Security has been a tough place to be for some time. Each year that passes is marked by the break-ins that occurred. 2013 was the Year of the Mega Breach, 2014 was the Year of the High-Profile Breach, and 2015 was the Year of the Health Care Attack. What happens when we step back and take a look at this problem from the most practical method possible. Which is to say: how does a hacker view your data center?
Visibility becomes the key, doesn’t it? Look at the most popular zero day out there: CVE-2013-7331. It’s popular because it only supports the attacker gathering intelligence on the targeted network. It’s big time useful for planning further attacks. Hackers first look to learn as much as possible about your network before they attack. It’s smart, and it’s the way warfare has been conducted for years.
Your attack surface is really the sum of all the communications pathways into, out of, and inside your applications.
At Illumio, we’ve spent thousands of hours understanding what the data center’s attack surface actually is. It’s not as simple as open ports or unpatched systems, although both of those are certainly part of it as well. It’s really the sum of all the communications pathways into, out of, and inside your applications.
Does a hacker care about an old SCO server? Maybe as a launch pad or decoy agent. They really care more about that MySQL service listening on socket 3306. It’s safe to say that pathway has more value than the SCO pathway.
Illumio has developed a set of advanced algorithms for breaking down this data, designating the value of both incoming and outgoing data paths, and comparing this across your workloads—all with a minimum level of manual intervention. We call it the Attack Surface Assessment Program.
How does it work?
The Attack Surface Assessment Program is really a two-stage tool. First, you run a script on your chosen data center machines. There’s nothing to install, change, modify, or redo. The assessment works on any type of OS, hardware, hypervisor, etc.
Stage two is our turn. Illumio analyzes the data, runs it through multiple internal reviews, and then presents you with a verified report.
Why do you need it?
When it comes right down to it, the best possible way to stop a hacker is to deny them the initial machine state. That’s warfare 101. Don’t attack your enemy over and over. Attack their supply lines and deny them the resources they need to keep fighting. The Attack Surface Assessment Program helps you identify and secure the servers and communications flows that hackers are likely to use to manipulate, modify, or destroy the high-value assets in your data center.