Modern Challenges for SLED Security
Cybersecurity attacks are becoming progressively complex with an increase in Cloud, Digitization, and Work-from-Anywhere practices. State, Local, and Education (SLED) organizations must begin improving their security posture and aligning to a Zero Trust Architecture (ZTA). Since organizations are required to move away from perimeter-based security solutions, they will need to modernize their IT operations, increase agility, and work to implement network, application, user and data-based security to support mission success based on Zero Trust.
This is where Nutanix comes in, helping you protect your SLED organization’s public information from cyber threats. Over time, Nutanix has honed in on the core concepts of security while improving data resiliency strategies. We have elevated our presence in the security space by releasing new solutions with a proactive security focus.
Prevent, Detection, & Recovery
When it comes to securing data and making sure your organization is prepared for a cybersecurity incident, Nutanix’s philosophy is: prevent, detect, and recover.
Prevention:
Prevention, above all else, is the most ideal solution for keeping an organization’s security posture in good standing. Attacks often start with phishing through email or malicious web pages, but there are a number of best practices that SLED organizations can take to prevent these occurrences.
- Enforce strong password policies and use tokenized access management controls as well as multi-factor authentication for various types of access.
- Block malware spread with network microsegmentation.
- Use and maintain endpoint protection/antivirus to block malware.
- Regularly train employees on cybersecurity awareness.
- Leverage object storage with write once read many (WORM) features for backup images and other important data to protect data integrity and block encryption by ransomware.
- Critically analyze and scan the patchwork of vectors in data centers to monitor for continuous updates to areas susceptible to attacks.
Prevention must also take place within an organization’s datacenters. Zero Trust Architecture (ZTA) was created to aptly meet the needs of the modern datacenter infrastructure against sophisticated cybersecurity threats. Organizations can no longer just rely on perimeter-based network security with the disparate nature of IT infrastructure that exists today. Nutanix® technologies can help to improve security posture to align with your organization’s ZTA approach.
Though some of these implementations to support ZTA can be difficult to accomplish, Nutanix offers multiple solutions to assist with prevention. Nutanix Hyperconverged Infrastructure (HCI) makes managing these best practices easier while simplifying storage and virtualization.
- Nutanix AOS™ and Prism® Management - The Nutanix AOS infrastructure software is hardened and secured using industry best practices and has built-in auditing and remediation for standard configurations. Nutanix conforms to RHEL 7 Security Technical Implementation Guides (STIGs) that use machine-readable code to automate compliance against rigorous common standards. With Nutanix Security Configuration Management Automation (SCMA), you can quickly and continually assess and remediate your platform to ensure that it meets regulatory requirements.Prism Central adds RBAC for HCI storage and virtualization, and supports Identity and Access Management (IAM) and multi-factor authentication.
- Nutanix AHV® and Flow™ Microsegmentation - Adopting the Nutanix AHV® hypervisor with Flow microsegmentation extends the above secure configurations and audits to the hypervisor layer. Flow provides network and application segmentation for virtual machines, which can limit the spread and impact of a ransomware infection.
- Nutanix Objects™ - To support the prevention of data lock by ransomware, the Nutanix Objects™ storage solution can create immutable storage buckets in WORM mode for key data and backup images.
Detection:
Sometimes these best practices can be missed which could inadvertently cause a vulnerability. To prevent this, a strategic detection operation to catch threats before they can cause extensive damage can be leveraged. Some suggestions to support this are:
- Leverage layer 7 threat detection tools like intrusion detection and prevention systems (IDS/ IPS) to identify spurious network activity.
- Use a consolidated security information and event management (SIEM) solution with real-time analysis of security events and logs and, if possible, orchestration capabilities.
- Employ network honey-pots to augment detection capability.
- Leverage anomaly detection tools for resource usage and storage activity.
Nutanix offers an array of detection solutions that your organization can implement to better understand where a threat is coming from. These can help your organization understand where a threat is penetrating and what you may need to do about it. Some of the most helpful Nutanix Solutions are:
- Nutanix AHV and Flow Service Insertion and Chaining - To facilitate the use of virtual IPS/IDS or other network-based threat intelligence tools, Nutanix AHV and Flow support policy-based service insertion of network security and threat awareness tools from several Nutanix ecosystem partners.
- Files Analytics, Nutanix Prism Ops, and X-Play - The Nutanix Prism® Ops management console provides insights and analytics that can alert on resource utilization anomalies. The Nutanix Files™ storage solution includes an intelligent analytics engine that provides insights into file share activity and anomalies. When combined with the codeless automation of X-Play, alerts and events can trigger security operations to help avoid a potential ransomware issue.
- Security Information and Event Management (SIEM) - SIEM is a recommended best practice for early detection of malicious activity and easily scales with your security needs, allowing you to store transactional hot data on our high-performance HCI storage, and place cold data on our S3 compliant object-store, Nutanix Objects.
Recovery:
Once an attack is underway and the weak spots have been breached, it’s time to think about recovery. Though many organizations have a recovery plan, here are some best practices you should be mindful of:
- Create snapshot and replication plans to match your business recovery objectives.
- Replicate data to one or more locations as part of a business continuity and disaster recovery (BCDR) plan.
- Follow the 3-2-1 rule for backup, which is to keep:
- At least three (3) copies of your backups
- Two (2) backup copies on different storage media
- One (1) of those copies should be located offsite
- Use automation and frequently test recovery to ensure quick and reliable results.
When using the Nutanix platform, be assured that it includes built-in Disaster Recovery (DR) to help you create the best Business Continuity & Disaster Recovery (BCDR) plan after a cyberattack.
- Nutanix AOS - Starting with native snapshots for VM and file services and flexible replication options, AOS also includes comprehensive runbook automation and recovery options to meet any recovery SLA.
- Leap™ - The Nutanix Leap™ solution is a cloud-based disaster recovery service with easy setup and SLA configuration with failover, failback, and recovery plan testing.
- Nutanix Mine™ for Backup - Leverage the availability and data protection of Nutanix as a target for your backup data. The Nutanix Mine™ product is a turnkey secondary data backup and archiving solution powered by Nutanix platform partners. Since Mine uses the power and performance of the underlying Nutanix Distributed Storage Fabric, backup and recovery times can be minimized, which shortens downtime and required backup windows.
Nutanix Solutions: Key to Security Posture
Nutanix offers SLED customers one of the most important aspects of any service: Simplicity. Additionally, with certifications such as Common Criteria EAL 2.0, , FIPs, the DoDIN Approved Products List, and ISO 27001 and 27701, , Nutanix continues to provide trusted compliance standards for its customers. With the help of the Nutanix technology and exercising various prevention, detection and recovery techniques, SLED organizations can leverage the Nutanix solutions to support the delivery of rapid results.
View our free resource to learn more about how Nutanix solutions can help your agency improve its security posture and support mission success.
© 2022 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.
This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.