The use and protection of legacy in the modern world

Inherited infrastructure is still an important part of enterprises in many industries: in medical organizations that still use Windows XP, in Oracle databases that run on old Solaris servers, in various business systems. applications that require Linux RHEL4, and ATMs with versions of Windows that were outdated ten years ago. It even happens that many organizations still use legacy servers on Windows 2008 systems.

Inherited infrastructure is very common in data centers, especially for large enterprises. For example, you can often find that older computers with the AIX operating system perform critical operations on processing large amounts of transaction data at banks or endpoints, such as ATMs, medical devices, and terminal systems for shopping. often used operating systems whose service life has long been expired. Upgrading applications used in this infrastructure is a constant and difficult process that usually takes years.

Insecure legacy systems compromise your data center

The organization’s risk associated with improper protection of legacy systems is very high and goes beyond the workloads of these systems. For example, an unpatched device running Windows XP can be easily used to access any data center. Earlier this month, we received a reminder of this risk when Microsoft released a security update for a serious vulnerability in a system that allowed remote code execution in older operating systems, such as Windows XP and Windows Server 2003.
')
If attackers gain access to such an unprotected machine (which is much easier than hacking into a modern, well-patched server), they can access the network directly using lateral movements. As data centers become more and more complex, expanding to the possibility of using public cloud storage servers and using the latest technologies such as “containers”, the risk of hacking increases. The interdependencies between different business applications (legacy and none) are becoming increasingly complex and dynamic, which makes it difficult to manage traffic models from a security point of view. This gives attackers more freedom to move unnoticed through the various parts of the infrastructure.

Old infrastructure, new risk

Inherited systems have been with us for years, but the security risks they pose are constantly increasing. As organizations go through the digital transformation process, upgrade their infrastructure and data centers, migrate to hybrid cloud storage systems, attackers have more opportunities to gain access to critical internal applications.

A locally installed business application in an inherited system that was once used only by a small number of other locally installed applications can now be used by a large number of both local and cloud applications. The use of legacy systems with an increasing number of applications and environments increases the area for potential hacking.

So the question is, how can we reduce this risk? How do we preserve the security of legacy, but still business-critical components, while ensuring that new applications can quickly be used in a modern infrastructure?

Risk identification

The first step is to correctly identify and quantify risk. Using existing inventory systems and so-called "tribal knowledge" is probably not enough - you should always strive to get a complete, accurate, and current view of your environment. For legacy systems, getting the right information can be particularly challenging, since knowledge of these systems within an organization tends to decline over time.

The security team should use a good analysis and visualization tool to provide a plan that will have the answers to the following questions:

1. Which servers and endpoints run legacy operating systems?
2. What environments and business applications are these workloads?
3. How do these workloads interact with other applications and environments? Which ports? Using what processes? For what business purpose?

Answering these important questions is a starting point for reducing your security risks. They show which workloads pose the greatest risk to an organization, which business processes can be damaged during an attack by attackers, and which network routes can be used by attackers during lateral movement between legacy and non-legacy systems through cloud storage and data centers. Users are often surprised when they see unexpected data streams coming to their inherited machines and when data is suddenly sent, which leads to more questions about the state of security and risks.

A good tool for analysis and visualization will also help you identify and analyze systems that need to be moved to other environments. Most importantly, a visual flow of information map allows you to easily plan and use a strict segmentation policy for these resources. A well-planned policy significantly reduces the risk to which these older machines are exposed.

Risk reduction through microsegmentation

Network segmentation is widely used as a cost-effective way to reduce risk in data centers and cloud storage. In particular, using micro-segmentation, users can create a rigid modular security system policy that significantly limits an attacker's ability to lateral movement between workloads, applications, and environments.

When working with legacy infrastructure, the value of a good tool for analysis and microsegmentation becomes even clearer. Old segmentation methods, such as “VLAN”, are difficult to exploit, and they often put all similar legacy systems in one segment, leaving the entire group open to attack in the event of a single hack. In addition, gateway rules between legacy “VLAN” networks and other parts of the data center are difficult to maintain, leading to overly permitting policies that increase the overall risk. With proper visualization of both legacy and modern workloads, the security team can plan a server-level policy that allows only narrowly specific flows between legacy systems, as well as between legacy and more modern environments.

Coverage boundaries are key.

When choosing a microsegmentation solution, make sure that the solution you choose can be easily used across your entire infrastructure, that it will cover all types of workloads in data centers or cloud storage. By segmentation of modern applications, leaving outdated systems without attention, you leave a big breach in the security of your infrastructure.

Personally, I believe that security providers must take on the task of reaching the entire infrastructure in order to be able to help their customers cope with this growing threat. Although some vendors focus only on modern infrastructure, abandoning support for older operating systems, I believe that good and advanced security platforms should cover all the spectrum of infrastructures.

Overcoming the challenges of legacy systems

Inherited systems are a unique problem for organizations: they are critical for business, but more difficult to maintain and not properly protected. As organizations move to hybrid cloud storage and get an extension of the area for possible attacks, special care must be taken to protect legacy applications. To do this, the security team must accurately designate inherited servers, understand interdependencies with other applications and environments, control risks by creating a strict segmentation policy. Leading micro-segmentation providers should be able to cover the maintenance of legacy systems without sacrificing the capabilities of any other type of infrastructure. The Guardicore Centra platform provides the ability to analyze, visualize and microsegmentation of the entire infrastructure, old and new, relieving you of the burden of processing blind spots.