Changing with the times is frequently overlooked when it comes to data center security. The technology powering today’s networks has become increasingly dynamic, but most data center admins still employ archaic security measures to protect their network. These traditional security methods just don’t stand a chance against today’s sophisticated attacks.
That hasn’t stopped organizations from diving dive head-first into cloud-based technologies. More and more businesses are migrating workloads and application data to virtualized environments at an alarming pace. While the appetite for increased network agility drives massive changes to infrastructure, the tools and techniques used to protect the data center also need to adapt and evolve.
Recent efforts to upgrade these massive security systems are still falling short. Since data centers by design house huge amounts of sensitive data, there shouldn’t be any shortcuts when implementing security to protect all that data. The focus remains on providing protection only at the perimeter to keep threats outside. However, implementing strictly perimeter-centric security such as a Content Delivery Network (CDN) leaves the inside of the data center vulnerable, where the actual data resides.
(Infographic Source: Internap)
Cybercriminals understand this all too well. They are constantly utilizing advanced threats and techniques to breach external protections and move further inside the data center. Without strong internal security protections, hackers have visibility to all traffic and the ability to steal data or disrupt business processes before they are even detected.
At the same time businesses face additional challenges as traffic behavior and patterns are shifting. There are greater numbers of applications within the data center, and these applications are all integrated with each other. The increasing number of applications has caused the amount of traffic going east-west traffic – or laterally among applications and virtual machines – within the data center to drastically grow as well.
As more data is contained with the data center and not crossing the north-south perimeter defenses, security controls are now blind to this traffic – making lateral threat movement possible. With the rising number of applications, hackers have a broader choice of targets. Compounding this challenge is the fact that traditional processes for managing security are manually intensive and very slow. Applications now are being rapidly created and evolving far more quickly than static security controls are able to keep pace with.
To address these challenges, a new security approach is needed—one that requires effectively bringing security inside the data center to protect against advanced threats: Micro-segmentation.
Micro-segmentation works by grouping resources within the data center and applying specific security policies to the communication between those groups. The data center is essentially divided up into smaller, protected sections (segments) with logical boundaries which increase the ability to discover and contain intrusions. However, despite the separation, application data needs to cross micro-segments in order to communicate with other applications, hosts or virtual machines. This makes lateral movement still possible, which is why in order to detect and prevent lateral movement in the data center it is vital for threat prevention to inspect traffic crossing the micro-segments.
For example, a web-based application may utilize the SQL protocol for interacting with database servers and storage devices. The application web services are all logically grouped together in the same micro-segment and rules are applied to prevent these application services from having direct contact with other services. However SQL may be used across multiple applications, thus providing a handy exploit route for advanced malware that can be inserted into the web service for the purpose of laterally spreading itself throughout the data center.
Micro-segmentation with advanced threat prevention is emerging as the new way to improve data center security. This provides the ability to insert threat prevention security – Firewall, Intrusion Prevention System (IPS), AntiVirus, Anti-Bot, Sandboxing technology and more – for inspecting traffic moving into and out of any micro-segment and prevent the lateral spread of threats. However, this presents security challenges due to the dynamic nature of virtual networks, namely the ability to rapidly adapt the infrastructure to accommodate bursts and lulls in traffic patterns or the rapid provisioning of new applications.
In order to address data center security agility so it can cope with rapid changes, security in a software-defined data center needs to learn about the role, scale, and location of each application. This allows the correct security policies to be enforced, eliminating the need for manual processes. What’s more, dynamic changes to the infrastructure are automatically recognized and absorbed into security policies, keeping security tuned to the actual environment in real-time.
What’s more, by sharing context between security and the software-defined infrastructure, the network then becomes better able to adapt to and mitigate any risks. As an example, if an infected VM is identified by an advanced threat prevention security solution protecting a micro-segment, the VM can automatically be re-classified as being infected. Re-classifying the VM can then trigger a predefined remediation workflow to quarantine and clean the infected VM.
Once the threat has been eliminated, the infrastructure can then re-classify the VM back to its “cleaned” status and remove the quarantine, allowing the VM to return to service. Firewall rules can be automatically adjusted and the entire event logged – including what remediation steps were taken and when the issue was resolved – without having to invoke manual intervention or losing visibility and control.
Strong perimeter security is still an important element to an effective defense-in-depth strategy, but perimeter security alone offers minimal protections for virtualized assets within the data center. It is difficult to protect data and assets that aren’t known or seen. With micro-segmentation, advanced security and threat prevention services can be deployed wherever they are needed in the virtualized data center environment.
By Yoav Shay Daniely