Data centers must look past perimeter security

Posted on October 17, 2018
Author: RunSafe Security

Note: This article was originally written exclusively for Data Center Dynamics

The Internet of Things (IoT), Industrial Internet of Things (IIoT), and cloud-based applications have rapidly expanded data center risk, as smart devices increase attack vectors exponentially. This era of global connectivity is continually testing traditional security measures to protect against complex threats spanning web application and file-less attacks to memory corruption, return/jump oriented programming (ROP/JOP) and compromised hardware and software supply chain attacks.

While data centers have traditionally relied on detection and perimeter security solutions to reduce risk, the proliferation of new types of cyber threats has elevated the need for prevention. With the Ponemon Institute, estimating the average cost of a data center outage at more than $740,000 (up nearly 40 percent since 2010), those responsible for data center cybersecurity must look to the next generation of prevention tactics to close off attack surfaces and multiply the effectiveness of existing infrastructure, processes and people.

Protecting the perimeter

For decades, perimeter security has been the primary means of protecting data centers. This strategy, though, is akin to a medieval castle where soft targets are confined in a small area and protected by strong walls with heavily-guarded entrance points. Data centers have traditionally established layers of security around the perimeter that work together in depth with the idea that if one layer doesn’t catch something, the next one will.

Much as with castles, data centers emphasize traffic coming into and out of the organization. Traditional traffic detection methods have included mapping out network access points to create a perimeter that is continually tested and hardened. This has been effective to detect attacks and generate alerts, hoping there’s enough security to prevent a breach in the castle walls which could lead to downtime, financial loss, reputational damage, and even environmental harm.

Scaling the castle walls

Data centers can no longer think solely about protecting things on the inside. Castle-type solutions worked well in the days of mainframes and hard-wired terminals, but they’re simply not as effective against today’s threats. In fact, the advent of over the air communications (OTA), devices and the cloud have made the gates less relevant as most bad actors can already scale the walls.

Currently, a major security challenge for data centers is that they must strive to keep their data private while running applications both on-premise and in public, private and hybrid clouds. While many of their clients expand further into the cloud, this can also unintentionally increase the risk of scaling attacks across cloned configurations. Adversaries can target everything from routers and switches to storage controllers, servers, and components of operational technology such as sensors and switches. Once hackers gain control over a device, they can then scale, compromising potentially all of the identical devices across networks.

Today’s attacks come from new and unexpected places as bad actors now have greater tools to circumvent perimeter security and attack targets from the inside. Col. Paul Craft, director of operations at Joint Force Headquarters-DoDIN, said at the AFCEA Defensive Cyber Operations symposium in May that security is no longer just about the infrastructure. “It’s also our platform IT; it’s also all of our programs of record; it’s also our ICS and SCADA systems; it’s also the cloud; it’s also all of our cross domains that we have out in the network,” he said.

Many attacks can now quickly scale from one device to all devices, as evident by a flaw that gave hackers access to 200,000 network devices built with identical code. Fileless attacks, such as memory corruption (buffer, stack and heap) and ROP/JOP (Return/Jump Oriented Programming) execution re-ordering, are also a growing threat – ten times more likely to infect devices than traditional attacks, according to a report from the Ponemon Institute.

Supply chain attacks have also risen by 200 percent in the past year, according to Symantec’s 2018 Internet Security Threat Report. Organizations and vendors now only control a fraction of their source code as the modern software stack is comprised of third party binaries from a global supply chain of proprietary and open source code packed with hidden vulnerabilities. In addition, there is strong growth in zero-day attacks where hackers exploit an unknown vulnerability in software, hardware or firmware to attack a system.

New data center cybersecurity for new times

Data centers must move from security that only focuses on detection to security that stresses prevention. As many new attacks entirely sidestep traditional network and endpoint protections, the latest generation of tools aims to close the door on the growing categories of attack vectors. This not only offers security against the latest threats, but also multiplies the effectiveness of tools and processes in dealing with what remains.

Today, one must assume that their hardware in the supply chain is compromised. This means that they need the ability to build and run protected software on top of what may potentially be untrusted hardware. Data centers require this new defense strategy with an in-depth approach that identifies potential vulnerabilities and hardens binaries directly, so that an attack cannot take hold or replicate.

One of the best ways to accomplish this is to transform software binaries within a device in a way that denies malware the ability to change commands and spread within a system. Known as “cyberhardening,” this method prevents a single exploit from propagating across multiple systems. It shrinks attack surfaces and closes vulnerabilities in industrial control systems and embedded systems and devices, significantly minimizing the opportunities for physical damage and destruction.

The best security is one that always assumes hackers will eventually break in. Rather than reacting to compromised vulnerabilities following an exploit, cyberhardening can prevent malware from being executed against data centers in the first place. Don’t let weak defenses take out the infrastructure.

To learn more about how RunSafe Security’s cyberhardening technology works, click here.