Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 1 The Evolution of the Data Center 9 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Within a hybrid cloud environment, the majority of all network traffic today consists of east-west communications between servers in the data center, many of which are virtual machines. Thus, legacy port-based firewalls are largely ineffective because the traffic never passes through the firewall. Attackers are free to move laterally throughout the data center with little risk of detec- tion. Modern security must be deployed strategically to address both public and private cloud attack vectors, in order to provide comprehensive protection of the organization's systems and data in a hybrid cloud environment. This requires strategic placement of next-generation firewalls throughout both on-premises and private cloud environments, as well as within public cloud envi- ronments to filter and inspect all inbound, outbound, and east- west traffic. Security policies should be based on the identity of users and the applications in use — not just on IP addresses, ports, and proto- cols. Without knowing and controlling exactly who (users) and what (applications and content) has access to the network and its various assets, data centers and hybrid cloud environments may be compromised by threats that can easily bypass port-based network controls. Intrusion prevention Traditional IPS solutions use a mix of exploit-based signatures — which can be produced quickly but provide limited coverage — and vulnerability-based signatures — which take longer to create but provide coverage for a broad range of exploits — and attempt to apply the appropriate signatures to specific types of traffic, based on port. This limitation means that malware or exploits on unexpected or nonstandard ports are likely to be missed. Addi- tionally, IPS solutions lack the depth of exploit detection needed to protect hybrid clouds — most IPS solutions only look for a few hundred types of common exploits — well short of the tens of thousands that exist. Proxies Proxy solutions are another means of network traffic control. But they too look at a limited set of applications or protocols and only see a partial set of the network traffic that needs to be monitored. By design, proxies need to mimic the applications they are trying to control so they struggle with updates to existing applications