The benefits that microsegmentation can bring to cyber resilience

Published: Tuesday, 24 May 2022 08:37

Network segmentation isn’t a new concept but it can bring benefits when protecting organizations from emerging cyber threats. Prof. Avishai Wool discusses how to use microsegmentation to  better secure networks before the next cyber attack.

For years microsegmentation has been the go-to recommendation for CISOs and other security leaders as a means of securing expansive networks and breaking large attack surface areas down into more manageable chunks. Just as we separate areas of a ship with secure doors to prevent flooding in the event of a hull breach, network segmentation allows us to seal off areas of our network to prevent breaches such as ransomware attacks, which tend to self-propagate and spread laterally from machine to machine.

Network segmentation tends to work best in controlling north-south traffic in an organization. Its main purpose is to segregate and protect key company data and limit lateral movement by attackers across the network.

Microsegmentation takes this one step further and offers more granular control to help contain lateral east-west movement. It is a technique designed to create secure zones in networks, allowing companies to isolate workloads from one another and introduce tight controls over internal access to sensitive data.

Put simply, if network segmentation makes up the floors, ceilings and protective outer hull, micro-segmentation makes up the steel doors and corridors that allow or restrict access to individual areas of the ship. Both methods can be used in combination to fortify cybersecurity posture and reduce risk vulnerability across the security network.

How does microsegmentation help defend against ransomware?

The number of ransomware attacks on corporate networks seems to reach record levels with each passing year. Ransomware has become so appealing to cybercriminals that it’s generated a whole Ransomware-as-a-Service (RaaS) sub-industry, plying would-be attackers with the tools to orchestrate their own attacks. When deploying microsegmentation across your security network, you can contain ransomware at the onset of an attack.   When a breach occurs and malware takes over a machine on a given network, the policy embedded in the microsegmented network should block the malware’s ability to propagate to an adjacent microsegment, which in turn can protect businesses from a system-wide shut down and save large financial losses.

What does zero trust have to do with microsegmentation?

Zero trust is a manifestation of the principle of ‘least privilege’ security credentialing. It is a mindset that guides security teams to not assume that people, or machines, are to be trusted by default. From a network perspective, zero-trust implies that “internal” networks should not be assumed to be more trustworthy than “external” networks – quotation marks are intentional. Therefore, micro-segmentation is the way to achieve zero trust at the network level: by deploying restrictive filtering policies inside the internal network to control east-west traffic. Just as individuals in an organization should only be granted access to data on a need-to-know basis, traffic should be allowed to travel from one area of the business to another only if the supporting applications require access to those areas.

Can a business using a public cloud solution still use microsegmentation?

Prior to the advent of microsegmentation, it was very difficult to segment networks into zones and sub-zones because it required the physical deployment of equipment. Routing had to be changed, firewalls had to be locally installed, and the segmentation process would have to be carefully monitored and managed by a team of individuals. Fortunately for SecOps teams, this is no longer the case, thanks to the rapid adoption of cloud technology.

There seems to be a misconception associated with microsegmentation where it might be thought of as a strictly private cloud environment network security solution, whereas in reality, microsegmentation can be deployed in a hybrid cloud environment – public cloud, private cloud and on-premise. In fact, all public cloud networks, including those offered by the likes of Azure and AWS, offer ‘baked in’ filtering capabilities that make controlling traffic much easier. This lends itself well to the concept of microsegmentation, so even those businesses that use a hybrid cloud setup can still benefit enormously.

Microsegmentation presents a viable and scalable solution to tighten network security policies, despite its inherent implementation challenges. While many businesses may find it hard to manage this new method of security, it’s nevertheless a worthwhile endeavour. By utilizing a microsegmentation method as part of its network security strategy, an organization can immediately bolster its network security against possible hackers and potential data breaches, providing greater cyber resilience.

The author

Prof. Avishai Wool is co-founder and CTO at AlgoSec.