Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Showing results for 
Search instead for 
Do you mean 

Security for the Cloud Data Center

by skathuria ‎08-19-2014 05:05 AM - edited ‎08-19-2014 05:07 AM

 

Securing cloud data centers is an ongoing challenge. Your adversaries—cyber criminals, nation state attackers, hacktivists—continue to develop sophisticated, invasive techniques, resulting in a continually evolving threat landscape.

 

Because clouds are dynamic in nature, with new application and services being spun up or taken down and virtual workloads being moved, security for the cloud should be dynamic also. That poses the question, are traditional firewalls that are focused on layer 3 and 4 inspection sufficient in today’s threat environment? Also, next-gen firewalls are powerful, yet not designed to protect from the velocity and variety of new attacks being created every day. In today’s world, shouldn’t firewalls be able to take immediate action based on known or emerging intelligence?

 

With the shift to cloud architectures, traditional firewall administration has become burdensome and fraught with human error due to the sheer complexity of distributed security. What’s needed is an effective network security solution that fights cyber criminals head-on and can adapt to emerging threats without exerting excessive load on the enforcement point.

  1.      Do you know if your infrastructure is under attack at this very moment, and by whom?
  2.      Are you concerned about the performance impact to the cloud if you use advanced security services available from your firewall?
  3.      Are you expanding your network and able to ensure there are no security gaps that can make the network susceptible to exploitation?

What other fears or concerns about securing the cloud data center keep you up at night?

 

Stay tuned to my blog for ideas on how to address these challenges.

Read more...

 

In a recent blog, Anton Chuvakin, a research director at Gartner's IT1 Security and Risk Management group, summarized a SIEM use case example. The example is tracking user authentication information across systems in order to detect unauthorized access. To serve this user authentication use case described by Chuvakin (as well as others), Juniper recently launched the next version of its SIEM offering called Juniper Networks Secure Analytics (formerly the STRM Series).

 

Briefly, this is how it works. IT prepares the relevant list of systems (e.g., servers, network devices, and others) for data collection. Next, a system operator modifies the logging configurations for collection by Secure Analytics. As Secure Analytics collects the event and flow data from the systems, it also aggregates and analyzes the data, alerting the administrator, based on default or custom rules, on findings. An example of such findings could be authentication failures on the same source IP address more than three times, across more than three destination IP addresses within 10 minutes. This may indicate unauthorized access.

 

What next? With the discoverer of a bunch of failed authentication attempts from that IP address, you may ask, “What else has the device using that IP been doing on the network?” You can understand that by analyzing the flow data—which will show connections to malicious sites, conversations using protocols that violate security policies and/or best practices, as well as conversations of long durations. By collecting flow data from switches and routers together with security events from, say, firewall, antivirus, IPS and even Web Application Security systems, you can get a complete picture about the current threat landscape.

 

Generally, Secure Analytics can help IT network security administrators make sense of large volumes of data—often from disparate sources—so that they can easily learn about threats and take measures to protect the network. Although we’ve only discussed the user authentication use case here, Secure Analytics can be utilized for additional use cases such as VPN monitoring for campus and branch deployments, automatic remediation of mobile devices that violate Enterprise BYOD policies, as well as use cases for Service Provider and MSSP deployments.

 

Makes good sense, no?

Read more...

About Security Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon


Our Bloggers

Kevin Walker
Vice President
Security CTSO, Engineering

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Announcements
Juniper TechCafe Ask the Author
Labels