Advanced Threat Protection: Micro-Segmentation Scores Over Firewalls

Author

ColorTokens

Read Time

2 Minutes

Last Updated

Mar 28, 2024

table of contents

Today’s data centers are vulnerable. There is no perimeter left. Everything must be protected, and nothing can be trusted. We’ve heard it all before, but what are we doing about it?

Our thoughts naturally turn to firewalls — the technology used for decades to protect the data center from attack. It turns out, firewalls can’t evolve fast enough. Securing data centers from attack is no longer as simple as locking down the perimeter and segmenting the internal network. Dynamic, multi-tiered applications run today in virtualized environments. Workloads migrate across data center segments and into the cloud. Threats emerge inside and outside the network and spread throughout the data center.

Introducing Secure Microsegmentation

Secure microsegmentation is a security technology that protects the critical components of a data center at a more granular level. Like traditional microsegmentation solutions, secure microsegmentation provides a software-defined abstraction layer to simplify segmentation. Unlike traditional microsegmentation, secure microsegmentation makes resources (workload, devices, and users) in all segments inaccessible to unauthorized users AND is easy to deploy and operationalize, as it is designed for security.

They Can’t Attack What They Can’t Find

Advanced Persistent Threats (APTs) perform reconnaissance and adapt to the environment, and attempt to move laterally across the network. Secure microsegmentation can stop an attack in its tracks — because all the possible paths are inaccessible and responses are automated. Meanwhile, an administrator can visualize application interactions to understand the attack vector — from the origin point in the stack where the attack took place. This helps identify specific users, devices, applications, or workloads to see the root cause as well as the impact of an APT attack.

Dynamic Security

Secure microsegmentation uses visual tools to create rules that applications understand. An administrator can create security policies based on application concepts such as workloads, tiers, and processes. This is much easier than trying to segment a dynamic application using VLAN/ACLs and firewall rules.

Secure microsegmentation works in heterogeneous and dynamic computing environments where environments and applications change rapidly. It enables security policies to travel with moving applications, their workloads, and containers.

Zero-Trust Architecture

Secure microsegmentation follows a different rule paradigm than firewalls. By default, firewalls are open until rules are added to restrict access. Firewalls require the definition of many explicit rules about what is not allowed to happen (blacklists). A split between trusted and untrusted networks and interfaces is the result. But what happens if an attack occurs on a trusted part of the network?

Secure microsegmentation allows no access at all, except for what is explicitly allowed (dynamic whitelists). With very few connections open, there are fewer rules to update, and fewer open paths that potential attacks can traverse. This follows the zero trust model of information security envisioned by Forrester Research in 2016.

Learn more by viewing our new post on the top benefits of microsegmentation.