As the saying goes, “keep your friends close, and your enemies closer.” If you were able to get into the mind of a cyber-attacker, it is clear the main goal of an attacker is not just to gain access to our organizations, but it is to gain or prevent access to the data (the heart of an enterprise environment). As the number one storage provider to the U.S. government, NetApp has the responsibility to provide our government customers with innovative ways to protect data in the field, in data centers, and even in the cloud. We need to remain one step ahead of our adversaries.
The mind of attackers has shifted. No longer do attackers compromise firewalls and routers to gain access to our data. Instead, they are using techniques— like spear phishing and SQL injection— to bypass perimeter defenses. A traditional “secure the perimeter” approach will fail to prevent and even detect these types of attacks. If we don’t adjust our approach to counter the evolution of attackers, our data would be at risk. But rest assured…NetApp is one step ahead.
To help our customers protect their data we have adopted a data-centric mindset, as seen in Figure 1. Now, we approach cybersecurity from the data-out, rather than the network-in. This approach not only keeps us a step ahead of attackers, but also lets our customers address challenging problems, such as detecting insider threats and even Advanced Persistent Threats (APTs). Our customers can control and analyze how their data is being used at every level of the stack.
To accurately understand and manage the risk posture of their organizations, security professionals need to begin to look towards non-traditional security technologies and NetApp is leading the way.
Stay tuned for my next Government Gurus post where I discuss tips to help boost your security posture!
Lee Vorthman, Cyber Practice Lead, NetApp U.S. Public Sector
Figure 1 - Data-centric security model