The ‘fabric’ covers multi-cloud environments to Internet of Things (IoT) endpoints, as well as smaller network access points like email and web applications. Broad visibility and integration are two of the three keystones upon which Fortinet has built its flagship product, with automation the third. Underlying artificial intelligence powers immediate, coordinated responses to threats across the network.
Anderson believes efficiency as well as simplicity is achieved through this means, which is a major consideration for customers who may be concerned by the cost and resource-draining that comes with a multi-vendor approach.
“You need to try and do more things under a singular umbrella, which means you can utilise your resource better and do more with less people,” he adds. “Obviously, it also has the upside where if some kind of event happens in one part of the infrastructure, the rest of the infrastructure can respond.
“We know that we may never have absolutely everything you need in one bucket, but also any infrastructure, or any company, that’s been around for more than a year will have some kind of legacy infrastructure. We need to be able to integrate and talk to other parts of your ecosystem.
“In terms of the problems that I’m hearing, people need to be able to have a joined-up approach across all of those traditionally siloed parts of the business. This dissolves silos.”
The rise of connected devices, both on a consumer and industrial level, has changed the landscape for security vendors, perhaps influencing their strategic planning more than any other factor. IoT security is only going to become more critical throughout the enterprise too, with Bain projecting the IoT marketplace to double in overall value by 2021.
Rising amounts of data and IP are being stored outside of the core and on endpoints, which has hackers licking their lips. Historically, threat intelligence from endpoint solutions hasn’t been shared with the rest of the network, which slows response rates and increases the likelihood of an infected device precipitating a far greater problem.
FortiClient, Fortinet’s endpoint protection software that is a key component of its ‘Security Fabric’, tackles this head on by leveraging machine learning to proactively defend against malware. But Anderson accepts that there are still questions to answer when it comes to IoT security, especially in relation to the sheer number of endpoints that will exist within organisations.
“It’s one of those areas that is kind of grey, if that’s the right word,” he explains. “When people talk about IoT, it can mean lots of different things. For example, it could be how you secure a connected device like a thermostat or it could mean something on a much larger scale. Is the approach to go that we need to embed something in every single device, or does it need to come through some kind of gateway?
“The problem is in the future, when every single electrical device in your home, or that you experience from walking down the street, is going to be connected to the internet. What’s the cost to embed a security device into a lighting system, for example? I’m not sure where the breakpoint comes.
“I think you need to approach the problem differently. You’re not going to embed security into each intelligent light. It probably all comes back to a building where you have a choke point, a firewall – and that’s where you build the security.”
Fortinet works with customers who are deploying connected devices on a far more industrial scale, however, and this is where a bespoke approach is vital according to Anderson – even though more often than not they are operating with unsuitable legacy infrastructure.
“Imagine a hospital where you’ve got MRI scanners and other medical systems which run physically on old operating systems; that is a point of vulnerability,” he carries on.
“From our perspective, we would say that, in the future, we’d work with the manufacturers of that equipment to embed security into their devices but at the moment, we would put a firewall between that device and the rest of the infrastructure.
“As soon as you get to a situation where the device that is enabled to be intelligent reaches a certain price point, clearly there’s a long-term value to the customer and the vendor to make that industrially secure with its own embedded solution.”
As Regional Director for UK&I, Anderson’s remit stretches beyond Fortinet’s technical capabilities. As a global entity, Fortinet achieved $1.5 billion worth of full-year revenue in 2017 and the California-headquartered company has its sights on challenging the biggest fish in the pond.
Since assuming his position in May last year, Anderson has been working towards the specific objective of using Fortinet’s platform-based approach to increase penetration in a saturated regional market.
“We have fairly aggressive growth objectives but the marketplace itself is expanding rapidly. You’ve got a number of adjacent markets that are colliding together.” he outlines.
“Also, the UK marketplace is seen as, for want of a better phrase, an ‘icon’ market from an IT perspective. A number of things go on within the UK marketplace and within our business that often lead to thought leadership across the enterprise.
“For me, it’s about creating the right structure for the next three to five-year journey that enables us to exceed the growth and objectives that the company is giving me. We have the ability here to grow more significantly than we have in the past, and more significantly that our primary competitors.”
One stumbling block to growth vendors are repeatedly coming across is a widening skills gap within the industry. As networks become ever more intricate and segmented, the pool of suitable professionals to manage them becomes shallower, with the biggest companies having to scrap it out for the best talent.
This also translates further into the workplace, where a dearth of basic technical knowledge can lead to issues. One of the most common causes of a breach remains something Fortinet and its rivals struggle to have control over: human error. That is why the company is investing in training to educate key stakeholders within its client organisations, while also running its Network Security Expert (NSE) programme aimed at technical experts.
“People are sometimes unknowingly stupid, if that makes sense,” says Anderson. “We’ve all done it, there are lots of examples of how people easily get phished – they give their password information away, that sort of stuff.
“All too often, we’re so busy with our lives that we don’t take time to think about what we’re receiving. If we can get some basic education out there on this subject, I think that really helps solve the core problem. So far, we’ve had over 163,000 people come through the programme. It’s been a real success.”
