Avatar

We know that big data is big business… And the use of on-premises and public cloud infrastructure is growing, according to the Cisco 2018 Security Capabilities Benchmark Study. In the 2017 study, 27 percent of security professionals said they are using off-premises private clouds, compared with 25 percent in 2016 and 20 percent in 2015. And 52 percent said their networks are hosted on-premises as part of a private cloud.

Now that workloads are more dynamic, moving across on-prem, edge, and multicloud environments, they are also more vulnerable. Security for the data center must evolve to keep up with the digital transformation and hybrid/multicloud adoption. The complexity of protecting not only physical data centers, but the intersections of where the data center meets the virtual environment creates a unique situation.

According to the study, “Attackers are taking advantage of the fact that security teams are having difficulty defending evolving and expanding cloud environments.” And as security teams are spending an average of 76 percent of their attention focused on securing the data center, organizations are finding that traditional, stand-alone methods for security are no longer enough to protect application workloads from threats. We’ve identified 3 non-negotiable security features for implementing an effective workload protection strategy:

  1. You have to have real-time visibility across the extended network because you cannot protect what you cannot see.
    • The volume of traffic that needs to be inspected and secured inside the data center is increasing at unprecedented speeds. Being able to see all network activity and get actionable insights cannot be a bottleneck for critical business processes.
  2. You have to be able to reduce the attack surface and reduce the lag time between workflow provisioning and policy enforcement.
    • Whether you are using a multi-layered approach to segmentation or the Zero Trust security architecture model (as coined by Forrester), limiting access across the network to only those who need it is critical to protecting critical services and sensitive data.
  3. You have to be able to quickly detect, block, and automate responses to security incidents.
    • No network or data center is immune from potentially being compromised. It is important to remember – it is not a matter of if your network will be compromised but a matter of when. And an organization must be able contain the threat with integrated and automated solutions to limit exposure and liability.

To protect the data center, you must have a solution that employs a number of capabilities and integrates them into technologies across the entire enterprise network. You may have recently seen the announcement about how Cisco is Redefining Security for the Modern Data Center in a Multicloud World to address data center challenges. Here’s a deeper look into how Cisco’s Secure Data Center Solution can help address these 3 non-negotiables with an integrated approach:

Addressing the visibility gap across the network

Most data center security solutions are designed to monitor traffic flowing into and out of the data center. But the majority of data center traffic flows between servers and devices inside the data center perimeter and between different data centers.

With security analytics and behavioral modeling, the Cisco Secure Data Center solution offers a complete view of all users, hosts, applications, network transactions, and workloads in physical data centers and across public or private cloud deployments. Advanced analytics capabilities allow users to apply context to network activity to know exactly who is on the network and what they are doing. Using telemetry from existing infrastructure, you can determine whether specific traffic or anomalous behavior is malicious or not, as well as monitor for performance issues on the server or network level.

Reducing the attack surface

Segmentation is very difficult for organizations to get right. Traditional approaches are very manual and may not be comprehensive enough for data center requirements. Often times the granularity needed and the burden of managing firewalls rules for east-west traffic is too great for the resources available (especially when some organizations have hundreds or thousands of firewall rules or ACLs). But keeping bad actors contained by preventing them from moving laterally (east-west) across the data center is a necessity. You don’t want to hand over the keys to kingdom (i.e. intellectual property, customer data, or employee files) to someone moving from one set of data to the next, whether it is accidental or on purpose.

With the Secure Data Center solution, you can implement consistent security policy enforcement through micro-segmentation and application whitelisting. By limiting the ability of a threat or unauthorized user to spread through the data center from one resource to another, you reduce the scope of the attack. With a multi-layered approach to segmentation you can also seamlessly push out consolidated policies and better manage access controls at the perimeter, on the data-center fabric, on the host, and even in the application process.

Stopping the breach

As mentioned, no matter how many controls you have in place some threats will find a way past defenses, whether it is through an unsuspected supplier, a trusted partner, or even a disgruntled employee. New attacks designed specifically for virtual environments are even more difficult to detect and defend against. These sort of attacks often allow unwanted visitors to sit inside a data center undetected for months.

Cisco delivers comprehensive threat protection capabilities with the Secure Data Center solution to quickly find, block, contain, and mitigate these types of threats. All network traffic (north-south and east-west) between users, devices, network infrastructure, and applications is monitored to detect malware, advanced threats, and anomalous behavior. Integrated workflows allow customers to remediate risk and prevent attackers from stealing data or disrupting operations.

Let Cisco help you transform your data center

Cisco is redefining security for the modern data center to seamlessly follow and protect workloads wherever they go. As the network changes and new threats arise in the data center, the Cisco Secure Data Center solution automatically adjusts to detect and mitigate threats in real-time to protect critical infrastructure, safeguard sensitive information, and reduce operational downtime.

RSA 2018 is just around the corner… Join us at the event to hear about our new innovations or visit us online at Cisco’s Secure Data Center solution.



Authors

Amanda Lemmers

Product Marketing Manager, Advanced Threat Solutions, Stealthwatch