise in the number of breaches, a need to accommodate remote work and networking requirements to replace MPLS networks. In this new blog post, we share insights about this new reality by David Holmes, Senior Analyst at Forrester, as well as an in-depth explanation about the security stack that can help. You can watch the webinar this blog post is based on here.

Forrester identified three converging trends that are influencing the network and security industries: A growing number of cybersecurity breaches complemented by a security skills shortage, remote work as the new reality and MPLS connections being replaced by SD-WAN. Let’s delve into each one.

1A. Cybersecurity Breaches are on the Rise

According to Forrester, the number of cybersecurity breaches has grown significantly. In 2019, 52% of organizations they surveyed were breached at least once over a 12-month period. In 2020, the percentage jumped to 59%. In 2021 it was 63% and in 2022 it was a whopping 74%. Unfortunately, the actual percentage is probably higher since these numbers do not include organizations that do not know they were breached or have not admitted it.

1B. Security Skills Shortage has Real Impact

In addition, Forrester found that companies whose IT security challenges included finding employees with the right security skills tended to have more breaches annually. Nearly a quarter (23%) of organizations who pinpointed security skills shortage as one of their biggest IT challenges, were breached more than six times in the past 12 months.

2. Remote Work is Here to Stay

Forrester’s research concluded that the concept of working anywhere has been embraced by security leaders. Nowadays, 30% of a CSO’s time during working hours is spent working from home, compared to 2% before the COVID-19 pandemic. The percentage of work taking place at the corporate headquarters has been reduced from 49% to 21%. Non-security employees probably spent more work time at home than the surveyed CSOs.

Remote working means employees work from anywhere and their company data can also be anywhere, especially in the cloud. For architects, CSOs and CTOs, this means they have to build an architecture that take these new conditions into account. This requires adjustments in terms of security, the user experience, and more.

3. SD-WAN Adoption

Finally, according to Forrester, 74% of organizations are adopting or have already adopted SD-WAN, while only 10% have no plans at all. SD-WAN allows organizations to replace their private lines and eliminate the overhead and maintenance of connecting through local ISPs.

Point Solutions are Incompatible with the Hybrid Enterprise

This new reality requires new networking architectures. In legacy architectures, most users were in the office,using on-premises applications, remote user traffic was backhauled through the data center, where security policies were enforced through point solutions. This was a good solution at the time, but today with applications and users everywhere, this approach is no longer practical or productive.

But moving all point solutions to the cloud isn’t a good approach either. Let’s take a look at a typical organization’s security stack for the cloud:

  • SWG and CASB solutions secure user access to the internet and to cloud applications. They are usually provided through a built-in web proxy architecture, i.e they examine HTTP and HTTPS traffic.
  • ZTNA provides access to private applications. It is commonly delivered through a separate pre-app connector architecture, which is a type of virtual overlay.
  • NGFW and UTM solutions identify malicious traffic coming from non-users.

This stack constitutes a fragmented architecture that creates inconsistent policy engines, limited visibility for WAN security and unoptimized access to the Internet and Cloud Resources. The result is blind spots and complexity.

The Right Way: One Architecture for Total Visibility, Optimization and Control

The solution is to converge the entire security stack into one cloud function. Such a cloud security service will provide total visibility, optimization and control of all the traffic. It will ensure all traffic goes through the same security controls in a single, converged architecture for all edges, giving organizations the ability to enforce policies with one policy engine and one rule base.

A converged solution enables doing this in a holistic manner that covers all traffic (ports, protocols, IPs, sources and destinations), applications (Private, Public, Cloud and Web), security capabilities (FWaaS, IPS, NGFW, ZTNA, CASB, DLP) and directions (WAN, Internet, Cloud) for all users, IoT, apps and devices. In addition, traffic is optimized for global routing and acceleration across a global private backbone.

Cato SSE 360: Security Transformation in the Cloud

Cato SSE 360 is built from the ground up to behave that way. Cato SSE 360 is the security pillar of Cato’s SASE cloud, providing total visibility, optimization and control. Cato’s SSE 360 converges all SSE components into a global cloud service that includes SWG, CASB, DLP, FWaaS, while providing a global backbone for traffic optimization and acceleration.

The global reach of Cato SSE 360 (and SASE, see below) spans over more than 80 Pop locations across North America, Europe, Asia, Latin America, the Middle East and Africa. Each PoP location runs Cato’s full security stack and network optimization capabilities. This ensures a short distance of under 25 milliseconds round trip time from any user and any business location. In addition, Cato is continuously adding more PoPs every quarter to expand coverage.

How to Be A Bold and Effective Security Leader During Times of Economic Downturn | Watch the Webinar

Cato SASE Cloud

SASE (Secure Access Service Edge) is the convergence of security and networking capabilities into a single cloud-native platform. Cato’s SASE cloud is the convergence of SSE 360 and SD-WAN across a private cloud network of PoPs. All PoPs are interconnected by a global private backbone that is built with redundant tier one providers, and this guarantees consistent and predictable global latency, jitter and packet loss, creating a reliable network.

All traffic runs through Cato’s Single Pass Cloud Engine (SPACE) that performs all networking and security processing in the cloud. SPACE consists of two parts:

  • A multi-gig packet processing engine
  • A real-time policy enforcement engine

SPACE is natively built to process multi-gig traffic flows from all enterprise edges, including branches, users devices and applications. It supports all ports and protocols and automatically extracts rich context from each flow, including the user identity, device posture, target applications and data files. Then, it finds the best route for the traffic and applies network optimization and acceleration to minimize round trip times. TLS decryption is applied as needed without any impact on the user experience.

Multiple security engines simultaneously and consistently enforce policies through SPACE. FWaaS, IPS, NGAM and SWG clooaborate to protect users against WAN and Internet-based advanced threats. In addition, ZTNA provides secure remote access, while CASB and DLP control access to risky cloud applications and prevent sensitive data loss. All these capabilities run on all the traffic at the same time to minimize security overhead and leverage the rich context of every packet.

Connectivity takes place through an IPSec tunnel and a Cato vSocket, turning the cloud data centers into an integral part of the network, and with no need to deploy virtual firewalls. Cato provides full visibility and control over all the incoming and outgoing traffic from cloud data centers.

For public cloud applications, no integration is required. Optimization, inspection and enforcement are inherently applied from any edge. Traffic is forwarded over the private backbone to the PoP that is closest to the cloud instance that is serving the business. This smart egress capability optimizes the user experience. Remote users can use the Cato client or a browser to securely connect to any application on-premise or in the cloud, from laptops, tablets and smartphones.

Cato offers full visibility and control via a single pane of glass and a flexible management model. Customers can opt for a fully managed service, co-management, or complete self-management of their deployments.

Best of all, transitioning from an SSE to full SASE only requires replacing the edges with Cato’s SD-WAN sockets.

How Cato SSE 360 Addresses 3 Common Use Cases

1. Securing the Hybrid Workforce

As Forrester identified, enterprises today need to seamlessly and securely connect the hybrid workforce wherever they are.

Cato SSE 360 seamlessly and securely connects the hybrid workforce no matter where they are, and ensures all policies are consistently enforced everywhere. This eliminates the need to backhaul the user’s traffic across the world to a data center VPN appliance. There is also no need to deploy global instances to achieve the same goal. This provides zero trust security with continuous verification, access control, threat prevention and sensitive data protection, wherever the users are.

2. Beyond User-to-Application Access

Security is required beyond users and applications. It must address all edges, including IoT devices  and unmanaged endpoints. This is the difference between proxy architectures and network architectures.

The Cato SPACE architecture enables Cato to provide complete visibility and full traffic inspection. This includes:

  • End-to-end visibility across all edges: branches, data centers, users, and apps.
  • End to end threat prevention and sensitive data protection.

3. IT Infrastructure Consolidation

End-to-end visibility and control provides last mile resiliency and a single pane of glass for networking and security management. Cato also eliminates solution sprawl by eliminating point solutions and the need for patching, fixing and upgrading. Finally, Cato SASE Cloud is designed to provide a resilient, self-healing architecture that ensures connectivity and security.

Learn more about solutions for security leaders by watching the entire webinar, here.

Related Topics