Microsegmentation and a Zero-Trust Network

Caleb Townsend
Staff Writer   United States Cybersecurity Magazine

We are currently in an unfortunate situation where universally, every business model predicates itself around connectivity. In fact, to be on the edge of innovation is to connect, to everything, before anyone else connects. With each new development, security suffers immediately. The incredulity that is always met with a new Facebook data breach is going to increase ten-fold when the Internet of Things inevitably has their first disastrous breach. After all, CEOs and CISOs are in a very frustrating position. They are supposed to connect everything with everything but are also supposed to have a full control over the results. Of course, that simply is not possible. However, what is possible is microsegmentation.

The Smaller the Endpoint, the More Granular the Policy is.

Microsegmentation groups different working parts of a network into their most basic elements, isolating the issues into easily manageable workloads. Microsegmentation is by no means a new concept. Many companies have deployed basic practices like Firewalls and virtual local area networks (VLAN). In the microsegmentation design, we adopt security profiles close to endpoints. This serves as a replacement of a single perimeter. Therefore, it makes sense that in an increasingly shared world, security is becoming a shared responsibility.

Zero-Trust and Microsegmentation: What’s the Difference?

Now, microsegmentation is not actually a model, despite the pervasive myth that it is. Microsegmentation is a design that serves a model. In the case of security, a zero-trust model would be a suitable companion. Zero-Trust is the concept that every single person and action must be authenticated and authorized. In other words, “never trust, always verify”. This model and design combo is growing in scale as companies learn the importance of having a model that can at least help mitigate a lot of cyber-attacks. Zero-Trust and microsegmentation helps both extend the depth of network reach while also reducing the possible attack surface area.

Mitigate the Threat.

To be clear, there is no guaranteed way for a company to prevent a breach from ever happening. As our enemies increasingly become more adept, attacks become more sophisticated. We must operate under the assumption that at some point, we will be the target of an attack. The onus, then, is on us to prepare for said attack. As for the Zero-Trust and microsegmentation combo, an attack surface area reduction, a zero-trust model, and a level of control given back to you and your network is a wonderful combination. In addition, this model increases the the risk to the attacker, shifting the favor to you, the defense.

Tags: , , , , , ,