Whether your infrastructure is on premises, in the cloud, or a combination of hybrid cloud, there are core characteristics of breached data centers that make them vulnerable to attack. These data centers are easier to penetrate and utilize, making them higher value targets for opportunistic hackers to exploit.
The truth is, protection is not that complicated. There are common, easily fixable data center problems that come up again and again in the biggest breaches, and best practices that can be easily implemented to provide significant risk reduction for your company against these kinds of threats. While security professionals often feel inundated with content that discusses ideas like “IT ecosystems are increasingly complex and fast-changing, and are therefore so difficult to secure” this is – in most cases, simply wrong.
What Are the Attackers Looking For?
Data centers offer the biggest bang for the criminal’s buck, whether that’s harvesting PII or other sensitive information such as technical intellectual property and best practices. Beyond direct gain, data centers offer a wealth of processing power which many attackers hijack for additional revenue opportunities to resell to other criminal groups. The black market for cyber-crime is continuously growing, with examples such as DDoS-as-a-service, and RAT-as-a-service giving attackers access to your compute infrastructure, to inject malware or to achieve remote access. We’ve even seen victims become the “false flag” bounce network to obfuscate an attack’s origin. Using hijacked resources for cryptocurrency mining is a steadily growing threat as well, up 459% in 2018.
The Simple Fixes That if Ignored, make a Data Center Easy to Compromise
Just over three years ago, In proposing a Zero Trust model, John Kindervag of Forrester said that we need to move to architectures with “no more chewy centers.” When we look broadly at data centers there are several things that lead them naturally to be what we don’t want, very soft in the middle. By making small changes, we can turn these deficits into enterprise positives, doing much to prevent future attacks from occurring and catching them quicker when they do happen.
- Good hygiene: Far too often attacks in data centers start by taking advantage of poor hygiene. By merely shoring up the below, attackers would have a much more difficult time getting in.
- Better patching acumen – doing a better job at finding unpatched vulnerabilities in applications.
- Better password and account management and enabling two factor authentication – many attacks come from simple brute force password attacks against single factor authentication applications.
- Better automation including OS, Application and kernel checks – while we have become very good at applying DevOps scripting in the form of auto-provisioning and managing playbooks/scripts like chef, puppet, ansible, we have not always added easy to incorporate OS, application and kernel update checks into those scripts. Instead of spinning up new automations that are only as good as the day they were born, it would be very easy to perpetually – and automatically update these scripts with these added checks cutting down exploitable vulnerabilities easily.
- Better segmentation & microsegmentation – when an enterprise incorporates modern segmentation techniques – even if sparingly, it finds its risk greatly reduced. What makes these modern segmentation techniques different than what we have used in the past? Several things.
- Segmentation that is platform-agnostic and which provides visibility and enforcement to all platforms quickly and easily – Today’s data centers are heterogeneous in nature. Enterprises have embraced modern hypervisors and operating systems, containers and clouds, as well as serverless technology. Most enterprises also contain a good number of legacy systems and EoL operating systems such as Solaris, HP/UX, AIX, EoL Windows or EoL Linux as well.
- Segmentation that can be automated and works like your DevOps-based enterprise – Traditional security devices such as legacy firewalls, ACLs, and VLANs are extremely resource-intensive and impossible to manage in this kind of complex and dynamic environment. In some cases, such as in a hybrid cloud infrastructure, legacy security is not just insufficient, it’s unfeasible as a solution altogether. Enterprises need visibility across all of your platforms easily and seamlessly. Micro-segmentation technology is built for the dynamic and platform-agnostic nature of today’s enterprises, without the need for manual moves, adds, changes, or deletes. What is extremely important to understand – these modern techniques have been proven time and time again to be able to be implemented 30x faster than legacy techniques can be deployed and maintained.
- Segmentation – even when applied sparingly in “just a start” manner – this begins to reduce attack surface greatly. Grabbing these low hanging fruit makes it easy. Such examples include, but are not limited to:
- Isolating/securing off a compliance mandated environments
- Segmenting your “critical crown jewels” applications
- Sectioning off your vendors, suppliers, distributors, contractors off from the rest of the enterprise
- Securing off critical enterprise services and applications like remote access, network services and others
- Adequate Incident Response Plans & Practice – the final critical ingredient that can easily change an enterprise data center posture is having a well-thought -out incident response plan. One which incorporates not only the technical staff but also the business and legal parties that need to be involved as well. These plans should be practiced with incident response drills planned and run to establish blind spots or gaps in security.
Don’t believe everything you hear. Many of today’s biggest breaches are entirely preventable. In my next blog, I’ll take a look at four of the most devastating data center breaches from the last five years, and see how the checklist above could have made all the difference.
Interested in learning more about how to secure modern data centers and hybrid cloud environments?