Gartner is recommending remedial action for stealth cyber-attacks that would have been unthinkable before virtualisation took over the data centre.
The problem with an advanced persistent threat (APT) or targeted malware is that there is no discernable signature and the attackers move towards their goal with all of the care and attention that a sapper takes when defusing a bomb. This makes the attack extremely difficult to detect and, as the miscreants improve their techniques, the attack may be over before it is detected.
“New approaches, such as systematic workload reprovisioning, are needed to counter these advanced threats, and will require fundamental shifts in the way security professionals think about the ongoing security and management of server and desktop workloads,” said Neil MacDonald, vice president and Gartner fellow.
The principle is not new. Remediation of some serious antivirus attacks have forced the victim to go back to basics and reload the operating system and reprovision the infected systems from scratch. Gartner analysts are now recommending an updated version of this as a guard against undetectable attacks.
The process they recommend takes some thinking through. In some cases, an application running in a virtual instance remains unchanged throughout its lifecycle. Once configured and stored, the instance can be reloaded and brought online with no effect on the overall running of the process involved.
In other cases, the software may be updated as filters or rules are added and modified. These would have to be reflected in the base image files.
Gartner predicts that by 2016, more than 20 percent of enterprises will adopt a SWR strategy for high-risk, server-based workloads, and more than 60 percent of enterprises will adopt a SWR strategy for hosted virtual desktop workloads.
The company admits that workload reprovisioning is not a new concept but adds that proactive and systematic workload reprovisioning is.
“With SWR, the process of restoring workloads back to high-assurance states becomes the norm, not the exception, and it will become an automated, not manual, process,” Gartner said. “By periodically resetting workloads back to a high-assurance state, information security professionals proactively remove deeply rooted malware from the system, making it nearly impossible for advanced intrusions to persist, and minimising the dwell time of undetected intrusions.”
“Although the principle behind SWR is straightforward, the change in mindset is significant” MacDonald argued. “With an SWR strategy, workloads in production are not trusted and are considered compromised. With today’s advanced threat environment, we must adopt this change in thinking and adjust our security and operational strategies to reflect this.”
He added that he believes systematic reprovisioning from high-assurance repositories will become an accepted strategy for protecting high-risk workloads during the next five years.
Further details are provided in two Gartner reports: as a high-level view in Systematic Workload Reprovisioning as a Strategy to Counter Advanced Persistent Threats: Concepts and a deeper look in Systematic Workload Reprovisioning as a Strategy to Counter Advanced Persistent Threats: Considerations.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…