By: Ali Sleiman, Regional Technical Director, Middle East & Africa at Infoblox

The hybrid workforce is a permanent reality for most companies these days. The sudden onset of the pandemic and associated shutdowns gave organizations very little time to prepare for such large-scale remote work, let alone time to think about how to secure their ‘work from home’ users who still needed to access enterprise applications in the cloud, and work with and store corporate data on their devices.

Security teams now have to think about protecting corporate resources and data as employees are working outside the corporate perimeter. The pandemic, widespread remote work, and the adoption of new technologies have brought in changes that traditional network architectures cannot deal with.  The existing paradigm where the security stack is located within the corporate network is no longer sufficient to protect these teleworkers. Teleworking also exposes the company to a much broader attack surface, as workers add personal devices and home and public Wi-Fi networks to the corporate network. The internet, cloud technologies and the onslaught of wireless all contribute to a massive increase in the attack surface.  This requires a different security skill set and an increased awareness of the vulnerabilities of today’s IT environment.

Bad actors are taking advantage of the chaotic nature of these times, by launching coronavirus-themed cyber-attacks and impersonating well-known websites that try to provide useful, timely information for the general public. Indeed, COVID-19 has become the subject of choice for phishing and spear-phishing campaigns that seek to take advantage of the heightened level of fear and concern.

In this scenario, cybersecurity needs to be rolled out from day one, or else companies and their employees will be at serious risk from partially secured cloud deployments, data breaches, insecure applications, and remote locations where the security and management of the remote user and the local branch LAN is often ignored, leaving end-users vulnerable.

In many cases employees working remotely ignore basic cyber hygiene rules like updating the operating system, using an effective antivirus or strong passwords and backing up data regularly. However, companies also have a responsibility to have structured security policies which address all security gaps. These need to be implemented and adhered to by all employees.

Remote workers and end-users will likely be active on a variety of mobile devices, home networks, and public Wi-Fi networks, which make them more likely to face cyberattacks. Leveraging the position a core technology like DNS security has in the network, can play a critical role in preventing attacks like lookalike domains, DOH/DOT, data exfiltration, and content vulnerabilities. Without a security control like Custom Lookalike Domain, for example, that can monitor such risks, teleworkers will be more easily targeted and vulnerable to attacks, especially in an age where character substitution is increasingly employed by cybercriminals to manipulate users into exposing credit card numbers, passwords and other sensitive data.

End-users will always have the primary responsibility of being aware of increasingly sophisticated cyber threats, provided the organization provides proper education and training, and enforces security policies. It is important to consider the risks in consumer grade Wi-Fi connections, as home routers are usually not secure or patched. There are also risks in using shared documents on cloud folders. Additionally, home browsers configured with plug-ins and certain applications may introduce substantial risk. CISOs should consider implementing technologies like BloxOne​​ Threat Defense from Infoblox that includes a lightweight endpoint agent that helps end users with all of these vulnerabilities and more.

While there are a number of different solutions available to protect remote workers, one of the best and most cost-effective is DDI (DNS, DHCP, IPAM). DNS is the foundation of the Internet and so every connection to the Internet goes through it, making it an ideal service that can be used to secure the network. In the corporate environment, DNS is often provisioned by the internal security team, but when working from home, employees typically use public DNS or DNS provided by their service providers – both of which seldom do security enforcement on DNS.

Today’s security decision makers need to have a variety of skills, and an ability to understand the impact that new technologies like SDN, SD-WAN, Multi-cloud, and Network Functions Virtualization (NFV) have on their ability to assess the risk of such deployments and respond with the right security models like Zero-Trust and cybersecurity tools for the organization.

Red Hat, the world’s leading provider of enterprise open source solutions, and Nutanix (NASDAQ: NTNX), a leader in hybrid multicloud computing, today announced a strategic partnership to enable a powerful solution for building, scaling and managing cloud-native applications on-premises and in hybrid clouds. The collaboration brings together industry-leading technologies, enabling installation, interoperability and management of Red Hat OpenShift and Red Hat Enterprise Linux with Nutanix Cloud Platform, including Nutanix AOS and AHV.

Key elements of the partnership include:

• Red Hat OpenShift as the preferred choice for enterprise full stack Kubernetes on Nutanix Cloud Platform. Customers looking to run Red Hat Enterprise Linux and Red Hat OpenShift on hyperconverged infrastructure (HCI) will be able to use an industry-leading cloud platform from Nutanix, which includes both Nutanix AOS and AHV.
• Nutanix Cloud Platform is now a preferred choice for HCI for Red Hat Enterprise Linux and Red Hat OpenShift. This will enable customers to deploy virtualized and containerized workloads on a hyperconverged infrastructure, building on the combined benefits of Red Hat’s open hybrid cloud technologies and Nutanix’s hyperconverged offerings.
• Nutanix AHV is now a Red Hat certified hypervisor enabling full support for Red Hat Enterprise Linux and OpenShift on Nutanix Cloud Platform. The certification of the Nutanix built-in hypervisor, AHV, for Red Hat Enterprise Linux and OpenShift offers enterprise customers a simplified full stack solution for their containerized and virtualized cloud-native applications. This certification delivers Red Hat customers additional choice in hypervisor deployments, especially as many organizations explore innovative, modern virtualization technologies.
• Joint engineering roadmap providing robust interoperability. Red Hat and Nutanix will focus on delivering continuous testing of Red Hat Enterprise Linux and Red Hat OpenShift with Nutanix AHV to provide robust interoperability. The companies will also collaborate to deliver more timely support by aligning product roadmaps.
• More seamless support experience providing faster resolution times for joint customers. Customers will be able to contact either company with support issues. The two companies are collaborating to deliver a best-in-class support experience for the interoperability of the certified products.

Because of its distributed architecture, Nutanix Cloud Platform delivers an IT environment that is highly scalable and resilient, and well-suited for enterprise deployments of Red Hat OpenShift at scale. The platform also includes fully integrated unified storage, addressing many tough challenges operators routinely face in configuring and managing storage for stateful containers.

More information on the partnership is available here.

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the FortiGate 3500F Next-Generation Firewall (NGFW) to protect organizations with hybrid data centers against the ever-growing threat landscape and ransomware attacks. FortiGate 3500F offers some of the industry’s highest performance numbers, including TLS1.3, with automated threat protection post decryption. Additionally, FortiGate 3500F is built with zero trust network access (ZTNA) capabilities, further delivering consistent security and seamless user experience to any user at any location with its security-driven networking approach.

John Maddison, EVP of Products and CMO at Fortinet

“Adding to our industry-leading NGFW portfolio, FortiGate 3500F offers high performance and integrated networking and security at hyperscale for hybrid data centers. With the FortiGate 3500F, Fortinet is the only vendor that natively integrates access proxy capabilities in its NGFWs to turn on zero trust network access. Additionally, FortiGate 3500F further enables organizations to protect against evolving threats and rising ransomware attacks, delivering the industry’s highest security compute rating of 6x for performance compared to competitors – including TLS1.3 – to deliver consistent end-to-end security.”

Evolving Threat Landscape Poses Security Risks Across Hybrid Data Centers

With the shift to work from anywhere, organizations are adopting hybrid data centers to increase operational agility by deploying some resources across multiple clouds while keeping other business critical applications and data in on-premises data centers for compliance and control. As the data center infrastructure becomes more distributed, however, the attack surface expands and more blind spots emerge, reducing visibility and increasing the potential for breaches and attacks. It’s critical for organizations to inspect encrypted flows to detect all type of attacks, especially malware that hides in secure channels, to prevent ransomware and the disruption of command and control attacks from stealing customer and corporate data.

Organizations also need a strategy to manage excessive implicit trust and provide inspection into the growing volume of encrypted traffic which is increasingly used by cyber adversaries to mask malicious traffic. Otherwise, organizations struggle to securely grow and accelerate digital transformation as their traditional security strategy and solutions can’t keep up with escalating business demands.

Securing Users, Data and Applications Everywhere

To address these challenges, FortiGate 3500F NGFW helps organizations ensure business continuity and advanced security for hybrid data centers. With the industry’s highest Security Compute Rating (SCR) of 6x IPsec, FortiGate 3500F NGFW secures the data center edge, core and interconnect by providing ultra-fast secure data center to data center paths to build disaster recovery sites. It also enables organizations to secure data center to cloud paths for cloud on-ramps with full compliance and controls. Other key highlights of the FortiGate 3500F include:

• FortiGuard Security Services and Fortinet ASIC SPUs enable hyperscale protection for ransomware and advanced threats: FortiGate 3500F is powered by Fortinet’s purpose-built ASIC Security Processing Units (SPUs), like the NP7 and CP9. FortiGate 3500F offers the industry’s highest security compute rating of 6x for performance compared to competitors – including support of TLS1.3 – to detect attacks, like ZEUS, Trickbot, Dridex, and protect organizations from network, application and file-based attacks and many other sophisticated threats. FortiGate 3500F also natively integrates with FortiGuard Security Services. This further helps organizations protect themselves against network anti-virus, mail security, anti-DDoS, and similar functions, like IPS and anti-malware solutions.

• Natively integrates access proxy capabilities, such as zero trust network access (ZTNA): FortiGate 3500F is the only NGFW in the industry that natively integrates access proxy capabilities to enable zero trust network access (ZTNA). This allows organizations to host applications anywhere with consistent policy controls to enable and secure hybrid workforce models with seamless and superior user experience.

• Seamless user experience through consolidation: Fortinet further delivers a security-driven networking approach withFortiGate 3500F, which combines security and networking capabilities, including Secure SD-WAN and Zero Trust Network Access. An industry first, only Fortinet offers Secure SD-WAN, SD-Branch and ZTNA in one single offering.

Scaling Business with Superior Performance and Advanced Security

Powered by Fortinet’s ASIC SPUs, FortiGate 3500F offers some of the highest performance numbers for NGFW with 12x higher speeds than leading competitors. As a result, FortiGate 3500F delivers unparalleled performance levels and hyperscale to inspect, segment and secure locally hosted data and workloads at network speeds. Organizations are able to host business critical applications and provide secure access to corporate users, customers and partners.

Below is a comparison of the FortiGate 3500F compared against top firewalls on the market.

Specification	Fortinet  FortiGate 3500F	Industry   Average	Security Compute Rating3	Palo Alto Networks  PA-5260	Checkpoint  SG-26000	Cisco Firepower  FPR-4125	Juniper   SRX540024
Firewall	600Gbps	95Gbps	6x	60Gbps	106Gbps	80Gbps	135Gbps
IPsec VPN	165Gbps	28Gbps	6x	28Gbps	40Gbps	14Gbps	30Gbps
Threat Protection	57Gbps	29Gbps	2x	34Gbps	24Gbps	N/A	N/A
SSL Inspection	64Gbps	8Gbps	8x	6.5 Gbps	–	8Gbps	N/A
Concurrent Sessions	330M1	28M	12x	32M	10M	25M	45M
Connections Per Second	4.8M1	771.5k	6x	586k	550k	1.1M	850k

1. Performance with hyperscale license applied
2. SRX5400E-B1-AC, IPsec non-power mode​