Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

Relying less on data centre trust

20 September, 2016
Jonathan Newell speaks to Jason Matlof of LightCyber about the Magna platform for detecting potential breaches in virtual environments

The business model for putting corporate servers and associated data into data centres has always had solid economic grounding and as attacks became more prevalent, these data centres became the data fortresses that they have largely become today. The relationship between user companies and data centres has become as much based on trust as it has on economics.


However, this level of trust can be a hard thing to achieve, especially in public cloud infrastructures such as Microsoft Azure or Amazon Web Services (AWS). Despite the fact that Amazon, MS and other providers take security extremely seriously, those responsible for security within the user company nonetheless have no control over the infrastructure and precious little visibility of whats happening with their data. All the tools that are available for data and security analytics that they have for their on-premises infrastructure are simply not transferable to the cloud.


Trust without transparency


The biggest challenge in establishing trust is the lack of transparency. With everything virtualised, none of the cloud infrastructure is accessible for performing analytics and the result is on opacity that shrouds any potentially malicious network behaviours.


However, Jason explained that there are now two options available using the Magna platform to peer into the murky infrastructure and deploy behaviour based attack detection technology to bring an extra layer of security to cloud deployments.


The network traffic grooming and analysis tools from Gigamon now support AWS and captures data traffic at the operating system level, feeding this to Magna for performing analytics. Magna uses machine learning technology and can achieve detection levels that are comparable to on-premises installations. Being a background process in the operating system, there is a "tax" of between 5 and 10% on processor load which is transparent to end users.


The second option is for Magna users to use the native "flow logs", which AWS has now made available. However, this is metadata that only represents a small percentage of the data traffic and so is less favourable than deploying the combined LightCyber / Gigamon approach.


High risk workloads


So could this happen to you? Can you safely trust the fortress to prevent your workload from being breached? What are the biggest risks?


According to Jason, the key to answering all these questions lies in knowing what workloads are being deployed on the cloud and typically, these include a lot of things that have deeply seated inherent security problems, namely Wordpress deployments and development environments.


Wordpress


Wordpress is widely loved, frequently breached and rarely bullet-proof. According to one source, by 2019, of the 155 million server workloads predicted to be operating on AWS, about 30 million of them will be Wordpress.


Jason told me that attackers have a greater attack surface through low risk web servers such as Wordpress installations and that if these are compromised, they can provide access to other higher risk areas by moving laterally to database servers, for example.


By deploying analytics, the unexpected behaviour patterns associated with such movements can be detected otherwise attacks could be taking place without anyone every knowing about it.


Development and test environments


These are also very common workloads on cloud servers and if they're managed properly, they can be fairly innocuous. However, development environments are often not secured effectively and their lifecycles are frequently poorly managed.


With such environments being so easy to establish, they are often placed on the server, used for a short time for experimentation and then left and neglected rather than being deleted or uninstalled. Such abandoned workloads are very vulnerable to attacks.


More information is available in LightCyber's press release on its Magna Probe-AWS and Magna Detector-AWS products.



Jonathan Newell is a broadcast and technical journalist specialising in security systems and transport safety. He contributes to a range of titles in the technical press. He shares his time between the UK and Kazakhstan

Bookmark and Share