Virtualization Technology News and Information
Are You Putting Lipstick On A Pig? 5 Signs Your Security Is Outdated
Article Written by Sami Laine, Principal Technologist, CloudPassage

The security industry is constantly kicked around for dropping the ball: antivirus doesn't detect malware; IP systems ignore intruders; and many other failures of perimeter-based solutions that enterprises have relied on for decades.

Traditional security and compliance tools were created for the client-server environment when corporate data was safe in data centers locked behind firewalls, IDSs and VPNs. Those tools were architected when rates of change happened on quarterly release cycles, control was centralized, IP addresses were fixed, appliances ruled the day, and the perimeter was well-defined. Back then, IT could more easily stop bad guys at the gates. But with the move to private and public cloud, the assumption that today's systems can be safely fortified with point products are no longer valid.

At the same time, continuous innovation is the new norm and a competitive differentiator. Thus more CIOs are pushing for agile IT delivery, demanding automation, portable workloads, elastic scalability, decentralized control, instant provisioning and metered licensing.

Put simply: legacy security solutions can't keep up in this new era. So how can you tell if your security strategy is stuck in the past?

You're Using Manual Firewall Configuration

If your security teams are using an IP-address centric, non-automated firewall tool for segmentation of servers, it is a sign your security tooling is outdated. Relying on IP-address centric security means your team has to manually manage the configuration changes - which demands a lot of man-hours. Moving to centralized firewall orchestration that uses logical server tags instead of IP addresses makes flexible and automated microsegmentation possible, dramatically reducing network attack surface and blocking lateral movement of attackers.

You're Still Using Multiple Fat Agents

Traditional server security agents have a large footprint, often hundreds of megabytes in installation size and consume lots of CPU cycles. Deployment of many of these security agents require system restarts, which slow down deployment or can even impose service downtime for your customers. This might have been OK with large traditional servers with tons of RAM & CPUs and very infrequent changes, but in modern IT infrastructure the number of server instances is usually increased 10-to-30-fold and and the RAM & CPU capacity of each instance is much smaller.  Solutions should employ a lightweight, small footprint agent that is baked in through automation to avoid impacting your business.

Your Agents Still Listen for Commands

Traditional security agents often have an open line of communication to a central management location. If your agent has a listening port open to the outside world, your security strategy is still living in the past. The architecture of your security solutions should have a goal of exposing no new attack surface, and any agents should only be allowed to make outbound, atomic, encrypted communications to the security command-and-control platforms and cryptographically validate any updates and instructions.

Manual Security Processes

Finally, one of the biggest, tell-tale signs of an outdated security program is reliance on manual security processes. While it may seem like an underlying issue, it's worth explicitly stating: if your security team uses man-hours to configure, monitor and administrate security point solutions, you're wasting resources. To eliminate this problem, invest in platforms that integrate directly with datacenter and DevOps orchestration tools. The goal is to have as little human interaction as possible through the whole lifecycle of a system - whether through scripting, APIs, or orchestration tools - so ultimately you spend less time stressing over outdated security and more time being strategic.

Bonus Sign: Your Security Isn't As Fast as Your DevOps Team

Operationally, the speed at which systems are spun up and down and new code is developed and deployed continues to radically accelerate. If you're creating new servers and have to submit support tickets to attach security, you've lost the race. Truly automated security should be on demand and easily added and accessed through APIs, not through GUI-based tools, management consoles, or change control and support ticketing.


About the Author

Sami Laine Sami Laine is a Principal Technologist at CloudPassage.

In the last 17 years in the internet security industry at CyberSource, PassMark Security and RSA, he has helped some of the world's largest payment processors, retailers, banks, brokerages and enterprises fight fraud, malware and web threats and is now focused on helping companies embrace agile security practices.

Published Monday, September 19, 2016 7:04 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2016>