“Yahoo says 500 million accounts stolen” – CNN Money
“Snapchat and Seagate fall prey to new W-2 scam” - CBS News
“Cyber hack got access to over 700,000 IRS accounts” - USA Today
“LinkedIn Data Breach: 117 Million Emails and Passwords Leaked” - Fortune
“The Perfect Weapon: How Russian Cyberpower Invaded the US” – New York Times
Headlines like these are increasingly more common as data breaches, leaks, and hacks continue to affect companies of all sizes, types, and prominence. Unfortunately, no one is immune to the sophisticated attacks performed at the hands of cybercriminals. And despite greater focus and effort on defending the data center, the speed at which technology is evolving creates new challenges for implementing a secure network.
Traditionally, the data center is secured around the perimeter – meaning that there is a strong line of defense around the entire network. However, this acts as a single point of entry in the data center and once penetrated, there is nothing stopping cybercriminals from moving within the data center to obtain sensitive data. Considering the financial and social devastation that a breach can cause, it is imperative that these traditional methods of security be updated to better protect data inside the data center.
The need for an improved architecture creates a strong platform for transforming the network using virtualization. Virtualization of the data center moves the intelligence from hardware to software – allowing for greater agility and efficiency for the underlying compute, storage, and network infrastructure. Clearpath Solutions Group partners with VMware to secure virtualized network environments even further by using NSX network virtualization technology. NSX does for the data center’s network model what virtualization did for the server 10 years ago – allowing you to reproduce the entire networking environment in software.
NSX addresses the issue discussed earlier – once cybercriminals break through the perimeter, there are very few security measures in place to prevent them from laterally exploiting the data center. NSX contains and blocks unauthorized east-west movement through the data center using a feature called micro-segmentation. While segmentation is possible within today’s data centers, the network is often too large to easily or efficiently create the necessary firewalls to prevent traffic moving inside the data center. NSX takes the complexity of out of securing east-west traffic necessary to defend against modern cyber attacks – allowing chief information security officers (CISO) or chief security officers (CSO) to create distinct security segments all the way down to the individual workload.
As shown in the figure above, NSX micro-segmentation allows each and every machine and virtual machine inside the data center to be isolated by its own firewall– something that is not practical to do with a physical firewall due to cost and complexity. This distributed firewall means all traffic inside the perimeter (east-west) gets the same level of scrutiny and isolation via firewalls that traditionally was reserved for traffic coming into the network (north-south).
The ability to economically and efficiently create security policies for each virtual machine and each individual workload dramatically reduces the risk to the data center by allowing administrators to quickly react to changing infrastructure or imminent threats. Network virtualization and NSX make micro-segmentation a reality in the software-defined data center (SDDC), and allow Clearpath customers to better secure their sensitive business data from the threat of cyber attacks.
To learn more about how Clearpath Solutions Group can use network virtualization and NSX to help you implement a proactive and effective security plan, contact us today to schedule a discussion.
Be on the lookout over the next few weeks for additional posts on VMware NSX, listed below: