Intelligent CISO Issue 17 | Page 49

W What are some of the key cyber- risks to data centres? AMMAR ENAYA, REGIONAL DIRECTOR – MIDDLE EAST, TURKEY AND NORTH AFRICA (METNA) AT VECTRA Attackers are increasingly recognising that the keys to the kingdom can be found deeper in the physical devices used to build the data centre infrastructure. As a consequence, security practitioners need to secure their low-level data centre management protocols, such as Intelligent Platform Management Interfaces (IPMI). These protocols are increasingly targeted by attackers because they create a backdoor into the virtualised data centre environment, access to the sub-OS environment and control over hardware resources. In spite of these risks, these protocols are rarely effectively monitored by the security solutions in place. In fact, 32% of IPMI servers have been found to run decades-old insecure versions, 5% were ‘secured’ by the default password, 30% had easily guessable passwords and only 72% had authentication access. Today there are over 100,000 hosts responding to IPMI queries made across the public Internet, making it an attractive target for cybercriminals. We’ll continue to see lower level architectural layers inside the data centre becoming increasingly targeted by cyberattacks. This exposure represents an untapped opportunity for the channel to create long term, strategic engagements and create value inside their clients’ organisations. What best practice approach should data centre owners take to ensure the infrastructure is well protected against cyberattacks? With cloud and VM mobility, it’s hard for security teams to even keep a track of what workloads are where, never www.intelligentciso.com | Issue 17 FEATURE mind securing them. Having security detection and response tools that integrate directly with the hypervisor and/or cloud service can bridge that gap. The question then becomes how quickly and effectively can you detect and respond to developing attacks in your infrastructure? Automation in cybersecurity can take some of the heavy load off the shoulders of human analysts and can make a considerable contribution to securing infrastructure. Attackers are increasingly recognising that the keys to the kingdom can be found deeper in the physical devices used to build the data centre infrastructure. AI has an increasingly important role in this respect, not to replace, but to augment humans and to make it easier for them to operate by providing them with security analysis and insights at a speed and scale impossible for humans to achieve. This provides the opportunity to spot and respond to attacks that gain a foothold inside an organisation, before they can move, escalate privileges and meet their nefarious end game goals. All defences are imperfect and you increasingly achieve diminishing returns for additional layers of defence. Security leaders must adopt a healthy paranoia of ‘I’m already compromised, where and how?’ and it is imperative to take an early detection and response approach to active attacks. 49