[BreachExchange] How to avoid a Hatton Garden-style data centre heist in your organisation

Audrey McNeil audrey at riskbasedsecurity.com
Wed Sep 14 19:11:13 EDT 2016


http://www.cloudcomputing-news.net/news/2016/sep/14/how-
avoid-hatton-garden-style-data-centre-heist/

In April 2015, one of the world’s biggest jewellery heists occurred at
theHatton Garden Safe Deposit Company in London. Posing as workmen, the
criminals entered the building through a lift shaft and cut through a
50cm-thick concrete wall with an industrial power drill. Once inside, the
criminals had free and unlimited access to the company’s secure vault for
over 48 hours during the Easter weekend, breaking into one safety deposit
box after another to steal an estimated $100m worth of jewellery.

So why weren’t the criminals caught? How did they have free reign into all
of the safety deposit boxes? It turns out that the security systems only
monitored the perimeter, not inside the vault. Despite the burglars
initially triggering an alarm to which the police responded, no physical
signs of burglary were found outside the company’s vault. So the
perpetrators were able to continue their robbery uninterrupted. In other
words, the theft was made possible by simply breaching the vault’s
perimeter – once the gang was inside, they could move around undetected and
undisturbed.

Most businesses do not have store gold, diamonds or jewelry. Instead, their
most precious assets are data. And they’re not stored in reinforced vaults,
but in data centres. Yet in many cases, both vaults and data centres are
secured against breaches in similar ways. Organisations often focus on
reinforcing the perimeter and less on internal security.

If attackers are able to breach the external protection, they can often
move inside the data centre from one application to the next, stealing data
and disrupting business processes for some time before they are detected –
just like the criminal gang inside the Hatton Garden vault were able to
move freely and undetected. In some recent data centre breaches, the
hackers had access to applications and data for months, due to lack of
visibility and internal security measures.

Security challenges in virtualised environments

This situation is made worse as enterprises move from physical data centre
networks to virtualised networks - to accelerate configuring and deploying
applications, reduce hardware costs and reduce management time. In this new
data centre environment, all of the infrastructure elements – networking,
storage, compute and security – are virtualised and delivered as a service.
This fundamental change means that the traditional security approaches of
securing the network’s perimeter is no longer suitable to address the
dynamic virtualised environment.

The main security challenges are:

Traffic behaviour shifts: Historically, the majority of traffic was
‘north-south’ traffic, which crosses the data centre perimeter and is
managed by traditional perimeter security controls. Now, intra-data centre
‘east-west’ traffic has drastically increased, as the number of
applications has multiplied and those applications need to interconnect and
share data in order to function. With the number of applications growing,
hackers have a wider choice of targets: they can focus on a single
low-priority application and then use it to start moving laterally inside
the data centre, undetected. Perimeter security is no longer enough.

Manual configuration and policy changes: In these newly dynamic data
centres, traditional, manual processes for managing security are too slow,
taking too much of the IT team’s time – which means security can be a
bottleneck, slowing the delivery of new applications. Manual processes are
also prone to human errors which can introduce vulnerabilities. Therefore,
automating security management is essential to enable automated application
provisioning and to fully support data centre agility.

Until recently, delivering advanced threat prevention and security
technologies within the data centre would involve managing a large number
of separate VLANs and keeping complicated network diagrams and
configuration constantly up-to-date using manual processes. In short, an
unrealistically difficult and expensive management task for most
organisations.

Micro-segmentation: Armed guards inside the vault

But what if we could place the equivalent of a security guard on every
safety deposit box in the vault so that even if an attacker breaches the
perimeter, there is protection for every valuable asset inside? As data
centres become increasingly software-defined with all functions managed
virtually, this can be accomplished by using micro-segmentation in the
software-defined data centre (SDDC).

Micro-segmentation works by coloring and grouping resources within the data
centre with communication between those groups applied with specific
dynamic security policies. Traffic within the data centre is then directed
to virtual security gateways.  The traffic is deeply inspected at the
content level using advanced threat prevention techniques to stop attackers
attempting to move laterally from one application to another using exploits
and reconnaissance techniques.

Whenever a virtual machine or server is detected executing an attack using
the above techniques, it can be tagged as infected and immediately
quarantined automatically by the ‘security guard’ in the data centre: the
security gateway. This way, a system breach does not compromise the entire
infrastructure.

Once an application is added and evolves over time, it is imperative for
the security policy to instantly apply and automatically adapt to the
dynamic changes. Using integration to cloud management and orchestration
tools, the security in the software defined data centre learns about the
role of the application, how it scales and its location. As a result, the
right policy is enforced enabling applications inside the data centre to
securely communicate with each other. For example, when servers are added
or an IP address changes, the object is already provisioned and inherits
the relevant security policies removing the need for a manual process.

Just as virtualisation has driven the development of scalable, flexible,
easily-managed data centres, it’s also driving the next generation of data
centre security. Using SDDC micro-segmentation delivered via an integrated,
virtualised security platform, advanced security and threat prevention
services can be dynamically deployed wherever they are needed in the
software-defined data centre environment. This puts armed security guards
around inside the organisation’s vault, protecting each safety deposit box
and the valuable assets they hold – helping to stop data centres falling
victim of a Hatton Garden-style breach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160914/aa9b34e6/attachment.html>


More information about the BreachExchange mailing list