By Will Fisher
Richard Feynman, the American theoretical physicist, talked about the difference between knowing the name of something and knowing something. He described a conversation he had with his father:
"See that bird? It's a brown-throated thrush, but in Germany it's called a halsenflugel, and in Chinese they call it a chung ling and even if you know all those names for it, you still know nothing about the bird—you only know something about people; what they call that bird. Now that thrush sings, and teaches its young to fly, and flies so many miles away during the summer across the country, and nobody knows how it finds its way."1
As Feynman explained, in science, the best way to learn about something is to take it apart. I consider this an excellent analogy to our work at NSS Labs testing data center security products. While there are many products on the market today that carry the name “data center security,” we can’t know if they are what they purport to be until we take them apart.
In order to understand data center security products and evolve our test methodology (i.e., how we will take the products apart), we have to understand the current environmental and operational realities of these products.
Earlier this year, we conducted the 2018 NSS Labs Data Center Security Study, the aim of which was to gather information on how organizations are using security technologies to protect their data centers; which technologies they are deploying; in what form these technologies are being deployed and where they are being deployed. It also aimed to determine the volume and composition of data center traffic as well as establish what performance factors enterprises consider most important.
The study was part of a quantitative, two-arm study conducted through a survey of 141 role-verified IT security professionals with a minimum of three years in role. Qualified respondents were employed full time at organizations with a minimum of 500 employees and actively managed the security technologies used to protect their data centers.
Results reinforce the canon that there is no one-size-fits-all when it comes to security architecture; however, some interesting commonalities were observed. For example, the majority of respondents reported their organizations deploy anti-malware agents, web application firewalls, and stateful firewalls to protect their data centers (90+% of study respondents reporting across all verticals), with DDoS appliance/services and intrusion prevention systems also quite common (80+% of respondents reporting across all verticals).
Another interesting finding was that more than 70% of study participants reported their data center security capabilities were cloud-delivered, and more than 50% indicated their organizations still deploy physical appliances on premises dedicated to data center security.
The report also includes data on the types of threats detected at data centers (e.g., HTML injection was the most frequently reported), how often these threats were detected, and respondents’ organizational priorities for remediating those threats.
Our study provided us with valuable insights into data center security products and their environments. And, much like the brown-throated thrush, we found that the environment a data center security product resides in can significantly influence its behavior. We hope you will find this data as useful as we did in learning about data center security.
The NSS Labs Enterprise Architecture Research Group’s mission is to provide research and advisory services that are accurate, reliable, and actionable. The NSS Labs 2018 Security Insight Study can be found here and includes results from both the NSS Labs 2018 Data Center Security Study and the NSS Labs 2018 Encryption Study. Stay tuned for our blog on the encryption study. If you wish to discuss data center or encryption security, we’d love to speak with you. Email us firstname.lastname@example.org and reference this blog.
Will Fisher is a Senior Research Analyst for the NSS Labs Enterprise Architecture Research Group (EARG), whose charter is to help enterprises solve security challenges. Will is a research scientist who holds a PhD in experimental psychology and has worked for NSS Labs for the last two and half years performing and analyzing qualitative and quantitative research into enterprise IT security.
1 Feynman, R. P. (1969). What is science? The Physics Teacher, 7(6), 313-320. Full text available here.
TAGS: EARG, Data Center Security, Security Insight, Primary research, SSL/TLS
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.