How Zero-trust Micro-segmentation Strengthens Cybersecurity Defense

Cybersecurity is a battlefield—one that is changing fast, with mobile workforces, remote devices, and access and data everywhere. The IT landscape doesn’t look like it did even five years ago. The perimeter is less defined and larger than ever. There are more attack vectors, more vulnerabilities and more exploits than ever before.

Organizations of all sizes face the growing challenge of securing contemporary business models, infrastructures, and user experiences in the face of these continuously evolving threats directed at every area of the business. These challenges are further complicated by legacy architectures and systems, some stretching back into designs that have not, and could not, be changed for decades.

Defending your assets and addressing threats is now an everyday concern. A good military strategy starts with the fundamentals, and cybersecurity is no different. Protecting your assets, network, workloads and user population requires vigilance and a focus on core infrastructure security controls. A successful strategy for securing data and minimizing incident damage brings all available tactics into play.

“The supreme art of war is to subdue the enemy without fighting.” – Sun Tzu, The Art of War

Secure infrastructure is your first line of defense

Shifting infrastructure security practices from an aging mindset towards more agile architecture and modern methods will help you more effectively manage current threats with effective policies, processes and technologies.

Traditional network segmentation using firewalls, virtual local area networks (VLAN) and access control lists continue to be part of the arsenal in managing today’s increasing traffic. But there’s also a key security control available on modern networks that provides security down to the workload and is also used within the zero-trust security model—micro-segmentation.

Unlike network segmentation, which uses hardware to segment the north-south traffic of a physical network, micro-segmentation is software-based and segments east-west traffic of a virtual or overlay network. The growing use of hybrid cloud environments means that nearly 75% of your enterprise traffic likely flows east-west. With the traditional perimeter dissolving, micro-segmentation helps you create boundaries within this traffic to enable better security controls.

Micro-segmentation allows easier deployment, more granular results

Micro-segmentation provides more granular portioning of traffic to decrease network attack surfaces. By providing greater control over lateral communication—the traffic that occurs between servers and bypasses perimeter-focused security tools—micro-segmentation allows IT teams to set custom security settings with policies. These policies can be used to limit application flows between workloads to only those that are explicitly permitted. If a breach does occur, the attacker’s ability to do lateral exploration of the network is limited.

Because micro-segmentation software is not tethered to hardware, both deployment and movement of devices and workloads are simplified. Policies can move with an application if the network is reconfigured, even if it moves across domains. Because there is a need for both north-south and east-west protection, micro-segmentation should be implemented alongside a strong network segmentation strategy. With the right mapping, it’s also possible that your network segmentation policy can be centralized, and the number of firewall rules reduced.

Visibility needed for mapping workloads, environments and applications

Effectively mapping workloads, environments and applications requires good visibility into data center flows to help establish what you need to segment. The experts of Sirius’ dedicated Security practice can help you with architecture and design assessments to provide visibility into those flows so you can understand precisely what you need. We work with you to consolidate rules and access-control lists, and to translate them into policies that can be enforced across distributed environments so you can ensure better network security.

If you’re ready to reinforce your first line of security defense, contact the Security team at Sirius today. We have the expertise and technology partnerships to help you harness the benefits of enabling zero-trust micro-segmentation.

By |2020-03-23T11:29:35-05:00March 25th, 2020|Blog|Comments Off on How Zero-trust Micro-segmentation Strengthens Cybersecurity Defense

About the Author:

Russ Staiger is a Sr. Solutions Architect, Security at Sirius.