Author’s Note: This blog is not new information for you, but serves as a reminder you should always guarantee the basics are in place and stay that way
I remember getting a frantic call from a customer many years ago. He had an enormous data center hosting several hundred public websites and was telling me that all the sites were down and nothing was working. I tried my best to calm him down and figure out what was going on. After asking some basic questions, I concluded that he had a virus running through his network, bogging down all his servers. He adamantly protested there couldn’t be a virus because he took care of his servers, so much so that he got upset I even suggested such an outrageous idea. After that short conversation, he convinced me to pay him a visit.
There Couldn’t Be a Virus
I walked into the data center and couldn’t even see the other wall. Not only was the data center gigantic, but it was built exceptionally well. Remember, this was around 2002, and almost everyone in the industry has a horror story of walking into a poorly constructed data center back then. I couldn’t even imagine every system in this entire network being unresponsive. Well, after about 15 minutes of being on the network we found that 6 servers were infected, causing the whole network to be flooded. The obvious solution was to shut down the systems and go from there. After we did that, everything slowly came back online, and the websites and servers were reachable once more.
The customer apologized when he realized there, in fact, was a virus running rampant in his data center. After retracing his steps and asking a few questions, we discovered the infection manifested in new servers that had just been loaded. The smoking gun? The engineer didn’t have enough time to patch them or put on any base tools, such as anti-virus.
Obviously, these servers running without protection or patching were easy targets to get compromised, resulting in the take-down of the entire data center. This customer was certain they were adequately protected, but ended up proven wrong because the data center team didn’t establish and follow the fundamentals of data protection. Whether it be 2002 or 2018, these core basics are critical to securing your data and keeping viruses and intrusion at bay.
Bringing Security Back to the Basics
This story is just one of the many examples I lived through while helping my customers understand how data security should look and how it should be architected. We’re all aware of the massive attacks and data breaches on the news, but many people don’t realize these security failures can all be brought back to some primary control or function that was “supposed” to be there but either wasn’t or functioned incorrectly.
These basics are critical to get right. I can’t tell you how many security professionals focus only on the “cool” tools and functions. They have the most expensive software that will correlate any attack and do amazing things, but if you ask them how they validate their basic controls, they won’t have a great answer for you. Every day I wake up, open my inbox, and see marketing material from a provider with the latest-and-greatest security tool with new capabilities. Yes, I admit they are fun and can provide real benefits for your organization when used correctly, but if you don’t have your fundamentals in order you shouldn’t even begin to explore these tools.
Fundamentals of Security
Everyone defines the fundamentals of security differently because it’s subjective and we all have different opinions. Especially security professionals, who often have a firm idea on what they believe these fundamentals should be and can sometimes be unwilling to waver. There are many standards to follow that may help us view the fundamentals with the same understanding, but ultimately it’s all building blocks. The important part, however, is to never forget about the base of that building as you are stacking blocks.
Here are my fundamentals of security, often overlooked or thought of as expected:
- Employ good patching methodologies
- Your first line of defense is keeping your systems patched with vendor patches. This is an essential function that needs to be watched and verified. Without a good patching policy and activity, you can expect security-related issues.
- Ensure that systems, once established as fundamentally sound, stay that way
- This goes back to the configuration management function. There are many ways to track this, but once you spend the work to ensure a system is secure, you must make sure it stays that way!
- Guarantee a good anti-virus system
- While you may think that everyone would have this and it’s working fine, many people can’t tell you for sure if that’s the truth. There needs to be a function in place to guarantee all systems not only have this installed, but have this working. I have seen many issues when a system becomes compromised because it’s not up to date or not functioning correctly.
- Gain insight through alerting
- We work in technology, and something will break eventually. The key is knowing when things break and then fixing them. Without proper notifications you can’t act on anything. This is important because when something breaks, time becomes critical, and the longer you don’t react the worse it will become for you.
Ensuring Security for Your Enterprise
As I said in the beginning, this blog is probably not new information for you, but serves as a reminder that you should always guarantee the basics are in place and stay that way. Here at Virtustream, we are working every day to create new tools around security automation and reconciliation that make sure all systems stay exactly the way we want them to, and we can prove that is the case. Yes, we still have all the fun, fancy tools, but those come after a well established base has been built and maintained. So if you have spare time today, take a glance at your security posture and see if you are as protected as you think. Remember, sometimes it only takes one unpatched server to take down your database.