cyber security providers adopt strategic defences

4
VIRTUALISATION 18 Autumn 2014

Upload: markitcomment

Post on 05-Dec-2014

209 views

Category:

Business


6 download

DESCRIPTION

Digital security providers are taking on a military approach in defending network security as more companies suffer from cyber attacks.

TRANSCRIPT

Page 1: Cyber security providers adopt strategic defences

VIRTUALISATION

18 Autumn 2014

Page 2: Cyber security providers adopt strategic defences

19 Autumn 2014

The internet may have given us 24/7 connectivity, but it has thrown up a slew of security issues, resulting in the need for more advanced offsetting technology, and financial institutions are at the vanguard of

efforts to protect themselves. Security breaches have far-reaching consequences

throughout financial services because of the nature of the information they hold – be it consumers’ private information or details of corporate assets.

Security providers face a tough challenge as they must deliver relatively easy access to services while simultaneously serving the needs of internal stakeholders when implementing security. Securing these services is a difficult proposition and tradeoffs are often made, leaving the networks exposed and vulnerable to attack.

The network server is the number one target of all cyber attacks because it is where all crucial client and institutional data are stored. In multi-tenant cloud environments, financial institutions are also looking to protect the network server by providing the ability

Digital security providers are taking on a military approach in defending network security as more companies suffer from cyber attacks, writes Bruce Tolley of Solarflare Communications

Strategic defences

Page 3: Cyber security providers adopt strategic defences

VIRTUALISATION

20 Autumn 2014

to isolate customer traffic and services, and mitigating

against internal attacks and threats, misconfigured equipment and misbehaving applications.

A common saying in security is that the bad guy only has to be lucky once, while those protecting corporate and customer assets have to be lucky every time.

As a result, we are seeing a big push towards encryption from end to end. Some companies are starting to require every hard drive is encrypted, making it almost impossible for potential cyber bandits to access key data.

There is also growing demand for identity management. IT today is about providing the right (billable) applications and services to the right people at the right time and at the right level of service. Cloud service providers also want to ensure they know the customer on the other end and that all entities that are on the network, whether they be virtual, bare metal, or

in the cloud, are authenticated to be legitimate if not assigned specific policies and access rights.

Military strategiesDigital security practitioners often borrow from military strategies that have proven effective in defending valuable assets in the past. One common strategy is called ‘defence in depth’, or layered defences. Similar to how castles were built with cleared land, moats and strong high walls, digital security practitioners build networks that consist of firewalls at the outermost perimeter, routers with access lists, intrusion detection and host antivirus as you move further into the network. This approach assumes that the network will be breached, but the layers of defence will cause the attack to slow down, lose momentum and increase the chance that the attack becomes visible and stopped.

These are huge advances in technology as, traditionally, host systems have been left out of the

VMTenant A

Hypervisortraffic (storage/management)

Hyp

ervi

sor

Ada

ptor

FilterPF

VMTenant B

FilterPF

VMTenant B

FilterPF

PF PF PF

PFVNICVNIC

10G Port

VNICVNICVNIC

NIC SWITCH NIC SWITCHNIC SWITCH

Policing and filtering for virtualised servers and clouds

Each tenant can be assigned a virtual machine or virtual server (VM)Policing and filtering can be executed at each virtual serverProtects servers from attacks that get past perimeter defencesSeparates and isolates by customers and by traffic typeMitigates against adverse performance impacts from badly behaving applications or misconfigured machines

Source: SolarFlare

Bruce Tolley, vice president Solarflare Communications.

Page 4: Cyber security providers adopt strategic defences

VIRTUALISATION

21 Autumn 2014

network ‘defence in depth’ paradigm due to the computational cost, technology tradeoffs required to deploy robust security and the monitoring of solutions on production systems at the edge of the network. Host systems can now perform high speed packet capture, filtering, bridging and denial of service defences, due to recent progress in computing power and software.

The industry is now organising around various infrastructure as a service (IaaS) cloud architectures such as Red Hat OpenStack and Apache CloudStack. The big server manufacturers are also promoting OpenStack, delivering to IT architects a way to build, manage and provision private and multi-tenant clouds from the network.

VirtualisationSecurity professionals need to leverage these host system capabilities in a virtualised environment. Virtualisation enables IT managers to consolidate workloads on fewer physical servers increasing the utilisation of each server and creating a more flexible, efficient and dynamic data centre environment. As a result, virtualisation can lead to lower capital and ongoing operating costs.

However, cloud networking and server virtualisation today require more than just the ability to support server consolidation. To meet customer requirements, cloud and virtualisation solutions must scale in performance, protect data integrity and support service level agreements, all while supporting the broad set of virtualisation and cloud features available from the virtual operating system providers and IaaS architectures.

In many virtualised and cloud environments, data centre managers need to separate and isolate traffic at each virtualised server, and need more flexibility than that allowed by the dedicated firewalls at the periphery of the network, the access control lists

available on the network switches, or other expensive switches, routers and dedicated security appliances. For example, Layer 2 through 7 filtering and policing can be deployed at each virtual server in private or multi-tenant cloud to separate and isolate traffic by service type and customer type. Such filtering and policing enables customers to implement security functions natively in the virtual server and enables security decisions to be made lower in the stack, improving efficiency. Using a virtualised environment, security managers are able to filter, log, alert on, or rate limit suspicious traffic at a per server level, which prevents attacks from impacting the host operating systems or host application performance.

Threat intelligence The trend in technology innovation and IT investments is also evolving. Now the emphasis is not just on slowing down cyber attackers who have breached any one private corporate network, but building sensors into the internet itself. These sensors, along with sophisticated data mining tools, enable bad behaviour to be identified before an attack.

Such a defence, based on data mining and analytics (as opposed to pattern recognition), to identify dangers on the internet is called live threat intelligence. This intelligence is used to build a feedback loop with corporate security defence mechanisms, so that IT systems can identify and stop cyber attacks. By combining live threat detection and other security policies with filtering and blocking on the server itself, an additional layer of security is inserted. Building another layer of defence at the server, combined with realtime updates with live threat intelligence databases, form an effective strategy to block the bad guys from accessing and stealing valuable data and improve IT security.