Fortinet Signs Agreement with NATO: Will Sharing and Actionable Threat Intelligence Help Curb Cybersecurity?

Today, within the framework of the NATO Industry Cyber Partnership (NICP), the NATO Communications and Information (NCI) Agency signed an industry partnership agreement with Fortinet. Derek Manky offers some perspective on this important partnership.

Michael Xie, CTO & Co-Founder, Fortinet

Koen Gijsbers, General Manager, NCI Agency

Q: What did Fortinet “do” with NATO today?

D: Fortinet took another important step in an effort to bolster the future of cybersecurity. We signed an agreement with NATO to boost two-way information sharing, in particular on cyber threats. This partnership is an excellent example of a call to action for intelligence collaboration with the private sector. While Fortinet processes billions of threat events on any given day, no single entity will have a complete vision of the cyber threat landscape.

Q: Why is this important, what is the impact of the agreement?

D: The NATO agreement is another way forward to identify and chase the adversary and their campaign playbooks. Cyber criminals are for the first time showing fear as indicated with their tactics, which attempt to cover their tracks. When we grow our collective intelligence, we can better combat advanced threats, deploy security controls to counteract the latest moves, and deliver greater security for our customers and all organizations.

It’s been a long tradition in the security world to share information on new malware, new botnets, and newly discovered threats or vulnerabilities in general. To help customers get ahead of the threat, Fortinet’s FortiGuard Labs team of global cybersecurity threat researchers, engineers, and forensic specialists is on the front lines delivering applied threat research, intelligence and analytics. Security vendors have a responsibility with the global ecosystem to share threat findings with each other and end-user advocacy groups because the best way to combat the creativity and negative impact of adversaries is to build security solutions based on data from wide and diverse sources. 

Q: What other collective relationships or activities is Fortinet doing to direct the future of cybersecurity?

D: Fortinet is taking action not only via product innovation across our network security platform, but also public and private sector relationships. Fortinet is a founding member of the Cyber Threat Alliance (CTA), a group of leading cybersecurity solution providers who have come together to share threat intelligence on advanced attacks, their motivations, and the tactics of the malicious actors behind them. In addition, the OASIS Cyber Threat Intelligence (CTI) group is chartered to define how, when, and with what methods or protocols security vendors and law enforcement will all share information. It is important since we are directing the future of threat intelligence standards and protocols as we pave the way forward. Actionable threat intelligence cannot be achieved without a well thought out methodology in place. We consider memberships in organizations like OASIS or CTA to be crucial for promoting awareness and standardization that brings everyone to the table to use the same language when talking about cybersecurity.

Q: What is top of mind for you in regards to cooperation and information sharing?

D: There is a greater mission on the part of every security vendor to make the world safer and more secure for people to interact, do business, and to communicate ideas. Public and private sector partnerships will remain a big opportunity in the future. In addition, contextual information is very important, while safeguarding privacy and only sharing and correlating non personally identifiable information (PII). Indicators of compromise (IOC), traits related to an adversary, campaign or tactic often have a short shelf life. Sharing information promptly and proactively across all verticals is essential moving forward. Security controls need to be able to digest automated threat intelligence and take action. The vast amount of threat intelligence that exists today and more coming tomorrow cannot be managed otherwise.