Over the past decade, the data center has changed dramatically. Gone are the days of silos, with all that heavy reliance on hardware and physical servers. Today’s modern data centers have evolved to modern cloud-based infrastructures, heavily utilizing virtualization, software-defined infrastructure and automation. This has provided IT teams with more efficiency, agility and the ability to more easily focus resources where the business demands. But, despite all that goodness, it sure seemed easier to secure the old, physical, siloed data center of the 1990s when compared to today’s dynamic and distributed environment.
And compounding matters, today’s data centers have never been more threatened, with an explosion of sophisticated, targeted attacks that lead to costly data breaches, system downtime and lost productivity. Coincidence? Maybe not. And that is because as the data center has modernized, the security that protects it is often based on the same old approach and technologies that have been used since the 1990s.
Prevention Is Good….But Not Good Enough
The most dominant approach to data center security over the past two decades can be summed up in one word: prevention. At its root, this makes a lot of sense. If you can prevent a security breach like unauthorized access to happen in the first place, then this eliminates the threat at its earliest point of the kill chain.
But technology research firm Gartner says that enterprises have long over spent on threat prevention, and have under spent on detection and response. Why? Because despite deploying the best preventative defenses based on next-gen firewalls and intrusion prevention systems, we have seen an alarming increase in the number of successful breaches in the data center. According to the ITRC Breach Report, so far in 2016 we have already seen over 600 data breaches compromising more than 28 million records.
In other words, it is not a matter of “if”, but “when” a breach will occur. So when it does, you will need a good way to quickly detect and respond to a breach in progress – before the damage is done.
Threat Deception: A New Approach to Breach Detection and Response
Since the onus is now on organizations to improve their breach detection and response capabilities, the question is “how”? First off, the focus should be on minimizing an attacker’s “dwell time”. Dwell time refers to the length of time a threat actor lingers in a victim’s environment until they are detected. While the dwell time may be a tricky thing to quantify, most cybersecurity researchers estimate that it averages around 150 days. This is arguably the most important metric for incident response, and it has direct correlation to the costs associated with mitigation and remediation of a breach. In other words, the shorter the dwell time, the lower the potential damage once the perimeter has been breached.
So how can threat deception technology help reduce dwell time? Despite improvements in machine data collection and analysis from data center systems, organizations are still challenged to detect and respond to security incidents in a timely manner. This is primarily due to three factors: 1) too much data to sort through; 2) skill shortages that hamper incident analysis; and 3) high false positive rates and data overload that make incident prioritization difficult.
Threat deception technology that actively seeks out, engages, redirects and effectively takes control of attacks is becoming an essential component of a comprehensive security arsenal. Today’s threat deception technology makes possible more in-depth monitoring of security incidents, resulting in more accurate detection of genuine threats that require immediate attention. In short, threat deception technology can bring these key tangible benefits to improving breach detection and response:
- Low false positive rates
- Higher fidelity and more actionable security incidents
- Easier to prioritize security incidents and pinpoint the scope
- Actionable data to trigger swift and effective remediation
Bringing It Together: Nutanix and GuardiCore
Together, GuardiCore and Nutanix enable a secure, software-defined infrastructure for virtualized environments. Virtual machines and applications running on Nutanix are protected via Nutanix's security-first design including platform, automation, and Nutanix's ecosystem of security partners. GuardCore, as one of Nutanix's security technology alliances, completes the Nutanix security story by delivering an advanced security platform, featuring application-layer visibility and high-interactive threat deception.
GuardiCore’s agentless deployment -- as a distributed, lightweight virtual machine -- monitors all traffic, collects network and application flow data, and redirects suspicious connections for investigation to GuardiCore’s dynamic – and completed isolated – deception environment. Here GuardiCore detects, interrogates, records, and analyzes all confirm attacks. The result is a more accurate, and more actionable flow of real, high priority security incidents. This puts IT security teams in the right position to quickly detect and respond to real breaches in progress.
But don’t take our word for it. Be sure to attend our joint webinar with Nutanix on October 11, 2016 to learn more about how secure your critical applications and infrastructure with GuardiCore advanced security for Nutanix.
 Gartner, Shift Cybersecurity Investment to Detection and Response, January 7, 2016