Perimeter Security And Strategies for Data Center Protection

AKCPArticles, Blog

Perimeter security
Data centers have two perimeters, the physical boundary, and the cyber boundary. The emergence of new types of cyberattacks has heightened the need for securing of data centers both in the physical and virtual world.
Smart devices have dramatically increased attack vectors as a result of the Internet of Things (IoT), Industrial Internet of Things (IIoT), and cloud-based applications. Traditional security mechanisms are being put to the test in this era of global connection, from web application and file-less attacks to memory corruption, return and jump oriented programming (R/JOP), and compromised hardware and software supply chain attacks.
With the average cost of a data center outage estimated to be more than $740,000 by the Ponemon Institute, those in charge of data center cybersecurity must look to the next generation of prevention tactics to close off security risks and multiply the effectiveness of existing infrastructure, processes, and people.

Protecting The Perimeter

protecting the data center perimeter

Perimeter security has been the principal method of protecting the physical infrastructure of data centers for decades. However, this technique is similar to that of a medieval fortress, where soft targets are contained to a restricted area and secured by thick walls with well guarded entrance points. Layers of protection surrounding the perimeter of data centers are created, with the assumption that if one tier doesn’t catch something, the next one will.
 
For the virtual perimeter, data centers focus on traffic entering and exiting the network. Traditional traffic detection approaches include mapping out network access points to construct a constantly tested and reinforced perimeter. This has proven to be useful in detecting attacks and generating alarms, with the hope of preventing a breach in the castle walls that could result in downtime, financial loss and a damaged reputation.

Scaling The Facility Walls

Data centers can no longer concentrate primarily on internal security. Castle-style solutions were useful in the days of mainframes and hard-wired terminals, but they aren’t as effective today. Indeed, the introduction of over-the-air communications (OTA), smartphones, and the cloud has rendered the gates obsolete, as most bad actors can now scale the walls.

Data centers are currently facing a significant cyber security challenge in that they must endeavor to keep their data private while operating applications on-premise as well as on public, private, and hybrid clouds. While many of their clients go deeper into the cloud, this can increase the potential of scaling attacks across cloned configurations accidentally. Routers and switches, as well as storage controllers, servers, and operational technology components like sensors and switches, can all be targeted by adversaries. Once hackers obtain control of a device, they can scale their attack, possibly compromising all similar devices across networks.

scaling the perimeter

Photo Credit: www.sciencedirect.com

Bad actors now have more tools to circumvent perimeter security and attack targets from the inside, so today’s attacks come from new and unexpected places. At the AFCEA Defensive Cyber Operations workshop in May, Col. Paul Craft, director of operations at Joint Force Headquarters-DoDIN, noted that security is no longer simply about the infrastructure. He said, “It’s also our platform IT; it’s all of our programs of record; it’s also our ICS and SCADA systems; it’s also the cloud; it’s also all of the cross domains that we have out in the network.”

As evidenced by a weakness that provided hackers access to 200,000 network devices constructed with similar code, many assaults may now swiftly scale from one device to all devices. According to the Ponemon Institute, fileless attacks such as memory corruption (buffer, stack, and heap) and Return/Jump Oriented Programming (R/JOP) execution re-ordering are ten times more likely to infect devices than traditional attacks.

According to Symantec’s 2018 Internet Security Threat Report, supply chain threats have increased by 200% in the last year. Because the current software stack is made up of third-party binaries from a worldwide supply chain of proprietary and open-source code filled with hidden vulnerabilities, organizations and vendors now only control a .% of their source code. Furthermore, zero-day attacks, in which hackers target a system by exploiting an unknown vulnerability in software, hardware, or firmware, are on the rise.

New Data Center Cybersecurity For New Times

Data centers must make the transition from detection-only security to prevention-only protection. The latest generation of solutions tries to close the door on the rising categories of attack vectors, as many new threats completely bypass traditional network and endpoint safeguards. This not only protects against the most recent dangers but also increases the effectiveness of tools and processes in dealing with what is left.

Today, one must presume that their supply chain hardware has been compromised. This implies they’ll need the capacity to create and run security software on potentially untrustworthy hardware. This new security method necessitates an in-depth approach that identifies potential vulnerabilities and hardens binaries directly, preventing an attack from gaining traction or replicating.

One of the most effective methods to do this is to update the software binaries on a device in such a way that malware is unable to change commands and spread throughout the system. This strategy, dubbed “cyber hardening”, stops a single vulnerability from spreading across several platforms. It minimizes the chances of physical harm and destruction by reducing attack surfaces and closing vulnerabilities in industrial control systems, embedded systems, and gadgets.

The best security is one that believes hackers will break in eventually. Cyber hardening, rather than reacting to exploited vulnerabilities, can prevent malware from being run against data centers in the first place. Allowing weak defenses to take down the infrastructure is not a good idea.

Security Strategies to Include for the Perimeter Protection of Data Center

Security personnel with foresight extend the initial layer of observation beyond the fence line to detect and evaluate potential threats before they reach the boundary. Any area that requires protection or is restricted to particular access holders is included in your “perimeter,” which can occasionally even include the airspace above a restricted zone.

1. Manage Areas, Targets, And Threats

If you have valuable possessions, you must safeguard them. However, security must not obstruct your ability to conduct business. Because you can’t restrict all activity in and near sensitive locations without disrupting operations, any security solution must first and foremost fulfill your operational needs.

Begin by assessing the threat. Consider how you can safeguard sensitive zones, build data management routines, and automate threat detection — and how you can train your team to respond more quickly and effectively.

When it comes to data center security, a layered approach is the best way. It’s excellent if an alarm goes off if someone climbs the fence, but there should be further layers of protection that slow or prevent unauthorized people from accessing the building’s door, and/or restricted zones or floors within.

When it comes to data center security, a layered approach is the best way. It’s excellent if an alarm goes off if someone climbs the fence, but there should be further layers of protection that slow or prevent unauthorized people from accessing the building’s door, and/or restricted zones or floors within.

Similarly, if perimeter security detects people gathering or moving through restricted areas near data centers regularly, the RSA system can alert the security operator to conduct a threat qualification and vulnerability assessment, bringing in relevant data from access control, lidar, and other systems as needed to gain a better understanding of what’s going on and why. A unified security software system can also offer several solutions to assist operators to respond fast and effectively provided they have well-defined standard operating procedures.

  • Arm And Disarm Areas Based On Custom Schedules

Restricted zones can be armed or disarmed based on responsibilities and schedules that make sense for your organization when your RSA solution is integrated with access control and HR databases.

If a service technician is only allowed to work on server rack #5, for example, he or she can only access that rack. The rest of the racks can be shielded if necessary. In that example, if the technician approaches or touches racks #4 or #6, the system can be set up to notify operators of a condition that has to be monitored more closely.

2. Reduce Nuisance Alarms

Alarms in data center

Photo Credit: glynnorman.com

The most serious flaw in most intrusion detection systems is that they fail to distinguish between a potential threat and a genuine issue. Responding to intrusion alarms takes time away from other critical duties when there are dozens, hundreds, or even thousands of them in a day. Staff may develop desensitized to the signals over time, delaying their response time in the event of a real emergency.

The most serious flaw in most intrusion detection systems is that they fail to distinguish between a potential threat and a genuine issue. Responding to intrusion alarms takes time away from other critical duties when there are dozens, hundreds, or even thousands of them in a day. Staff may develop desensitized to the signals over time, delaying their response time in the event of a real emergency.

  • Customize Which Targets Warrant An Operator Response

Your security teams don’t need to be called out to investigate incursions caused by curious squirrels, wandering dogs, or employees or contractors going about their business. You can specify which targets require an operator response and which can be disregarded inside a unified solution.

  • Optimize Your System To Identify Friendly Activity From True Threats

Fusion, an RSA proprietary algorithm, can help your operators determine whether movement noticed by the system is something to pay attention to or whether it’s just noise, and automate workflows to trigger a response appropriate for the level of threat.

Fusion, in combination with automated threat triage workflows, can reduce nuisance alarms by up to 80%. Suspicious people moving near your boundary will be closely monitored, and local squirrels will be able to pick nuts in peace.

If suspicious activity or possible threats are discovered, the next step is to conduct a vulnerability assessment to detect and correct any flaws. Tools like heat maps in Genetec Security Center can assist your team in identifying potential vulnerabilities. If a drone flies over your fence every evening at 8 p.m., for example, your operator needs to know so that they can figure out if the drone is being flown by someone with possibly aggressive intents or by a youngster with a new toy.

3. Leverage Your Existing Technology To Do More

While restricted area surveillance is crucial, it is only one piece of the issue. On a single dashboard, RSA allows operators to assess data from a variety of connected systems, including radar, lidar, access control, and video analytics.

To get the most out of your security hardware investment, pick a software solution that:

  • Consolidates multiple intrusion detection systems into a single visual display.
  • Creates one or more zone overlays using various intrusion detection technologies like radar, lidar, laser, video analytics, and perimeter intrusion detection systems.
  • To track a moving target, it combines data from a variety of sensors from various technologies.
  • It takes a shift in thinking to move from intrusion detection to monitoring, but there’s no denying that knowing something is wrong before calamity strikes are preferable.

AKCP Security Monitoring

Data centers are purposefully built to be unobtrusive structures. The fact that these fortress structures blend into their surroundings and that most commuters pass them by without noticing is typically part of their data center security design.

Security Sensor

Beyond blending the data center construction into its surroundings, AKCP Monitoring Solutions offers a variety of electronic and physical security solutions that may be put around the perimeter to improve security and lower the danger of a data center is compromised.

Security Sensor

The Security sensor is a magnetic on and off switch for monitoring doors and windows. When the door, or window, opens the input signal is detected by the sensorProbe or securityProbe base unit. Alerts can then be generated to notify you even including images captured from an attached camera to give you instant visual feedback on the situation.

Vibration Sensor

The AKCP vibration sensor is a normally closed input switch that will detect when there is vibration, or a window is broken. It can be connected to both the sensorProbe or securityProbe base units and then linked to notification alerts.

This sensor is designed for protection against forced entry by hammer, saw, crowbar, through walls, ceilings, windows, safes, cabinets. It will initiate an alarm when vibration from a non-desirable force strikes the protected surface. A built-in tamper switch is independent of the circuit of the vibration detector for your convenience.

PIR Hardware Motion DetectorPIR Hardware Motion Detector

The AKCP PIR Hardware Motion Detector is the perfect accompaniment as part of your security monitoring system. Its unique design allows mounting in either ceiling or walls and characterizes the optimum detection angle to prevent false alarms.

Although compatible with both the sensorProbe and securityProbe product series, it is ideally suited to the securityProbe product line. When combined with the securityProbe 5E’s notifications, cameras, and security sensor it provides a complete network-enabled security monitoring system.

When motion is detected notifications can be sent from the securityProbe 5E via SMS, E-mail, or MMS and even have pictures from installed cameras attached to give instant visual feedback as to the developing situation.

Reference Links:

https://www.datacenterknowledge.com/archives/2017/05/12/perimeter-security-strategies-data-center-protection
https://www.datacenterknowledge.com/industry-perspectives/three-reasons-perimeter-protection-needs-be-included-your-data-center-security

https://www.datacenterknowledge.com/industry-perspectives/give-ovh-break-and-use-data-center-fire-teachable-moment

https://threatpost.com/accountability-cybersecurity/175571/

https://www.convergint.com/5-perimeter-security-solutions-data-centers/