7 minute read
Microsegmentation
from Cyber Security 2022
by 3S Media
In a world increasingly beset by cybercrime of many and varied types, your company’s infrastructure security is more essential than ever. Patrick Assheton-Smith, MD at Symbiosys IT, explains how security has shifted from a north-south focus to a more complex, east-west approach.
Any organisation that suffers a breach or attack of any kind faces the strong possibility that a successful cyberattack will lead directly to one or more of the following: a negative impact on its earnings, damage to its reputation, and/or placing its operations in jeopardy.
Advertisement
With such potential risks on the table, it is clear that infrastructure security should be as tight as possible, meaning you should embrace a full suite of security solutions. What we are talking about here includes perimeter, network, application, endpoint, data and cloud security, as well as cryptography management and security architecture. One of the major challenges with traditional security is that it is designed from a north-south perspective. Basically, this means that it secures your infrastructure from traffic coming from outside by ensuring that it can only enter your network through a firewall. In today’s digitising world, however, more and more companies are moving to the cloud, and the nature of its ‘anywhere, any time’ style of access means that a new method of securing things needs to be considered.
The Importance of EAST-WEST SECURITY
Deploying microsegmentation This is why microsegmentation has come to the fore in recent times – it is
a security technique that allows you to logically divide the network into distinct security segments, down to the individual workload level. This is a critical measure, as, by doing this, you are able to limit an attacker’s ability to move laterally – or east-west, as opposed to the traditional north-south direction taken by traffic entering from outside, through the firewall – across your network. This means that even if they get through the perimeter defences, the damage attackers can do is limited.
As the saying goes: if it were easy, everyone would be doing it. And such is the case with microsegmentation, which is tough to achieve at a high level. I always recommend to clients that they adopt a microsegmentation solution that is agent-based, as this provides true visibility, wherever the machine, container or app resides. The reason for an agent-based solution is simple: most large networks tend to be flat and littered with virtual local area networks (VLANs), which not only offer no visibility, but are also quite restrictive.
Microsegmentation should be on every security person’s mind, particularly when you consider that some 85% of network traffic today is reported to travel east-west. Add to this the fact that the average dwell time – the time between being breached and discovering it – is a massive 191 days and it demonstrates just how vulnerable your business is to a ‘low and slow’ attack if you have not adopted microsegmentation.
Low and slow is when a criminal breaks into your network and hides there unobtrusively, slowly and stealthily, stealing small bits of information over a long period.
It is for this reason you want to implement a solution that allows you to deploy agents, inspect traffic and essentially build a spiderweb that maps traffic across all of your systems. This not only provides better visibility throughout your environment, but also allows you to ring-fence important apps, create third-party access controls – e.g. for external contractors – and protect older, tough-to-secure assets.
It also simplifies and accelerates compliance, enables secure DevOps and, most critically, improves detection – which in turn means dwell time is significantly reduced. All of this is achieved through the implementation of microsegmentation, as this prevents lateral movement across your network, thereby eliminating a critical blind spot. Furthermore, even if your security is penetrated under such circumstances, microsegmentation will play a big role in helping to greatly
THE QUESTIONS YOU NEED TO ASK
Data is the lifeblood of any modern organisation and needs to be protected at all costs. Therefore, there are three important questions every business needs to ask:
1. Do you know what data you have?
The older, and more sprawling an enterprise is, the easier it is for data to become ‘lost’.
2. What does your data actually relate to?
This is how you determine whether the measures you have in place protecting it are sufficient, particularly if the information is among your more valuable digital assets.
3. Where is the data stored?
This is also crucial, particularly in light of legislation like PoPIA and GDPR, considering the fines that can be levied, should you be breached.
reduce the ‘blast radius’, or the amount of damage the interloper can do.
Complementary solutions Once you have an effective microsegmentation solution in place, you can add additional solutions that are complementary. A good example would be introducing a solution that focuses on discovery and data classification. Basically, this is a tool that helps you to both determine where various data reside in the network and understand how vital these data sets are to your business. Such a solution should also assist with monitoring and reporting – to better understand the risk – as well as remediation, which is essentially the process of fixing the risk, once you understand what and where it is.
It will allow you to quickly search for the data you need to secure, by seeking out specific types of information that can then be classified according to format or type of data. It is a very powerful tool for finding all the information you have and where it is, he adds – two things you have to clearly understand before you can properly secure it.
Bringing together a total solution of this nature will position your business in a way that will enable it to secure its data whether it is structured, unstructured, cloud-based, onpremises, distributed or remote.
It has been stated many times that in today’s digital world, data is the new oil, as it is now viewed as the world’s most valuable resource. And logically speaking, anything this valuable should be protected to the best of your ability. Because don’t forget that if you consider it to be this valuable, imagine how important it is to cybercriminals, and they don’t care about the damage they cause to your company in obtaining it. Therefore, my advice is to ensure that you place data at the centre of your business world, and ensure that you partner with a security expert to ensure it always remains safe and secure.
DEFENCE IN DEPTH
One thing that is not in any doubt is that cybercrime has risen exponentially since the start of the pandemic. With this in mind, it is important to note that when crafting a security posture, creating one with multiple layers – built on the basic tenets of cybersecurity – is certainly a good start.
A prevention-first approach is usually recommended, and means utilising an endpoint security tool, rather than one focused only on endpoint detection and response. Ideally, you want a solution that applies advanced artificial intelligence (AI) to the task of preventing and detecting malware.
With an advanced solution like this in place, you can move beyond basic principles like ensuring a user doesn’t have the same password for every service, and begin applying greater levels of security such as multifactor authentication (MFA).
Such a solution can also protect email, which is a key infiltration method, as it is seen one of the easiest ways to break into a network. An AI-based security solution can rapidly scrutinise the URLs of anything a user may wish to click on, making it far more difficult for criminals to gain access through malicious links.
Much like good home security starts with a wall and electric fence – but also likely includes a dog, an alarm and a security gate – so you need to build multiple layers of security to protect your core. This way, even if one is cracked, the criminal finds they are faced with yet another.
Security starts with a good anti-virus solution; it should include an effective password manager; MFA should be enabled; and you should run a program that checks the URLs on email links. Once you have these four key basics in place, you can continue improving your security posture and creating additional layers, such as an AI-based solution.
Lastly, it is worth noting that security – even AI-based, mutiple-layer security – is only half the battle. One of the most critical aspects of a layered security approach is to train your employees properly, so that they know the basics as well – this will significantly reduce the security challenges that arise from untrained people clicking on unknown links or opening strange emails.
