Protecting The Perimeter
Scaling The Facility Walls
Data centers can no longer concentrate primarily on internal security. Castle-style solutions were useful in the days of mainframes and hard-wired terminals, but they aren’t as effective today. Indeed, the introduction of over-the-air communications (OTA), smartphones, and the cloud has rendered the gates obsolete, as most bad actors can now scale the walls.
Data centers are currently facing a significant cyber security challenge in that they must endeavor to keep their data private while operating applications on-premise as well as on public, private, and hybrid clouds. While many of their clients go deeper into the cloud, this can increase the potential of scaling attacks across cloned configurations accidentally. Routers and switches, as well as storage controllers, servers, and operational technology components like sensors and switches, can all be targeted by adversaries. Once hackers obtain control of a device, they can scale their attack, possibly compromising all similar devices across networks.
Bad actors now have more tools to circumvent perimeter security and attack targets from the inside, so today’s attacks come from new and unexpected places. At the AFCEA Defensive Cyber Operations workshop in May, Col. Paul Craft, director of operations at Joint Force Headquarters-DoDIN, noted that security is no longer simply about the infrastructure. He said, “It’s also our platform IT; it’s all of our programs of record; it’s also our ICS and SCADA systems; it’s also the cloud; it’s also all of the cross domains that we have out in the network.”
As evidenced by a weakness that provided hackers access to 200,000 network devices constructed with similar code, many assaults may now swiftly scale from one device to all devices. According to the Ponemon Institute, fileless attacks such as memory corruption (buffer, stack, and heap) and Return/Jump Oriented Programming (R/JOP) execution re-ordering are ten times more likely to infect devices than traditional attacks.
According to Symantec’s 2018 Internet Security Threat Report, supply chain threats have increased by 200% in the last year. Because the current software stack is made up of third-party binaries from a worldwide supply chain of proprietary and open-source code filled with hidden vulnerabilities, organizations and vendors now only control a .% of their source code. Furthermore, zero-day attacks, in which hackers target a system by exploiting an unknown vulnerability in software, hardware, or firmware, are on the rise.
New Data Center Cybersecurity For New Times
Data centers must make the transition from detection-only security to prevention-only protection. The latest generation of solutions tries to close the door on the rising categories of attack vectors, as many new threats completely bypass traditional network and endpoint safeguards. This not only protects against the most recent dangers but also increases the effectiveness of tools and processes in dealing with what is left.
Today, one must presume that their supply chain hardware has been compromised. This implies they’ll need the capacity to create and run security software on potentially untrustworthy hardware. This new security method necessitates an in-depth approach that identifies potential vulnerabilities and hardens binaries directly, preventing an attack from gaining traction or replicating.
One of the most effective methods to do this is to update the software binaries on a device in such a way that malware is unable to change commands and spread throughout the system. This strategy, dubbed “cyber hardening”, stops a single vulnerability from spreading across several platforms. It minimizes the chances of physical harm and destruction by reducing attack surfaces and closing vulnerabilities in industrial control systems, embedded systems, and gadgets.
The best security is one that believes hackers will break in eventually. Cyber hardening, rather than reacting to exploited vulnerabilities, can prevent malware from being run against data centers in the first place. Allowing weak defenses to take down the infrastructure is not a good idea.
Security Strategies to Include for the Perimeter Protection of Data Center
Security personnel with foresight extend the initial layer of observation beyond the fence line to detect and evaluate potential threats before they reach the boundary. Any area that requires protection or is restricted to particular access holders is included in your “perimeter,” which can occasionally even include the airspace above a restricted zone.
1. Manage Areas, Targets, And Threats
If you have valuable possessions, you must safeguard them. However, security must not obstruct your ability to conduct business. Because you can’t restrict all activity in and near sensitive locations without disrupting operations, any security solution must first and foremost fulfill your operational needs.
Begin by assessing the threat. Consider how you can safeguard sensitive zones, build data management routines, and automate threat detection — and how you can train your team to respond more quickly and effectively.
When it comes to data center security, a layered approach is the best way. It’s excellent if an alarm goes off if someone climbs the fence, but there should be further layers of protection that slow or prevent unauthorized people from accessing the building’s door, and/or restricted zones or floors within.
When it comes to data center security, a layered approach is the best way. It’s excellent if an alarm goes off if someone climbs the fence, but there should be further layers of protection that slow or prevent unauthorized people from accessing the building’s door, and/or restricted zones or floors within.
Similarly, if perimeter security detects people gathering or moving through restricted areas near data centers regularly, the RSA system can alert the security operator to conduct a threat qualification and vulnerability assessment, bringing in relevant data from access control, lidar, and other systems as needed to gain a better understanding of what’s going on and why. A unified security software system can also offer several solutions to assist operators to respond fast and effectively provided they have well-defined standard operating procedures.
-
Arm And Disarm Areas Based On Custom Schedules
Restricted zones can be armed or disarmed based on responsibilities and schedules that make sense for your organization when your RSA solution is integrated with access control and HR databases.
If a service technician is only allowed to work on server rack #5, for example, he or she can only access that rack. The rest of the racks can be shielded if necessary. In that example, if the technician approaches or touches racks #4 or #6, the system can be set up to notify operators of a condition that has to be monitored more closely.
2. Reduce Nuisance Alarms
The most serious flaw in most intrusion detection systems is that they fail to distinguish between a potential threat and a genuine issue. Responding to intrusion alarms takes time away from other critical duties when there are dozens, hundreds, or even thousands of them in a day. Staff may develop desensitized to the signals over time, delaying their response time in the event of a real emergency.
The most serious flaw in most intrusion detection systems is that they fail to distinguish between a potential threat and a genuine issue. Responding to intrusion alarms takes time away from other critical duties when there are dozens, hundreds, or even thousands of them in a day. Staff may develop desensitized to the signals over time, delaying their response time in the event of a real emergency.
-
Customize Which Targets Warrant An Operator Response
Your security teams don’t need to be called out to investigate incursions caused by curious squirrels, wandering dogs, or employees or contractors going about their business. You can specify which targets require an operator response and which can be disregarded inside a unified solution.
-
Optimize Your System To Identify Friendly Activity From True Threats
Fusion, an RSA proprietary algorithm, can help your operators determine whether movement noticed by the system is something to pay attention to or whether it’s just noise, and automate workflows to trigger a response appropriate for the level of threat.
Fusion, in combination with automated threat triage workflows, can reduce nuisance alarms by up to 80%. Suspicious people moving near your boundary will be closely monitored, and local squirrels will be able to pick nuts in peace.
If suspicious activity or possible threats are discovered, the next step is to conduct a vulnerability assessment to detect and correct any flaws. Tools like heat maps in Genetec Security Center can assist your team in identifying potential vulnerabilities. If a drone flies over your fence every evening at 8 p.m., for example, your operator needs to know so that they can figure out if the drone is being flown by someone with possibly aggressive intents or by a youngster with a new toy.
3. Leverage Your Existing Technology To Do More
While restricted area surveillance is crucial, it is only one piece of the issue. On a single dashboard, RSA allows operators to assess data from a variety of connected systems, including radar, lidar, access control, and video analytics.
To get the most out of your security hardware investment, pick a software solution that:
- Consolidates multiple intrusion detection systems into a single visual display.
- Creates one or more zone overlays using various intrusion detection technologies like radar, lidar, laser, video analytics, and perimeter intrusion detection systems.
- To track a moving target, it combines data from a variety of sensors from various technologies.
- It takes a shift in thinking to move from intrusion detection to monitoring, but there’s no denying that knowing something is wrong before calamity strikes are preferable.
AKCP Security Monitoring
Data centers are purposefully built to be unobtrusive structures. The fact that these fortress structures blend into their surroundings and that most commuters pass them by without noticing is typically part of their data center security design.
Beyond blending the data center construction into its surroundings, AKCP Monitoring Solutions offers a variety of electronic and physical security solutions that may be put around the perimeter to improve security and lower the danger of a data center is compromised.
Security Sensor
The Security sensor is a magnetic on and off switch for monitoring doors and windows. When the door, or window, opens the input signal is detected by the sensorProbe or securityProbe base unit. Alerts can then be generated to notify you even including images captured from an attached camera to give you instant visual feedback on the situation.
Vibration Sensor
The AKCP vibration sensor is a normally closed input switch that will detect when there is vibration, or a window is broken. It can be connected to both the sensorProbe or securityProbe base units and then linked to notification alerts.
This sensor is designed for protection against forced entry by hammer, saw, crowbar, through walls, ceilings, windows, safes, cabinets. It will initiate an alarm when vibration from a non-desirable force strikes the protected surface. A built-in tamper switch is independent of the circuit of the vibration detector for your convenience.
PIR Hardware Motion Detector
The AKCP PIR Hardware Motion Detector is the perfect accompaniment as part of your security monitoring system. Its unique design allows mounting in either ceiling or walls and characterizes the optimum detection angle to prevent false alarms.
Although compatible with both the sensorProbe and securityProbe product series, it is ideally suited to the securityProbe product line. When combined with the securityProbe 5E’s notifications, cameras, and security sensor it provides a complete network-enabled security monitoring system.
When motion is detected notifications can be sent from the securityProbe 5E via SMS, E-mail, or MMS and even have pictures from installed cameras attached to give instant visual feedback as to the developing situation.
Reference Links:
https://www.datacenterknowledge.com/industry-perspectives/give-ovh-break-and-use-data-center-fire-teachable-moment
https://threatpost.com/accountability-cybersecurity/175571/
https://www.convergint.com/5-perimeter-security-solutions-data-centers/