Seminar report Next-Generation Application Security for Todays Modern Data Center

A one hour seminar was organized online on 31 March to review the security of modern data center. The speakers are Christian A. Christiansen from IDC and David Koretz from Jupiter Networks. The background to the seminar was the lack of security for huge amount of data. Individual users now are using more devices and they are creating huge amount of data. While the IT-security expertist are doing a lot of to-do list like CIA (confidentiality, Integrity and availability), there is a lot of misunderstanding between the end-users and IT people. The end users want to down size the budget of data center by using the cloud computing, but they dont understand that the security for their data will become miserable. Because of that there is a huge gap between organizations protection skills and threats & vulnerability. The data center is divided by the SDN (software designed network), so it became 3 type. The type are: Data Center Core, Data Center Edge and Campus/ Branch Data Center. The differences are: the data center core have and inside parameters, strictly internal applications and data, and have back office operations. However, the Datacenter edge are focusing on costumer and anonymous user access and externally facing applications and data. Meanwhile, the Campus / Branch Data Center have real parameter, focusing on egress point of network, and serving employee access. To reach the effective data center security we must move from reactive to proactive and to predictive. So, the goal is to move from the threat to iterative intelligence. There are 5 requirement to fulfil it. The requirement are to detect the attack, protect the data from the attack, reduce the attack, identify the bad actor, and propagate the countermeasures. Unfortunately, one solutions cannot solve all the problems. It is because different data center have different external threats and solutions. When you think about next generation firewall and what the interesting about it is when you actually look at it. It really mean 4 things. It is 5 tuple firewall, Integrated IPS, Active directory for user control, and application visibility. The active directory is the one that make the firewall smarter. The active directory take the user flow and learn from it. However, the application visibility is all about granularity. In the end the next generation firewall is mean to protecting the users. By using the next generation firewall we can secured the campus / branch data center which is purposed to serve user. But, the Datacenter Edge is another thing. Datacenter Edge characteristics are no user, no active directory, focusing on hosting location and how to grab user flowing in. There are few interesting problem with Datacenter Edge. The first is, mostly it is running with web application that have only little security expertist. By running on top of web application, there are a lot of vulnerability like SQL injection. The second problem is DDOS (denial of service). The third problem and the most interesting one is certainty and specificity. Certainty mean how we can determine bad actor as bad actor. Are we going to use signature based security? The specificity problem of Datacenter Edge never been solved in IT-security history. People has been blocking IP address to prevent bad actor. But, usually 50 people in an office use 1 public IP address.

So, what if you are a national e-commerce who blocked the IP address. That means you are blocking 50 potential customer. Sixty percent of security professionals say next generation firewall didnt address the problem. Because of that, we will come back with the idea of patient zero. If we know the threats and the disease, we could countermeasure them. But the problem is no one wants to be the patient zero. How you deal with unknown attack then? Three new techniques in data center security will help you. The techniques are intrusion deception, charm score and closed loop process, and device fingerprinting. Intrusion deception is reason why honeypot is trending. Charm score and closed loop process means sandboxing the DDOS. However Device fingerprinting is for specificity. It is better than IP blocking. Next generation data center security is consist of three things: Web app secure, Spotlight secure and DDoS secure. Web app secure uses 4 concepts, detect using intrusion deception, injecting gap to our system, identify the attacker, and real time visibility. Detect using intrusion deception means you detect by decepting the attacker, and identify the attacker will give you real time profile. Spotlight secure in Next generation data security means it can track beyond the IP address. The tracking is using super cookies that newly invented, script attack to fingerprint the attacker, and detect browser plugin and browser version. However, the DDoS secure means volumetric and slow protection. After all, the final thought is CIOs pay attention to time, money and people, however workloads differ the datacentre thats why one sized security solution is not enough. Because of it we need next generation data center security and next generation firewall to protect our data. In conclusion, Cyber-attacks are on the rise. Particularly those aimed at Web applications and servers, which deal in high-value traffic and typically reside in data centres.

Application-level DDoS attacks are exhausting data center infrastructure and hacking is exploiting vulnerabilities in the Web layer. Data centers are the victims of the outside-in threat and its only going to get worse. While signature-based solutions prevent from known attacks, detecting and mitigating unknown attacks requires a different approach. In this live webinar featuring speakers from IDC and Juniper Networks, I learn: New techniques for detecting and mitigating the outside-in threat Why its vital to globally share data about attackers How deception can be used to detect and block unknown and zero-day attacks The difference between protecting the data center and campus edgeand the different security tools for each The aspects of seminar that can be improved is the speaker, especially Christian A. Christiansen from IDC, could speak clearer in the seminar. The topic in the seminar is also very good and the speaker is also from very reliable source. They are the expert in the topic. Another aspect that can be improved is the speaker can talk wider and not only repeat what is written on the slide.

REFERENCES [1] https://www.brighttalk.com/community/it-security [2] https://www.opennetworking.org/sdn-resources/sdn-definition [3] Tang, Helen. "Three Signs it's time to transform your data center," August 3, 2010, Data Center
Knowledge

[4]http://imtech.com/Content/ImtechICT%20UK/Documents/PDF/Infosec%20datasheets/Imtech%2
0Spotlight%20solution%20brief.pdf