Enterprises like yours have invested extensively in perimeter security like firewalls, next-gen firewalls, UTM, IDS, IPS, and more. But in today’s world, more than 80 percent of traffic is east-west, which traditional, perimeter security solutions can’t protect.
Consequently, businesses that rely solely on perimeter defenses are vulnerable to lateral threats; if a bad actor infiltrates the perimeter, they can access to all resources within the network. And per US government research, almost 40 percent of IT security breaches are perpetrated by people inside the company. To compound this, there is also a steep rise in volume and sophistication of APT lateral threats. Both these vectors make perimeter security ineffective.
Protecting East-West Traffic
Enterprises have defined trusted or legitimate applications, traffic, and groups, but often don’t have enough controls in place to verify them. In these cases, the trust model businesses use maybe broken.
The concept of zero trust networks is simple. As the name implies – trust no one! In zero trust, all network traffic is untrusted. This means that security professionals must ensure that all resources are accessed securely regardless of location, adopt the least privilege strategy and strictly enforce access control, and inspect and log all traffic.
Challenges of Zero Trust
The hierarchical security model deployed today is an afterthought and uses switching and traditional technologies to isolate the network. Security controls at each layer are being added — FW, IPS, email security, DLP, VPN etc — and this quickly becomes impossible to manage.
- OEMs try to sell high throughput firewalls for internal data-center segmentation. But these are expensive and incur rising costs with the growing IT footprint. This only benefits the firewall vendor. Research also suggests more than 100 firewall change management requests are created/week in a 15,000-employee organization — a management headache.
- Segmentation as a concept has existed for many years. VLANs/ACLs have been used to isolate segments. But this is a highly complex, error-prone, and cumbersome way of segmentation, somewhat suitable for static networks.
But these approaches collapse in a dynamic multi-cloud and multi-vendor environment. With applications and key assets moving to clouds and hybrid environments, managing dynamic policies is a huge operational overhead. If policies are not in sync with the changing environment, assets will become vulnerable, instantly changing the security posture of the organization. This will further limit technology adoption and slow your business growth.
ColorTokens technology is independent of firewalls, virtual machines, and private & public cloud infrastructure. ColorTokens micro-segmentation with policy orchestration can be managed from a single dashboard with ease, across your dynamically changing environment. All assets and connections can be monitored through the centralized dashboard. The policies are defined (visual policy authoring), managed centrally, and are based on abstraction. This simplifies the creation of a zero trust model in dynamic environments and propels your digital transformation journey.
Learn more about bringing micro-segmentation to your business here.