Below is an excerpt from a recent DataEndure event, “A Tale of 2 Micros: Microbrew and Microsegmentation”
If you are scratching your head at the title of our most recent event, we’ll take a moment to clarify. Consider the large and growing attraction to the microbrew beer industry – consumers appreciate the diversity of flavor and other characteristics that are specific to their tastes. The craft succeeds because they are focused on doing something well, whereas the mega-brewers are a volume business, churning out products that are basic enough to satisfy the masses.
You could apply the same perspective to microsegmentation. Whereas traditional/legacy approaches to segmenting are “good enough” for mass distribution, from a technology perspective, microsegmentation to the host level allows technologists and security teams to get more focused and specific about the way we secure our network. And given the creativity and determination of today’s adversaries, this is critical.
The numbers are alarming. Over 50% companies who are attacked experience ransomware; and of those attacks, 75% result in successful encryption. This means you (or a close peer) likely has or will be impacted by an attack of this nature. And if you look beyond many of the headlines, you learn that a lack of or poor segmentation is what enabled ransomware to spread.
When we posed the question of “how are you segmenting” at our recent event, the results revealed:
- 28% of our attendees were not segmenting
- Of those who were segmenting, 65% are using VLANS, 17% are using software and 17% are doing something else.
If our audience is anything like the rest of the world, IT and security teams need to be on notice, as their tools are leaving them ill-equipped to combat and recover from modern day threats. Traditional segmentation approaches are part of the problem.
Traditional VLANs are not data-driven but rather based on predictions of what usage might be. The implication: as your business and applications change and adapt, the network does not change and adapt with them. Traditional network segmentation has no discovery function, forcing the predictive behavior. Moreover, network-based segmentation forces you to shove your applications into network segments. In contrast, host-based segmentation (microsegmentation) lets your applications define the segments. (Think of it as an iteration of “factory-out vs. customer requirement-in”). As an example, by creating focused conclaves of hosts that need to talk to each other rather than a large attack surface of a subnet, you dramatically reduce the risk of spread.
At DataEndure, we are all about digital resilience – this encompasses both cyber and infrastructure resilience. You need both to be able to survive and thrive during any attack, whether it be cyber, weather, pandemic or system failure. And in this vein, it is why we are so excited about our Microsegmentation as a Service (MSaaS), a crossover between infrastructure resilience, enabling you to create resilience in your network, and cyber resilience by securing your workloads. With simple policies you are able to protect who gets to talk to who and identify malicious activity in the network.
If you’d like to future-proof your network with built-in cyber-resilience… without having to change your underlying network at all – Let’s talk. DataEndure can help:
- Reveal what’s on your network and what systems are talking to each other
- Build restricted segments based on hosts not networks
- Enforce segmentation with host-based policy-driven constructs