Microsegmentation

Microsegmentation Unpacked in 15 sentences (+ bonus video)

Published February 26, 2024 by Ronit Wolf

Most of today’s security executives agree that one of the root causes of successful cyberattacks – overly open networks – is cured with microsegmentation, which effectively prevents attackers from moving laterally, thwarting the attack in its tracks.

But most only have experience with legacy microsegmentation solutions – difficult to deploy and scale, often taking longer than the tenure of a CISO - and have yet to discover the simplicity of automated, agentless, MFA-enabled microsegmentation.

Let’s get up to speed on microsegmentation via either this 15-sentence blog (this is sentence #3 already), or the below short video from our Director of Customer Engineering EMEA, Pieter Wigleven, speaking about this at Blackhat Europe last year.

Lightning Tour of The Evolution of Network Security

Traditional Firewalls (1990s)

Network security truly began with the implementation of perimeter firewalls, which served as a protective barrier between an organization's internal network and the outside/ the internet.

But its effectiveness quickly proved insufficient to address the evolving challenges in network security – the reality of insider threats, dynamic and decentralized modern network environments, and increased sophistication of cyber threats (among others).

Segmentation (2000s)

The evolution into segmented firewalls (aimed at segmenting groups, departments, floors, etc.) marked an improvement over perimeter firewalls by preventing an attacker from compromising the entire network if a single asset was breached, thereby significantly diminishing the blast radius. If an attacker succeeded in getting into a segmented firewall, they could only spread to the assets in that segment. But it did not solve the core issue: attackers could still spread laterally.

(Legacy) Microsegmentation: Put a Firewall on Every Asset (2010)

Along came the big promise of microsegmentation, which essentially envelops each and every asset (no matter their location or type) with an enterprise-grade firewall, so if one asset is compromised the attacker is confined to that specific asset and cannot move anywhere else.

Segmenting every asset via legacy microsegmentation though proves extremely challenging and impossible to scale, requiring not just agents, but an army of engineers for the long, tedious task of manual rule creation. Additionally, static server-to-server segmentation compounds the difficulty by lacking just-in-time multi-factor authentication for dynamic and privileged user access.

Our Simplified Solution: Automated, Agentless, MFA-powered Microsegmentation (TODAY)

Zero Networks was designed to tackle the fundamental challenges of legacy microsegmentation by:

  • automating the hyper-manual process of rule creation,
  • requiring no agents for deployment,
  • and enforcing just-in-time MFA for all privileged access protocols.

Its ease of implementation, deploying within one hour and securing the entire network in just 30 days, sets it apart from other solutions. Our customers agree.

Watch the 15-minute video below for a livelier, more thorough version of the above, including a couple of minutes of just-in-time, MFA-for-anything privileged demo (and you may even see an Austin Powers clip too).