Subscribe to our Newsletter

By subscribing, you’ll get exclusive invites to webinars, events by security experts, threat alerts and cybersecurity tips delivered to your inbox.

We are committed to your privacy and won't ever share your information with 3rd parties

Thank you for subscribing to our newsletter.

January 30, 2020 5:18 am | Leave your thoughts
January 30, 2020 5:18 am | Leave your thoughts

Best Practices for a Successful Micro-Segmentation Journey

Authors

Sunil Bhide

Gartner described micro-segmentation as one of the most important security projects for organizations seeking “visibility and control of traffic flows within data centers.” Its primary goal is to prevent the lateral spread of attacks, which are the result of today’s porous perimeters. Micro-segmentation, as the name suggests, is the process you put in place at a very granular level, addressing the minutiae that will determine success in the long haul. Considering that the basic ask from micro-segmentation at a micro level is the drawing of boundaries around workloads, these require certain best practices to be dealt with at the implementation stage.

Design-Level Best Practices

1. Start with a Well-Defined Boundary

Micro-segmentation delivers early results when it is based on a well-defined architecture. To ensure this, enterprises need to define objectives driven by business applications and categorization/identification of the end users or the consumers of the services that these applications provide. This will enable them to ‘define’ boundaries, the extent of information that needs to flow and even the type of information/data that is transferred/exchanged.

2. Take an Application-Centric View

Creating boundaries by application is the logical next step for an enterprise. This involves creating a context based visibility of the applications and defining all the internal and external communications as well as all the user profiles consuming the application services and the data/services that they need access to.

3. Determine the Level of Access

Most applications have tiers that are relevant to and consumed by certain sets of users. The best practice would be to start by defining the lowest level of privilege and then building up the privilege levels for each service and user type.

Implementation-Level Best Practices

1. Adopt a Crawl-Walk-Run Model of Implementation

After identifying the critical infrastructure assets that need protection, the logical grouping of assets (applications/servers/data sets/users) must be defined. One group of assets should be picked up as the first phase of implementation, followed by the defining of the implementation process and methodologies. Validate and strengthen the process, methodology and verification methods, define policies, validate and further enforce. Start focused execution programs and roll out as parallel implementation tracks.

2. Identify and Attribute Assets for Security

Specify application-based tags/labels, define application grouping and author policy based on tags/labels and visibility to simulate the traffic for policy effectiveness.

3. Utilize Policy Authoring and Configuration 

Policy authoring and configuration enables enterprises to gain visibility into the granular level of interactions between servers, applications and other components, thus enabling them to customize, and configure micro-segmentation policies based on the desired business context.

4. Simulate and Validate

Simulation is the best process to achieve results and address black holes during implementation. It further enables an enterprise to determine the effects of a policy when applied on an application.

Conclusion

There are many reasons to choose micro-segmentation such as proactive security, accelerated breach detection, and increased compliance control. The above best practices if followed during implementation ensure that the micro-segmentation journey is simple, fast and accurate, while increasing the effectiveness of the solution and delivering early value from the micro-segmentation journey.

Categorized in: Micro-segmentation

Leave A Comment