Micro-segmentation quo vadis?
By Ronnie Koch and Shamiel Bhikha at Blue Turtle Technologies
When organisations define their security architecture in days gone by, we started by designing an IT security architecture with looking at zoning, which segments technology assets into groups.
Security zoning is one part of a security architecture that segment information assets such as users, business applications, hardware, etc. Zoning was set up to restrict access.
The new world “zero trust model”
Zones, domains and segments are the old world. Today, in the new world, we see it changing to micro-segmentation,
In the past, zoning restricted access and data flows to components. The components are separated by perimeter, containing the network interfaces and control flow of data. Security engineers have depended on firewalls, VLANs and access control list to segment networks.
Every security architecture must bear in mind a segment or segregating defense strategy. This is key in the way we work today, protecting organisations' data, and is key in tracking users' movement.
Reasons for implementing micro-segmentation is to defend against lateral movement. The most common types of lateral activity are insiders and ransomware. We hear about insider threats and these are company’s employees or contractors wanting to gain access to data which they are not authorised for.
Gaining access to assets in the network by moving laterally goes through different stages. The kill chain, or the cyber kill chain, is a model for identification and prevention of cyber intrusions activity.
The model describes what the adversaries must complete to achieve their objective. The three main stages of lateral movement are reconnaissance, credential and privilege gathering, and gaining access to other assets in the network.
In this stage, attackers are selecting their victim and researching their security vulnerabilities. They may be locating what sensitive data you have, where it is stored, who has access to it and what the best routes are into the network.
Based on what the attackers discovered in the reconnaissance phase, they can get into your systems, often leveraging malware or security vulnerabilities.
Attackers often need more privileges on a system to get access to more data and for permissions for this, they need to escalate their privileges often to an admin.
Digital resilience - micro-segmentation
Every risk is a digital risk; this will no longer exist in isolation within IT or within departments of a business. Risk is a true crossroads of an enterprise, IT and cyber. Organisations will need to draw on each other to create a holistic approach to managing cyber risk in the wake of continuous attacks.
Each day we are seeing new security breaches. It is becoming increasingly clear that regardless of industry or location, bad actors are capable of not only accessing critical assets, but also traversing undetected across workloads to expand their foothold.
The main issues we see are companies that use outdated cyber security technologies and architectures which hold them from moving forward.
Visibility is most important. Imagine you are driving, the rain starts pouring and your windscreen wipers do not work. Security analysts, CISOs and the like talk about the term proactive, micro-segmentation brings proactive security and importantly visibility. Now it will be possible to build security policies and achieve the correct alerting. Micro-segmentation maps out your entire architecture, from data centre to applications level and again to the individual process level , allowing the right security policies to be implemented.
Continuous monitoring with identity segmentation policies and automation, and adding continuous risk assessment empowers security teams to understand the attack surface.
By creating secure zones in data centres, cloud infrastructure was (in the old world) always a method used by security engineers to have a secure segmented infrastructure.
Implementing secure zones allows organisations to isolate cloud workloads and user access by implementing security micro-segmentation policies. To be certain that an organisation's security zoning / segmentation is an effective security posture, continuous security assessments will test the organisation's segmentation policy effectiveness to ensure all application and network segments are correctly separated. For example, development from production and infrastructure are isolated from each another.
In today’s world where security breaches are occurring daily, segmentation is key to protecting your organisation's network. It will reduce the network’s attack surface and minimise the damage caused during a breach.
The coronavirus has pushed organisations to run an onboard cloud. Security in the cloud requires solutions, not speculation.
Micro-segmentation assists enterprises to push their cloud migration by providing the IT teams the visibility to monitor and apply effective security access policies to application workloads or in multiple clouds or within your company's data centre.
Organisations running to the cloud are more than ever in need of granularity security policies. Reasons for these types of policies are deployments of containers that old firewalls are not able to assist and have become more irrelevant.
The initial step is to identify which assets are worth having maximum security. These could be important applications, database, systems, etc. Identifying the high priority assets will clear your direction of focus as to where your security efforts should be more inclined towards. The high priority assets should be facilitated with fine-grained segmentation to ensure maximum security to these kinds of assets. This can be effectively managed by granular access control policies.
Reactive and proactive security makes for active security.
Contact Blue Turtle, a trusted technology adviser, for guidance on micro-segmentation implementation.