Post by, Moshe Ben Simon, Co-founder and VP of Services and TrapX Labs
Historically, an organization’s critical assets might have included plant, machinery, intellectual property, and people. These assets still need protection, but they’ve arguably become easier to secure against criminal activity. It’s true that intellectual property theft existed in the 1970s, but it was far less common, and the industrial espionage landscape didn’t even bear a passing resemblance to the one we face today.
Early in the 21st century a new critical asset came to the fore in modern organizations: the data center. Highly complex and comprising thousands of devices, the modern data center has presented an entirely new set of management challenges. For example, vendors such as Amazon offer data center services that organizations and the public use without a second thought, even though they contain our personal information, including financial and health data, and communications. We also use these third-party data center services whenever we collaborate over social media, message over WhatsApp, and so on. For the modern security-conscious organization, the data center represents a “Russian doll” of critical assets.
Given the rapid increase in use of data centers, it’s no surprise that cyber attacks on them have become commonplace. Regardless of where a cyber attack begins, it will end up in the data center. Attackers know that that’s where the crown jewels reside, in the form of extensive databases of personal information, financial systems, payment gateways, and company secrets.
Given that the modern data center is highly virtualized, resilient, and likely to represent a hybrid of cloud and data center providers, the challenges associated with protecting them are manifold. Data center vendors emphasize cost control and core business focus, but unfortunately, you can’t outsource risk, and so the modern CISO and CIO have a whole new set of headaches. How do you secure something that doesn’t have a fixed location, that stores and transmits massive amounts of data, and that may be flexing to meet business demand, thereby varying the number of devices you actually need to pay attention to?
The data center is a dream come true for skilled cyber attackers who’ve already achieved privilege escalation. Attackers move laterally across data center environments, collecting as much sensitive information as possible and attempting to create conditions that compromise the security of financial assets. Consider what happened to Verizon’s takeover offer for Yahoo after two major breaches were made public. 
The data center is an environment where “five nines” availability drives a reliance on passive rather than active security solutions. Network anomaly detection solutions simply don’t work in these dynamic environments, where network baselines are so difficult to derive. The problem is further compounded because these are real-time processing scenarios, where legitimate processes cannot be interfered with by security systems that manipulate or drop traffic. Given that intrusion-detection systems and Web-application firewalls are failing utterly to detect intelligent attackers moving laterally across networks, surely the time has come to consider a different approach to securing the data center.
Deception technology is becoming more prevalent as a data center security layer. A robust deception solution installs quickly and provides a passive shadow topology that leaves data center performance totally unaffected, but provides a layer that can detect lateral movement before huge losses are incurred. The best deception solutions do not require active software on servers or any topology changes. Deception addresses detection over prevention; hence, it’s an attractive addition to existing security controls.
Effective full-stack deception, using an architecture such as Deception in Depth, can duplicate an entire data center with apparently vulnerable IT assets, servers, network and IoT devices, and fake sensitive data, diverting attackers away from the organization’s actual critical assets. This allows security teams to concentrate on responding to high-fidelity alerts that a deception solution produces. This is a critical point. When a cyber adversary penetrates the network and sees a far larger number of devices than actual production systems, his campaign cost rises and his risk of being detected increases exponentially. An attacker cannot discern the authentic from the fake, revealing his position the moment he touches a decoy asset. Once your deception strategy is in place, you can deceive attackers at the data, application, hardware, and network levels. This means you can protect your IoT and OT assets to keep your data center operating at peak performance while offering attackers compelling ranges of services, applications, datasets, and non-classical IT assets.
Data centers represent unique security challenges to technology professionals. By deploying deception architectures such as Deception in Depth, you can beat attackers at their own game.