Keynote FORESCOUT : The digital transformation is pushing businesses to rethink their security strategy.

In the 2000s, approximately 700 million terminals were connected worldwide and were controlled by companies. Today, there are probably 16 billion online terminals, and companies are required to manage hundreds of systems. The goal of this conference is to explain how to adapt security strategies to this digital transition.


The growing number of connected devices worldwide

By 2019, nearly 330 million new terminals will be added every month worldwide. This is almost half of all devices that existed nearly 20 years ago. Today, companies no longer have the capacity to test or produce them in a controlled manner. They have to manage both this acceleration and the fact that 99% of their data will potentially be placed in the cloud.

What are the stakes of edge computing?

Edge computing is an even greater challenge than the growing number of devices. We can represent the importance of the different machines belonging to a company’s network in the form of concentric circles.

Fifteen years ago, we protected our most powerful machines the most carefully. Then came laptops and open systems (UNIX, Windows), and all of the devices provided to employees. The next circle was the IoT with less powerful terminals, but that also needed to be secured (printers, security cameras, televisions, etc.).

With edge computing, this order is turned on its head. To illustrate this, ForeScout presents the case of one of its clients in a large U.S. city, whose activity focusses on security cameras.

This client initially had a large network of cameras on all of the city’s traffic lights in order to establish liability in the event of traffic accidents. The company wanted to switch to a system that triangulated camera flows in order to allow the police to get to the scene more quickly. They then purchased IBM’s Watson artificial intelligence to work more quickly than the human team, which it then replaced.

These decisions resulted in increasingly powerful security cameras, to the point that their computing power ultimately exceeded that of their UNIX servers five years earlier. So, instead of having a powerful data centre on top of less and less powerful terminals, the widest circle of the least powerful machines became the greatest threat vector.


What developments are being made to networks?

In the 2000s, a network could be represented as a large flat shape, segmented such that the OT (operational technology) is theoretically hermetically sealed from IT (information technology).

This is no longer the case today. E-commerce and all that we expect from an on-line experience are forcing companies to be increasingly careful about how they interface these networks. Because more and more breaches are exposing them to danger. Hackers need to find only one way into networks, while security managers have to secure absolutely everything.

One of ForeScout’s major global banking clients initially had 25% of its terminals qualified as “closed” or “unmanaged” systems. These were IoT devices (security cameras, televisions) or operated in BYOD (Bring Your Own Device) mode. At the same time, 75% of the bank’s systems were “managed”, i.e. purchased, tested and put into production in a controlled manner. Three years later, this client now has only 25% managed systems and 75% unmanaged systems.

How to best defend professional networks?

A number of points have to be considered in order to defend companies properly against the risk of cyber attacks:

  • Understand what is in the network: when they use an analysis tool on their networks, companies generally discover that they have 30% more terminals than they thought. But, if we secure only the devices we’re aware of, hackers can enter through the ones we don’t know about. The solutions that are chosen must be heterogeneous for each operating system, operate in environments with mixed networks, and offer security in real time. A single network provider cannot be depended on to secure an entire infrastructure.
  • Have an accurate picture of devices: it’s not enough to know whether a system is Windows or Apple. We also need to understand what it is in concrete terms. It could be a laptop, an industrial controller (in the case of an industrial company) or a machine operating on a human being (in the medical sector). Five years ago, when tracking an attack on a Windows computer, an antivirus could detect the source after 24 hours with no dramatic consequences. Today, attacks are polymorphic, and much faster. So, it’s important to precisely understand the nature of the devices in the network.
  • Isolate specialised terminals with embedded operating systems that cannot be updated: the old version of an operating system might be connected with the rest of the company network, and attackers can easily exploit this flaw. There are two solutions to protect against it: patch them regularly or segment the network if they cannot be updated.
  • Improve automation: people can’t be made responsible for every cyber decision with this type of increase in the number of connected devices. By 2020, there will be as many IoT systems as there are humans on the planet, and their population will continue to grow faster than our own. This makes automation essential for more efficiency.

In conclusion, visibility on what is connected to the corporate network represents the next big security transformation. Today’s context of accelerating digital transition makes every positive innovation an open door to security issues.