Illumio's new Attack Surface Assessment Program is an effort to identify all the active and inactive pathways in a data center in a bid to make it harder for attackers to exploit.
When it comes to protecting data centers against security threats, it's important to not only know what the threats are, but also where weaknesses and paths to exploitation exist. Illumio today is announcing a new effort called the Attack Surface Assessment Program (ASAP) that aims to help identify areas of an IT infrastructure that need to be hardened to limit security risks.
Helping to lead the Illumio ASAP program is Nathaniel Gleicher, former director for Cybersecurity Policy for the National Security Council at the White House. Gleicher, who joined Illumio in January, serves as the company's head of cyber-security strategy. During his time as director of Cybersecurity Policy at the White House from 2013 to 2015, Gleicher said he realized that it's important to have technology that makes defenders more effective. Illumio emerged
from stealth mode in October 2014 with technology that helps organizations segment and control applications and users.
"One of the things that became very apparent to me while working at the National Security Council is that defenders and data centers have very large attack surfaces," Gleicher told eWEEK
. "Many organizations are wide open on the interior, and virtually every major breach in recent years has exploited that fact."
Gleicher said he was looking for a company that could reduce the attack surface, which is why he joined Illumio. What Gleicher means by the term "attack surface" is all the open communication pathways between servers in a data center, adding that one of Illumio's core technology promises is to isolate and segment pathways to reduce the attack surface. The new ASAP effort is an outgrowth of the visibility that Illumio offers its customers as a way to understand what the attack surface actually is within a data center.
"We had customers that wanted to get an understanding even before they install Illumio of how all applications and servers communicate with each other," he said. "Defenders often just don't know what their attack surface looks like."
As an early test of the technology, Illumio analyzed a data center that had 100 workloads running. The analysis found 30,000 active communications flows between servers and approximately 3 million open pathways.
"There were 100 times more open inactive pathways than there were active pathways," Gleicher said. "So the core analysis that we do doesn't just show the data center pathways, but how to reduce the number of inactive, open pathways to reduce the options that an attacker has to attack."
The idea of scanning a network to identify potential risks and areas of security exposure is not a new one. Scanning vendors including Tenable and Qualys provide multiple sets of capabilities that can identify security risks in a network. Illumio ASAP, according to Gleicher, is looking at the big picture of the data center and how different components interrelate.
With ASAP, in addition to visualizing the data center pathways, Illumio also identifies the most likely places an attacker would go after, so a defender can prioritize security efforts, he said.
"One of the challenges is that the attack surface can be so vast. If you try to secure everything equally, you often end up not securing everything enough," Gleicher said. "You need to prioritize security around your most valuable information."
Illumio's core technology platform can be used to help implement the suggestions provided by the ASAP offering, though Gleicher emphasized that the ASAP offering can also benefit organizations in other ways.
"The point of ASAP is to deliver information to a company they can use the day they walk out of the assessment," he said.
What Illumio has found is that in a data center, there are typically a few servers that are more connected than others, Gleicher said. Those highly connected servers can potentially become platforms for attackers to move laterally in a data center.
"Knowing where the highly active servers are means a defender can reduce the connectivity if it's something the business processes allow," he said. "If not, then an organization can focus its security processes on the highly active servers."
That said, Gleicher noted that what Illumio will likely recommend as a result of an ASAP analysis is some form of IT segmentation strategy. There are multiple types of segmentation strategies, with Illumio's core platform being one such approach.
"What we're really giving organizations is a map to their high-value assets and communications, so they can make them more secure, regardless of the technology approach they choose," he said.
Sean Michael Kerner is a senior editor at
InternetNews.com. Follow him on Twitter @TechJournalist.