SlideShare a Scribd company logo

Cyber security providers adopt strategic defences

Markit
Markit

- Financial institutions and digital security providers are increasingly taking a military approach to defending against cyber attacks through layered defenses. This involves implementing multiple defensive layers throughout the network like firewalls, routers, intrusion detection, and antivirus software. - In virtualized and cloud environments, security managers can filter and police traffic at each virtual server to separate and isolate traffic by customer and type. This prevents attacks from impacting host systems and improves efficiency. - The use of threat intelligence databases that identify dangers on the internet in real-time combined with defensive filtering and blocking at the server level provides an additional layer of security against cyber attacks.

1 of 4
Download to read offline
VIRTUALISATION 18 Autumn 2014
Autumn 2014 19 The internet may have given us 24/7 connectivity, but it has thrown up a slew of security issues, resulting in the need for more advanced offsetting technology, and financial institutions are at the vanguard of efforts to protect themselves. Security breaches have far-reaching consequences throughout financial services because of the nature of the information they hold – be it consumers’ private information or details of corporate assets. Security providers face a tough challenge as they must deliver relatively easy access to services while simultaneously serving the needs of internal stakeholders when implementing security. Securing these services is a difficult proposition and tradeoffs are often made, leaving the networks exposed and vulnerable to attack. The network server is the number one target of all cyber attacks because it is where all crucial client and institutional data are stored. In multi-tenant cloud environments, financial institutions are also looking to protect the network server by providing the ability Digital security providers are taking on a military approach in defending network security as more companies suffer from cyber attacks, writes Bruce Tolley of Solarflare Communications Strategic defences
VIRTUALISATION 20 Autumn 2014 to isolate customer traffic and services, and mitigating against internal attacks and threats, misconfigured equipment and misbehaving applications. A common saying in security is that the bad guy only has to be lucky once, while those protecting corporate and customer assets have to be lucky every time. As a result, we are seeing a big push towards encryption from end to end. Some companies are starting to require every hard drive is encrypted, making it almost impossible for potential cyber bandits to access key data. There is also growing demand for identity management. IT today is about providing the right (billable) applications and services to the right people at the right time and at the right level of service. Cloud service providers also want to ensure they know the customer on the other end and that all entities that are on the network, whether they be virtual, bare metal, or in the cloud, are authenticated to be legitimate if not assigned specific policies and access rights. Military strategies Digital security practitioners often borrow from military strategies that have proven effective in defending valuable assets in the past. One common strategy is called ‘defence in depth’, or layered defences. Similar to how castles were built with cleared land, moats and strong high walls, digital security practitioners build networks that consist of firewalls at the outermost perimeter, routers with access lists, intrusion detection and host antivirus as you move further into the network. This approach assumes that the network will be breached, but the layers of defence will cause the attack to slow down, lose momentum and increase the chance that the attack becomes visible and stopped. These are huge advances in technology as, traditionally, host systems have been left out of the VM Tenant A Hypervisor traffic (storage/ management) Adaptor Hypervisor Filter PF VM Tenant B Filter PF VM Tenant B Filter PF PF PF PF VNIC VNIC PF 10G Port VNIC VNIC VNIC NIC SWITCH NIC SWITCH NIC SWITCH Policing and filtering for virtualised servers and clouds Each tenant can be assigned a virtual machine or virtual server (VM) Policing and filtering can be executed at each virtual server Protects servers from attacks that get past perimeter defences Separates and isolates by customers and by traffic type Mitigates against adverse performance impacts from badly behaving applications or misconfigured machines Source: SolarFlare Bruce Tolley, vice president Solarflare Communications.
VIRTUALISATION 21 Autumn 2014 network ‘defence in depth’ paradigm due to the computational cost, technology tradeoffs required to deploy robust security and the monitoring of solutions on production systems at the edge of the network. Host systems can now perform high speed packet capture, filtering, bridging and denial of service defences, due to recent progress in computing power and software. The industry is now organising around various infrastructure as a service (IaaS) cloud architectures such as Red Hat OpenStack and Apache CloudStack. The big server manufacturers are also promoting OpenStack, delivering to IT architects a way to build, manage and provision private and multi-tenant clouds from the network. Virtualisation Security professionals need to leverage these host system capabilities in a virtualised environment. Virtualisation enables IT managers to consolidate workloads on fewer physical servers increasing the utilisation of each server and creating a more flexible, efficient and dynamic data centre environment. As a result, virtualisation can lead to lower capital and ongoing operating costs. However, cloud networking and server virtualisation today require more than just the ability to support server consolidation. To meet customer requirements, cloud and virtualisation solutions must scale in performance, protect data integrity and support service level agreements, all while supporting the broad set of virtualisation and cloud features available from the virtual operating system providers and IaaS architectures. In many virtualised and cloud environments, data centre managers need to separate and isolate traffic at each virtualised server, and need more flexibility than that allowed by the dedicated firewalls at the periphery of the network, the access control lists available on the network switches, or other expensive switches, routers and dedicated security appliances. For example, Layer 2 through 7 filtering and policing can be deployed at each virtual server in private or multi-tenant cloud to separate and isolate traffic by service type and customer type. Such filtering and policing enables customers to implement security functions natively in the virtual server and enables security decisions to be made lower in the stack, improving efficiency. Using a virtualised environment, security managers are able to filter, log, alert on, or rate limit suspicious traffic at a per server level, which prevents attacks from impacting the host operating systems or host application performance. Threat intelligence The trend in technology innovation and IT investments is also evolving. Now the emphasis is not just on slowing down cyber attackers who have breached any one private corporate network, but building sensors into the internet itself. These sensors, along with sophisticated data mining tools, enable bad behaviour to be identified before an attack. Such a defence, based on data mining and analytics (as opposed to pattern recognition), to identify dangers on the internet is called live threat intelligence. This intelligence is used to build a feedback loop with corporate security defence mechanisms, so that IT systems can identify and stop cyber attacks. By combining live threat detection and other security policies with filtering and blocking on the server itself, an additional layer of security is inserted. Building another layer of defence at the server, combined with realtime updates with live threat intelligence databases, form an effective strategy to block the bad guys from accessing and stealing valuable data and improve IT security.

More Related Content

Cyber security providers adopt strategic defences

  • 2. Autumn 2014 19 The internet may have given us 24/7 connectivity, but it has thrown up a slew of security issues, resulting in the need for more advanced offsetting technology, and financial institutions are at the vanguard of efforts to protect themselves. Security breaches have far-reaching consequences throughout financial services because of the nature of the information they hold – be it consumers’ private information or details of corporate assets. Security providers face a tough challenge as they must deliver relatively easy access to services while simultaneously serving the needs of internal stakeholders when implementing security. Securing these services is a difficult proposition and tradeoffs are often made, leaving the networks exposed and vulnerable to attack. The network server is the number one target of all cyber attacks because it is where all crucial client and institutional data are stored. In multi-tenant cloud environments, financial institutions are also looking to protect the network server by providing the ability Digital security providers are taking on a military approach in defending network security as more companies suffer from cyber attacks, writes Bruce Tolley of Solarflare Communications Strategic defences
  • 3. VIRTUALISATION 20 Autumn 2014 to isolate customer traffic and services, and mitigating against internal attacks and threats, misconfigured equipment and misbehaving applications. A common saying in security is that the bad guy only has to be lucky once, while those protecting corporate and customer assets have to be lucky every time. As a result, we are seeing a big push towards encryption from end to end. Some companies are starting to require every hard drive is encrypted, making it almost impossible for potential cyber bandits to access key data. There is also growing demand for identity management. IT today is about providing the right (billable) applications and services to the right people at the right time and at the right level of service. Cloud service providers also want to ensure they know the customer on the other end and that all entities that are on the network, whether they be virtual, bare metal, or in the cloud, are authenticated to be legitimate if not assigned specific policies and access rights. Military strategies Digital security practitioners often borrow from military strategies that have proven effective in defending valuable assets in the past. One common strategy is called ‘defence in depth’, or layered defences. Similar to how castles were built with cleared land, moats and strong high walls, digital security practitioners build networks that consist of firewalls at the outermost perimeter, routers with access lists, intrusion detection and host antivirus as you move further into the network. This approach assumes that the network will be breached, but the layers of defence will cause the attack to slow down, lose momentum and increase the chance that the attack becomes visible and stopped. These are huge advances in technology as, traditionally, host systems have been left out of the VM Tenant A Hypervisor traffic (storage/ management) Adaptor Hypervisor Filter PF VM Tenant B Filter PF VM Tenant B Filter PF PF PF PF VNIC VNIC PF 10G Port VNIC VNIC VNIC NIC SWITCH NIC SWITCH NIC SWITCH Policing and filtering for virtualised servers and clouds Each tenant can be assigned a virtual machine or virtual server (VM) Policing and filtering can be executed at each virtual server Protects servers from attacks that get past perimeter defences Separates and isolates by customers and by traffic type Mitigates against adverse performance impacts from badly behaving applications or misconfigured machines Source: SolarFlare Bruce Tolley, vice president Solarflare Communications.
  • 4. VIRTUALISATION 21 Autumn 2014 network ‘defence in depth’ paradigm due to the computational cost, technology tradeoffs required to deploy robust security and the monitoring of solutions on production systems at the edge of the network. Host systems can now perform high speed packet capture, filtering, bridging and denial of service defences, due to recent progress in computing power and software. The industry is now organising around various infrastructure as a service (IaaS) cloud architectures such as Red Hat OpenStack and Apache CloudStack. The big server manufacturers are also promoting OpenStack, delivering to IT architects a way to build, manage and provision private and multi-tenant clouds from the network. Virtualisation Security professionals need to leverage these host system capabilities in a virtualised environment. Virtualisation enables IT managers to consolidate workloads on fewer physical servers increasing the utilisation of each server and creating a more flexible, efficient and dynamic data centre environment. As a result, virtualisation can lead to lower capital and ongoing operating costs. However, cloud networking and server virtualisation today require more than just the ability to support server consolidation. To meet customer requirements, cloud and virtualisation solutions must scale in performance, protect data integrity and support service level agreements, all while supporting the broad set of virtualisation and cloud features available from the virtual operating system providers and IaaS architectures. In many virtualised and cloud environments, data centre managers need to separate and isolate traffic at each virtualised server, and need more flexibility than that allowed by the dedicated firewalls at the periphery of the network, the access control lists available on the network switches, or other expensive switches, routers and dedicated security appliances. For example, Layer 2 through 7 filtering and policing can be deployed at each virtual server in private or multi-tenant cloud to separate and isolate traffic by service type and customer type. Such filtering and policing enables customers to implement security functions natively in the virtual server and enables security decisions to be made lower in the stack, improving efficiency. Using a virtualised environment, security managers are able to filter, log, alert on, or rate limit suspicious traffic at a per server level, which prevents attacks from impacting the host operating systems or host application performance. Threat intelligence The trend in technology innovation and IT investments is also evolving. Now the emphasis is not just on slowing down cyber attackers who have breached any one private corporate network, but building sensors into the internet itself. These sensors, along with sophisticated data mining tools, enable bad behaviour to be identified before an attack. Such a defence, based on data mining and analytics (as opposed to pattern recognition), to identify dangers on the internet is called live threat intelligence. This intelligence is used to build a feedback loop with corporate security defence mechanisms, so that IT systems can identify and stop cyber attacks. By combining live threat detection and other security policies with filtering and blocking on the server itself, an additional layer of security is inserted. Building another layer of defence at the server, combined with realtime updates with live threat intelligence databases, form an effective strategy to block the bad guys from accessing and stealing valuable data and improve IT security.