Info Image

Technologies

Services

Business

Devices

Home
Blog
Insights
Events
Directory
IP/Optical Whitepapers 2024 Predictions 5G

Data Center Security: Micro-Segmentation + Application Visibility = Strong Middle

Is perimeter defense sufficient for good data center security?

As we know, data center perimeters are typically protected by firewalls and IDS/IPS. While these products are good at handling north-south traffic, in and out of the data center, they are not built for securing east-west traffic within the data center.

This is becoming an issue because east-west traffic can represent 5x more than north-south traffic… due to an increasing number of communicating web, application, and database servers. This means that if a malware penetrates the outer security perimeter, it can launch further attacks inside a vulnerable data center. This has been described by security experts as the “hard outside with a soft, gooey middle”.

Good news: you can apply micro-segmentation to harden the inside too!

Micro-segmentation divides the data center into smaller zones which can be protected separately.  This means that in case of a breach, the damage can quickly be contained to a small number of compromised devices.  

Reinforce micro-segmentation with Layer 7 visibility

But to be effective, micro-segmentation requires a real-time association between applications and security policies. Therefore, east-west traffic between VMs must be analyzed in real-time, up to the Layer 7 application. Using similar technology to modern firewalls, a classifier function has to identify applications by looking at protocol grammar instead of ports. 

The technical approach consists of integrating a Layer 7 classifier inside the hypervisors, to extend vSwitch visibility from Layer 1-4 all the way up to Layer 7. This way, the vSwitch can strengthen access control rules between VMs based on application traffic.

This new L7 application visibility:

Is provided by a Layer 7 classifier integrated in the hypervisor

Analyses east-west traffic between VMs in real-time, up to Layer 7 application

Has no significant impact on performance

Enables real-time association between applications and security policies

Conclusion

Now you can harden your data center security using micro-segmentation combined with real-time application awareness!

NEW REPORT:
Next-Gen DPI for ZTNA: Advanced Traffic Detection for Real-Time Identity and Context Awareness
Author

Erik Larsson, Head of Marketing, DPI & Traffic Intelligence, Enea

Erik works with cybersecurity and networking use cases for Enea’s Qosmos DPI and traffic intelligence software. He has extensive experience from marketing, business development and strategy at high-growth private companies and publicly listed technology vendors.

PREVIOUS POST

Segmented Bundling: Road to Increased Prepaid Monetization?

NEXT POST

Digitization And Utilities: The Song Remains The Same

RELATED CONTENT

Comarch Energy Savings CommScope SEED Technology

Rohde DTW 2024 ACC 2024