Scaled-out, distributed applications are made up of a large number of application instances. These application instances have their own data in cache and memory of a processor on which these applications run. A large number of such application instances communicate with each other and process data in parallel to create an aggregate output.
These types of scaled-out applications are extremely vulnerable to application breaches, data thefts from cache and memory by scraping, and other methods of illicitly obtaining data from the applications, cache, and/or memory. In data centers which cater to important applications and data types, such as Personally Identifiable Information (PII), Payment Card Industry (PCI) data, medical information that falls under Health Insurance Portability and Accountability Act (HIPAA), military and Government critical tasks, any application and/or data breach is very destructive and expensive to contain and/or resolve. Therefore, it is beneficial to attempt to prevent such breaches.
Typically, application security in data centers is attempted by applying policies and rules at various levels using security appliances installed in the data center. However, in spite of providing layers of security appliances to create a security perimeter around the data center, malware and malicious software still enters inside the servers in the data center to steal data and attack applications.
In most cases of data breaches, data and application instances that utilize flows in the East-West (E-W) direction, i.e., communication between servers and application instances inside of the data center, are attacked. This is different from North-South (N-S) flows which are protected by conventional data security appliances. Since the edge of the data center where all the servers are connected is considered the safest place, many times, applications communicate with each other in clear data without protecting the data. A huge amount of data is shared across applications and application tiers in the E-W direction within the data center.
End point protection agents (EPPAs), such as those produced by INTEL's MCAFEE, SYMANTEC, KAPERSKY, etc., run on end points, hosts, or servers and monitor local security of the host or server. Each EPPA provides security through various built-in mechanisms, e.g., firewalls, antivirus applications, signature matching, etc. They also look at every executable file downloaded on the host or server and attempt to protect the operating system's registry key database and other important configurations which are crucial for secure functioning of the host or server. As part of its functionality, the EPPA also scans the hard disk or other direct access storage device (DASD) to look for the presence of unexpected programs. Using all of the above processes, EPPAs prepare a comprehensive report and a conclusion about the host or server they are installed on. When any abnormality, exception, etc., is found on the host or server, the EPPA attempts to fix the problem or flags the issue to the host or server owner.
However, all the applications which are running on that host or server are completely unaware of the underlying security profile or situation of the host or server, as the EPPA does not report such information to the applications. Even though the EPPA may find multiple security anomalies and risks associated with the host or server, the applications keep on running as if it is completely safe to do so. Therefore, any confidential or sensitive data used by the applications is still kept on the host or server.
Moreover, the security situation of one host or server is not known to the any other host or server in a data center or cluster, and thus any scaled-out applications running on multiple hosts or servers are exposed to whatever is affecting the one host or server, such as malware, which may lead to widespread application and data breaches. Various applications which run on different hosts or servers in the data center and exchange sensitive data with each other do so without the awareness of the one server's security profile, thereby potentially losing important, sensitive information to malware, such as PII, PCI data, HIPPA records, etc.