Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
1
8
2014
12.18.2020

3 Stages of Data Center Security: From Threat to Remediation

Last updated:
9.16.2020
12.18.2020
No items found.

Security. When it comes down to it, security is the main reason many executives are wary of cloud hosting. It’s a good reason, too. It takes a bit of faith to put critical business data into external infrastructure. Managed cloud security services offer peace of mind as dedicated NOC staff keeps watch 24 hours a day for incoming threats, both taking precautions and responding to attacks as soon as they are detected. The three stages of managed security services are:

1) Prevention – antivirus and firewall
The best way to stop a digital attack is to prevent one, and the best way to do that is through a combination of antivirus tools, firewalls, and other prevention systems. Antivirus tools actively scan server storage disks and running processes to discover and isolate malware (software designed to collect and steal information or damage file systems) based on an existing registry of common bugs and viruses. Firewalls are a software layer, generally installed on their own network machine, that examine the network packets entering and leaving the network, deciding which should be forwarded to their destination. Secure login procedures and authentication certificates like secure socket layer (SSL) let mobile users enter otherwise secured networks.

Intrusion detection and prevention systems are also used to discover and potentially halt network break-ins. By using vulnerability assessment, which means monitoring user and system activities, while assessing file integrity and scanning for recognizable attack patterns and user policy violations, IDS can recognize suspicious activity and alert IT staff (while IPS can actually take immediate action based on previously established administrator rules, dropping network packets or blocking traffic from a suspicious IP address or port).

3 Stages of Data Center Security

2) Active monitoring
Network operations center (NOC) staff keep an eye on reports generated from the above tools as well as visibility reports built into virtualization software and network management. This is security monitoring. Log management software collects the log events from across the network (what IP addresses are accessing what servers and when, what files are being added or deleted, the resources currently used on each server and by each virtual machine, etc). By keeping a watch on these records, the NOC can spot attacks as they happen. Web application scanning and security information and event management (SIEM) strategies also come in at this level. SIEM systems also collect logs and documentation and combine them in a single location, from user devices, networks, servers, and even software like firewalls and antivirus. A profile of the “normal” system is necessary for the system to determine anomalies.

3) Response and remediation
Once evidence of a digital attack or hacking attempt is discovered, careful steps must be taken. No electronic tools should be used for communication about the hack, as hackers tend to keep an eye on their target networks to see if they’ve been discovered and need to cover their tracks by deleting logs and masking their traffic. The hack should be reported to web hosting partners, technical staff, and the police/feds (the Computer Emergency Response Team is dedicated to hacking incidents). Log information can be used to figure out how access was gained, and these security holes should be plugged. Passwords need to be reset; two-factor authentication considered if it is not already in use (via an additional, randomized and time-sensitive password delivery device); and staff need to be questioned (many incidents are inside jobs). IP addresses may need to change. Once control is regained, backups can be used to restore any damaged information.

New viruses and malware are developed every day, meaning constant vigilance and up-to-date virus definitions are vital. Attacks by individuals or botnets are generally designed to steal information or disrupt service rather than break down systems and often can not be detected or avoided until it is too late. Even the most prepared security expert will tell you a denial of service attack (DDoS) often must be simply endured. The best tools besides network monitoring and firewalls are employee training and encryption, which help guarantee secure access by authorized users only.

Posted By: Joe Kozlowicz

Recent Blog Posts

lunavi logo alternate white and yellow
7.21.2021
07
.
19
.
2021
How Lunavi Approaches Digital Transformation: HostingAdvice Company Profile

For prospective clients and partners, the history, ethos, and capabilities of a vendor are paramount. HostingAdvice.com recently profiled Lunavi to explore our approach.

Learn more
lunavi logo alternate white and yellow
5.20.2021
04
.
26
.
2021
Test Automation Best Practices: Balancing Confidence with Efficiency

Automation can instill confidence to release software and improve the team’s ability to create high-quality applications in the fastest and most efficient way possible. Essentially, it eliminates the need to compromise or choose one set of priorities over another. Instead, it allows teams to strike a balance between confidence/coverage and speed/efficiency. But automation isn’t a one-size-fits-all solution.

Learn more
lunavi logo alternate white and yellow
4.20.2021
04
.
20
.
2021
Building Your Cloud Foundation Part 1: Core Configuration & Governance

This first area of focus establishes your cloud policy, or the way your organization consumes and manages cloud resources. Learn how to establish proper scope and mitigate tangible risks through corporate policy and standards.

Learn more