It’s no secret that the threat landscape is more dynamic than ever before. Breaches are happening every day. As business-critical applications traverse traditional network boundaries, traditional security measures can no longer achieve adequate protection and agility.
Rob Van Es, Illumio’s APAC Vice President puts security segmentation under the microscope for everything security professionals need to know.
What is security segmentation?
Micro-segmentation refers to the process of separating things (such as your network) into finer levels of granularity. Security segmentation, more specifically, is about segmenting for primarily security purposes, such as protecting things by ringfencing them, preventing lateral movement to limit the spread of breaches inside an organisation, and controlling user access to workloads to limit exposure and control unnecessary risk.. Beyond the above, the practice of security segmentation has a number of advantages when it comes to minimising the impact brought on by attackers.
Most organisations realise that defending the perimeter is hard when that perimeter is constantly changing. So, like Sun Tzu, our adversaries are changing tactics and striking where we are weakest: low priority areas of our network. Once an attacker finds a single point of entry, it is often easy for them to move laterally through an environment, wreaking havoc (mostly undetected) as they set their sights on the ultimate prize: complete and total access to high-value assets.
Security segmentation was developed in response to this new (and rapidly expanding) type of threat. Think of it like a submarine: when the hull is damaged, watertight doors on either side of the section are sealed, and so the flow of water is limited. This allows the submarine to continue, instead of sinking.
Why it’s gaining momentum
In a nutshell: security segmentation is gaining momentum because it allows organisations to isolate a potential threat. Security professionals are faced with the dilemma of selling security and peace of mind… whilst also recognising it’s not ‘if’ but ‘when’ their organisation will be breached. Having the ability to minimise and contain a breach for these scenarios is absolutely critical.
There are varying reasons for security segmentation (e.g. application, environmental, vulnerability-based, etc.), which are flexible and allow for any combination of them to secure a whole network. Essentially, the strategies all work to compartmentalise the high-value areas of a network (the ‘crown jewels’) away from the low-value areas, which is where potential intruders would target first as an entry point.
So, what is your best defense?
Your best defense will always be a risk management strategy that focuses on preventing the spread of a breach. By gaining access to one workload, an attacker shouldn’t have access to your entire enterprise. A security professional needs to understand their environment better than any potential attacker. Given the complexity of many environments, this will require you to choose providers who can help map your environment and provide reporting functionality. This will be the foundation of an adaptive security strategy.
Traditional security solutions were built on static constructs such as perimeter firewalls, traffic that never left the data centre, and applications weren’t breached. With modern networks being dynamic and distributed, and new workloads constantly created and destroyed, agility is absolutely key. Static solutions don’t cut it anymore.
Adaptation is key
Our nation’s oldest and largest private electrical contractor, Stowe Australia, had a significant challenge when it came to security. Founded over a century ago to replace gaslights with electricity for their clients, the company now constructs cutting-edge “Smart” buildings with IoT elements and provides data centres and other communications solutions for the Global 100.
Just as its core mission had grown over time, so had its security needs.
It saw that the security challenge was in finding technology that could prevent the spread of “malware epidemics” designed to move laterally inside a data centre towards valuable targets. It could also critically self-assess and accept that a breach was inevitable, even with its cutting-edge security technology creating a very effective perimeter. The change in attacker tactics was a threat it adapted to rather than try to simply overcome.
Stowe is now utilising an easy-to-implement solution that prevents the spread of breaches by segmenting data centre and cloud environments. Stowe is an organisation that is built upon adaptation, which is why it survives.