Your Datacenter Is Not Safe

By Matt Kimball - September 25, 2017
If you talk to most IT professionals about security, a common response is, “We are all set.” Press a little harder, and you’ll find their confidence is rooted in a secure perimeter coupled with identity management and access control, and host and network intrusion solutions. If an organization is a little more progressive, it may use a utility like Splunk Enterprise Security for more analytics-based intrusion detection and mitigation. One could argue the success of the utilities identified above have driven the hacking community to be far more creative in approaches to datacenter intrusion. Consider these examples: In the 2009 timeframe, the largest cyber assault on the US Militaryoccurred by an infected USB stick being inserted into a laptop in the Middle East. While the damage was never publicly quantified, the Pentagon stated that this single USB stick created a beachhead into both unclassified and classified servers. Red October, discovered in 2012, was malware that ran undetected for five years. Its purpose? To collect diplomatic secrets. Its attack vector? A Trojan-laced email.
The US Office of Personnel Management was attacked in 2015, resulting in the data theft of 21.5 million US citizens. Included were social securitynumbers, personal information, security clearances, and approximately 5 million fingerprints. U.S. government officials believe that the Chinese government was attempting to build a database of US citizens. How did these hackers attack? By gaining employment at a contractor and using “trial and error” to gain the credentials that would allow them to access and infect servers.   
Finally, perhaps the most well-known example is the hack of the Democratic National Committee (DNC) servers by Russian Intelligence Agencies during the 2016 election cycle. This happened despite warnings from national security agencies. We all know the outcome. As with Red October, it appears that this attack started with a phishing expedition.
Hacks are going to happen
In all the above examples, the bad guys gained access to data not by penetrating the impenetrable perimeter. Rather, they gained access through human error:  someone’s curiosity being piqued by a USB stick found in a parking lot, or someone opening a very authentic looking email and unwittingly giving away network credentials. For a hacker with less than ethical standards, this is the most surefire way to gain access to sensitive data—people will always be people. Nobody is hyper vigilant all the time, and hackers will be waiting to take advantage. A Microsoft presentation on cybersecurity at Inspire gave some pretty interesting statistics. In 2016, 23% of recipients opened phishing emails, and 50% of those that open attachments do so within an hour of receiving. This would dictate that most enterprises are at risk of being hacked the cost for this cybercrime is anticipated to hit $2 trillion globally in 2019. What’s your plan? Given the world we live in, where no server is safe and all data is exploitable, the focus of IT should expand from “protect” only to “protection, detection and recovery.”  Assuming malware is going to find its way into a datacenter, how quickly can your organization detect the threats? Furthermore, how prepared is your organization to respond by removing the threat and mitigating damage? Another scary statistic cited by Microsoft  is from a NACD study that found 38% of organizations (spanning all sized) have no cyberbreach response plan. Invest in infrastructure On average, malware sits undetected for over 100 days. This longevity can be attributed to the fact that the malware is attacking server hardware at the lowest levels and sitting virtually unseen. However, new security technologies such as Hewlett Packard Enterprise’s Silicon Root of Trust (RoT) remove this vulnerability. By establishing Silicon RoT the moment power is applied, HPE servers create an immutable firmware fingerprint that is continually validated. In the event firmware is spoofed or otherwise altered, HPE servers will detect and roll back to the last known trusted state. In this case, HPE is providing comprehensive protection, but also a path to quick recognition and rapid response. It is new technologies like HPE’s Silicon RoT that will help organizations mitigate the risks posed by a cybercrime industry that has become highly sophisticated and organized.  Because technologies like this focus on protection, detection and recovery, organizations of all sizes can have a bit more confidence in their cybersecurity strategy.
Be holistic
Deploying technologies and policies to defend against cyberbreaches is a good first step in protection. To ensure the greatest level of orchestration between these tools, consult with others. Companies like HPE have a complete portfolio to address cybersecurity; from servers and hardware, to professional service organizations (like Pointnext) to drive completeness in cybersecurity strategy, planning and execution. Get educated There are many resources available to learn about better securing your datacenter.  Moor Insights & Strategy has researched and written on this topic extensively.  Additionally, companies like HPE have spent a lot of time considering this new world of threats and how to best protect against them. As an industry, we would all be well served to better consider our cybersecurity strategies and plans.
+ posts

Matt Kimball is a Moor Insights & Strategy senior datacenter analyst covering servers and storage. Matt’s 25 plus years of real-world experience in high tech spans from hardware to software as a product manager, product marketer, engineer and enterprise IT practitioner.  This experience has led to a firm conviction that the success of an offering lies, of course, in a profitable, unique and targeted offering, but most importantly in the ability to position and communicate it effectively to the target audience.