A New Approach to Security
Changing with the times is frequently overlooked when it comes to data center security. Technology is becoming increasingly dynamic, but most data centers are still using archaic security measures to protect their network which isn’t going to stand a chance against today’s sophisticated attacks.
Recent efforts to upgrade these massive security systems are still falling short. Data centers house a huge amount of data and there shouldn’t be any shortcuts when implementing security to protect that data. The focus remains on providing protection only at the perimeter to keep threats outside. However, implementing perimeter-centric security leaves the insides of the data center vulnerable, where the actual data resides. Cybercriminals understand this and are constantly utilizing advanced threats and techniques to breach external protections and move inside the data center. Without strong internal security protections, hackers have visibility and access to steal data and disrupt business processes before they are even detected.
Businesses face security challenges as traffic behavior and patterns are shifting. There is a higher amount of applications in the data center, and these applications are integrated with each other. The increasing number of applications causes east-west traffic within the data center to drastically grow and as the perimeter defenses are blind to this traffic – it makes lateral movement possible. And with the rising number of applications, hackers have a broader choice of targets. Another challenge is that the manual processes for managing security are too slow, new applications that are rapidly created will evolve and change frequently and static security controls are unable to keep up with the pace.
To address these challenges, a new security approach is needed—one that requires bringing security inside the data center to protect against advanced threats.
Micro-segmentation with advanced threat prevention is emerging as the new way to improve data center security. Micro-segmentation works by grouping resources within the data center and applying specific security policies to the communication between those groups. The data center is essentially divided up into smaller, protected sections (segments) so that any intrusion discovered can be contained. However, despite the separation, applications need to cross micro-segments in order to communicate with each other. This makes lateral movement still possible, which is why in order to detect and prevent lateral movement in the data center it is vital for threat prevention to inspect traffic crossing the micro-segments.
In order to address data center security agility so it can cope with rapid changes – when new applications are added, the security in software-defined data center learns about the role, scale, and location of the application. This allows the correct security policies to be enforced and removes the need for a manual process.
Strengthening the perimeter offers little help if there is no additional security within the data center. With micro-segmentation, advanced security and threat prevention services can be deployed wherever they are needed in the environment. Implementing solutions like Check Point vSEC for VMware NSX will provide multi-layered defenses to protect east-west traffic within the data center, and automatically quarantine infected machines for remediation. This puts required protection inside the organization’s data center, securing their company assets and valuable data from attacks. By deploying advanced security solutions, businesses can better protect their data centers from undetected breaches and sophisticated threats.
Learn more about data center protection by downloading 5 Steps to Building Advanced Security in Software-Defined Data Centers.