Richard Feynman, the American theoretical physicist, talked about the difference between knowing the name of something and knowing something. He described a conversation he had with his father:
“See that bird? It’s a brown-throated thrush, but in Germany it’s called a halsenflugel, and in Chinese they call it a chung ling and even if you know all those names for it, you still know nothing about the bird—you only know something about people; what they call that bird. Now that thrush sings, and teaches its young to fly, and flies so many miles away during the summer across the country, and nobody knows how it finds its way.”
As Feynman explained, in science, the best way to learn about something is to take it apart. I consider this an excellent analogy to our work at NSS Labs testing data center security products. While there are many products on the market today that carry the name “data center security,” we can’t know if they are what they purport to be until we take them apart.
In order to understand data center security products and evolve our test methodology (i.e., how we will take the products apart), we have to understand the current environmental and operational realities of these products.
Earlier this year, we conducted the 2018 NSS Labs Data Center Security Study, the aim of which was to gather information on how organizations are using security technologies to protect their data centers; which technologies they are deploying; in what form these technologies are being deployed and where they are being deployed. It also aimed to determine the volume and composition of data center traffic as well as establish what performance factors enterprises consider most important.
The study was part of a quantitative, two-arm study conducted through a survey of 141 role-verified IT security professionals with a minimum of three years in role. Qualified respondents were employed full time at organizations with a minimum of 500 employees and actively managed the security technologies used to protect their data centers.
Results reinforce the canon that there is no one-size-fits-all when it comes to security architecture; however, some interesting commonalities were observed. For example, the majority of respondents reported their organizations deploy anti-malware agents, web application firewalls, and stateful firewalls to protect their data centers (90+% of study respondents reporting across all verticals), with DDoS appliance/services and intrusion prevention systems also quite common (80+% of respondents reporting across all verticals).
Another interesting finding was that more than 70% of study participants reported their data center security capabilities were cloud-delivered, and more than 50% indicated their organizations still deploy physical appliances on premises dedicated to data center security.
The report also includes data on the types of threats detected at data centers (e.g., HTML injection was the most frequently reported), how often these threats were detected, and respondents’ organizational priorities for remediating those threats.
Our study provided us with valuable insights into data center security products and their environments. And, much like the brown-throated thrush, we found that the environment a data center security product resides in can significantly influence its behavior. We hope you will find this data as useful as we did in learning about data center security.
Will Fisher is a Senior Research Analyst at NSS Labs and holds a PhD in experimental psychology. He has worked for NSS Labs for the last two and half years performing and analyzing qualitative and quantitative research into enterprise IT security.
1 Feynman, R. P. (1969). What is science? The Physics Teacher, 7(6), 313-320.