East-West data center security & visibility
Act As if You’ve Been Breached
The June 2018 SANS Institute reported that:
Of businesses have reported a breach in the past year.
Of businesses have admitted to not knowing if they’ve been breached.
Of businesses claim they’ve not been breached in the past year, or they just don’t know it yet.
Which of the above categories does your business fall under?
Knowing what you’re protecting is half the battle. Our solution leverages the NIC to enumerate all your production traffic flows in all your servers easily, and seamlessly. You may even discover applications and flows you didn’t know existed.
Imagine a hardware firewall in every server that is centrally managed with policies that ONLY allow individualized access to the server.
Servers would ONLY respond to requests for access from authorized clients and ONLY on authorized ports that align with the policies for that specific server.
Every server in your network is both cloaked and a honeypot at the same time. Attempts to enumerate your server architecture result in a storm of alerts to your administrators immediately warning them of an attack in progress. Also, zero actionable details are returned to the attacker so they have nothing to build on.
Servers inside the data center are becoming more vulnerable to internal east-west attacks from other compromised user workstations or servers. Nearly 90% of all enterprise network traffic occurs within the data center. Applications create a volume of traffic which is astronomical and growing exponentially. Data centers are the new bank vaults, and make an attractive target for devious and persistent attackers looking to steal your companies most valuable secrets.
ServerLock secures your data centers one server at a time, using the NIC hardware itself. Solarflare provides the industry’s first Software Defined NIC with built-in hardware fire-walling, and security policy orchestration for every server in your enterprise. ServerLock discovers every application data flow within your network and enforces security policies that enable valid business transactions, while shutting down malicious attacks.
- Centralized security policy management made easy with automated support for flow discovery and application level network segmentation
- Agentless, physical solution executing entirely in hardware
- Transparent to attackers on all but the production ports
- Audit-ready, and audit trail for compliance validation is easily available
- Dramatic reduction in risk – provides a single point of access compared to 1,000 attackable servers
- Inherently scalable architecture makes it possible to secure every packet, on every server in real-time
- Tamper resistant, with resilient hardware implementation with no host software to attack
- Implement unique whitelist or blacklist filters per local IP address
- Filter millions of headers every second, deciding whether to allow or drop each packet
- Filter for IP address, port number, IP protocol and Ethernet protocol
Filter on IP address subnets
- Supports 5,000 filters and 1,000 counters
- Low latency data path – filtering adds less than 250ns
- Allows separate filtering for TCP client and TCP server applications (to support “Established” firewall rule semantics)
- Isolate a server by switching quickly to an alternative rule set
- Manage security policies for the network, breaking down policies into individual firewall rules
- New application flows are discovered and reported
- Secure binding of network adapter cards to ServerLock Manager establishes an encrypted control channel
- User alerts
- Security event management
- Bare-metal, containers and virtualization configurations supported
- Driver support for Linux, Windows, VMware, KVM and Hyper-V
- Compatible with other Solarflare products, including Onload, TCP Direct and
- Precision Timing Protocol software
- Runs on SFN8000 series network adapters and beyond