As the world becomes more and more digital, IT security becomes more and more vital to business continuity and profitability. Exemplifying this point, a recent IBM and Ponemon Institute study indicated that the average data breach cost is $3.86 million USD.
Furthermore, stringent regulations and compliance requirements add an additional layer of complexity to enterprise IT security. This means organizations must perform a delicate balancing act that ensures security and compliance without sacrificing the functionality that drives innovation and profitability.
Unfortunately, traditional IT security solutions often lack the flexibility and granularity needed to address these issues effectively. The growing popularity of hybrid clouds only exacerbate the difficulties by adding to the number of network and process flows an organization must account for.
This has led to a more modern approach to security capable of handling these challenges gaining popularity. This new approach depends heavily on micro segmentation. Micro segmentation is uniquely capable of securing IT infrastructure that may exist across multiple data centers, clouds, and geographic regions. In fact, Gartner named micro segmentation as a top 10 security project for 2018.
In the simple terms, micro segmentation is a set of software defined policies that enable highly granular (down to the process-level) security controls. However, it can be difficult to determine what separates quality micro segmentation solutions from marketing fluff. In this piece, we’ll help familiarize you with what to look for.
In short, there are 3 key requirements of an adequate micro segmentation. They are:
- Attack Surface Reduction
- Improved Breach Containment
- Stronger Regulatory Compliance
To help explain why those 3 components are so important, we’ll first review one of the key drivers of how much damage an attacker can do: dwell time.
Dwell Time: what is it and why does it matter?
Dwell time is the time lag between when malicious code executes within a network and its detection. In general, the longer an attacker can maintain a presence on your network without being detected, the more damage they can do.
Given recent history, it is clear enterprises have a poor track record of quickly detecting and mitigating malware. For example, according to the aforementioned IBM and Ponemon Institute study, the average time to detect a “mega breach” was exactly 365 days, while smaller scale breaches took 266 days to detect. With the ingenuity and resourcefulness of modern hackers, the popularity of wormable attacks like WannaCry, and sophisticated ransomware attacks like Cerber, allowing malware to exist on a network for this long can be disastrous. As they sit undetected, intruders can move laterally between nodes, becoming an exponentially larger risk as they go.
The problem is, implementing a single holistic security solution is usually impractical if not impossible using traditional security solutions. The ubiquity of cloud services, the velocity of deliverables produced by DevOps teams, and the variety of software and hardware platforms it takes to run a modern enterprise create a vast attack surface for hackers to exploit. The broad strokes traditionally used by IT create an unfavorable tradeoff between security and functionality. Quite often this leads to blind spots, which in turn lead to breaches.
Given this paradigm, the benefits of a micro segmentation security solution become much clearer. With process-level controls and monitoring, you are capable of detecting threats faster, limiting their scope, preventing lateral movement between nodes, and mitigating your overall risk profile when compared to traditional IT security solutions.
Attack Surface Reduction
A variety of tools to provision, administer, and maintain IT in data center and hybrid cloud environments, lead to an increased risk of misconfiguration and oversight that can have disastrous results. With traditional IT security, lack of granularity means the attack surface exposed by a given node is larger than it needs to be. A VLAN, DMZ, or firewall is effectively “blind” to the process sending traffic from a node, increasing the difficulty of detecting and responding to threats that compromise existing nodes.
By enforcing application layer micro segmentation, network traffic can be locked down to allow only authorized data flows and whitelisted processes. This greatly reduces your attack surface and mitigates the risk imposed by each node within a network.
Improved Breach Containment
Despite the best efforts of IT security professionals across the globe, breaches continue to be common in enterprises. This means that while every attempt should be made to prevent breaches, plans to mitigate them are a must.
Again, thanks to process-level granularity in control, micro segmentation again outstrips traditional IT security solutions. Once a threat is detected, advanced security tools that leverage micro segmentation can isolate it and prevent proliferation throughout your network.
Stronger Regulatory Compliance
Regulations like HIPPA, PCI-DSS, SOX, and GDPR are often costly and complex to remain in compliance with. Not only can micro segmentation help ease the workload involved with remaining compliant by easing provisioning of systems and streamlining audits, it can actually improve your security posture from a regulatory standpoint. By isolating systems containing data subject to regulations, IT security can minimize the risk of non-compliant access.
A flexible solution to ever-evolving threats
Threats to enterprise IT are evolving rapidly. It is important that organizations adopt robust security solutions capable of mitigating these threats. A micro segmentation-based platform that reduces attack surface, contains breaches, and eases compliance is a modern, enterprise-ready solution that can help reduce your risk profile without unnecessarily hindering functionality.