It’s clear. Microsegmentation has found its prime time

Author

Kevin Ware-Lane

Read Time

4 Minutes

Last Updated

Sep 1, 2023

table of contents

A welcomed buzz returned to Infosecurity Europe 2023 in London for three days, and for ColorTokens a noticeable shift in mindset for many of those attending, even since a year ago.

There is a growing recognition that despite the plethora of what might well be technically strong cyber security products across the show floor, and those you’ve likely already deployed, ransomware and breaches are almost daily events.

Microsegmentation has found its prime time

The thing that really struck a chord for me this time around was that the conversations were not just about adding more, better, or even alternative technologies, although that was always going to be part of it of course, rather they were increasingly about looking at an alternative approach to the problem.

Folks across the board are taking a hard look at where they spend their often-decreasing cyber budgets, and a few common threads quickly became evident across conversations:

  • Simplification and automation. If it needs constant attention and handholding, it’s being seen as a likely part of the problem not the solution. It’s the perennial adage of “can’t see the wood for the trees”. Too much non-actionable data across too many systems, and even when actionable, teams are simply too stretched to be effective.
  • Reducing the number of cyber security vendors in situ, being largely driven by the need to reduce costs, but also an inability to handle an overload of alerts, false positives, and management of an expanding security tech stack, even on the reactive side, let alone on the pro-active front.
  • Collapsing of firewall estates inside the network, whilst creating smaller perimeters around inter-connected hosts and systems is on the priority list for many. Numerous, costly internal firewall clusters versus the reality of limited beneficial impact to overall security just doesn’t stack up in the face of increasingly complex threats. At the outer edge(s) for most there is still a need in their current architectures, but even those edges are now rapidly evaporating.
  • A shift to Zero Trust principles and architectures as we see knowledge and capabilities maturing, and adoption accelerating. The majority of those asked were now aware of the intent of Zero Trust, concepts around “assume breach” and “never trust, always verify”, and a very encouraging number of organizations are implementing or planning for the same.
  • A more integrated platform approach rather than point solutions, most of which are functionally underutilized, increasingly with feature overlap.
  • Still too many unknowns in the network leading to concerns around the likelihood and impact of a breach, ransomware, and data exfiltration. Visibility, or the lack of, was highlighted regularly, a challenge to effective security control implementation and demonstrating compliance.

That last point, visibility of assets and critically understanding the associated network traffic flows, combined with identifying potential attack surface and blast radius, is the starting point for any discussion around microsegmentation.

Most notably, in almost every conversation on the ColorTokens stand, the message we heard was that those tasked to protect do not today believe they have a sufficient understanding or visual mapping of critical traffic flows; and of course, those could be things you do expect to see, but also those you absolutely shouldn’t.

Sure, most teams have a diagram that ranges from having been recently drawn up and pretty accurate, today at least, right through to that Visio export pinned on the wall last printed a couple of years back. The reality is very few claimed a dynamically mapped and accurate visualization of business necessary communications between users to services, or for machine-to-machine, across the full estate. In fact, zero responded affirmative to that; folks you’re genuinely not alone on that ship.

This time around, people are maybe a little more jaded from the usual suspects of NG-FW, NG-AV, IDS, EDR, and similar acronyms. Now, these technologies do, for the most part, still have a real part to play. There are however gaps whenever you’re playing real-time Whack-a-Mole looking for the needle in the haystack to orchestrate a response.

When it comes to zero days exploits and ransomwares, there will often be a timing gap between being set free to roam the wild, and any given vendors ability to update in order to detect and respond, and that’s without getting into the recent wave of tools for sale claiming success at evasion of EDR and similar. Things can, do and will continue to slip through the net.

This is where the interest in ColorTokens for microsegmentation was most notable at Infosecurity, the approach of reducing the gaps by effectively underpinning existing security toolsets. Pre-emptively closing off unused network ports and traffic paths before they become part of an attack vector, and effectively minimizing the attack surface of server workloads, endpoints, IoT/OT, including across multi-cloud and containers.

How is the achieved? Think of microsegmentation as a policy control and enforcement point on every single device, and yes even in those IoT/OT environments where it’s not possible to install anything directly. An effective solution should cover all bases.

The end effect of this? Removing the noise, preventing the East-West internal communications that simply does not need to be there, thereby closing off routes of attack. Explicitly allowing only policy defined communications, dropping all else, and doing so without the management overheads in highly dynamic and complex environments. It’s the change of approach that matters; not just stopping the bad stuff but being explicit about what good looks like. Positive Security.

The message is out there, and it is getting through… microsegmentation prevents and contains breaches.

  • It simplifies and automates the process of doing so.
  • It reduces the cost of maintaining the security posture in a dynamic environment.
  • It makes existing toolsets more effective, and yes for some use-cases reduces vendor sprawl and costs (I’m still looking at you, internal firewalls!)
  • It gives your operational teams a fighting chance against the incessant alerts and false positives; let them focus and action on what matters.

A SaaS platform delivering integrated micro-segmentation, Zero Trust Network Access, Application and Process Control, and Cloud Security. It was three days of exceptional conversations. Three days of standing on sore feet and in exceptional heat. Worth it.

It’s clear to see why the ColorTokens stand was buzzing more than ever this year. It’s clear. Microsegmentation has found its prime time.