…with Jaime Chanagá, field CISO at Fortinet for Latin America and the Caribbean

Now for the recommedations…

Recently when I talked to the customers and partners they are especially interested in Digital Risk Protection Services (DRPS). A lot of CISOs are under pressure from businesses to take risks when it comes to digital transformation, but they do not know whether their existing security platform can protect with all these new technologies.

What is one cybersecurity portfolio solution you are recommending customers consider for 2023?

Jaime Chanagá (JC): The investment in sophisticated detection solutions is an area that is lacking in the security road map for 2023. In 2022, many organisations faced increased cyber risks resulting from the convergence of IT and operational technology (OT) networks. That said, investment in solutions like network detection and response (NDR) can allow organisations to quickly identify anomalies, analyse emerging threats in real time, and automate responses to mitigate cyberattacks. Businesses and organisations that accelerate their cyber agility can defend their IT environments and company from existing and emerging threats.

Another of the cybersecurity portfolio solutions I urge customers to take into consideration is the Security Access and Service Edge (SASE) approach to revamp their existing remote access technology. Currently, most companies rely only on verified private networks (VPN) to provide remote access, and some of the more advanced companies may incorporate simple proxies such as Security Service Edge (SSE). However, the mixed-use of point solutions creates management complexity and network performance issues and is frequently inadequate for rapid response and remediation when an attack occurs. A true single-vendor SASE should ensure not only security but also network access performance. This can be achieved by utilising a consolidated platform that provides SSE, zero trust network access (ZTNA), and cloud access security broker (CASB) to secure at the endpoint control level. This approach will ensure end-to-end visibility to provide rapid response in the case of a security incident.

What is an example of a solution that many customers may not have considered but should?

JC: Given that most organisations are still struggling with talent shortages for skilled cyber workers, for organsations that do not have their own in-house security operations centre or team, I would recommend SOC-as-a-Service (SOCaaS). If you don’t have a talented and skilled workforce with experts in incident response, your organisation is in grave danger when faced with a cyberattack.