Data Center Network Security Checklist Must-Haves

The cyber threat landscape is changing faster than ever for data center managers. With cybercriminals hitting record highs in 2018 for ransomware, business email compromise, and other malicious schemes, expect them to invest more in developing new methods and platforms.

Marty Puranik, CEO of Florida-based data center and cloud computing provider Atlantic.Net, said threat actors are getting smarter at circumventing existing controls. For example, half of phishing sites now display a "padlock" in the address bar to trick people into thinking they are on a safe site.

According to anti-phishing company PhishMe, less than 3% of malicious websites used SSL certificates in 2016. That number rose to 31% in 2017 and is now over 49%, according to a report the company released in December.

Criminals can also use leaked passwords to craft more convincing, personalized phishing emails, Puranic said. “These efforts are becoming more sophisticated and more complex,” he said.

Unfortunately, network security in data centers is often reactive, and the results fail to meet actual security needs.

[[260629]]

Follow the security framework

Several organizations offer cybersecurity frameworks that can help data centers build a solid foundation for their cybersecurity planning. In addition to specific regulatory regimes for specific industry verticals, such as PCI for the payments industry and HIPAA for healthcare, there are general frameworks.

Very popular is the Cybersecurity Framework published by the National Institute of Standards and Technology (NIST), which has been in place for five years and is used not only by government (where adoption is mandatory) but also by private industry. As of the end of January, it had been downloaded more than 500,000 times. Most recently, it was one of the recognized frameworks in Ohio’s new Data Protection Act, which provides companies with a “safe harbor” against data breach lawsuits.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework breaks down security into five key functions:

1. Identification

It's tempting to focus on what's easy to do. Of course, this can lead to an imbalance between what a data center actually needs and what's in terms of security.

Therefore, the beginning stages of the National Institute of Standards and Technology (NIST) Cybersecurity Framework are to identify the organization's cybersecurity risks and prioritize those risks based on the organization's risk management strategy and business needs. This is a decision made by senior management, and it should take into account the different security requirements for different systems and different types of data.

Many organizations don’t have a full grasp of where all their valuable assets are and how to keep them secure. Many are unaware of all the cloud services their employees can access or all the devices connected to their network.

2. Protection

For each key risk area, the data center needs to have controls in place. For example, if one of the biggest concerns is unauthorized users accessing critical systems, then these controls might include multi-factor authentication, privileged key management systems, and behavioral analytics.

If ransomware is the primary risk and infected employee computers are the primary vector, then email filters, endpoint protection systems, and employee security training programs are warranted.

In the case of the Equifax breach, the risk lies in using open source software without a comprehensive patch management strategy.

"Vendors can push security information to consumers through commercial software solutions," said Tim Mackey, technology evangelist at Mountain View, Calif.-based CyberSecurity.

No one is driving the development of open source tools and libraries today, so data centers need a way to stay ahead of the curve by keeping abreast of new inventories of the open source components they use. Scanning the environment once in a while is not an adequate strategy because criminals can quickly act once new vulnerabilities are discovered.

Cybersecurity is an area where organizations spend a lot of energy and a large portion of their money. Fortunately, cybersecurity budgets are on the rise. According to a recent survey, 65% of data center IT managers expect cybersecurity budgets to increase this year, and none expect those budgets to decrease.

Atlantic.net's Puranik said that while the threat actors are getting smarter, security vendors are also evolving to make their products easier to use, more comprehensive and smarter. He said some new vendors are offering security as a service. Commercial cybersecurity solutions can offer advantages over homemade ones because they are easier to use and vendors are constantly upgrading their vulnerability databases.

“In addition, many companies have adaptive AI capabilities that can detect new threats that are not yet fully understood,” he said.

But organizations can't buy every security tool on the market to get out of trouble, said Tim Steinkopf, president of Centrify, a Santa Clara, Calif.-based cybersecurity vendor.

3. Detection

The next three areas of the National Institute of Standards and Technology (NIST) framework cover actions to take when a breach occurs.

First, organizations need to be able to detect that a problem exists.

4. Response

Next, it needs to be able to respond in a way that contains the damage. In the event of a serious disaster, major downtime, or data loss, an emergency response plan may also include a public relations team, legal counsel, forensic professional practitioners, and other key experts.

5. Recovery

Organizations need to be able to recover from threats.

So, for example, if a phishing email infects an employee's computer with malware, detection may come from an antivirus or endpoint protection system. If that fails, a network monitoring system may be able to detect suspicious traffic. The next step may be to isolate the infected system and check to see if the infection has spread elsewhere. Alternatively, the recovery phase may involve wiping the system and reinstalling an image file of the computer, then retrieving the user's files from a backup system.

test

One area that does not have its own functional category under the National Institute of Standards and Technology (NIST) framework is testing. But testing should be an important part of any cybersecurity program.

“A great way for data center managers to understand where they are vulnerable to cyber threats is to test their data center,” said Laurence Pitt, director of security strategy at Juniper Networks. “Take the cybersecurity breach program as a live exercise and see what happens.”

Some third-party companies will try to penetrate an organization's perimeter, looking for unsecured cloud storage buckets, or scanning for leaked passwords. Some companies will even conduct simulated phishing attacks on employees.

“People want to create a list of cybersecurity controls and just check boxes,” Pitt said. But unless you do exercises and do them regularly, you don’t know how they’re working together or what gaps exist, he noted.