Content reorganization and cleanup in the Networking category
Based on an audit of all our content here in the Networking category, we are doing "Spring Cleaning."
Find details here
Showing results for 
Search instead for 
Do you mean 

Redefining data center security (spoiler: securing the perimeter is not enough)

on ‎04-24-2014 10:20 PM

Guest blog by: Dror Sal’ee, VP Marketing, GuardiCore


GuardiCore.jpgAs we’ve become increasingly aware, data centers house some of the enterprise’s most sensitive data and run most of its business related processes as well as security controls, making them a prime target for attacks.


Most data center security currently resides on the perimeter, designed to keep attackers out. However, the data center perimeter is dissolving, subject to architectural changes such as cloud bursting and instant provisioning of virtual machines to enterprise users or customers. Even when there is a perimeter, the attackers need only one mistake in order to get inside the data center, and have been documented to infiltrate some of the most secured ones.  Some of the recent high-profile cases include RSA & Lockheed, Google & Yahoo and Huawei, but everyone, as demonstrated by Verizon 2013 Data Breach Investigations Report, is a target. However, it’s also important to point out that the attacker may be an insider. Data centers need defense-in-depth.


Soft Inside

Once breached, data center attacks are very hard to detect, and even harder to mitigate in real time. State-of-the art security techniques such as Sandboxing, NG Firewalls, IDS and Deep Packet Inspection don’t scale to the task, due to the explosion of East-West traffic and its dynamic nature, while user-owned virtual machines limit the effectiveness of endpoint security in data centers.


Currently, security inside data centers relies mostly on access control, or ‘closed doors’, by means such as firewalls and VLAN separation. While closing doors is certainly a good practice, some doors must be kept open to allow normal business operation. Attackers typically find and use these ‘open doors’, which is why we see access control as important, but far from enough.


A new approach

We see SDN as an opportunity to introduce sophisticated security logic into the data center switching fabric in a way that can scale to the demands of a data center. Using this approach, we are building a defense suite, targeting the attacker’s ‘kill-chain’ inside data centers.


An active honeypot

When attackers get inside data centers, they typically start by mapping the network and trying to connect to and infect other servers. In many cases such attempts will be blocked by an existing separation policy or simply reach a closed port on target machines. But attackers will keep trying, and eventually find an open door of vulnerability to exploit and propagate.


The first exposed part of GuardiCore’s Defense Suite, the Active Honeypot, represents a new breed of network security tools. Blocked or failed connections are brought back to life by local switches, and dynamically re-routed to an ‘ambush’ server, without the attacker’s awareness. The ‘ambush’ server is a highly monitored environment that seems vulnerable to the attacker. This technique can expose the true intentions of the blocked connection attempt and reliably identify a malicious attack at an early stage, gaining insights and generating a detailed auto-forensic report in real-time. Using gathered insights a switch level security policy can be instantly adjusted.



The GuardiCore Active Honeypot, paired with the HP VAN SDN Controller and SDN infrastructure, adds a new layer of internal, in-depth defense to address the problem of internal data center vulnerability as well as builds additional intelligence to enhance security policies. The automated, dynamic programmability of the network delivers much greater data center and network security while also saving administrative and investigation costs. 


In-depth defense
GuardiCore’s mission is to protect data centers. We see SDN as an opportunity to innovate and build new network security methods. GuardiCore found HP to be a great partner in implementing our new approach. We are excited to launch our first application for the HP SDN App Store, now ready for Beta deployments.


>> Learn more about how HP redefines data center security with GuardiCore Defense Suite, powered by the HP VAN SDN Controller.

>> Contact us if you would like to explore further a new level of internal data center defense.


>> For more information about the HP SDN solutions visit

>> Follow HP Networking on Twitter and Google+| Join HPN LinkedIn Community | Like us HPN Facebook


>> Register to receive the HP Networking newsletter



Discover 2014.jpg

0 Kudos
About the Author

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all