An organization’s total IT infrastructure can be likened to a traditional city which has roads, highways, gates, fences and different buildings (with each building housing different assets). In this city, the roads and highways are the network, the gates and fences are the perimeter firewalls. The buildings are servers (physical or virtual) and other endpoints that run different applications and store the organization’s critical assets (it’s data). This is a theory some IT professionals refer to as IT-as-a-city.
Figure 1: IT as a City similar to a typical city
Like every city, IT is faced with challenges like improving its datacentre and networking infrastructure, mitigating threats and securing its endpoints. For IT organizations to solve these challenges and securely deliver the anticipated improvements in service quality and speed, a Software-Defined Data Centre (SDDC) approach is required. The VMware architecture for the SDDC empowers companies to run hybrid clouds and to leverage unique capabilities to deliver key outcomes that enable efficiency, agility, and security. For instance, enterprises using VMware technology can secure and micro segment their network using VMware NSX. This is equivalent to securing the roads in a city against robbers that may want to attack cars (data) that ply such roads. But, securing the roads is only part of the solution. It does not secure the endpoints. An Antivirus software is a good start but it can only stop a virus it knows about. Even with machine learning, antivirus software’s are not able to stop the numerous treats that pop up every day. According to Brian Dye, senior vice-president for information security at Symantec, antivirus software only catches 45% of malware attacks.
Despite cybersecurity being a top priority, organizations continue to fall short protecting against threats. Security-related losses are increasing at a rate more than double that being spent on security. The amount of funds and effort being spent on security is simply not producing the expected results as seen in the graphic below.
Research reveals a hacker strikes every 39 seconds – and the cost of a breach is rising. This is according to a Clark School Study at the University of Maryland. Also, the Ponemon Institute has estimated the financial loss from a cyberattack at $3.6 million, up 62 percent in the last five years. This is largely due to “dwell time”, or the number of days attackers can gain a foothold in your data centre before intrusions can be identified and resolved.
How then can organisations protect themselves from all these threats? Enter VMware AppDefense, a simple adaptive micro-segmentation approach to protect datacentre endpoints. It leverages its position in the hypervisor combined with knowledge from the management systems to provide a clear picture of how each endpoint is supposed to look like.
AppDefense enables enterprises to
- Learn: Understand, visualize, and verify the composition and intended state for the applications in their environment.
- Protect: Monitor their running applications against their intended state to know instantly when something or someone is manipulating their applications, and have greater context. They can also lock down applications so the only things that run are what they intended to run and respond to any deviations.
This adaptive micro-segmentation brings the following benefits;
- Much more application intelligence – By better understanding application composition and the intended state and behaviour of the workloads that make up the application, AppDefense turns visibility into security policy definition, thereby taking the guesswork out of policy creation.
- Workload control (in addition to network control) — By directly locking down the workloads that comprise applications, Adaptive Micro-segmentation now protects against direct attacks on the application, itself. Additionally, it protects the services that traverse traditional segment boundaries (i.e. domain controllers, agents, jump servers, etc.) so that attackers cannot use legitimate communication paths to compromise applications.
- Adaptation to change – One of the core problems with operationalizing a zero trust model is building controls that are flexible enough to accommodate the rapid rate of change of modern applications. As the name suggests, Adaptive Micro-segmentation allows for the automated redrawing of workload and network security policy when any component of the application is changed.