editor’s question
application attacks such as
SQL injection and cross-site
scripting (XSS), disruption
of access to DNS
servers or poisoning
of DNS caches in a
data centre, users
being prevented
from accessing vital
services, brute-
force attacks due to
weak passwords and
SSL-induced security
vulnerabilities are
some of the methods
used by cybercriminals
to steal data or take the
servers offline.
Cyber-resilience
mitigates attacks
MATHIVANAN
VENKATACHALAM,
VICE PRESIDENT,
MANAGEENGINE
D
igital
Transformation
in the Middle
East is on the
rise, sparking
the need for data
governance and
security. Last year, Gartner predicted
that the region would reach US$155
billion in IT spending, up 3.4% from
2017, the highest increase for the region
in the previous three years.
Cybersecurity has become a top priority
for organisations as the average cost
of a data breach across the globe was
US$3.86 million in 2018. To mitigate
these threats, data centres need to have
robust security policies in place, improve
their cyber-resilience and implement
stronger security measures to ensure
their customers’ data is secure.
Data centres collect and store massive
volumes of data from multiple sources,
which makes them an attractive target
for cybercriminals. DDoS attacks, web
30
Given these threats to the data
centre network infrastructure, here
are some best practices to help defend
against cybercriminals.
Monitor the firewall: IT admins need
to regularly monitor and analyse their
firewall’s syslogs and configurations,
and optimise its performance to protect
the network. Efficient syslog analysis
can help identify security threats in real
Conducting regular
security audits and
running regulatory
compliance reports
to identify and
correct security
vulnerabilities
plays a key role
in keeping data
centres secure
from attacks.
time and effective policy management
can help prevent DNS spoofing, DDoS
attacks and web application attacks.
Don’t stop monitoring at the firewall:
To gain insights into potential threats
and stop them before they turn into
an attack, IT admins need to also look
into other log-generating devices in the
network such as routers, switches, IDSs
and IPSs, application servers, databases
and web servers. It is critical to correlate
and analyse logs from all these sources
to find security events of interest, such
as user access, unusual activities, user
behaviour anomalies, policy violations,
internal threats, external attacks and
data theft. A thorough analysis will help
in preventing security attacks.
Keep an eye on configuration
changes: The key to efficient network
management is using an end-to-end
change management tool to track
and record all configuration changes
made to network devices. Apart from
this, security admins also need an
alerting system that notifies them of all
configuration changes in real time.
Encrypt and inspect your data traffic:
Huge volumes of data travel between
data centres and to protect this data
from being intercepted, security admins
need to use strong data encryption
and inspect outbound SSL traffic from
internal users, as well as inbound SSL
traffic to corporate servers, to identify
any suspicious traffic. A combination of
encryption and monitoring can save data
centres from attacks exploiting SSL-
induced security blind spots.
Set up stringent authentication control:
Deploying a secure, centralised vault for
password storage and access plays a
key role in eliminating password fatigue
and security lapses. Automating frequent
password changes and generating real-
time alerts on password access helps
keep brute-force attacks in check.
Finally, conducting regular security
audits and running regulatory
compliance reports to identify and
correct security vulnerabilities plays a
key role in keeping data centres secure
from attacks. u
Issue 11
|
www.intelligentciso.com