Be security “centred” to fight attackers

By Sean Newman, Security Strategist for Sourcefire, now part of Cisco.

  • Monday, 30th June 2014 Posted 10 years ago in by Phil Alsop

Data centres are evolving dramatically, to become more intelligent, support changing business models and react to new competitive environments. Applications can now be provisioned dynamically and resources automatically shifted, as demands change. However, in many cases, organisations are struggling to take advantage of these new capabilities without negatively impacting their levels of protection.


The challenge is that many of today’s security solutions were designed for the Internet edge and not the data centre. They simply do not support such advances in the data centre, or understand the targeted threats that are now aimed squarely at these highly prized assets. Traditional data centre security bolt-on solutions fall short in a number of ways: taking days or weeks to provision and lacking the performance and scalability to handle dynamic environments and high-volume bursts of traffic. They are typically fragmented solutions, that aren’t integrated across the data path, creating management overhead and policy handoff errors; and focusing only on preventing attacks before they happen, with no ability to see and proactively respond to threats that inevitably get through.


The wrong security solution can actually impede business goals, so many organisations choose to scale back on security in order to maximise the benefit from flexible and dynamic services their data centres can deliver. In fact, Gartner finds that 95% of data centre breaches occur due to a misconfigured firewall, largely a result of administrators faced with the untenable choice of security versus business efficiency. And, the problem is likely to get worse, before it gets better. Complexity and challenges mount as data centres are migrated from physical, to virtual, to next-generation environments like Software-Defined Networks (SDN) and Application Centric Infrastructures (ACI). Data centre administrators find themselves spending more time managing topology and less time managing the applications and services that can provide the additional productivity and performance gains necessary to support the goals of the business.


With data centres becoming increasingly critical to business strategy execution, their security must be considered within the context of the broader strategy for the overall organisation. Security for the data centre must evolve in three important aspects, to deliver the control administrators need, without compromising protection and functionality.


1. Security must be designed for the data centre. Many Internet-edge security solutions, like next-generation firewalls, are being inappropriately positioned in the data centre where the need is visibility and control over custom data centre applications, not traditional web-based applications. Security must also be integrated into the data centre fabric, and not simply at its edge, in order to handle not only north-south (or inbound and outbound) traffic, but also east-west traffic flows between virtual instances. Security also needs to be able to dynamically handle high-volume bursts of traffic to accommodate how highly specialised data centre environments operate today. And to be practical, centralised security management and orchestration is a necessity. With Gartner anticipating a 3000% increase in data centre connections-per-second by the end of 2015, as more and more devices and applications connect, the need for performance and provisioning capabilities cannot be overstated.


2. Security must be able to adapt. Data centre environments are highly dynamic and security solutions must be as well. As data centre environments evolve from physical to virtual to next-generation SDN and ACI environments, data centre administrators must be able to easily apply and maintain protection. Security solutions must deliver consistent protection across evolving and hybrid data centre models and they must be intelligent, so that administrators can focus on providing the services, and building custom applications, to take full advantage of the business benefits these new environments enable, without getting bogged down in administrative security tasks.


3. Security must protect against advanced threats. Traditional data centre security approaches offer limited threat awareness - especially with regards to custom data centre applications and transactions. They offer limited visibility across the distributed data centre environment, and focus primarily on blocking at the perimeter. As a result, they fail to proactively defend against emerging, unknown, threats targeting valuable data. What’s needed is a threat-centric approach to securing the data centre, that includes protection before, during, and after an attack, and that understands, and can provide protection, for specialised data centre traffic. With capabilities like global intelligence coupled with continuous visibility, analysis, and policy enforcement across the distributed data centre environment, administrators can achieve automation, with control, for the protection they need.


Advanced attackers are infiltrating networks and moving laterally to reach the data centre. Once there, the goal is to extract valuable data or cause disruption. Data centre administrators need technologies that allow them to be as ‘centred’ on security, as attackers are on their data centres. With solutions designed for the data centre, able to evolve as data centres embrace hybrid and next-gen environments, and built to deliver protection before, during, and after an attack, data centre administrators can regain control without the compromise.