October is cyber security awareness month. As a part of it, we’re focusing on Microsegmentation Day, taking place on October 6th (10-6). What the heck does that mean? Why is it important? If the security industry could do microsegmentation properly we wouldn’t have Ransomware. It’s literally a panacea but has been extremely difficult to implement. In fact, it's so important we think everyone in cyber should get the word “Microsegmentation” tattooed somewhere. Anywhere.
In today’s data-driven, hybrid environment is an increasing target for hackers and microsegmentation is regarded as a key defense mechanism against stealthy attacks and data breaches. Microsegmentation is based on the Principle of Least Privilege, which establishes that every module in the environment (such as a process, a user, or a program, depending on the subject) should only be able to access the information and resources necessary for legitimate purposes. It is the fine-grained control and the Principle of Least Privilege which make microsegmentation far more effective as compared to traditional network segmentation. In a multi-cloud environment, this translates into each workload only being permitted to make connections necessary to accomplish its tasks and is typically implemented through basic ACLs (access control lists).
However, ACL-based controls alone are not enough to secure all layers in the protocol stack. Virtualization and cloud coupled with workloads moving around continually have created a visibility challenge for security teams making it very necessary to enhance microsegmentation with a full spectrum of strong policy enforcement controls. Security teams need to be able to not only detect and block attackers but also to learn the identity and techniques being employed by attackers to be better prepared for future attacks.
While microsegmentation is increasingly viewed as an ideal approach, there are a few factors that have hindered the adoption of microsegmentation technologies to date:
- Many solutions do not work uniformly across a cloud and on-prem as well as clients and server environment which then requires leveraging different approaches and toolsets to cater for each environment / type of asset.
- Many of the solutions are not scalable and require manual rule creation per protected asset.
- Fears of upfront large investments and expert knowledge requirements.
But should advances look like to make microsegmentation significantly easier?
- Adoption of mobile technology. Multi-factor authentication (MFA) has become a ubiquitous capability promulgated even in the consumer realm. Google as well as any reputable bank deploy MFA to ensure account security. By sending a code to a phone, MFA easily restricts access without hampering experience. MFA enables segmentation across your entire network by applying just-in-time privileged access with self-service MFA to apply security for abnormal activity, privileged users or anytime extreme security is required. MFA everywhere extends pervasively to every asset in the organization for all applications with no incremental software or infrastructure rewriting.
- Leverage AI to automate and orchestrate microsegmentation. Enterprises are dynamic with changing employees, organizations and technical infrastructure. Any modern approach must leverage machine learning to identify connection patterns, protocols and ports that are being used in a non-intrusive manner. The results of this discovery process form the foundation of the Principle of Least Privilege, which is key to the creation of microsegmentation policy.
Microsegmentation, when done right, uniquely enables a secure enterprise environment. However, orchestration and automation are essential for achieving a uniform approach to microsegmentation and also ensuring the Principle of Least Privilege.