You remember the saying, ‘Prevention is better than cure?’ That saying is much more relevant, given how almost everything now is online. The more of an open book you are, the smarter you need to be about defining boundaries of security, to prevent a security breach.
Companies are no different. They are taking a much closer look at cybersecurity. Consider this:
- 4.2 billion: Number of records stolen as a result of cyber crime in 2016
- 55: Percent of all cyber attacks targeted private businesses
- 197 days: Average time it takes retailers to discover an attack
- $10.6 million: Estimated cost of early 2016 breach at Broomfield’s Noodles & Co.
Sources: Risk Based Security, Ponemon Institute, Securities and Exchange Commission
Being proactive in tightening your security means understanding the cyberattack lifecycle before it reaches your data center, how a breach occurs, what happens once it’s in and how long it takes to resolve it. For years, data center security has meant securing an organization’s perimeter. But hackers are getting smarter. Once they breach the perimeter they move laterally to cause attacks within enterprise and government networks. What’s more, hackers these days are deliberate and persistent. It usually takes an average of 24 days for organizations to identify and resolve an attack.
There is a connection between threats and the applications running on the networks. These breaches use social engineering tactics. Many network breaches start with an application like an e-mail delivering a virus. Exploiting a business process gives the attacker access to potentially millions of users and troves of data with minimal effort. As soon as the attackers are within a network, they hide in plain sight, under the garb of other applications and continue their malicious activity unnoticed for weeks, months or even years at a time.
Given the high risks, responding to security breaches after the attack will spell doom. Instead, preventing the attacks from occurring in the first place and making the attack extremely expensive for a hacker will force him/her to move on.
Securing different regions through Network Segmentation:
When you secure your home, you not only secure the front and the back; you also set alarms for probable points of entries like windows, garage door etc. It’s the same idea for your data center. Network segmentation means multiple layers of protection that prevent hackers from moving freely within the network should they break through one layer. Think beyond the four walls of an organization and deploy security at entry and exit points but also at a more granular level.
Plan and build for prevention:
It is always good for companies to ensure that security measures are in place to protect data centers from catastrophic attacks.
- Quickly analyse and identify the alerts that are critical from those that are benign, reducing the response times required.
- Streamline management and paring down the number of security policies needed in your organisation.
- Prevent known and unknown attacks from occurring by correlating patterns that pinpoint malicious activity.
Moving beyond segmentation to Cyber:
Using the network periphery, traditional firewalls run as virtual machines. On the periphery, firewalling functions are complemented with a variety of threat detection and prevention technologies such as IDS/IPS, anti-malware solutions and web filtering etc.
Advanced attacks and Mature attacks:
The challenge is that data centers are not defined by their physical perimeters. A data center will often encounter an attacker at a far more mature phase of attack than the perimeter will and likewise, will experience different types of threats and attack techniques. Specifically, perimeter threat prevention technologies tend to be heavily focused on detecting an initial compromise or infection (e.g. exploits and malware). The problem is that attackers will often only move against the data center after they have successfully compromised the perimeter. The hacker may have breached multiple devices, stolen user credentials and even administrator credentials. Instead of exploits or malware, attackers are far more likely to search for clever ways to use their newly-gained position of trust to access or damage data center assets. This means that a data center will often encounter attacks in a more mature phase of attack that may lack obvious indicators of malware or exploits.
It’s important to identify the complete arsenal in the hacker’s toolkit rather than just an anomaly in behavior. Breached administrator accounts, implanting backdoors, setting up hidden tunnels and RATs are all signs of an ongoing persistent attack. All of these techniques have telling behaviors that can make them stand out from the regular traffic in your network, provided you know what to look for. Instead of looking for a specific malicious payload, you can look for at what all payloads would do.
Preempt the Silos:
Remember that attackers by their very nature, do not conform to boundaries. Cyber-attacks are a complex web of events and treating the data center security as a separate silo only helps the attackers. The more steps an attacker has to take to break in, the safer your data center environment. We need to recognize data centers are unique but the threats they face are universal.
Here is a checklist to help with your security arrangements:
- Secure the physical location:
Having a secure location means siting it where the risk of external threats, such as flooding, is low. You also need take into account the security of supply of external resources such as electricity, water and communications.
- Data Center should be wired:
Install surveillance cameras around the data center premises and remove signs that might provide clues to its function. The datacenter should be set as far back from the road as possible and it is worth using landscaping to help keep intruders and vehicles at bay. Just have solid walls without windows. If there are windows, use those areas for administrative purposes only.
- Hire a security officer:
He/she should be a good manager of specialists who can shoulder specific tasks, adapt to the security infrastructure and the role as business needs change. Good communication skills are essential, along with the ability to evaluate and assess the impact of a threat on the business and to communicate it in non-technical language.
- Restrict access:
Ensure that physical access is restricted to those few who need to be there. Define the circles that absolutely need access to the data vault. Restrict access to the site and limit access to the main entrance and the loading bay. Use two-factor authentication, either a keycard/ preferably biometric authentication and an access code.
- Check who your people are:
Before you give access to your most valuable possession, you will do a thorough check of the person right? Run an analytics application on employees to cross-check issues such as addresses shared with undesirable individuals. Get people’s permission to run these checks: not only will they prefer checks to be run as it will add to their standing within the company, it also means those refusing a check will stand out.
- Test your backup and security procedures
Test backup systems regularly as per the manufacturer’s specifications. Test your disaster-recovery plan by failing-over a test area to the second data center. Define what you mean by a disaster and ensure everyone knows what to do in the event of one occurring. Check if the recovery plan works and still allows you to meet your SLAs. Verify whether general security procedures are working correctly: for example, privilege levels should remain consistent with the roles of each individual. Check physical practices too, for example, are fire doors being propped open for convenience’s sake? Are people leaving their PCs logged in and unprotected by password-enabled screen-savers.
- Be smart about your backup:
Ensure a backup data center is mirroring the first, when possible, so in event of a disaster shutting down the first one, the second is always online. Build your data center as far away from the first as possible, while remaining connected via your chosen broadband. You could use it for load-balancing and improve throughput too.
- Undertake a risk assessment:
Data centers are unique as are the business environments they operate in. A lot of the measures to protect data centers are common sense but you will never know which are the most cost-effective until you measure the cost against the benefits. This process will also allow you to prioritize and focus your security spending where it matters most. Get a third-party security assessment company to evaluate your security. A new pair of eyes often see things in-house staff may overlook. Do your background check first.
Rahi Systems can do a full assessment and buildout for a completely secure data center. Watch the video to know more about how Rahi Systems provided a holistic data center solutions for NSFocus, an award-winning network security solutions and service company in the Asia/Pacific market. WATCH NOW.