Clearpath’s Blog on IT Infrastructure, Hybrid Clouds and IT Security

Fight Off Ransomware and Security Threats With The Combined Power of VMware and Alert Logic

Posted by Clearpath Solutions Group on Tue, Oct 30, 2018 @ 09:09 AM

Remember those childhood games of “hide and seek”?  All the neighborhood children would get together in breathless anticipation of both finding the best hiding spots and the thrill of being discovered.  But the last thing you want when you are thinking about your network security is to play a game of hide and seek with malicious threats like hackers or ransomware.

Contact Clearpath's VMware Licensing and Professional Services Team

Sure—your first line of defense is your firewall.   But it’s not, if some threat gets inside, but when threats get inside.  What is your response? Does finding out what’s happening turn into a game of hide and seek?  Or worse—is your approach strictly a forensic one?  Wouldn’t it be better to stop the threats as they are happening rather than simply reporting on what happened? 

alert_logic_cyber_kill_chain 
There are several ways to approach these challenges—and one of the best is to think about lateral movement inside your network and data center.  There are two specific things you should concentrate on: 
  1. How would you prevent malicious threats from spreading through your network once it is inside your primary firewall?
  2. How would you even notice “east-west” network traffic that was suspicious?

VMware has an excellent solution for the first problem: VMware NSX.  Virtualizing your network allows you to employ a security strategy called micro-segmentation: the ability to essentially isolate every workload and VM behind its own next-generation firewall.  Threats that make it past your main security measures to your data center are still isolated from each other and east-west movement is greatly curtailed.  And of course—thanks to robust security policy management—the protection NSX offers can even be extended to workloads moving out the cloud.

vmware_nsx_micro_segmentation

However, security measures like micro-segmentation are only part of the answer.  There’s the whole “seeking” aspect of the “hide and seek” of network security.  And for that—you’ll need an important ability: intrusion-detection.

Ideally, your intrusion detection system (IDS) should be able to: 

  • Identify lateral movement, brute force attacks, privilege escalation, ransomware, and command & control exploits
  • Collect and analyze network traffic that traverses hosts.
  • Work broadly across multiple operating systems, middleware, development platforms, and hypervisors.

Getting the perfect match up between your VMware environment and your intrusion detection system is critical to your network security.  Luckily, Alert Logic delivers security solutions that are purpose built for VMware environments. Alert Logic Threat Manager intrusion detection for VMware provides network Intrusion Detection Services (IDS), internal and external vulnerability scanning, and PCI scanning abilities via a Security-as-a-Service (SaaS) model that is specifically designed to identify suspicious activity in network traffic and provide insight into the real threats in your VMware environments whether on-premise, in the cloud, or both. 

alert_logic_intrusion_detection

With Alert Logic’s IDS you will be able to:

  • Identify lateral movement, brute force attacks, privilege escalation, ransomware, and command & control exploits
  • Collect and analyze network traffic that traverses hosts
  • Detect threats to containers running on AWS, Azure, and on-premises deployed Docker, AWS Elastic Container Service (ECS), Kubernetes, AWS Elastic Beanstalk, and CoreOS with Alert Logic’s container security solution

Combined with the security potential of VMware NSX for micro-segmentation—you can both find and stop threats that make it past your primary lines of defense.

But Alert Logic can help you also identify vulnerabilities you have from misconfigurations to your IT environment and software too—making both VMware NSX and your other software more secure:  You can use Alert Logic’s Threat Manager to identify 91,000+ security vulnerabilities and 8,600+ software configuration issues in all your environments.  This allows you to:

  • Find security vulnerabilities on the perimeter of your private and cloud environments before adversaries can launch exploits 
  • Identify OWASP Top 10 web application vulnerabilities in custom-built or commercial apps with PCI ASV-level scanning
  • Get a complete list of missing security patches, unauthorized applications, and risky network configurations using non-intrusive, authenticated vulnerability scanning
  • Detect vulnerabilities missed by agent-based scanners with virtual scanner appliances that scan anything with an IP address
Why not engage with Clearpath Solutions Group today to discuss how combining VMware solutions like VMware NSX and Alert Logic IDS and Vulnerability Management solutions can deliver the network security you need for today?  Contact us today to find how you can stop playing games with your network security and find those threats hiding in your network traffic. After all, “hide and seek” may be fun, but not when it comes to threats that may be inside your network.

Topics: VMware NSX, Alert Logic, Ransomeware

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all
Live Chat Support Software