Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Showing results for 
Search instead for 
Did you mean: 

Redefining data center security (spoiler: securing the perimeter is not enough)

Guest blog by: Dror Sal’ee, VP Marketing, GuardiCore


GuardiCore.jpgAs we’ve become increasingly aware, data centers house some of the enterprise’s most sensitive data and run most of its business related processes as well as security controls, making them a prime target for attacks.


Most data center security currently resides on the perimeter, designed to keep attackers out. However, the data center perimeter is dissolving, subject to architectural changes such as cloud bursting and instant provisioning of virtual machines to enterprise users or customers. Even when there is a perimeter, the attackers need only one mistake in order to get inside the data center, and have been documented to infiltrate some of the most secured ones.  Some of the recent high-profile cases include RSA & Lockheed, Google & Yahoo and Huawei, but everyone, as demonstrated by Verizon 2013 Data Breach Investigations Report, is a target. However, it’s also important to point out that the attacker may be an insider. Data centers need defense-in-depth.


Soft Inside

Once breached, data center attacks are very hard to detect, and even harder to mitigate in real time. State-of-the art security techniques such as Sandboxing, NG Firewalls, IDS and Deep Packet Inspection don’t scale to the task, due to the explosion of East-West traffic and its dynamic nature, while user-owned virtual machines limit the effectiveness of endpoint security in data centers.


Currently, security inside data centers relies mostly on access control, or ‘closed doors’, by means such as firewalls and VLAN separation. While closing doors is certainly a good practice, some doors must be kept open to allow normal business operation. Attackers typically find and use these ‘open doors’, which is why we see access control as important, but far from enough.


A new approach

We see SDN as an opportunity to introduce sophisticated security logic into the data center switching fabric in a way that can scale to the demands of a data center. Using this approach, we are building a defense suite, targeting the attacker’s ‘kill-chain’ inside data centers.


An active honeypot

When attackers get inside data centers, they typically start by mapping the network and trying to connect to and infect other servers. In many cases such attempts will be blocked by an existing separation policy or simply reach a closed port on target machines. But attackers will keep trying, and eventually find an open door of vulnerability to exploit and propagate.


The first exposed part of GuardiCore’s Defense Suite, the Active Honeypot, represents a new breed of network security tools. Blocked or failed connections are brought back to life by local switches, and dynamically re-routed to an ‘ambush’ server, without the attacker’s awareness. The ‘ambush’ server is a highly monitored environment that seems vulnerable to the attacker. This technique can expose the true intentions of the blocked connection attempt and reliably identify a malicious attack at an early stage, gaining insights and generating a detailed auto-forensic report in real-time. Using gathered insights a switch level security policy can be instantly adjusted.





The GuardiCore Active Honeypot, paired with the HP VAN SDN Controller and SDN infrastructure, adds a new layer of internal, in-depth defense to address the problem of internal data center vulnerability as well as builds additional intelligence to enhance security policies. The automated, dynamic programmability of the network delivers much greater data center and network security while also saving administrative and investigation costs. 


In-depth defense
GuardiCore’s mission is to protect data centers. We see SDN as an opportunity to innovate and build new network security methods. GuardiCore found HP to be a great partner in implementing our new approach. We are excited to launch our first application for the HP SDN App Store, now ready for Beta deployments.


>> Learn more about how HP redefines data center security with GuardiCore Defense Suite, powered by the HP VAN SDN Controller.

>> Contact us if you would like to explore further a new level of internal data center defense.


>> For more information about the HP SDN solutions visit

>> Follow HP Networking on Twitter and Google+| Join HPN LinkedIn Community | Like us HPN Facebook


>> Register to receive the HP Networking newsletter



Discover 2014.jpg

0 Kudos
About the Author

28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all