Sameer Malhotra is cofounder and CEO of TrueFort, a former Wall Street tech exec and an expert in IT infrastructure and cybersecurity.
Firewall-based perimeter protection used to be enough to keep all sorts of network traffic safe, but in today’s agile, cloud-based environments, placing an electronic moat around an enterprise’s assets is no longer sufficient.
Of course, perimeter firewalls are still the best defense against attacks involving north-south traffic (communications from the outside world). Filtering access in and out of the corporate network remains the foundation of an effective enterprise security strategy, but in today’s fast-moving threat landscape, it is only a first line of defense.
Traffic inside the firewall needs to be secured as much as access from outside the network. At a time when so many attacks are enabled by compromised credentials and fake identities, unmonitored east-west traffic is a liability.
Lateral movement attacks (which can be carried out by malicious insiders or hackers using compromised credentials) that go unnoticed can result in untold damages. It takes an average of 204 days to detect a data breach.
The Role Of Microsegmentation
Firewalls manage risk by sorting through trusted sources of traffic that use authorized ports and protocols. But the many enterprise applications, admin tools and machine identities they leverage use custom ports and protocols that often defy the logic of north-south firewall-based controls.
Consider that the average organization uses more than 1,000 apps, and 65% of those are customized before deployment. Meanwhile, IT needs to identify the endpoints of those communications, but a firewall doesn’t have the context to sort them out. Merely shutting down the entry points of those apps from the internet to the network can cause outages that affect business operations and lead to financial losses.
Microsegmentation aims to fill the void by isolating data and assets into distinct security segments down to the workload level. This allows for security policies that can control traffic flow between applications, workloads and processes within the same data center or across cloud environments.
Microsegmentation enhances enterprise security by establishing traffic baselines and tailored access policies, minimizing threats without disrupting operations. By segmenting at the workload level, it contains breaches, reducing their impact and preventing lateral movement of attackers. This approach streamlines security management, isolates critical data and aids compliance, cutting costs by reducing firewall licenses and associated hardware. Overall, microsegmentation optimizes security posture, ensures business continuity and simplifies security administration, yielding significant cost savings.
Adopting Microsegmentation
Like most operational changes, supplementing perimeter firewalls with a microsegmentation architecture should be implemented in a controlled fashion based on these best practices.
• Assess the network. Review the network architecture to understand the flow of internal traffic and potential lateral movement risks. Identify critical applications, workloads and sensitive data that should be prioritized.
• Draft policy. Define security policies based on the network assessment tailored to the needs of each segment. Consider adopting least-privilege policies to minimize access privileges and reduce attack surfaces.
• Pick tools. Choose microsegmentation solutions that integrate well with the existing infrastructure and meet specific security requirements. Look for solutions that offer visibility, manageability and scalability.
• Start at scale. Work in stages. Start small with a pilot project focusing on protecting high-value assets or environments. As you adapt and learn how to manage those microsegmented environments, gradually expand across the network, gaining more experience and confidence as you go along.
• Prioritize training. Continuous education and training are critical for successful implementation and management. Ensure your IT and security teams are constantly refreshing their training in microsegmentation principles, technologies and best practices.
• Keep learning. Continuously monitor the effectiveness of the strategy to reflect any new developments in technology and risk. Be prepared to keep adjusting policies and configurations as the network evolves and new threats emerge.
Conclusion
Firewalls are not obsolete, and keeping hackers out of the network is still job number one. However, containing the damage if a perimeter intrusion occurs is equally important. Microsegmentation, when adopted strategically using the steps above, can help give defenders the ability to implement granular defenses that protect assets at the workflow level and contain the blast radius of a security incident.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
