Infrastructure Management approach to security that ensures the whole is greater than the sum of the parts, irrespective of where the data or application resides. East-west traffic, which is effectively how applications and systems within the data centre ‘talk’ to each other, is a neglected security area within many organisations. North-south traffic – the ‘in’ and the ‘out ‘– is protected; but it is often what is happening internally that provides the biggest threat. More often than not, networks within a data centre have been built ‘on-the-fly’. Consequently, the complicated design needs some understanding, as massive trust relationships have been set up or developed. If someone manages to get into a data centre, or legitimate traffic becomes malicious within the centre, they will use these trust relationships to get to wherever they want. Switches will have administrative credentials which allow them to move onto other routers, which then move onto servers and applications and the malware spirals out of control. It’s important to have an upto-date map of infrastructure so the network can become better understood and, ultimately, made more secure. Micro-segmenting is then critical to properly control traffic flows within applications and reduce the attack footprint by ensuring only compliant flows are allowed - and to contain threats in case of a breach. If a network is segmented down to process level and server A can talk to server B but no other, network operators can see that anything else is a violation. The next step is to apply a visual security delivery layer on top of these microsegments and across the network. This will give all inline tools the ability to feed packets of data in real-time, to be stored for replay later or to be fed into analytics
“East-west traffic within the data centre is a neglected security area within many organisations.”
engines. This gives security operator centres (SOCs) a better idea of how security is performing. Additional layers can be applied on top to regulate access with privileged access management baked into all the end sites. This gives operators far more control, as what can talk to what when data is travelling laterally. It also enables the business to detect active breaches within the network, confine them to a secure location, and then easily prioritise and investigate them in order to pinpoint compromised assets for accelerated mitigation and remediation. Businesses must be able to effectively protect their data centres and servers at the periphery, but it’s equally critical that if an issue does occur in the
core, they are made aware of the potential dangers across the whole of the estate. The latest solutions give operators this information via a ‘single pane of glass’. In other words, the security operating centre can see in real-time exactly what is happening down to process level. By abstracting security policy creation to a centralised point and automating it, businesses can utilise network devices as dynamic security policy enforcers, right down to the point of connection. Embedding security into the network reduces operational overhead, increases visibility and helps generate meaningful intelligence. By standardising security policy, there are fewer errors and less time spent troubleshooting. February 2018 | 27