Application Delivery Controllers (ADCs) were once ubiquitous hardware-based appliances seen in data centers for the sole purpose of load balancing. However, this role has changed and the use of ADCs has expanded beyond their original purpose in an effort to keep up with the needs of the today’s IT pros.
The result is that ADCs now operate in a much less narrow function. According to collaborative research by Radware and the Enterprise Strategy Group (ESG), the current and future utilization strategies of ADCs is evolving and part of this evolution is an ADC’s role in the security strategy of a data center. Based on a research survey of more than 200 IT professionals, enterprises both large and small are now using traditional load balancers for network-level security tasks such as firewalling and network segmentation. But why make ADCs another layer of network defense?
Research Indication: ADCs are Increasingly Playing a Key Role in Data Center Security
Research findings show that many additional ADC features and capabilities are being used by organizations for purposes ranging from monitoring and acceleration to security functions.
More than fifty percent of respondents also felt that it is extremely likely or somewhat likely that a cyber-attack could penetrate the network perimeter defense, essentially leaving the ADC as the last line of defense.
Translation – If a cyber-attacker manages to penetrate through the data center’s first level of defense and reach the application’s ADC, they have an opening to try to find a vulnerability in that application. Assuming the security team has done a good job at defining the security policy on the ADC’s WAF function, this specific application may remain safe, for now. But the hacker is still passed the perimeter defenses, free to try and find additional vulnerability points in that application or in another application within that data center.
Why Using ADCs as Last Layer of Defense is Not Good Enough
At the perimeter of the data center, one will find defense tools at the network level (such as firewalls, DDoS protection systems, IPS/IDS solutions, etc.), as this makes a lot of sense. Logically, you also put the application-oriented protection systems such as the WAF closer to the applications, with dedicated devices and optimized security policy per application. This layered security approach for defending the applications in the data center, however, is far from perfect.
Adding more security layers to the data center and its applications will improve the level of protection per application, but there must be a tighter level of cooperation between defense layers to ensure attackers remain outside the data center. This is regardless of which layer of defense has detected an attack or security breach. For example, if the ADC’s WAF module detects an attack on an application, it should immediately send this information to the data center’s perimeter defense systems, with a detailed network layer signature of the attack source. This communication will aid in blocking any subsequent attack attempts from that source.
The result of such necessary communication is increased security for that specific application, but also for the other applications in that datacenter, which could have been the next attack target. Once attack traffic is blocked at the data center’s perimeter, the result is improved application service levels. The offloading of attack traffic from the data center and application infrastructure then allows for faster and smoother service to be maintained or restored to legitimate users.
To meet SLAs, enterprises must have efficient and safe network infrastructure. ADCs can assist some of those requirements as their capabilities adapt to the needs of today’s IT world, but they offer only one layer of defense. Secure networks need communication between the multiple defense layers to keep a network safe and while ADCs may be used for their security defenses more often these days, they do not offer robust enough protection to be considered a last line of defense.