COMPAREXpress

17/11/2016

Ah, there’s nothing that’ll keep you on your toes quite like a good old attempted network breach; in fact, if history plays its part, it’ll take you and your company sideways before you can say ‘we’re patched, right?’

The sophistication of the modern day cybercriminal means that attacks are no longer just cruel, they’re also annoying clever. But we don’t need to tell you that; it’s the reason why you’ve plonked a big fat firewall at the core of your physical network and more security layers than the Pentagon.

We know there’s no such thing as 100% secure, so here’s a question: most organisations have a fairly good grasp on how to protect their physical network, but what happens when dark clouds gather and your Virtual Network is compromised?

How do you deal with a situation that’s quickly going south? Or, more specifically, west?

We’ll give you a minute.

 

Tiers before bedtime

If you’re still reading, then we’ll just assume you haven’t closed this tab because your hands are preoccupied with scratching your head. You’re not alone (although your virtual networks should be!). Knowledge of physical breaches and how to prevent them is now considered ‘cards at the table’ for many organisations; however it’s all too easy to fall into the trap of believing your virtual network is just as secure as it’s physical counterpart.

On the contrary (due to its multi-tiered nature), unless you have your guard up in every direction, if your web-tier is breached you can say goodbye your application tier and database tier as well (which are typically ill-prepared to deal with such a threat).

See, when we say your VN should be alone, we don’t mean that you should be giving it a stern telling off and forcing it to sit in the corner so it can think about what it’s done. We’re suggesting that it makes sense to mean ‘isolate’ and ‘segment’ it. Not that you need to give too much effort on the former; isolation is a bog-standard feature of network virtualisation and that’s not going to change anytime soon. Segmenting, however, is a whole different bag.

 

Traffic is coming…

Designed to manage the entry and exiting of traffic throughout your network, segmentation is probably one of the main benefits you were most pleased with when you were gleefully unwrapping and implementing your latest firewall. That was, however, until you realised how much time, effort and manual resources were needed to define and maintain that segmentation; not to mention allow for the likely event of human error.

This is where your knight in shining armour, Ser NSX, House of VMware, First of His Name steps in. Considering the amount of breaches and subsequent downtime that has afflicted many cloud data centres since the inception of Cloud, NSX offers an alternative approach to a confidence-stricken industry, as opposed to the tried and tested physical firewalls and access control lists.

 

Damage control

Given the shifting direction of network traffic, the timing of NSX couldn’t be better; when we said earlier that your security situation could go west, it wasn’t a typo. Since the rise of virtual containers that positions virtual layers as applications that run within an OS, everyone was aware that there was a high chance of network traffic starting to run east-west (or laterally), rather than north-south.

What is less commonly known, is that if traffic runs laterally throughout your network, it’s also likely to run through your physical firewall like a JCB through a screen door. The drawbridge will be wide open for any unwanted users to waltz through your extended network.

Admittedly, segmentation cannot fully secure your network; there’s no such thing as one hundred percent secure, but it can greatly mitigate your risk. In the event of a breach, segmentation ensures that the damage is minimal, which is the best an organisation can hope for when compromised.

 

Addressing the smooth criminal

The sophistication of cybercrime naturally demands solutions that can evolve, adapt and protect, which means you can only ever reduce exposure and risk in equal measure.

Irrespective of the headlines security enjoys, sharing best practice is a responsibility of any technology company. Already we’re starting to see a shift from the conventional spending away from peripheral solutions and towards dynamic alternatives that fortify the network from the inside out.

Regardless, today’s private cloud environments still consist of a concoction of platforms and OSs designed to solve one or two problems at a time. This works, but it requires a lot of effort to manage; it’s clear to see that a unified framework is the way forward for the industry.

Of course this all only applies on the basis that your network is ready to deal with the inflow of lateral data – it very well could be. A check-up is never a bad idea however, and COMPAREX's Virtual Network Assessment is designed to point out in detail all of the potential issues that NSX could fix, all over a 48-hour period.

 

To book your Virtual Network Assessment, get in touch with our technical team today!

Alex Dalglish | Head of Technical Services | alex.dalglish@comparex.co.uk

 


Share this page

Do you want to continuously receive news via LinkedIn about COMPAREX UK in general, special offers and our events?

Start following COMPAREX UK on LinkedIn


Related Pages

 COMPAREX SAM2GO - Software Asset Management as a managed service.

Contact Us