HP Networking
Discover how the new HP Networking combines the technologies and alliances of 3Com, ProCurve and TippingPoint into the next networking leader.

Redefining data center security (spoiler: securing the perimeter is not enough)

Guest blog by: Dror Sal’ee, VP Marketing, GuardiCore

 

GuardiCore.jpgAs we’ve become increasingly aware, data centers house some of the enterprise’s most sensitive data and run most of its business related processes as well as security controls, making them a prime target for attacks.

 

Most data center security currently resides on the perimeter, designed to keep attackers out. However, the data center perimeter is dissolving, subject to architectural changes such as cloud bursting and instant provisioning of virtual machines to enterprise users or customers. Even when there is a perimeter, the attackers need only one mistake in order to get inside the data center, and have been documented to infiltrate some of the most secured ones.  Some of the recent high-profile cases include RSA & Lockheed, Google & Yahoo and Huawei, but everyone, as demonstrated by Verizon 2013 Data Breach Investigations Report, is a target. However, it’s also important to point out that the attacker may be an insider. Data centers need defense-in-depth.

 

Soft Inside

Once breached, data center attacks are very hard to detect, and even harder to mitigate in real time. State-of-the art security techniques such as Sandboxing, NG Firewalls, IDS and Deep Packet Inspection don’t scale to the task, due to the explosion of East-West traffic and its dynamic nature, while user-owned virtual machines limit the effectiveness of endpoint security in data centers.

 

Currently, security inside data centers relies mostly on access control, or ‘closed doors’, by means such as firewalls and VLAN separation. While closing doors is certainly a good practice, some doors must be kept open to allow normal business operation. Attackers typically find and use these ‘open doors’, which is why we see access control as important, but far from enough.

 

A new approach

We see SDN as an opportunity to introduce sophisticated security logic into the data center switching fabric in a way that can scale to the demands of a data center. Using this approach, we are building a defense suite, targeting the attacker’s ‘kill-chain’ inside data centers.

 

An active honeypot

When attackers get inside data centers, they typically start by mapping the network and trying to connect to and infect other servers. In many cases such attempts will be blocked by an existing separation policy or simply reach a closed port on target machines. But attackers will keep trying, and eventually find an open door of vulnerability to exploit and propagate.

 

The first exposed part of GuardiCore’s Defense Suite, the Active Honeypot, represents a new breed of network security tools. Blocked or failed connections are brought back to life by local switches, and dynamically re-routed to an ‘ambush’ server, without the attacker’s awareness. The ‘ambush’ server is a highly monitored environment that seems vulnerable to the attacker. This technique can expose the true intentions of the blocked connection attempt and reliably identify a malicious attack at an early stage, gaining insights and generating a detailed auto-forensic report in real-time. Using gathered insights a switch level security policy can be instantly adjusted.

 

 

The GuardiCore Active Honeypot, paired with the HP VAN SDN Controller and SDN infrastructure, adds a new layer of internal, in-depth defense to address the problem of internal data center vulnerability as well as builds additional intelligence to enhance security policies. The automated, dynamic programmability of the network delivers much greater data center and network security while also saving administrative and investigation costs. 

 

In-depth defense
GuardiCore’s mission is to protect data centers. We see SDN as an opportunity to innovate and build new network security methods. GuardiCore found HP to be a great partner in implementing our new approach. We are excited to launch our first application for the HP SDN App Store, now ready for Beta deployments.

 

>> Learn more about how HP redefines data center security with GuardiCore Defense Suite, powered by the HP VAN SDN Controlle....

>> Contact us if you would like to explore further a new level of internal data center defense.

 

>> For more information about the HP SDN solutions visit www.hp.com/networking/sdn

>> Follow HP Networking on Twitter and Google+| Join HPN LinkedIn Community | Like us HPN Facebook

 

>> Register to receive the HP Networking newsletter

 

 

Discover 2014.jpg

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation